diff --git a/api/gen/proto/go/teleport/devicetrust/v1/device.pb.go b/api/gen/proto/go/teleport/devicetrust/v1/device.pb.go
index ccb5333f7ffd7..41d69a87bba00 100644
--- a/api/gen/proto/go/teleport/devicetrust/v1/device.pb.go
+++ b/api/gen/proto/go/teleport/devicetrust/v1/device.pb.go
@@ -43,14 +43,13 @@ const (
 	// Bare public key which has only verified with proof of ownership.
 	// Used on macOS.
 	DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED DeviceAttestationType = 0
-	// Credential was verified through a TPM EK->AK->App key chain on enrollment.
+	// Credential was verified through a TPM EK->AK chain on enrollment.
 	DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKPUB DeviceAttestationType = 1
-	// Credential was verified through a TPM EKCert->AK->App key chain on
-	// enrollment, but no allow-listed CAs were configured to validate this EKCert
-	// against.
+	// Credential was verified through a TPM EKCert->AK chain on enrollment,
+	// but no allow-listed CAs were configured to validate this EKCert against.
 	DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKCERT DeviceAttestationType = 2
-	// Credential was verified through a TPM EKCert->AK->App key chain on
-	// enrollment, and the EKCert was signed by a configured allow-listed CA.
+	// Credential was verified through a TPM EKCert->AK chain on enrollment, and
+	// the EKCert was signed by a configured allow-listed CA.
 	DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKCERT_TRUSTED DeviceAttestationType = 3
 )
 
@@ -330,19 +329,14 @@ type DeviceCredential struct {
 	// Unique identifier of the credential, defined client-side.
 	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
 	// Device public key marshaled as a PKIX, ASN.1 DER.
-	// For TPMs, this is the public application key.
+	// If the device is a TPM device, stores the public attestation key to use for
+	// verifying platform attestation.
 	PublicKeyDer []byte `protobuf:"bytes,2,opt,name=public_key_der,json=publicKeyDer,proto3" json:"public_key_der,omitempty"`
 	// The degree to which the device credential is attested.
 	DeviceAttestationType DeviceAttestationType `protobuf:"varint,3,opt,name=device_attestation_type,json=deviceAttestationType,proto3,enum=teleport.devicetrust.v1.DeviceAttestationType" json:"device_attestation_type,omitempty"`
 	// If the device is a TPM device, stores the serial number from the TPM
 	// endorsement certificate.
-	// The certificate is not stored for security reasons, but the serial can be
-	// used to retrieve information about a specific unit from the manufacturer
-	// at a later date.
-	TpmSerial string `protobuf:"bytes,4,opt,name=tpm_serial,json=tpmSerial,proto3" json:"tpm_serial,omitempty"`
-	// If the device is a TPM device, stores the public AK in PKIX, ASN.1 DER
-	// form.
-	TpmAttestationKeyDer []byte `protobuf:"bytes,5,opt,name=tpm_attestation_key_der,json=tpmAttestationKeyDer,proto3" json:"tpm_attestation_key_der,omitempty"`
+	TpmEkcertSerial string `protobuf:"bytes,4,opt,name=tpm_ekcert_serial,json=tpmEkcertSerial,proto3" json:"tpm_ekcert_serial,omitempty"`
 }
 
 func (x *DeviceCredential) Reset() {
@@ -398,20 +392,13 @@ func (x *DeviceCredential) GetDeviceAttestationType() DeviceAttestationType {
 	return DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED
 }
 
-func (x *DeviceCredential) GetTpmSerial() string {
+func (x *DeviceCredential) GetTpmEkcertSerial() string {
 	if x != nil {
-		return x.TpmSerial
+		return x.TpmEkcertSerial
 	}
 	return ""
 }
 
-func (x *DeviceCredential) GetTpmAttestationKeyDer() []byte {
-	if x != nil {
-		return x.TpmAttestationKeyDer
-	}
-	return nil
-}
-
 var File_teleport_devicetrust_v1_device_proto protoreflect.FileDescriptor
 
 var file_teleport_devicetrust_v1_device_proto_rawDesc = []byte{
@@ -480,7 +467,7 @@ var file_teleport_devicetrust_v1_device_proto_rawDesc = []byte{
 	0x6c, 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70,
 	0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e,
 	0x76, 0x31, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65,
-	0x52, 0x07, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x22, 0x86, 0x02, 0x0a, 0x10, 0x44, 0x65,
+	0x52, 0x07, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x22, 0xdc, 0x01, 0x0a, 0x10, 0x44, 0x65,
 	0x76, 0x69, 0x63, 0x65, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x12, 0x0e,
 	0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x24,
 	0x0a, 0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x64, 0x65, 0x72,
@@ -491,39 +478,37 @@ var file_teleport_devicetrust_v1_device_proto_rawDesc = []byte{
 	0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e,
 	0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f,
 	0x6e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x15, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x74, 0x74,
-	0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x0a,
-	0x74, 0x70, 0x6d, 0x5f, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x09, 0x74, 0x70, 0x6d, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x35, 0x0a, 0x17, 0x74,
-	0x70, 0x6d, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b,
-	0x65, 0x79, 0x5f, 0x64, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x14, 0x74, 0x70,
-	0x6d, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x44,
-	0x65, 0x72, 0x2a, 0xbf, 0x01, 0x0a, 0x15, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x74, 0x74,
-	0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x27, 0x0a, 0x23,
-	0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x41, 0x54, 0x54, 0x45, 0x53, 0x54, 0x41, 0x54, 0x49,
-	0x4f, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46,
-	0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x25, 0x0a, 0x21, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f,
-	0x41, 0x54, 0x54, 0x45, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45,
-	0x5f, 0x54, 0x50, 0x4d, 0x5f, 0x45, 0x4b, 0x50, 0x55, 0x42, 0x10, 0x01, 0x12, 0x26, 0x0a, 0x22,
-	0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x41, 0x54, 0x54, 0x45, 0x53, 0x54, 0x41, 0x54, 0x49,
-	0x4f, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x54, 0x50, 0x4d, 0x5f, 0x45, 0x4b, 0x43, 0x45,
-	0x52, 0x54, 0x10, 0x02, 0x12, 0x2e, 0x0a, 0x2a, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x41,
-	0x54, 0x54, 0x45, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
-	0x54, 0x50, 0x4d, 0x5f, 0x45, 0x4b, 0x43, 0x45, 0x52, 0x54, 0x5f, 0x54, 0x52, 0x55, 0x53, 0x54,
-	0x45, 0x44, 0x10, 0x03, 0x2a, 0x84, 0x01, 0x0a, 0x12, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x45,
-	0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x24, 0x0a, 0x20, 0x44,
-	0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x53, 0x54, 0x41,
-	0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
-	0x00, 0x12, 0x25, 0x0a, 0x21, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x45, 0x4e, 0x52, 0x4f,
-	0x4c, 0x4c, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x45, 0x4e,
-	0x52, 0x4f, 0x4c, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x21, 0x0a, 0x1d, 0x44, 0x45, 0x56, 0x49,
-	0x43, 0x45, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53,
-	0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x45, 0x44, 0x10, 0x02, 0x42, 0x5a, 0x5a, 0x58, 0x67,
-	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
-	0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67,
-	0x6f, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63,
-	0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2f, 0x76, 0x31, 0x3b, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x74, 0x72, 0x75, 0x73, 0x74, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x2a, 0x0a, 0x11,
+	0x74, 0x70, 0x6d, 0x5f, 0x65, 0x6b, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x73, 0x65, 0x72, 0x69, 0x61,
+	0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x74, 0x70, 0x6d, 0x45, 0x6b, 0x63, 0x65,
+	0x72, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x2a, 0xbf, 0x01, 0x0a, 0x15, 0x44, 0x65, 0x76,
+	0x69, 0x63, 0x65, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x79,
+	0x70, 0x65, 0x12, 0x27, 0x0a, 0x23, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x41, 0x54, 0x54,
+	0x45, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e,
+	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x25, 0x0a, 0x21, 0x44,
+	0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x41, 0x54, 0x54, 0x45, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f,
+	0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x54, 0x50, 0x4d, 0x5f, 0x45, 0x4b, 0x50, 0x55, 0x42,
+	0x10, 0x01, 0x12, 0x26, 0x0a, 0x22, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x41, 0x54, 0x54,
+	0x45, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x54, 0x50,
+	0x4d, 0x5f, 0x45, 0x4b, 0x43, 0x45, 0x52, 0x54, 0x10, 0x02, 0x12, 0x2e, 0x0a, 0x2a, 0x44, 0x45,
+	0x56, 0x49, 0x43, 0x45, 0x5f, 0x41, 0x54, 0x54, 0x45, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e,
+	0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x54, 0x50, 0x4d, 0x5f, 0x45, 0x4b, 0x43, 0x45, 0x52, 0x54,
+	0x5f, 0x54, 0x52, 0x55, 0x53, 0x54, 0x45, 0x44, 0x10, 0x03, 0x2a, 0x84, 0x01, 0x0a, 0x12, 0x44,
+	0x65, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75,
+	0x73, 0x12, 0x24, 0x0a, 0x20, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x45, 0x4e, 0x52, 0x4f,
+	0x4c, 0x4c, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
+	0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x25, 0x0a, 0x21, 0x44, 0x45, 0x56, 0x49, 0x43,
+	0x45, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f,
+	0x4e, 0x4f, 0x54, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x21,
+	0x0a, 0x1d, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x5f,
+	0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x45, 0x4e, 0x52, 0x4f, 0x4c, 0x4c, 0x45, 0x44, 0x10,
+	0x02, 0x42, 0x5a, 0x5a, 0x58, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+	0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65,
+	0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
+	0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2f, 0x76, 0x31, 0x3b,
+	0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x76, 0x31, 0x62, 0x06, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/api/gen/proto/go/teleport/devicetrust/v1/devicetrust_service.pb.go b/api/gen/proto/go/teleport/devicetrust/v1/devicetrust_service.pb.go
index e3f80b99f369b..31da0c5a47a02 100644
--- a/api/gen/proto/go/teleport/devicetrust/v1/devicetrust_service.pb.go
+++ b/api/gen/proto/go/teleport/devicetrust/v1/devicetrust_service.pb.go
@@ -1455,9 +1455,6 @@ type TPMEnrollPayload struct {
 	// The attestation key and the parameters necessary to remotely verify it as
 	// related to the endorsement key.
 	AttestationParameters *TPMAttestationParameters `protobuf:"bytes,3,opt,name=attestation_parameters,json=attestationParameters,proto3" json:"attestation_parameters,omitempty"`
-	// The application key and the parameters necessary to remotely certify it as
-	// related to the attestation key.
-	ApplicationCertificationParameters *TPMCertificationParameters `protobuf:"bytes,4,opt,name=application_certification_parameters,json=applicationCertificationParameters,proto3" json:"application_certification_parameters,omitempty"`
 }
 
 func (x *TPMEnrollPayload) Reset() {
@@ -1520,13 +1517,6 @@ func (x *TPMEnrollPayload) GetAttestationParameters() *TPMAttestationParameters
 	return nil
 }
 
-func (x *TPMEnrollPayload) GetApplicationCertificationParameters() *TPMCertificationParameters {
-	if x != nil {
-		return x.ApplicationCertificationParameters
-	}
-	return nil
-}
-
 type isTPMEnrollPayload_Ek interface {
 	isTPMEnrollPayload_Ek()
 }
@@ -1631,29 +1621,25 @@ func (x *TPMAttestationParameters) GetCreateSignature() []byte {
 	return nil
 }
 
