Hello,
 
Working on a Secure SW architecture requiring to support key attestation, I would like to know if there is a plan to add APIs to do Asymmetric key attestation in the same manner there are API to attest a token?
 
We would like to propose the following APIs:
 
Calculate the size of a Key Attestation buffer.
psa_status_t psa_attest_key_get_size(psa_key_id_t key,
        size_t auth_challenge_size,
        size_t *cert_size)
 
Retrieve the Key Attestation buffer.
psa_status_t psa_attest_key(psa_key_id_t key,
        const uint8_t *auth_challenge,
        size_t auth_challenge_size,
        uint8_t *cert_buf,
        size_t cert_buf_size,
        size_t *cert_size)
 
Concerning the certificate buffer, we are thinking about a TLV format containing metadata + public key buffer + signature but in order to standardize these APIs like the PSA initial attestation token, we are open to any advice.
 
Do you think that adding it in the Attestation API standard is possible or do we have to add it as custom API?
 
Thanks and Regards,
 
Cedric Neveux