Internal change

PiperOrigin-RevId: 394330027

Author: brandonweeks

.github/workflows/test.yml

@@ -20,19 +20,11 @@ API changes at any time.
 
 Please note that this is not an official Google product.
 
-TPM 1.2 support is best effort, meaning we will accept fixes for TPM 1.2, but
-testing is not covered by CI.
-
 ## Installation
 
 The go-attestation package is installable using go get: `go get github.com/google/go-attestation/attest`
 
-### TPM1.2
-By default, go-attestation does not build in TPM1.2 support on Linux.
-Linux users must install [`libtspi`](http://trousers.sourceforge.net/) and its headers if they need TPM 1.2 support. This can be installed on debian-based systems using: `sudo apt-get install libtspi-dev`.
-Then, build go-attestation with the `tspi` [build tag](https://pkg.go.dev/go/build#hdr-Build_Constraints) `go build --tags=tspi`.
-
-Windows users can use go-attestation with TPM1.2 by default.
+Linux users must install `libtspi` and its headers. This can be installed on debian-based systems using: `sudo apt-get install libtspi-dev`.
 
 ## Example: device identity
 

README.md

@@ -36,11 +36,11 @@ type ActivationParameters struct {
 	// TPMVersion holds the version of the TPM, either 1.2 or 2.0.
 	TPMVersion TPMVersion
 
-	// EK, the endorsement key, describes an asymmetric key whose
-	// private key is permanently bound to the TPM.
+	// EK, the endorsement key, describes an asymmetric key who's
+	// private key is permenantly bound to the TPM.
 	//
 	// Activation will verify that the provided EK is held on the same
-	// TPM as the AK. However, it is the caller's responsibility to
+	// TPM as the AK. However, it is the callers responsibility to
 	// ensure the EK they provide corresponds to the the device which
 	// they are trying to associate the AK with.
 	EK crypto.PublicKey

attest/activation.go

@@ -83,7 +83,7 @@ func selftestCredentialActivation(tpm *attest.TPM, ak *attest.AK) error {
 
 func selftestAttest(tpm *attest.TPM, ak *attest.AK) error {
 	// This nonce is used in generating the quote. As this is a selftest,
-	// it's set to an arbitrary value.
+	// its set to an arbitrary value.
 	nonce := []byte{1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8}
 
 	pub, err := attest.ParseAKPublic(tpm.Version(), ak.AttestationParameters().Public)

attest/attest-tool/attest-tool.go

@@ -33,7 +33,7 @@ func setupSimulatedTPM(t *testing.T) (*simulator.Simulator, *TPM) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	attestTPM, err := OpenTPM(&OpenConfig{CommandChannel: &fakeCmdChannel{tpm}})
+	attestTPM, err := OpenTPM(&OpenConfig{CommandChannel: &linuxCmdChannel{tpm}})
 	if err != nil {
 		t.Fatal(err)
 	}

attest/attest_simulated_tpm20_test.go

@@ -115,10 +115,10 @@ func (e EventType) String() string {
 }
 
 // Event is a single event from a TCG event log. This reports descrete items such
-// as BIOS measurements or EFI states.
+// as BIOs measurements or EFI states.
 //
 // There are many pitfalls for using event log events correctly to determine the
-// state of a machine[1]. In general it's much safer to only rely on the raw PCR
+// state of a machine[1]. In general it's must safer to only rely on the raw PCR
 // values and use the event log for debugging.
 //
 // [1] https://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md
@@ -216,7 +216,7 @@ func (e *EventLog) Events(hash HashAlg) []Event {
 // Verify replays the event log against a TPM's PCR values, returning the
 // events which could be matched to a provided PCR value.
 //
-// PCRs provide no security guarantees unless they're attested to have been
+// PCRs provide no security guarentees unless they're attested to have been
 // generated by a TPM. Verify does not perform these checks.
 //
 // An error is returned if the replayed digest for events with a given PCR
@@ -401,7 +401,7 @@ func extend(pcr PCR, replay []byte, e rawEvent, locality byte) (pcrDigest []byte
 // replayPCR replays the event log for a specific PCR, using pcr and
 // event digests with the algorithm in pcr. An error is returned if the
 // replayed values do not match the final PCR digest, or any event tagged
-// with that PCR does not possess an event digest with the specified algorithm.
+// with that PCR does not posess an event digest with the specified algorithm.
 func replayPCR(rawEvents []rawEvent, pcr PCR) ([]Event, bool) {
 	var (
 		replay    []byte
@@ -525,7 +525,7 @@ func ParseEventLog(measurementLog []byte) (*EventLog, error) {
 		// Switch to parsing crypto agile events. Don't include this in the
 		// replayed events since it intentionally doesn't extend the PCRs.
 		//
-		// Note that this doesn't actually guarantee that events have SHA256
+		// Note that this doesn't actually guarentee that events have SHA256
 		// digests.
 		parseFn = parseRawEvent2
 	} else {

attest/eventlog.go

@@ -79,7 +79,7 @@ func ExampleAK_credentialActivation() {
 		log.Fatalf("Failed to generate activation challenge: %v", err)
 	}
 
-	// Challenge the AK & EK properties to receive the decrypted secret.
+	// Challenge the AK & EK properties to recieve the decrypted secret.
 	decrypted, err := ak.ActivateCredential(tpm, *challenge)
 	if err != nil {
 		log.Fatalf("Failed to activate credential: %v", err)

attest/example_test.go

@@ -12,7 +12,7 @@
 // License for the specific language governing permissions and limitations under
 // the License.
 
-// +build linux,!gofuzz,cgo,tspi
+// +build linux,!gofuzz,cgo
 
 package attest
 

attest/key_linux.go

@@ -26,9 +26,9 @@ import (
 
 	"github.com/google/certificate-transparency-go/x509"
 
-	"github.com/google/go-tpm/tpmutil"
-	tpmtbs "github.com/google/go-tpm/tpmutil/tbs"
 	"golang.org/x/sys/windows"
+	tpmtbs "github.com/google/go-tpm/tpmutil/tbs"
+	"github.com/google/go-tpm/tpmutil"
 )
 
 const (

attest/pcp_windows.go

@@ -19,8 +19,8 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/google/certificate-transparency-go/x509"
 	"github.com/google/go-attestation/attest/internal"
+	"github.com/google/certificate-transparency-go/x509"
 )
 
 // SecurebootState describes the secure boot status of a machine, as determined