request-system-integrity-attestation
Syntax
request system integrity attestation (pcr-index pcr number | nonce-value | tpm-name)
Description
The Attester is a device on the network that provides evidence to the Verifier on demand. The first part of that evidence is a signed collection of the TPM's Platform Configuration Registers (PCRs) called a TPM Quote. To ensure the freshness of the quote, the Verifier sends a random nonce to the Attester to include in the TPM Quote.
Options
| nonce-value |
Defines a base-64 encoded 20 byte random hex value. A cryptographically generated random number which should not be predictable prior to its issuance from a random number generation function. The random number MUST be derived from an entropy source external to the Attester. |
| pcr-index |
The numbers/indexes of the PCRs. At the moment this is limited to 32 items. (0..31) |
| tpm-name |
Unique system generated name for a TPM on a device. |
Required Privilege Level
view
Output Fields
When you enter this command, you are provided feedback on the status of your request.
Sample Output
request system integrity attestation nonce-value $NONCE tpm-name $SERIAL_NUMBER
user@host> request system integrity attestation nonce-value $NONCE tpm-name $SERIAL_NUMBER
Release Information
Command introduced in Junos OS Release 22.4R1.