This section provides information on how to validate the platform certificate. Before the validation ensure that the following requirements are met:
The commands on this guide are to be executed on a trusted Linux system that has these commands available:tpm2_makecredential, curl, jq, scp
It assumes "nodegrid" is the hostname of the device to be attested, for example defined in /etc/hosts. "nodegrid" can be changed to the device's IP instead.
An active Nodegrid API ticket is stored in the variable $ticket . This command can be used to get a ticket:
# Create a Nodegrid API ticket, assuming the password is in variable $NG_ADMIN_PASSWORD ticket=$(\ curl -s -X POST \ https://nodegrid/api/v1/Session \ --insecure \ -H 'Content-Type: application/json' \ -H 'accept: application/json' \ -d '{"username": "admin", "password": "'"$NG_ADMIN_PASSWORD"'"}' | \ jq -r .session \ )
See the following sections for information about certificate validations: