This repository contains hosted and local demonstrations of the draft-bweeks-acme-device-attest specification using a Trusted Platform Module.
The certificate authority is built using a fork of step-ca, an open source Go certificate authority that implements the ACME protocol. The client is built using golang.org/x/crypto and google/go-attestation.
A hosted instance of the certificate authority is available at ca.attestation.dev. To get an ephemeral Cloud Shell environment containing this repository and virtualized Trusted Platform Module (TPM), click the button below.
Then you can run go run client.go from within the Cloud Shell to request a certificate containing the attested TPM identity of the Cloud Shell instance.
cd ca/docker build -t step-ca .docker run -it step-ca
In another shell:
cd client/go run client.go -ca_address="http://localhost:8080"