-// The application key and the parameters necessary to remotely certify it as
-// related to the attestation key.
-// See https://pkg.go.dev/github.com/google/go-attestation/attest#CertificationParameters
-type TPMCertificationParameters struct {
+// The challenge sent to the client by the server during enrollment.
+// The challenge involves two parts:
+// - Solving an encrypted credential with `ActivateCredential`.
+// - Producing a platform attestation using the provided nonce.
+type TPMEnrollChallenge struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// The encoded TPMT_PUBLIC structure containing the application public key
-	// and signing parameters.
-	Public []byte `protobuf:"bytes,1,opt,name=public,proto3" json:"public,omitempty"`
-	// The properties of the application key, encoded as a TPMS_CREATION_DATA
-	// structure.
-	CreateData []byte `protobuf:"bytes,2,opt,name=create_data,json=createData,proto3" json:"create_data,omitempty"`
-	// An assertion as to the details of the key, encoded as a TPMS_ATTEST
-	// structure.
-	CreateAttestation []byte `protobuf:"bytes,3,opt,name=create_attestation,json=createAttestation,proto3" json:"create_attestation,omitempty"`
-	// A signature of create_attestation, encoded as a TPMT_SIGNATURE structure.
-	CreateSignature []byte `protobuf:"bytes,4,opt,name=create_signature,json=createSignature,proto3" json:"create_signature,omitempty"`
+	// The encrypted credential for the client to prove possession of the EK and
+	// AK.
+	EncryptedCredential *TPMEncryptedCredential `protobuf:"bytes,1,opt,name=encrypted_credential,json=encryptedCredential,proto3" json:"encrypted_credential,omitempty"`
+	// The nonce to use when producing the quotes over the PCRs with the TPM
+	// during the platform attestation.
+	AttestationNonce []byte `protobuf:"bytes,2,opt,name=attestation_nonce,json=attestationNonce,proto3" json:"attestation_nonce,omitempty"`
 }
 
-func (x *TPMCertificationParameters) Reset() {
-	*x = TPMCertificationParameters{}
+func (x *TPMEnrollChallenge) Reset() {
+	*x = TPMEnrollChallenge{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[22]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -1661,13 +1647,13 @@ func (x *TPMCertificationParameters) Reset() {
 	}
 }
 
-func (x *TPMCertificationParameters) String() string {
+func (x *TPMEnrollChallenge) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*TPMCertificationParameters) ProtoMessage() {}
+func (*TPMEnrollChallenge) ProtoMessage() {}
 
-func (x *TPMCertificationParameters) ProtoReflect() protoreflect.Message {
+func (x *TPMEnrollChallenge) ProtoReflect() protoreflect.Message {
 	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[22]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -1679,50 +1665,34 @@ func (x *TPMCertificationParameters) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use TPMCertificationParameters.ProtoReflect.Descriptor instead.
-func (*TPMCertificationParameters) Descriptor() ([]byte, []int) {
+// Deprecated: Use TPMEnrollChallenge.ProtoReflect.Descriptor instead.
+func (*TPMEnrollChallenge) Descriptor() ([]byte, []int) {
 	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{22}
 }
 
-func (x *TPMCertificationParameters) GetPublic() []byte {
+func (x *TPMEnrollChallenge) GetEncryptedCredential() *TPMEncryptedCredential {
 	if x != nil {
-		return x.Public
+		return x.EncryptedCredential
 	}
 	return nil
 }
 
-func (x *TPMCertificationParameters) GetCreateData() []byte {
+func (x *TPMEnrollChallenge) GetAttestationNonce() []byte {
 	if x != nil {
-		return x.CreateData
+		return x.AttestationNonce
 	}
 	return nil
 }
 
-func (x *TPMCertificationParameters) GetCreateAttestation() []byte {
-	if x != nil {
-		return x.CreateAttestation
-	}
-	return nil
-}
-
-func (x *TPMCertificationParameters) GetCreateSignature() []byte {
-	if x != nil {
-		return x.CreateSignature
-	}
-	return nil
-}
-
-// The enrollment challenge sent to the client by the server in order to
-// validate it has possession of the EK and AK.
-//
 // These values are used by the TPM2.0 `ActivateCredential` command to produce
-// the solution which proves possession.
+// the solution which proves possession of the EK and AK.
 //
 // For a more in-depth description see:
+// - https://pkg.go.dev/github.com/google/go-attestation/attest#EncryptedCredential
 // - https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part3_Commands_code_pub.pdf (Heading 12.5.1 "TPM2_ActivateCredential" "General Description")
 // - https://github.com/google/go-attestation/blob/v0.4.3/attest/activation.go#L199
 // - https://github.com/google/go-tpm/blob/v0.3.3/tpm2/credactivation/credential_activation.go#L61
-type TPMEnrollChallenge struct {
+type TPMEncryptedCredential struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
@@ -1737,8 +1707,8 @@ type TPMEnrollChallenge struct {
 	Secret []byte `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
 }
 
-func (x *TPMEnrollChallenge) Reset() {
-	*x = TPMEnrollChallenge{}
+func (x *TPMEncryptedCredential) Reset() {
+	*x = TPMEncryptedCredential{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[23]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -1746,13 +1716,13 @@ func (x *TPMEnrollChallenge) Reset() {
 	}
 }
 
-func (x *TPMEnrollChallenge) String() string {
+func (x *TPMEncryptedCredential) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*TPMEnrollChallenge) ProtoMessage() {}
+func (*TPMEncryptedCredential) ProtoMessage() {}
 
-func (x *TPMEnrollChallenge) ProtoReflect() protoreflect.Message {
+func (x *TPMEncryptedCredential) ProtoReflect() protoreflect.Message {
 	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[23]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -1764,19 +1734,19 @@ func (x *TPMEnrollChallenge) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use TPMEnrollChallenge.ProtoReflect.Descriptor instead.
-func (*TPMEnrollChallenge) Descriptor() ([]byte, []int) {
+// Deprecated: Use TPMEncryptedCredential.ProtoReflect.Descriptor instead.
+func (*TPMEncryptedCredential) Descriptor() ([]byte, []int) {
 	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{23}
 }
 
-func (x *TPMEnrollChallenge) GetCredentialBlob() []byte {
+func (x *TPMEncryptedCredential) GetCredentialBlob() []byte {
 	if x != nil {
 		return x.CredentialBlob
 	}
 	return nil
 }
 
-func (x *TPMEnrollChallenge) GetSecret() []byte {
+func (x *TPMEncryptedCredential) GetSecret() []byte {
 	if x != nil {
 		return x.Secret
 	}
@@ -1791,8 +1761,12 @@ type TPMEnrollChallengeResponse struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// The proof of possession of both the EK and AK.
+	// The client's solution to `TPMEncryptedCredential` included in
+	// `TPMEnrollChallenge` using ActivateCredential.
 	Solution []byte `protobuf:"bytes,1,opt,name=solution,proto3" json:"solution,omitempty"`
+	// The result of the client's platform attestation with the nonce provided
+	// in `TPMEnrollChallenge`.
+	PlatformParameters *TPMPlatformParameters `protobuf:"bytes,2,opt,name=platform_parameters,json=platformParameters,proto3" json:"platform_parameters,omitempty"`
 }
 
 func (x *TPMEnrollChallengeResponse) Reset() {
@@ -1834,6 +1808,207 @@ func (x *TPMEnrollChallengeResponse) GetSolution() []byte {
 	return nil
 }
 
+func (x *TPMEnrollChallengeResponse) GetPlatformParameters() *TPMPlatformParameters {
+	if x != nil {
+		return x.PlatformParameters
+	}
+	return nil
+}
+
+// Encapsulates the value of a PCR at a point at time.
+// See https://pkg.go.dev/github.com/google/go-attestation/attest#PCR
+type TPMPCR struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// the PCR index in the PCR bank
+	Index int32 `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"`
+	// the digest currently held in the PCR
+	Digest []byte `protobuf:"bytes,2,opt,name=digest,proto3" json:"digest,omitempty"`
+	// hash algorithm associated with the PCR bank. This value is the underlying
+	// value of the crypto.Hash type.
+	Hash uint64 `protobuf:"varint,3,opt,name=hash,proto3" json:"hash,omitempty"`
+}
+
+func (x *TPMPCR) Reset() {
+	*x = TPMPCR{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[25]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TPMPCR) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TPMPCR) ProtoMessage() {}
+
+func (x *TPMPCR) ProtoReflect() protoreflect.Message {
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[25]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TPMPCR.ProtoReflect.Descriptor instead.
+func (*TPMPCR) Descriptor() ([]byte, []int) {
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{25}
+}
+
+func (x *TPMPCR) GetIndex() int32 {
+	if x != nil {
+		return x.Index
+	}
+	return 0
+}
+
+func (x *TPMPCR) GetDigest() []byte {
+	if x != nil {
+		return x.Digest
+	}
+	return nil
+}
+
+func (x *TPMPCR) GetHash() uint64 {
+	if x != nil {
+		return x.Hash
+	}
+	return 0
+}
+
+// Encapsulates the result of a quote operation against the TPM over a PCR
+// using an attestation key.
+// See https://pkg.go.dev/github.com/google/go-attestation/attest#Quote
+type TPMQuote struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Quote     []byte `protobuf:"bytes,1,opt,name=quote,proto3" json:"quote,omitempty"`
+	Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
+}
+
+func (x *TPMQuote) Reset() {
+	*x = TPMQuote{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[26]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TPMQuote) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TPMQuote) ProtoMessage() {}
+
+func (x *TPMQuote) ProtoReflect() protoreflect.Message {
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[26]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TPMQuote.ProtoReflect.Descriptor instead.
+func (*TPMQuote) Descriptor() ([]byte, []int) {
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{26}
+}
+
+func (x *TPMQuote) GetQuote() []byte {
+	if x != nil {
+		return x.Quote
+	}
+	return nil
+}
+
+func (x *TPMQuote) GetSignature() []byte {
+	if x != nil {
+		return x.Signature
+	}
+	return nil
+}
+
+// The quotes, PCRs and event log from a TPM that attest to the booted state
+// of the machine.
+// See https://pkg.go.dev/github.com/google/go-attestation/attest#PlatformParameters
+// Excludes TPMVersion and Public since these are already known values.
+type TPMPlatformParameters struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Quotes   []*TPMQuote `protobuf:"bytes,1,rep,name=quotes,proto3" json:"quotes,omitempty"`
+	Pcrs     []*TPMPCR   `protobuf:"bytes,2,rep,name=pcrs,proto3" json:"pcrs,omitempty"`
+	EventLog []byte      `protobuf:"bytes,3,opt,name=event_log,json=eventLog,proto3" json:"event_log,omitempty"`
+}
+
+func (x *TPMPlatformParameters) Reset() {
+	*x = TPMPlatformParameters{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[27]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TPMPlatformParameters) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TPMPlatformParameters) ProtoMessage() {}
+
+func (x *TPMPlatformParameters) ProtoReflect() protoreflect.Message {
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[27]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TPMPlatformParameters.ProtoReflect.Descriptor instead.
+func (*TPMPlatformParameters) Descriptor() ([]byte, []int) {
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{27}
+}
+
+func (x *TPMPlatformParameters) GetQuotes() []*TPMQuote {
+	if x != nil {
+		return x.Quotes
+	}
+	return nil
+}
+
+func (x *TPMPlatformParameters) GetPcrs() []*TPMPCR {
+	if x != nil {
+		return x.Pcrs
+	}
+	return nil
+}
+
+func (x *TPMPlatformParameters) GetEventLog() []byte {
+	if x != nil {
+		return x.EventLog
+	}
+	return nil
+}
+
 // Request for AuthenticateDevice.
 //
 // Authentication ceremony flow:
@@ -1850,13 +2025,14 @@ type AuthenticateDeviceRequest struct {
 	//
 	//	*AuthenticateDeviceRequest_Init
 	//	*AuthenticateDeviceRequest_ChallengeResponse
+	//	*AuthenticateDeviceRequest_TpmChallengeResponse
 	Payload isAuthenticateDeviceRequest_Payload `protobuf_oneof:"payload"`
 }
 
 func (x *AuthenticateDeviceRequest) Reset() {
 	*x = AuthenticateDeviceRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[25]
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[28]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1869,7 +2045,7 @@ func (x *AuthenticateDeviceRequest) String() string {
 func (*AuthenticateDeviceRequest) ProtoMessage() {}
 
 func (x *AuthenticateDeviceRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[25]
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[28]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1882,7 +2058,7 @@ func (x *AuthenticateDeviceRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AuthenticateDeviceRequest.ProtoReflect.Descriptor instead.
 func (*AuthenticateDeviceRequest) Descriptor() ([]byte, []int) {
-	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{25}
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{28}
 }
 
 func (m *AuthenticateDeviceRequest) GetPayload() isAuthenticateDeviceRequest_Payload {
@@ -1906,6 +2082,13 @@ func (x *AuthenticateDeviceRequest) GetChallengeResponse() *AuthenticateDeviceCh
 	return nil
 }
 
+func (x *AuthenticateDeviceRequest) GetTpmChallengeResponse() *TPMAuthenticateDeviceChallengeResponse {
+	if x, ok := x.GetPayload().(*AuthenticateDeviceRequest_TpmChallengeResponse); ok {
+		return x.TpmChallengeResponse
+	}
+	return nil
+}
+
 type isAuthenticateDeviceRequest_Payload interface {
 	isAuthenticateDeviceRequest_Payload()
 }
@@ -1918,10 +2101,16 @@ type AuthenticateDeviceRequest_ChallengeResponse struct {
 	ChallengeResponse *AuthenticateDeviceChallengeResponse `protobuf:"bytes,2,opt,name=challenge_response,json=challengeResponse,proto3,oneof"`
 }
 
+type AuthenticateDeviceRequest_TpmChallengeResponse struct {
+	TpmChallengeResponse *TPMAuthenticateDeviceChallengeResponse `protobuf:"bytes,3,opt,name=tpm_challenge_response,json=tpmChallengeResponse,proto3,oneof"`
+}
+
 func (*AuthenticateDeviceRequest_Init) isAuthenticateDeviceRequest_Payload() {}
 
 func (*AuthenticateDeviceRequest_ChallengeResponse) isAuthenticateDeviceRequest_Payload() {}
 
+func (*AuthenticateDeviceRequest_TpmChallengeResponse) isAuthenticateDeviceRequest_Payload() {}
+
 // Response for AuthenticateDevice.
 type AuthenticateDeviceResponse struct {
 	state         protoimpl.MessageState
@@ -1932,13 +2121,14 @@ type AuthenticateDeviceResponse struct {
 	//
 	//	*AuthenticateDeviceResponse_Challenge
 	//	*AuthenticateDeviceResponse_UserCertificates
+	//	*AuthenticateDeviceResponse_TpmChallenge
 	Payload isAuthenticateDeviceResponse_Payload `protobuf_oneof:"payload"`
 }
 
 func (x *AuthenticateDeviceResponse) Reset() {
 	*x = AuthenticateDeviceResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[26]
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[29]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1951,7 +2141,7 @@ func (x *AuthenticateDeviceResponse) String() string {
 func (*AuthenticateDeviceResponse) ProtoMessage() {}
 
 func (x *AuthenticateDeviceResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[26]
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[29]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1964,7 +2154,7 @@ func (x *AuthenticateDeviceResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AuthenticateDeviceResponse.ProtoReflect.Descriptor instead.
 func (*AuthenticateDeviceResponse) Descriptor() ([]byte, []int) {
-	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{26}
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{29}
 }
 
 func (m *AuthenticateDeviceResponse) GetPayload() isAuthenticateDeviceResponse_Payload {
@@ -1988,6 +2178,13 @@ func (x *AuthenticateDeviceResponse) GetUserCertificates() *UserCertificates {
 	return nil
 }
 
+func (x *AuthenticateDeviceResponse) GetTpmChallenge() *TPMAuthenticateDeviceChallenge {
+	if x, ok := x.GetPayload().(*AuthenticateDeviceResponse_TpmChallenge); ok {
+		return x.TpmChallenge
+	}
+	return nil
+}
+
 type isAuthenticateDeviceResponse_Payload interface {
 	isAuthenticateDeviceResponse_Payload()
 }
@@ -2000,10 +2197,16 @@ type AuthenticateDeviceResponse_UserCertificates struct {
 	UserCertificates *UserCertificates `protobuf:"bytes,2,opt,name=user_certificates,json=userCertificates,proto3,oneof"`
 }
 
+type AuthenticateDeviceResponse_TpmChallenge struct {
+	TpmChallenge *TPMAuthenticateDeviceChallenge `protobuf:"bytes,3,opt,name=tpm_challenge,json=tpmChallenge,proto3,oneof"`
+}
+
 func (*AuthenticateDeviceResponse_Challenge) isAuthenticateDeviceResponse_Payload() {}
 
 func (*AuthenticateDeviceResponse_UserCertificates) isAuthenticateDeviceResponse_Payload() {}
 
+func (*AuthenticateDeviceResponse_TpmChallenge) isAuthenticateDeviceResponse_Payload() {}
+
 // AuthenticateDeviceInit initiates the device authentication ceremony.
 type AuthenticateDeviceInit struct {
 	state         protoimpl.MessageState
@@ -2030,7 +2233,7 @@ type AuthenticateDeviceInit struct {
 func (x *AuthenticateDeviceInit) Reset() {
 	*x = AuthenticateDeviceInit{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[27]
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[30]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2043,7 +2246,7 @@ func (x *AuthenticateDeviceInit) String() string {
 func (*AuthenticateDeviceInit) ProtoMessage() {}
 
 func (x *AuthenticateDeviceInit) ProtoReflect() protoreflect.Message {
-	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[27]
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[30]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2056,7 +2259,7 @@ func (x *AuthenticateDeviceInit) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AuthenticateDeviceInit.ProtoReflect.Descriptor instead.
 func (*AuthenticateDeviceInit) Descriptor() ([]byte, []int) {
-	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{27}
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{30}
 }
 
 func (x *AuthenticateDeviceInit) GetUserCertificates() *UserCertificates {
@@ -2080,6 +2283,108 @@ func (x *AuthenticateDeviceInit) GetDeviceData() *DeviceCollectedData {
 	return nil
 }
 
+// TPMAuthenticateDeviceChallenge carries the authentication challenge
+// specific to TPMs.
+type TPMAuthenticateDeviceChallenge struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Randomly-generated nonce to be used during platform attestation by the
+	// TPM.
+	AttestationNonce []byte `protobuf:"bytes,1,opt,name=attestation_nonce,json=attestationNonce,proto3" json:"attestation_nonce,omitempty"`
+}
+
+func (x *TPMAuthenticateDeviceChallenge) Reset() {
+	*x = TPMAuthenticateDeviceChallenge{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[31]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TPMAuthenticateDeviceChallenge) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TPMAuthenticateDeviceChallenge) ProtoMessage() {}
+
+func (x *TPMAuthenticateDeviceChallenge) ProtoReflect() protoreflect.Message {
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[31]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TPMAuthenticateDeviceChallenge.ProtoReflect.Descriptor instead.
+func (*TPMAuthenticateDeviceChallenge) Descriptor() ([]byte, []int) {
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{31}
+}
+
+func (x *TPMAuthenticateDeviceChallenge) GetAttestationNonce() []byte {
+	if x != nil {
+		return x.AttestationNonce
+	}
+	return nil
+}
+
+// TPMAuthenticateDeviceChallengeResponse carries the authentication challenge
+// response specific to TPMs.
+type TPMAuthenticateDeviceChallengeResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The result of the client's platform attestation with the nonce provided
+	// in `TPMAuthenticateDeviceChallenge`.
+	PlatformParameters *TPMPlatformParameters `protobuf:"bytes,1,opt,name=platform_parameters,json=platformParameters,proto3" json:"platform_parameters,omitempty"`
+}
+
+func (x *TPMAuthenticateDeviceChallengeResponse) Reset() {
+	*x = TPMAuthenticateDeviceChallengeResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[32]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *TPMAuthenticateDeviceChallengeResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TPMAuthenticateDeviceChallengeResponse) ProtoMessage() {}
+
+func (x *TPMAuthenticateDeviceChallengeResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[32]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TPMAuthenticateDeviceChallengeResponse.ProtoReflect.Descriptor instead.
+func (*TPMAuthenticateDeviceChallengeResponse) Descriptor() ([]byte, []int) {
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{32}
+}
+
+func (x *TPMAuthenticateDeviceChallengeResponse) GetPlatformParameters() *TPMPlatformParameters {
+	if x != nil {
+		return x.PlatformParameters
+	}
+	return nil
+}
+
 // AuthenticateDeviceChallenge carries the authentication challenge.
 type AuthenticateDeviceChallenge struct {
 	state         protoimpl.MessageState
@@ -2093,7 +2398,7 @@ type AuthenticateDeviceChallenge struct {
 func (x *AuthenticateDeviceChallenge) Reset() {
 	*x = AuthenticateDeviceChallenge{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[28]
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[33]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2106,7 +2411,7 @@ func (x *AuthenticateDeviceChallenge) String() string {
 func (*AuthenticateDeviceChallenge) ProtoMessage() {}
 
 func (x *AuthenticateDeviceChallenge) ProtoReflect() protoreflect.Message {
-	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[28]
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[33]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2119,7 +2424,7 @@ func (x *AuthenticateDeviceChallenge) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use AuthenticateDeviceChallenge.ProtoReflect.Descriptor instead.
 func (*AuthenticateDeviceChallenge) Descriptor() ([]byte, []int) {
-	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{28}
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{33}
 }
 
 func (x *AuthenticateDeviceChallenge) GetChallenge() []byte {
@@ -2143,7 +2448,7 @@ type AuthenticateDeviceChallengeResponse struct {
 func (x *AuthenticateDeviceChallengeResponse) Reset() {
 	*x = AuthenticateDeviceChallengeResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[29]
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[34]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2156,7 +2461,7 @@ func (x *AuthenticateDeviceChallengeResponse) String() string {
 func (*AuthenticateDeviceChallengeResponse) ProtoMessage() {}
 
 func (x *AuthenticateDeviceChallengeResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[29]
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[34]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2169,7 +2474,7 @@ func (x *AuthenticateDeviceChallengeResponse) ProtoReflect() protoreflect.Messag
 
 // Deprecated: Use AuthenticateDeviceChallengeResponse.ProtoReflect.Descriptor instead.
 func (*AuthenticateDeviceChallengeResponse) Descriptor() ([]byte, []int) {
-	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{29}
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{34}
 }
 
 func (x *AuthenticateDeviceChallengeResponse) GetSignature() []byte {
@@ -2208,7 +2513,7 @@ type SyncInventoryRequest struct {
 func (x *SyncInventoryRequest) Reset() {
 	*x = SyncInventoryRequest{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[30]
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[35]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2221,7 +2526,7 @@ func (x *SyncInventoryRequest) String() string {
 func (*SyncInventoryRequest) ProtoMessage() {}
 
 func (x *SyncInventoryRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[30]
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[35]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2234,7 +2539,7 @@ func (x *SyncInventoryRequest) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SyncInventoryRequest.ProtoReflect.Descriptor instead.
 func (*SyncInventoryRequest) Descriptor() ([]byte, []int) {
-	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{30}
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{35}
 }
 
 func (m *SyncInventoryRequest) GetPayload() isSyncInventoryRequest_Payload {
@@ -2316,7 +2621,7 @@ type SyncInventoryResponse struct {
 func (x *SyncInventoryResponse) Reset() {
 	*x = SyncInventoryResponse{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[31]
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[36]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2329,7 +2634,7 @@ func (x *SyncInventoryResponse) String() string {
 func (*SyncInventoryResponse) ProtoMessage() {}
 
 func (x *SyncInventoryResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[31]
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[36]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2342,7 +2647,7 @@ func (x *SyncInventoryResponse) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SyncInventoryResponse.ProtoReflect.Descriptor instead.
 func (*SyncInventoryResponse) Descriptor() ([]byte, []int) {
-	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{31}
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{36}
 }
 
 func (m *SyncInventoryResponse) GetPayload() isSyncInventoryResponse_Payload {
@@ -2407,7 +2712,7 @@ type SyncInventoryStart struct {
 func (x *SyncInventoryStart) Reset() {
 	*x = SyncInventoryStart{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[32]
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[37]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2420,7 +2725,7 @@ func (x *SyncInventoryStart) String() string {
 func (*SyncInventoryStart) ProtoMessage() {}
 
 func (x *SyncInventoryStart) ProtoReflect() protoreflect.Message {
-	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[32]
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[37]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2433,7 +2738,7 @@ func (x *SyncInventoryStart) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SyncInventoryStart.ProtoReflect.Descriptor instead.
 func (*SyncInventoryStart) Descriptor() ([]byte, []int) {
-	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{32}
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{37}
 }
 
 func (x *SyncInventoryStart) GetSource() *DeviceSource {
@@ -2473,7 +2778,7 @@ type SyncInventoryEnd struct {
 func (x *SyncInventoryEnd) Reset() {
 	*x = SyncInventoryEnd{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[33]
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[38]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2486,7 +2791,7 @@ func (x *SyncInventoryEnd) String() string {
 func (*SyncInventoryEnd) ProtoMessage() {}
 
 func (x *SyncInventoryEnd) ProtoReflect() protoreflect.Message {
-	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[33]
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[38]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2499,7 +2804,7 @@ func (x *SyncInventoryEnd) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SyncInventoryEnd.ProtoReflect.Descriptor instead.
 func (*SyncInventoryEnd) Descriptor() ([]byte, []int) {
-	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{33}
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{38}
 }
 
 func (x *SyncInventoryEnd) GetExternalSyncSuccessful() bool {
@@ -2523,7 +2828,7 @@ type SyncInventoryDevices struct {
 func (x *SyncInventoryDevices) Reset() {
 	*x = SyncInventoryDevices{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[34]
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[39]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2536,7 +2841,7 @@ func (x *SyncInventoryDevices) String() string {
 func (*SyncInventoryDevices) ProtoMessage() {}
 
 func (x *SyncInventoryDevices) ProtoReflect() protoreflect.Message {
-	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[34]
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[39]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2549,7 +2854,7 @@ func (x *SyncInventoryDevices) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SyncInventoryDevices.ProtoReflect.Descriptor instead.
 func (*SyncInventoryDevices) Descriptor() ([]byte, []int) {
-	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{34}
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{39}
 }
 
 func (x *SyncInventoryDevices) GetDevices() []*Device {
@@ -2570,7 +2875,7 @@ type SyncInventoryAck struct {
 func (x *SyncInventoryAck) Reset() {
 	*x = SyncInventoryAck{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[35]
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[40]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2583,7 +2888,7 @@ func (x *SyncInventoryAck) String() string {
 func (*SyncInventoryAck) ProtoMessage() {}
 
 func (x *SyncInventoryAck) ProtoReflect() protoreflect.Message {
-	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[35]
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[40]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2596,7 +2901,7 @@ func (x *SyncInventoryAck) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SyncInventoryAck.ProtoReflect.Descriptor instead.
 func (*SyncInventoryAck) Descriptor() ([]byte, []int) {
-	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{35}
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{40}
 }
 
 // SyncInventoryResult is the response for SyncInventoryDevices or
@@ -2614,7 +2919,7 @@ type SyncInventoryResult struct {
 func (x *SyncInventoryResult) Reset() {
 	*x = SyncInventoryResult{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[36]
+		mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[41]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -2627,7 +2932,7 @@ func (x *SyncInventoryResult) String() string {
 func (*SyncInventoryResult) ProtoMessage() {}
 
 func (x *SyncInventoryResult) ProtoReflect() protoreflect.Message {
-	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[36]
+	mi := &file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[41]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -2640,7 +2945,7 @@ func (x *SyncInventoryResult) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use SyncInventoryResult.ProtoReflect.Descriptor instead.
 func (*SyncInventoryResult) Descriptor() ([]byte, []int) {
-	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{36}
+	return file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP(), []int{41}
 }
 
 func (x *SyncInventoryResult) GetDevices() []*DeviceOrStatus {
@@ -2838,7 +3143,7 @@ var file_teleport_devicetrust_v1_devicetrust_service_proto_rawDesc = []byte{
 	0x53, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65,
 	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e,
 	0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67,
-	0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0xbe, 0x02, 0x0a, 0x10, 0x54, 0x50, 0x4d, 0x45, 0x6e,
+	0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0xb6, 0x01, 0x0a, 0x10, 0x54, 0x50, 0x4d, 0x45, 0x6e,
 	0x72, 0x6f, 0x6c, 0x6c, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x12, 0x19, 0x0a, 0x07, 0x65,
 	0x6b, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x06,
 	0x65, 0x6b, 0x43, 0x65, 0x72, 0x74, 0x12, 0x17, 0x0a, 0x06, 0x65, 0x6b, 0x5f, 0x6b, 0x65, 0x79,
@@ -2849,61 +3154,85 @@ var file_teleport_devicetrust_v1_devicetrust_service_proto_rawDesc = []byte{
 	0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x50, 0x4d, 0x41, 0x74, 0x74,
 	0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
 	0x72, 0x73, 0x52, 0x15, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50,
-	0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x85, 0x01, 0x0a, 0x24, 0x61, 0x70,
-	0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65,
-	0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70,
-	0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e,
-	0x76, 0x31, 0x2e, 0x54, 0x50, 0x4d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x22, 0x61,
-	0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72,
-	0x73, 0x42, 0x04, 0x0a, 0x02, 0x65, 0x6b, 0x22, 0xad, 0x01, 0x0a, 0x18, 0x54, 0x50, 0x4d, 0x41,
-	0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65,
-	0x74, 0x65, 0x72, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x12, 0x1f, 0x0a, 0x0b,
-	0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0c, 0x52, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x12, 0x2d, 0x0a,
-	0x12, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74,
-	0x65, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x29, 0x0a, 0x10,
-	0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x69,
-	0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0xaf, 0x01, 0x0a, 0x1a, 0x54, 0x50, 0x4d, 0x43,
-	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x61, 0x72, 0x61,
-	0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x12, 0x1f,
-	0x0a, 0x0b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0c, 0x52, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x61, 0x74, 0x61, 0x12,
-	0x2d, 0x0a, 0x12, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x63, 0x72, 0x65,
-	0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x29,
-	0x0a, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75,
-	0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0x55, 0x0a, 0x12, 0x54, 0x50, 0x4d,
-	0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x12,
-	0x27, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x62, 0x6c,
-	0x6f, 0x62, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e,
-	0x74, 0x69, 0x61, 0x6c, 0x42, 0x6c, 0x6f, 0x62, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x63, 0x72,
-	0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74,
-	0x22, 0x38, 0x0a, 0x1a, 0x54, 0x50, 0x4d, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x43, 0x68, 0x61,
-	0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a,
-	0x0a, 0x08, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c,
-	0x52, 0x08, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xdc, 0x01, 0x0a, 0x19, 0x41,
-	0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63,
-	0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x04, 0x69, 0x6e, 0x69, 0x74,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72,
-	0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31,
-	0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76,
-	0x69, 0x63, 0x65, 0x49, 0x6e, 0x69, 0x74, 0x48, 0x00, 0x52, 0x04, 0x69, 0x6e, 0x69, 0x74, 0x12,
-	0x6d, 0x0a, 0x12, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x5f, 0x72, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x74, 0x65,
-	0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75,
-	0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67,
-	0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x00, 0x52, 0x11, 0x63, 0x68, 0x61,
+	0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x42, 0x04, 0x0a, 0x02, 0x65, 0x6b, 0x22,
+	0xad, 0x01, 0x0a, 0x18, 0x54, 0x50, 0x4d, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x16, 0x0a, 0x06,
+	0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x75,
+	0x62, 0x6c, 0x69, 0x63, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x64,
+	0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74,
+	0x65, 0x44, 0x61, 0x74, 0x61, 0x12, 0x2d, 0x0a, 0x12, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f,
+	0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0c, 0x52, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x73,
+	0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0f,
+	0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22,
+	0xa5, 0x01, 0x0a, 0x12, 0x54, 0x50, 0x4d, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x43, 0x68, 0x61,
+	0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x12, 0x62, 0x0a, 0x14, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
+	0x74, 0x65, 0x64, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e,
+	0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54,
+	0x50, 0x4d, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x43, 0x72, 0x65, 0x64, 0x65,
+	0x6e, 0x74, 0x69, 0x61, 0x6c, 0x52, 0x13, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64,
+	0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x12, 0x2b, 0x0a, 0x11, 0x61, 0x74,
+	0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x6f, 0x6e, 0x63, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x10, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x22, 0x59, 0x0a, 0x16, 0x54, 0x50, 0x4d, 0x45, 0x6e,
+	0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61,
+	0x6c, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f,
+	0x62, 0x6c, 0x6f, 0x62, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64,
+	0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x42, 0x6c, 0x6f, 0x62, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65,
+	0x63, 0x72, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x73, 0x65, 0x63, 0x72,
+	0x65, 0x74, 0x22, 0x99, 0x01, 0x0a, 0x1a, 0x54, 0x50, 0x4d, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c,
+	0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0c, 0x52, 0x08, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x5f, 0x0a,
+	0x13, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65,
+	0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x74, 0x65, 0x6c,
+	0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73,
+	0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x50, 0x4d, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d,
+	0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x12, 0x70, 0x6c, 0x61, 0x74,
+	0x66, 0x6f, 0x72, 0x6d, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x22, 0x4a,
+	0x0a, 0x06, 0x54, 0x50, 0x4d, 0x50, 0x43, 0x52, 0x12, 0x14, 0x0a, 0x05, 0x69, 0x6e, 0x64, 0x65,
+	0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x16,
+	0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06,
+	0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x22, 0x3e, 0x0a, 0x08, 0x54, 0x50,
+	0x4d, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x71, 0x75, 0x6f, 0x74, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x71, 0x75, 0x6f, 0x74, 0x65, 0x12, 0x1c, 0x0a, 0x09,
+	0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52,
+	0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0xa4, 0x01, 0x0a, 0x15, 0x54,
+	0x50, 0x4d, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65,
+	0x74, 0x65, 0x72, 0x73, 0x12, 0x39, 0x0a, 0x06, 0x71, 0x75, 0x6f, 0x74, 0x65, 0x73, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e,
+	0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54,
+	0x50, 0x4d, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x52, 0x06, 0x71, 0x75, 0x6f, 0x74, 0x65, 0x73, 0x12,
+	0x33, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e,
+	0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74,
+	0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x50, 0x4d, 0x50, 0x43, 0x52, 0x52, 0x04,
+	0x70, 0x63, 0x72, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x6f,
+	0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x6f,
+	0x67, 0x22, 0xd5, 0x02, 0x0a, 0x19, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
+	0x45, 0x0a, 0x04, 0x69, 0x6e, 0x69, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e,
+	0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74,
+	0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x69, 0x74, 0x48, 0x00,
+	0x52, 0x04, 0x69, 0x6e, 0x69, 0x74, 0x12, 0x6d, 0x0a, 0x12, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65,
+	0x6e, 0x67, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65,
+	0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74,
+	0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43,
+	0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x48, 0x00, 0x52, 0x11, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x77, 0x0a, 0x16, 0x74, 0x70, 0x6d, 0x5f, 0x63, 0x68, 0x61,
+	0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
+	0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e,
+	0x54, 0x50, 0x4d, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44,
+	0x65, 0x76, 0x69, 0x63, 0x65, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x00, 0x52, 0x14, 0x74, 0x70, 0x6d, 0x43, 0x68, 0x61,
 	0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x09,
-	0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0xd7, 0x01, 0x0a, 0x1a, 0x41, 0x75,
+	0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0xb7, 0x02, 0x0a, 0x1a, 0x41, 0x75,
 	0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
 	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x54, 0x0a, 0x09, 0x63, 0x68, 0x61, 0x6c,
 	0x6c, 0x65, 0x6e, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x74, 0x65,
@@ -2916,7 +3245,13 @@ var file_teleport_devicetrust_v1_devicetrust_service_proto_rawDesc = []byte{
 	0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74,
 	0x2e, 0x76, 0x31, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
 	0x61, 0x74, 0x65, 0x73, 0x48, 0x00, 0x52, 0x10, 0x75, 0x73, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x5e, 0x0a, 0x0d, 0x74, 0x70, 0x6d, 0x5f,
+	0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x37, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63,
+	0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x50, 0x4d, 0x41, 0x75, 0x74,
+	0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43,
+	0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x48, 0x00, 0x52, 0x0c, 0x74, 0x70, 0x6d, 0x43,
+	0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c,
 	0x6f, 0x61, 0x64, 0x22, 0xe4, 0x01, 0x0a, 0x16, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69,
 	0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x69, 0x74, 0x12, 0x56,
 	0x0a, 0x11, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
@@ -2931,191 +3266,205 @@ var file_teleport_devicetrust_v1_devicetrust_service_proto_rawDesc = []byte{
 	0x32, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69,
 	0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63,
 	0x65, 0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x65, 0x64, 0x44, 0x61, 0x74, 0x61, 0x52, 0x0a,
-	0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x44, 0x61, 0x74, 0x61, 0x22, 0x3b, 0x0a, 0x1b, 0x41, 0x75,
-	0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x68, 0x61,
-	0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x63, 0x68,
-	0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x22, 0x43, 0x0a, 0x23, 0x41, 0x75, 0x74, 0x68, 0x65,
-	0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, 0x68, 0x61,
-	0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c,
-	0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0xdf, 0x02, 0x0a,
-	0x14, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e,
-	0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53,
-	0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x53, 0x74, 0x61, 0x72,
-	0x74, 0x48, 0x00, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x03, 0x65, 0x6e,
-	0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f,
-	0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76,
-	0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x45,
-	0x6e, 0x64, 0x48, 0x00, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x12, 0x5b, 0x0a, 0x11, 0x64, 0x65, 0x76,
-	0x69, 0x63, 0x65, 0x73, 0x5f, 0x74, 0x6f, 0x5f, 0x75, 0x70, 0x73, 0x65, 0x72, 0x74, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e,
-	0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53,
-	0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x44, 0x65, 0x76, 0x69,
-	0x63, 0x65, 0x73, 0x48, 0x00, 0x52, 0x0f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x54, 0x6f,
-	0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x12, 0x5b, 0x0a, 0x11, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x5f, 0x74, 0x6f, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x2d, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76,
-	0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63,
-	0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73,
-	0x48, 0x00, 0x52, 0x0f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x54, 0x6f, 0x52, 0x65, 0x6d,
-	0x6f, 0x76, 0x65, 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0xa9,
-	0x01, 0x0a, 0x15, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3d, 0x0a, 0x03, 0x61, 0x63, 0x6b, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
-	0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e,
-	0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x41, 0x63, 0x6b,
-	0x48, 0x00, 0x52, 0x03, 0x61, 0x63, 0x6b, 0x12, 0x46, 0x0a, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c,
-	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f,
-	0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76,
-	0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x52,
-	0x65, 0x73, 0x75, 0x6c, 0x74, 0x48, 0x00, 0x52, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x42,
-	0x09, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0xf3, 0x01, 0x0a, 0x12, 0x53,
-	0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x53, 0x74, 0x61, 0x72,
-	0x74, 0x12, 0x3d, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x25, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76,
-	0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x76, 0x69,
-	0x63, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
-	0x12, 0x3e, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a,
-	0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76,
-	0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65,
-	0x12, 0x5e, 0x0a, 0x11, 0x6f, 0x6e, 0x5f, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x5f, 0x61,
-	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x74, 0x65,
-	0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75,
-	0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74,
-	0x6f, 0x72, 0x79, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x0f, 0x6f, 0x6e, 0x4d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
-	0x22, 0x4c, 0x0a, 0x10, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72,
-	0x79, 0x45, 0x6e, 0x64, 0x12, 0x38, 0x0a, 0x18, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x5f, 0x73, 0x79, 0x6e, 0x63, 0x5f, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x16, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
-	0x53, 0x79, 0x6e, 0x63, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x22, 0x51,
-	0x0a, 0x14, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x44,
-	0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x07, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f,
-	0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76,
-	0x31, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x07, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x22, 0x12, 0x0a, 0x10, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f,
-	0x72, 0x79, 0x41, 0x63, 0x6b, 0x22, 0x58, 0x0a, 0x13, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76,
-	0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x41, 0x0a, 0x07,
-	0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e,
-	0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74,
-	0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x72,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x07, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2a,
-	0x59, 0x0a, 0x0a, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, 0x77, 0x12, 0x1b, 0x0a,
-	0x17, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x56, 0x49, 0x45, 0x57, 0x5f, 0x55, 0x4e, 0x53,
-	0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x44, 0x45,
-	0x56, 0x49, 0x43, 0x45, 0x5f, 0x56, 0x49, 0x45, 0x57, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0x01,
-	0x12, 0x18, 0x0a, 0x14, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x56, 0x49, 0x45, 0x57, 0x5f,
-	0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x10, 0x02, 0x2a, 0x77, 0x0a, 0x11, 0x53, 0x79,
-	0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12,
-	0x23, 0x0a, 0x1f, 0x53, 0x59, 0x4e, 0x43, 0x5f, 0x49, 0x4e, 0x56, 0x45, 0x4e, 0x54, 0x4f, 0x52,
-	0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
-	0x45, 0x44, 0x10, 0x00, 0x12, 0x1f, 0x0a, 0x1b, 0x53, 0x59, 0x4e, 0x43, 0x5f, 0x49, 0x4e, 0x56,
-	0x45, 0x4e, 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x41, 0x52, 0x54,
-	0x49, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x53, 0x59, 0x4e, 0x43, 0x5f, 0x49, 0x4e,
-	0x56, 0x45, 0x4e, 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x46, 0x55, 0x4c,
-	0x4c, 0x10, 0x02, 0x2a, 0x99, 0x01, 0x0a, 0x19, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65,
-	0x6e, 0x74, 0x6f, 0x72, 0x79, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f,
-	0x6e, 0x12, 0x2c, 0x0a, 0x28, 0x53, 0x59, 0x4e, 0x43, 0x5f, 0x49, 0x4e, 0x56, 0x45, 0x4e, 0x54,
-	0x4f, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f,
-	0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
-	0x25, 0x0a, 0x21, 0x53, 0x59, 0x4e, 0x43, 0x5f, 0x49, 0x4e, 0x56, 0x45, 0x4e, 0x54, 0x4f, 0x52,
-	0x59, 0x5f, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
-	0x4e, 0x4f, 0x4f, 0x50, 0x10, 0x01, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x59, 0x4e, 0x43, 0x5f, 0x49,
-	0x4e, 0x56, 0x45, 0x4e, 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f,
-	0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x02, 0x32,
-	0x99, 0x0a, 0x0a, 0x12, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x54, 0x72, 0x75, 0x73, 0x74, 0x53,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5d, 0x0a, 0x0c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72,
+	0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x44, 0x61, 0x74, 0x61, 0x22, 0x4d, 0x0a, 0x1e, 0x54, 0x50,
+	0x4d, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76,
+	0x69, 0x63, 0x65, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x12, 0x2b, 0x0a, 0x11,
+	0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x6f, 0x6e, 0x63,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x10, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x6f, 0x6e, 0x63, 0x65, 0x22, 0x89, 0x01, 0x0a, 0x26, 0x54, 0x50,
+	0x4d, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76,
+	0x69, 0x63, 0x65, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x13, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d,
+	0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x2e, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76,
+	0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x50, 0x4d, 0x50,
+	0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72,
+	0x73, 0x52, 0x12, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x61, 0x72, 0x61, 0x6d,
+	0x65, 0x74, 0x65, 0x72, 0x73, 0x22, 0x3b, 0x0a, 0x1b, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, 0x68, 0x61, 0x6c, 0x6c,
+	0x65, 0x6e, 0x67, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e,
+	0x67, 0x65, 0x22, 0x43, 0x0a, 0x23, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67,
+	0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67,
+	0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69,
+	0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0xdf, 0x02, 0x0a, 0x14, 0x53, 0x79, 0x6e, 0x63,
+	0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x12, 0x43, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2b, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63,
+	0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e,
+	0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x53, 0x74, 0x61, 0x72, 0x74, 0x48, 0x00, 0x52, 0x05,
+	0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x29, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65,
+	0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e,
+	0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x45, 0x6e, 0x64, 0x48, 0x00, 0x52,
+	0x03, 0x65, 0x6e, 0x64, 0x12, 0x5b, 0x0a, 0x11, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x5f,
+	0x74, 0x6f, 0x5f, 0x75, 0x70, 0x73, 0x65, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2d, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63,
+	0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e,
+	0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x48, 0x00,
+	0x52, 0x0f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x54, 0x6f, 0x55, 0x70, 0x73, 0x65, 0x72,
+	0x74, 0x12, 0x5b, 0x0a, 0x11, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x5f, 0x74, 0x6f, 0x5f,
+	0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x74,
+	0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72,
+	0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e,
+	0x74, 0x6f, 0x72, 0x79, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x48, 0x00, 0x52, 0x0f, 0x64,
+	0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x54, 0x6f, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x42, 0x09,
+	0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0xa9, 0x01, 0x0a, 0x15, 0x53, 0x79,
+	0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x12, 0x3d, 0x0a, 0x03, 0x61, 0x63, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x29, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69,
+	0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x49,
+	0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x41, 0x63, 0x6b, 0x48, 0x00, 0x52, 0x03, 0x61,
+	0x63, 0x6b, 0x12, 0x46, 0x0a, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65,
+	0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e,
+	0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74,
+	0x48, 0x00, 0x52, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61,
+	0x79, 0x6c, 0x6f, 0x61, 0x64, 0x22, 0xf3, 0x01, 0x0a, 0x12, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e,
+	0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x06,
+	0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x74,
+	0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72,
+	0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x53, 0x6f, 0x75,
+	0x72, 0x63, 0x65, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x3e, 0x0a, 0x04, 0x6d,
+	0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x74, 0x65, 0x6c, 0x65,
+	0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74,
+	0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72,
+	0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x5e, 0x0a, 0x11, 0x6f,
+	0x6e, 0x5f, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72,
 	0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31,
-	0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e,
-	0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44,
-	0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5d, 0x0a, 0x0c, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44,
-	0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
-	0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e,
-	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64,
-	0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65,
-	0x76, 0x69, 0x63, 0x65, 0x12, 0x5d, 0x0a, 0x0c, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x44, 0x65,
-	0x76, 0x69, 0x63, 0x65, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e,
-	0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x55,
-	0x70, 0x73, 0x65, 0x72, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65,
+	0x2e, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x44, 0x65,
+	0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x6f, 0x6e, 0x4d, 0x69,
+	0x73, 0x73, 0x69, 0x6e, 0x67, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x4c, 0x0a, 0x10, 0x53,
+	0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x45, 0x6e, 0x64, 0x12,
+	0x38, 0x0a, 0x18, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x73, 0x79, 0x6e, 0x63,
+	0x5f, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x16, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x53, 0x79, 0x6e, 0x63, 0x53,
+	0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x66, 0x75, 0x6c, 0x22, 0x51, 0x0a, 0x14, 0x53, 0x79, 0x6e,
+	0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
+	0x73, 0x12, 0x39, 0x0a, 0x07, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65,
 	0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x76,
-	0x69, 0x63, 0x65, 0x12, 0x54, 0x0a, 0x0c, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x65, 0x76,
-	0x69, 0x63, 0x65, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64,
-	0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65,
-	0x6c, 0x65, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x68, 0x0a, 0x0b, 0x46, 0x69, 0x6e,
-	0x64, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x2b, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70,
-	0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e,
-	0x76, 0x31, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
-	0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e,
-	0x46, 0x69, 0x6e, 0x64, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x12, 0x57, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x12, 0x29, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69,
-	0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x44, 0x65,
-	0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x74, 0x65,
-	0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75,
-	0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, 0x0a, 0x0b,
-	0x4c, 0x69, 0x73, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x2b, 0x2e, 0x74, 0x65,
-	0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75,
-	0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70,
+	0x69, 0x63, 0x65, 0x52, 0x07, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x22, 0x12, 0x0a, 0x10,
+	0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x41, 0x63, 0x6b,
+	0x22, 0x58, 0x0a, 0x13, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72,
+	0x79, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x41, 0x0a, 0x07, 0x64, 0x65, 0x76, 0x69, 0x63,
+	0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70,
 	0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e,
-	0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7a, 0x0a, 0x11, 0x42, 0x75, 0x6c, 0x6b, 0x43, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x31, 0x2e, 0x74, 0x65,
-	0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75,
-	0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x75, 0x6c, 0x6b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32,
+	0x76, 0x31, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75,
+	0x73, 0x52, 0x07, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2a, 0x59, 0x0a, 0x0a, 0x44, 0x65,
+	0x76, 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, 0x77, 0x12, 0x1b, 0x0a, 0x17, 0x44, 0x45, 0x56, 0x49,
+	0x43, 0x45, 0x5f, 0x56, 0x49, 0x45, 0x57, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46,
+	0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f,
+	0x56, 0x49, 0x45, 0x57, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x44,
+	0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x56, 0x49, 0x45, 0x57, 0x5f, 0x52, 0x45, 0x53, 0x4f, 0x55,
+	0x52, 0x43, 0x45, 0x10, 0x02, 0x2a, 0x77, 0x0a, 0x11, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76,
+	0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x23, 0x0a, 0x1f, 0x53, 0x59,
+	0x4e, 0x43, 0x5f, 0x49, 0x4e, 0x56, 0x45, 0x4e, 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x4d, 0x4f, 0x44,
+	0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
+	0x1f, 0x0a, 0x1b, 0x53, 0x59, 0x4e, 0x43, 0x5f, 0x49, 0x4e, 0x56, 0x45, 0x4e, 0x54, 0x4f, 0x52,
+	0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x49, 0x41, 0x4c, 0x10, 0x01,
+	0x12, 0x1c, 0x0a, 0x18, 0x53, 0x59, 0x4e, 0x43, 0x5f, 0x49, 0x4e, 0x56, 0x45, 0x4e, 0x54, 0x4f,
+	0x52, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x46, 0x55, 0x4c, 0x4c, 0x10, 0x02, 0x2a, 0x99,
+	0x01, 0x0a, 0x19, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79,
+	0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x28,
+	0x53, 0x59, 0x4e, 0x43, 0x5f, 0x49, 0x4e, 0x56, 0x45, 0x4e, 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x44,
+	0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53,
+	0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x25, 0x0a, 0x21, 0x53, 0x59,
+	0x4e, 0x43, 0x5f, 0x49, 0x4e, 0x56, 0x45, 0x4e, 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x56,
+	0x49, 0x43, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, 0x4f, 0x50, 0x10,
+	0x01, 0x12, 0x27, 0x0a, 0x23, 0x53, 0x59, 0x4e, 0x43, 0x5f, 0x49, 0x4e, 0x56, 0x45, 0x4e, 0x54,
+	0x4f, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f,
+	0x4e, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x02, 0x32, 0x99, 0x0a, 0x0a, 0x12, 0x44,
+	0x65, 0x76, 0x69, 0x63, 0x65, 0x54, 0x72, 0x75, 0x73, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x12, 0x5d, 0x0a, 0x0c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63,
+	0x65, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76,
+	0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63,
+	0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
+	0x12, 0x5d, 0x0a, 0x0c, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,
+	0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69,
+	0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74,
+	0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f,
 	0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x75, 0x6c, 0x6b, 0x43, 0x72, 0x65,
-	0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x7e, 0x0a, 0x17, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69,
-	0x63, 0x65, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x37, 0x2e,
+	0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12,
+	0x5d, 0x0a, 0x0c, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12,
+	0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63,
+	0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74,
+	0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e,
 	0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74,
-	0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x65,
-	0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72,
-	0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31,
-	0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x54, 0x6f, 0x6b,
-	0x65, 0x6e, 0x12, 0x6f, 0x0a, 0x0c, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x76, 0x69,
-	0x63, 0x65, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65,
-	0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x72,
-	0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x2d, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69,
-	0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x72, 0x6f, 0x6c,
-	0x6c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x28,
-	0x01, 0x30, 0x01, 0x12, 0x81, 0x01, 0x0a, 0x12, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x32, 0x2e, 0x74, 0x65, 0x6c,
-	0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73,
-	0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33,
+	0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x54,
+	0x0a, 0x0c, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2c,
 	0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x12, 0x72, 0x0a, 0x0d, 0x53, 0x79, 0x6e, 0x63, 0x49,
-	0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x12, 0x2d, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70,
+	0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44,
+	0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45,
+	0x6d, 0x70, 0x74, 0x79, 0x12, 0x68, 0x0a, 0x0b, 0x46, 0x69, 0x6e, 0x64, 0x44, 0x65, 0x76, 0x69,
+	0x63, 0x65, 0x73, 0x12, 0x2b, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64,
+	0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x46, 0x69,
+	0x6e, 0x64, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69,
+	0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x44,
+	0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x57,
+	0x0a, 0x09, 0x47, 0x65, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x29, 0x2e, 0x74, 0x65,
+	0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75,
+	0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31,
+	0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, 0x0a, 0x0b, 0x4c, 0x69, 0x73, 0x74, 0x44,
+	0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x2b, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31,
+	0x2e, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64,
+	0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69,
+	0x73, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x7a, 0x0a, 0x11, 0x42, 0x75, 0x6c, 0x6b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44,
+	0x65, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x31, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72,
+	0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31,
+	0x2e, 0x42, 0x75, 0x6c, 0x6b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63,
+	0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x74, 0x65, 0x6c, 0x65,
+	0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74,
+	0x2e, 0x76, 0x31, 0x2e, 0x42, 0x75, 0x6c, 0x6b, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x65,
+	0x76, 0x69, 0x63, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7e, 0x0a,
+	0x17, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x72,
+	0x6f, 0x6c, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x37, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70,
 	0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e,
-	0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f,
-	0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76,
-	0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x5a, 0x5a, 0x58, 0x67,
-	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
-	0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67,
-	0x6f, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63,
-	0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2f, 0x76, 0x31, 0x3b, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
-	0x74, 0x72, 0x75, 0x73, 0x74, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x45,
+	0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x2a, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76,
+	0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x76, 0x69,
+	0x63, 0x65, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x6f, 0x0a,
+	0x0c, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2c, 0x2e,
+	0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74,
+	0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x44, 0x65,
+	0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x74, 0x65,
+	0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75,
+	0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x72, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x76, 0x69,
+	0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x12, 0x81,
+	0x01, 0x0a, 0x12, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44,
+	0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x32, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
+	0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e,
+	0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x44, 0x65, 0x76, 0x69,
+	0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x74, 0x65, 0x6c, 0x65,
+	0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74,
+	0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x28, 0x01,
+	0x30, 0x01, 0x12, 0x72, 0x0a, 0x0d, 0x53, 0x79, 0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74,
+	0x6f, 0x72, 0x79, 0x12, 0x2d, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64,
+	0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79,
+	0x6e, 0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x64, 0x65,
+	0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e,
+	0x63, 0x49, 0x6e, 0x76, 0x65, 0x6e, 0x74, 0x6f, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x5a, 0x5a, 0x58, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x2f,
+	0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x74, 0x65, 0x6c,
+	0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73,
+	0x74, 0x2f, 0x76, 0x31, 0x3b, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74,
+	0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -3131,127 +3480,138 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_rawDescGZIP() []byte
 }
 
 var file_teleport_devicetrust_v1_devicetrust_service_proto_enumTypes = make([]protoimpl.EnumInfo, 3)
-var file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes = make([]protoimpl.MessageInfo, 37)
+var file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes = make([]protoimpl.MessageInfo, 42)
 var file_teleport_devicetrust_v1_devicetrust_service_proto_goTypes = []interface{}{
-	(DeviceView)(0),                             // 0: teleport.devicetrust.v1.DeviceView
-	(SyncInventoryMode)(0),                      // 1: teleport.devicetrust.v1.SyncInventoryMode
-	(SyncInventoryDeviceAction)(0),              // 2: teleport.devicetrust.v1.SyncInventoryDeviceAction
-	(*CreateDeviceRequest)(nil),                 // 3: teleport.devicetrust.v1.CreateDeviceRequest
-	(*UpdateDeviceRequest)(nil),                 // 4: teleport.devicetrust.v1.UpdateDeviceRequest
-	(*UpsertDeviceRequest)(nil),                 // 5: teleport.devicetrust.v1.UpsertDeviceRequest
-	(*DeleteDeviceRequest)(nil),                 // 6: teleport.devicetrust.v1.DeleteDeviceRequest
-	(*FindDevicesRequest)(nil),                  // 7: teleport.devicetrust.v1.FindDevicesRequest
-	(*FindDevicesResponse)(nil),                 // 8: teleport.devicetrust.v1.FindDevicesResponse
-	(*GetDeviceRequest)(nil),                    // 9: teleport.devicetrust.v1.GetDeviceRequest
-	(*ListDevicesRequest)(nil),                  // 10: teleport.devicetrust.v1.ListDevicesRequest
-	(*ListDevicesResponse)(nil),                 // 11: teleport.devicetrust.v1.ListDevicesResponse
-	(*BulkCreateDevicesRequest)(nil),            // 12: teleport.devicetrust.v1.BulkCreateDevicesRequest
-	(*BulkCreateDevicesResponse)(nil),           // 13: teleport.devicetrust.v1.BulkCreateDevicesResponse
-	(*DeviceOrStatus)(nil),                      // 14: teleport.devicetrust.v1.DeviceOrStatus
-	(*CreateDeviceEnrollTokenRequest)(nil),      // 15: teleport.devicetrust.v1.CreateDeviceEnrollTokenRequest
-	(*EnrollDeviceRequest)(nil),                 // 16: teleport.devicetrust.v1.EnrollDeviceRequest
-	(*EnrollDeviceResponse)(nil),                // 17: teleport.devicetrust.v1.EnrollDeviceResponse
-	(*EnrollDeviceInit)(nil),                    // 18: teleport.devicetrust.v1.EnrollDeviceInit
-	(*EnrollDeviceSuccess)(nil),                 // 19: teleport.devicetrust.v1.EnrollDeviceSuccess
-	(*MacOSEnrollPayload)(nil),                  // 20: teleport.devicetrust.v1.MacOSEnrollPayload
-	(*MacOSEnrollChallenge)(nil),                // 21: teleport.devicetrust.v1.MacOSEnrollChallenge
-	(*MacOSEnrollChallengeResponse)(nil),        // 22: teleport.devicetrust.v1.MacOSEnrollChallengeResponse
-	(*TPMEnrollPayload)(nil),                    // 23: teleport.devicetrust.v1.TPMEnrollPayload
-	(*TPMAttestationParameters)(nil),            // 24: teleport.devicetrust.v1.TPMAttestationParameters
-	(*TPMCertificationParameters)(nil),          // 25: teleport.devicetrust.v1.TPMCertificationParameters
-	(*TPMEnrollChallenge)(nil),                  // 26: teleport.devicetrust.v1.TPMEnrollChallenge
-	(*TPMEnrollChallengeResponse)(nil),          // 27: teleport.devicetrust.v1.TPMEnrollChallengeResponse
-	(*AuthenticateDeviceRequest)(nil),           // 28: teleport.devicetrust.v1.AuthenticateDeviceRequest
-	(*AuthenticateDeviceResponse)(nil),          // 29: teleport.devicetrust.v1.AuthenticateDeviceResponse
-	(*AuthenticateDeviceInit)(nil),              // 30: teleport.devicetrust.v1.AuthenticateDeviceInit
-	(*AuthenticateDeviceChallenge)(nil),         // 31: teleport.devicetrust.v1.AuthenticateDeviceChallenge
-	(*AuthenticateDeviceChallengeResponse)(nil), // 32: teleport.devicetrust.v1.AuthenticateDeviceChallengeResponse
-	(*SyncInventoryRequest)(nil),                // 33: teleport.devicetrust.v1.SyncInventoryRequest
-	(*SyncInventoryResponse)(nil),               // 34: teleport.devicetrust.v1.SyncInventoryResponse
-	(*SyncInventoryStart)(nil),                  // 35: teleport.devicetrust.v1.SyncInventoryStart
-	(*SyncInventoryEnd)(nil),                    // 36: teleport.devicetrust.v1.SyncInventoryEnd
-	(*SyncInventoryDevices)(nil),                // 37: teleport.devicetrust.v1.SyncInventoryDevices
-	(*SyncInventoryAck)(nil),                    // 38: teleport.devicetrust.v1.SyncInventoryAck
-	(*SyncInventoryResult)(nil),                 // 39: teleport.devicetrust.v1.SyncInventoryResult
-	(*Device)(nil),                              // 40: teleport.devicetrust.v1.Device
-	(*fieldmaskpb.FieldMask)(nil),               // 41: google.protobuf.FieldMask
-	(*status.Status)(nil),                       // 42: google.rpc.Status
-	(*DeviceCollectedData)(nil),                 // 43: teleport.devicetrust.v1.DeviceCollectedData
-	(*UserCertificates)(nil),                    // 44: teleport.devicetrust.v1.UserCertificates
-	(*DeviceSource)(nil),                        // 45: teleport.devicetrust.v1.DeviceSource
-	(*emptypb.Empty)(nil),                       // 46: google.protobuf.Empty
-	(*DeviceEnrollToken)(nil),                   // 47: teleport.devicetrust.v1.DeviceEnrollToken
+	(DeviceView)(0),                                // 0: teleport.devicetrust.v1.DeviceView
+	(SyncInventoryMode)(0),                         // 1: teleport.devicetrust.v1.SyncInventoryMode
+	(SyncInventoryDeviceAction)(0),                 // 2: teleport.devicetrust.v1.SyncInventoryDeviceAction
+	(*CreateDeviceRequest)(nil),                    // 3: teleport.devicetrust.v1.CreateDeviceRequest
+	(*UpdateDeviceRequest)(nil),                    // 4: teleport.devicetrust.v1.UpdateDeviceRequest
+	(*UpsertDeviceRequest)(nil),                    // 5: teleport.devicetrust.v1.UpsertDeviceRequest
+	(*DeleteDeviceRequest)(nil),                    // 6: teleport.devicetrust.v1.DeleteDeviceRequest
+	(*FindDevicesRequest)(nil),                     // 7: teleport.devicetrust.v1.FindDevicesRequest
+	(*FindDevicesResponse)(nil),                    // 8: teleport.devicetrust.v1.FindDevicesResponse
+	(*GetDeviceRequest)(nil),                       // 9: teleport.devicetrust.v1.GetDeviceRequest
+	(*ListDevicesRequest)(nil),                     // 10: teleport.devicetrust.v1.ListDevicesRequest
+	(*ListDevicesResponse)(nil),                    // 11: teleport.devicetrust.v1.ListDevicesResponse
+	(*BulkCreateDevicesRequest)(nil),               // 12: teleport.devicetrust.v1.BulkCreateDevicesRequest
+	(*BulkCreateDevicesResponse)(nil),              // 13: teleport.devicetrust.v1.BulkCreateDevicesResponse
+	(*DeviceOrStatus)(nil),                         // 14: teleport.devicetrust.v1.DeviceOrStatus
+	(*CreateDeviceEnrollTokenRequest)(nil),         // 15: teleport.devicetrust.v1.CreateDeviceEnrollTokenRequest
+	(*EnrollDeviceRequest)(nil),                    // 16: teleport.devicetrust.v1.EnrollDeviceRequest
+	(*EnrollDeviceResponse)(nil),                   // 17: teleport.devicetrust.v1.EnrollDeviceResponse
+	(*EnrollDeviceInit)(nil),                       // 18: teleport.devicetrust.v1.EnrollDeviceInit
+	(*EnrollDeviceSuccess)(nil),                    // 19: teleport.devicetrust.v1.EnrollDeviceSuccess
+	(*MacOSEnrollPayload)(nil),                     // 20: teleport.devicetrust.v1.MacOSEnrollPayload
+	(*MacOSEnrollChallenge)(nil),                   // 21: teleport.devicetrust.v1.MacOSEnrollChallenge
+	(*MacOSEnrollChallengeResponse)(nil),           // 22: teleport.devicetrust.v1.MacOSEnrollChallengeResponse
+	(*TPMEnrollPayload)(nil),                       // 23: teleport.devicetrust.v1.TPMEnrollPayload
+	(*TPMAttestationParameters)(nil),               // 24: teleport.devicetrust.v1.TPMAttestationParameters
+	(*TPMEnrollChallenge)(nil),                     // 25: teleport.devicetrust.v1.TPMEnrollChallenge
+	(*TPMEncryptedCredential)(nil),                 // 26: teleport.devicetrust.v1.TPMEncryptedCredential
+	(*TPMEnrollChallengeResponse)(nil),             // 27: teleport.devicetrust.v1.TPMEnrollChallengeResponse
+	(*TPMPCR)(nil),                                 // 28: teleport.devicetrust.v1.TPMPCR
+	(*TPMQuote)(nil),                               // 29: teleport.devicetrust.v1.TPMQuote
+	(*TPMPlatformParameters)(nil),                  // 30: teleport.devicetrust.v1.TPMPlatformParameters
+	(*AuthenticateDeviceRequest)(nil),              // 31: teleport.devicetrust.v1.AuthenticateDeviceRequest
+	(*AuthenticateDeviceResponse)(nil),             // 32: teleport.devicetrust.v1.AuthenticateDeviceResponse
+	(*AuthenticateDeviceInit)(nil),                 // 33: teleport.devicetrust.v1.AuthenticateDeviceInit
+	(*TPMAuthenticateDeviceChallenge)(nil),         // 34: teleport.devicetrust.v1.TPMAuthenticateDeviceChallenge
+	(*TPMAuthenticateDeviceChallengeResponse)(nil), // 35: teleport.devicetrust.v1.TPMAuthenticateDeviceChallengeResponse
+	(*AuthenticateDeviceChallenge)(nil),            // 36: teleport.devicetrust.v1.AuthenticateDeviceChallenge
+	(*AuthenticateDeviceChallengeResponse)(nil),    // 37: teleport.devicetrust.v1.AuthenticateDeviceChallengeResponse
+	(*SyncInventoryRequest)(nil),                   // 38: teleport.devicetrust.v1.SyncInventoryRequest
+	(*SyncInventoryResponse)(nil),                  // 39: teleport.devicetrust.v1.SyncInventoryResponse
+	(*SyncInventoryStart)(nil),                     // 40: teleport.devicetrust.v1.SyncInventoryStart
+	(*SyncInventoryEnd)(nil),                       // 41: teleport.devicetrust.v1.SyncInventoryEnd
+	(*SyncInventoryDevices)(nil),                   // 42: teleport.devicetrust.v1.SyncInventoryDevices
+	(*SyncInventoryAck)(nil),                       // 43: teleport.devicetrust.v1.SyncInventoryAck
+	(*SyncInventoryResult)(nil),                    // 44: teleport.devicetrust.v1.SyncInventoryResult
+	(*Device)(nil),                                 // 45: teleport.devicetrust.v1.Device
+	(*fieldmaskpb.FieldMask)(nil),                  // 46: google.protobuf.FieldMask
+	(*status.Status)(nil),                          // 47: google.rpc.Status
+	(*DeviceCollectedData)(nil),                    // 48: teleport.devicetrust.v1.DeviceCollectedData
+	(*UserCertificates)(nil),                       // 49: teleport.devicetrust.v1.UserCertificates
+	(*DeviceSource)(nil),                           // 50: teleport.devicetrust.v1.DeviceSource
+	(*emptypb.Empty)(nil),                          // 51: google.protobuf.Empty
+	(*DeviceEnrollToken)(nil),                      // 52: teleport.devicetrust.v1.DeviceEnrollToken
 }
 var file_teleport_devicetrust_v1_devicetrust_service_proto_depIdxs = []int32{
-	40, // 0: teleport.devicetrust.v1.CreateDeviceRequest.device:type_name -> teleport.devicetrust.v1.Device
-	40, // 1: teleport.devicetrust.v1.UpdateDeviceRequest.device:type_name -> teleport.devicetrust.v1.Device
-	41, // 2: teleport.devicetrust.v1.UpdateDeviceRequest.update_mask:type_name -> google.protobuf.FieldMask
-	40, // 3: teleport.devicetrust.v1.UpsertDeviceRequest.device:type_name -> teleport.devicetrust.v1.Device
-	40, // 4: teleport.devicetrust.v1.FindDevicesResponse.devices:type_name -> teleport.devicetrust.v1.Device
+	45, // 0: teleport.devicetrust.v1.CreateDeviceRequest.device:type_name -> teleport.devicetrust.v1.Device
+	45, // 1: teleport.devicetrust.v1.UpdateDeviceRequest.device:type_name -> teleport.devicetrust.v1.Device
+	46, // 2: teleport.devicetrust.v1.UpdateDeviceRequest.update_mask:type_name -> google.protobuf.FieldMask
+	45, // 3: teleport.devicetrust.v1.UpsertDeviceRequest.device:type_name -> teleport.devicetrust.v1.Device
+	45, // 4: teleport.devicetrust.v1.FindDevicesResponse.devices:type_name -> teleport.devicetrust.v1.Device
 	0,  // 5: teleport.devicetrust.v1.ListDevicesRequest.view:type_name -> teleport.devicetrust.v1.DeviceView
-	40, // 6: teleport.devicetrust.v1.ListDevicesResponse.devices:type_name -> teleport.devicetrust.v1.Device
-	40, // 7: teleport.devicetrust.v1.BulkCreateDevicesRequest.devices:type_name -> teleport.devicetrust.v1.Device
+	45, // 6: teleport.devicetrust.v1.ListDevicesResponse.devices:type_name -> teleport.devicetrust.v1.Device
+	45, // 7: teleport.devicetrust.v1.BulkCreateDevicesRequest.devices:type_name -> teleport.devicetrust.v1.Device
 	14, // 8: teleport.devicetrust.v1.BulkCreateDevicesResponse.devices:type_name -> teleport.devicetrust.v1.DeviceOrStatus
-	42, // 9: teleport.devicetrust.v1.DeviceOrStatus.status:type_name -> google.rpc.Status
-	43, // 10: teleport.devicetrust.v1.CreateDeviceEnrollTokenRequest.device_data:type_name -> teleport.devicetrust.v1.DeviceCollectedData
+	47, // 9: teleport.devicetrust.v1.DeviceOrStatus.status:type_name -> google.rpc.Status
+	48, // 10: teleport.devicetrust.v1.CreateDeviceEnrollTokenRequest.device_data:type_name -> teleport.devicetrust.v1.DeviceCollectedData
 	18, // 11: teleport.devicetrust.v1.EnrollDeviceRequest.init:type_name -> teleport.devicetrust.v1.EnrollDeviceInit
 	22, // 12: teleport.devicetrust.v1.EnrollDeviceRequest.macos_challenge_response:type_name -> teleport.devicetrust.v1.MacOSEnrollChallengeResponse
 	27, // 13: teleport.devicetrust.v1.EnrollDeviceRequest.tpm_challenge_response:type_name -> teleport.devicetrust.v1.TPMEnrollChallengeResponse
 	19, // 14: teleport.devicetrust.v1.EnrollDeviceResponse.success:type_name -> teleport.devicetrust.v1.EnrollDeviceSuccess
 	21, // 15: teleport.devicetrust.v1.EnrollDeviceResponse.macos_challenge:type_name -> teleport.devicetrust.v1.MacOSEnrollChallenge
-	26, // 16: teleport.devicetrust.v1.EnrollDeviceResponse.tpm_challenge:type_name -> teleport.devicetrust.v1.TPMEnrollChallenge
-	43, // 17: teleport.devicetrust.v1.EnrollDeviceInit.device_data:type_name -> teleport.devicetrust.v1.DeviceCollectedData
+	25, // 16: teleport.devicetrust.v1.EnrollDeviceResponse.tpm_challenge:type_name -> teleport.devicetrust.v1.TPMEnrollChallenge
+	48, // 17: teleport.devicetrust.v1.EnrollDeviceInit.device_data:type_name -> teleport.devicetrust.v1.DeviceCollectedData
 	20, // 18: teleport.devicetrust.v1.EnrollDeviceInit.macos:type_name -> teleport.devicetrust.v1.MacOSEnrollPayload
 	23, // 19: teleport.devicetrust.v1.EnrollDeviceInit.tpm:type_name -> teleport.devicetrust.v1.TPMEnrollPayload
-	40, // 20: teleport.devicetrust.v1.EnrollDeviceSuccess.device:type_name -> teleport.devicetrust.v1.Device
+	45, // 20: teleport.devicetrust.v1.EnrollDeviceSuccess.device:type_name -> teleport.devicetrust.v1.Device
 	24, // 21: teleport.devicetrust.v1.TPMEnrollPayload.attestation_parameters:type_name -> teleport.devicetrust.v1.TPMAttestationParameters
-	25, // 22: teleport.devicetrust.v1.TPMEnrollPayload.application_certification_parameters:type_name -> teleport.devicetrust.v1.TPMCertificationParameters
-	30, // 23: teleport.devicetrust.v1.AuthenticateDeviceRequest.init:type_name -> teleport.devicetrust.v1.AuthenticateDeviceInit
-	32, // 24: teleport.devicetrust.v1.AuthenticateDeviceRequest.challenge_response:type_name -> teleport.devicetrust.v1.AuthenticateDeviceChallengeResponse
-	31, // 25: teleport.devicetrust.v1.AuthenticateDeviceResponse.challenge:type_name -> teleport.devicetrust.v1.AuthenticateDeviceChallenge
-	44, // 26: teleport.devicetrust.v1.AuthenticateDeviceResponse.user_certificates:type_name -> teleport.devicetrust.v1.UserCertificates
-	44, // 27: teleport.devicetrust.v1.AuthenticateDeviceInit.user_certificates:type_name -> teleport.devicetrust.v1.UserCertificates
-	43, // 28: teleport.devicetrust.v1.AuthenticateDeviceInit.device_data:type_name -> teleport.devicetrust.v1.DeviceCollectedData
-	35, // 29: teleport.devicetrust.v1.SyncInventoryRequest.start:type_name -> teleport.devicetrust.v1.SyncInventoryStart
-	36, // 30: teleport.devicetrust.v1.SyncInventoryRequest.end:type_name -> teleport.devicetrust.v1.SyncInventoryEnd
-	37, // 31: teleport.devicetrust.v1.SyncInventoryRequest.devices_to_upsert:type_name -> teleport.devicetrust.v1.SyncInventoryDevices
-	37, // 32: teleport.devicetrust.v1.SyncInventoryRequest.devices_to_remove:type_name -> teleport.devicetrust.v1.SyncInventoryDevices
-	38, // 33: teleport.devicetrust.v1.SyncInventoryResponse.ack:type_name -> teleport.devicetrust.v1.SyncInventoryAck
-	39, // 34: teleport.devicetrust.v1.SyncInventoryResponse.result:type_name -> teleport.devicetrust.v1.SyncInventoryResult
-	45, // 35: teleport.devicetrust.v1.SyncInventoryStart.source:type_name -> teleport.devicetrust.v1.DeviceSource
-	1,  // 36: teleport.devicetrust.v1.SyncInventoryStart.mode:type_name -> teleport.devicetrust.v1.SyncInventoryMode
-	2,  // 37: teleport.devicetrust.v1.SyncInventoryStart.on_missing_action:type_name -> teleport.devicetrust.v1.SyncInventoryDeviceAction
-	40, // 38: teleport.devicetrust.v1.SyncInventoryDevices.devices:type_name -> teleport.devicetrust.v1.Device
-	14, // 39: teleport.devicetrust.v1.SyncInventoryResult.devices:type_name -> teleport.devicetrust.v1.DeviceOrStatus
-	3,  // 40: teleport.devicetrust.v1.DeviceTrustService.CreateDevice:input_type -> teleport.devicetrust.v1.CreateDeviceRequest
-	4,  // 41: teleport.devicetrust.v1.DeviceTrustService.UpdateDevice:input_type -> teleport.devicetrust.v1.UpdateDeviceRequest
-	5,  // 42: teleport.devicetrust.v1.DeviceTrustService.UpsertDevice:input_type -> teleport.devicetrust.v1.UpsertDeviceRequest
-	6,  // 43: teleport.devicetrust.v1.DeviceTrustService.DeleteDevice:input_type -> teleport.devicetrust.v1.DeleteDeviceRequest
-	7,  // 44: teleport.devicetrust.v1.DeviceTrustService.FindDevices:input_type -> teleport.devicetrust.v1.FindDevicesRequest
-	9,  // 45: teleport.devicetrust.v1.DeviceTrustService.GetDevice:input_type -> teleport.devicetrust.v1.GetDeviceRequest
-	10, // 46: teleport.devicetrust.v1.DeviceTrustService.ListDevices:input_type -> teleport.devicetrust.v1.ListDevicesRequest
-	12, // 47: teleport.devicetrust.v1.DeviceTrustService.BulkCreateDevices:input_type -> teleport.devicetrust.v1.BulkCreateDevicesRequest
-	15, // 48: teleport.devicetrust.v1.DeviceTrustService.CreateDeviceEnrollToken:input_type -> teleport.devicetrust.v1.CreateDeviceEnrollTokenRequest
-	16, // 49: teleport.devicetrust.v1.DeviceTrustService.EnrollDevice:input_type -> teleport.devicetrust.v1.EnrollDeviceRequest
-	28, // 50: teleport.devicetrust.v1.DeviceTrustService.AuthenticateDevice:input_type -> teleport.devicetrust.v1.AuthenticateDeviceRequest
-	33, // 51: teleport.devicetrust.v1.DeviceTrustService.SyncInventory:input_type -> teleport.devicetrust.v1.SyncInventoryRequest
-	40, // 52: teleport.devicetrust.v1.DeviceTrustService.CreateDevice:output_type -> teleport.devicetrust.v1.Device
-	40, // 53: teleport.devicetrust.v1.DeviceTrustService.UpdateDevice:output_type -> teleport.devicetrust.v1.Device
-	40, // 54: teleport.devicetrust.v1.DeviceTrustService.UpsertDevice:output_type -> teleport.devicetrust.v1.Device
-	46, // 55: teleport.devicetrust.v1.DeviceTrustService.DeleteDevice:output_type -> google.protobuf.Empty
-	8,  // 56: teleport.devicetrust.v1.DeviceTrustService.FindDevices:output_type -> teleport.devicetrust.v1.FindDevicesResponse
-	40, // 57: teleport.devicetrust.v1.DeviceTrustService.GetDevice:output_type -> teleport.devicetrust.v1.Device
-	11, // 58: teleport.devicetrust.v1.DeviceTrustService.ListDevices:output_type -> teleport.devicetrust.v1.ListDevicesResponse
-	13, // 59: teleport.devicetrust.v1.DeviceTrustService.BulkCreateDevices:output_type -> teleport.devicetrust.v1.BulkCreateDevicesResponse
-	47, // 60: teleport.devicetrust.v1.DeviceTrustService.CreateDeviceEnrollToken:output_type -> teleport.devicetrust.v1.DeviceEnrollToken
-	17, // 61: teleport.devicetrust.v1.DeviceTrustService.EnrollDevice:output_type -> teleport.devicetrust.v1.EnrollDeviceResponse
-	29, // 62: teleport.devicetrust.v1.DeviceTrustService.AuthenticateDevice:output_type -> teleport.devicetrust.v1.AuthenticateDeviceResponse
-	34, // 63: teleport.devicetrust.v1.DeviceTrustService.SyncInventory:output_type -> teleport.devicetrust.v1.SyncInventoryResponse
-	52, // [52:64] is the sub-list for method output_type
-	40, // [40:52] is the sub-list for method input_type
-	40, // [40:40] is the sub-list for extension type_name
-	40, // [40:40] is the sub-list for extension extendee
-	0,  // [0:40] is the sub-list for field type_name
+	26, // 22: teleport.devicetrust.v1.TPMEnrollChallenge.encrypted_credential:type_name -> teleport.devicetrust.v1.TPMEncryptedCredential
+	30, // 23: teleport.devicetrust.v1.TPMEnrollChallengeResponse.platform_parameters:type_name -> teleport.devicetrust.v1.TPMPlatformParameters
+	29, // 24: teleport.devicetrust.v1.TPMPlatformParameters.quotes:type_name -> teleport.devicetrust.v1.TPMQuote
+	28, // 25: teleport.devicetrust.v1.TPMPlatformParameters.pcrs:type_name -> teleport.devicetrust.v1.TPMPCR
+	33, // 26: teleport.devicetrust.v1.AuthenticateDeviceRequest.init:type_name -> teleport.devicetrust.v1.AuthenticateDeviceInit
+	37, // 27: teleport.devicetrust.v1.AuthenticateDeviceRequest.challenge_response:type_name -> teleport.devicetrust.v1.AuthenticateDeviceChallengeResponse
+	35, // 28: teleport.devicetrust.v1.AuthenticateDeviceRequest.tpm_challenge_response:type_name -> teleport.devicetrust.v1.TPMAuthenticateDeviceChallengeResponse
+	36, // 29: teleport.devicetrust.v1.AuthenticateDeviceResponse.challenge:type_name -> teleport.devicetrust.v1.AuthenticateDeviceChallenge
+	49, // 30: teleport.devicetrust.v1.AuthenticateDeviceResponse.user_certificates:type_name -> teleport.devicetrust.v1.UserCertificates
+	34, // 31: teleport.devicetrust.v1.AuthenticateDeviceResponse.tpm_challenge:type_name -> teleport.devicetrust.v1.TPMAuthenticateDeviceChallenge
+	49, // 32: teleport.devicetrust.v1.AuthenticateDeviceInit.user_certificates:type_name -> teleport.devicetrust.v1.UserCertificates
+	48, // 33: teleport.devicetrust.v1.AuthenticateDeviceInit.device_data:type_name -> teleport.devicetrust.v1.DeviceCollectedData
+	30, // 34: teleport.devicetrust.v1.TPMAuthenticateDeviceChallengeResponse.platform_parameters:type_name -> teleport.devicetrust.v1.TPMPlatformParameters
+	40, // 35: teleport.devicetrust.v1.SyncInventoryRequest.start:type_name -> teleport.devicetrust.v1.SyncInventoryStart
+	41, // 36: teleport.devicetrust.v1.SyncInventoryRequest.end:type_name -> teleport.devicetrust.v1.SyncInventoryEnd
+	42, // 37: teleport.devicetrust.v1.SyncInventoryRequest.devices_to_upsert:type_name -> teleport.devicetrust.v1.SyncInventoryDevices
+	42, // 38: teleport.devicetrust.v1.SyncInventoryRequest.devices_to_remove:type_name -> teleport.devicetrust.v1.SyncInventoryDevices
+	43, // 39: teleport.devicetrust.v1.SyncInventoryResponse.ack:type_name -> teleport.devicetrust.v1.SyncInventoryAck
+	44, // 40: teleport.devicetrust.v1.SyncInventoryResponse.result:type_name -> teleport.devicetrust.v1.SyncInventoryResult
+	50, // 41: teleport.devicetrust.v1.SyncInventoryStart.source:type_name -> teleport.devicetrust.v1.DeviceSource
+	1,  // 42: teleport.devicetrust.v1.SyncInventoryStart.mode:type_name -> teleport.devicetrust.v1.SyncInventoryMode
+	2,  // 43: teleport.devicetrust.v1.SyncInventoryStart.on_missing_action:type_name -> teleport.devicetrust.v1.SyncInventoryDeviceAction
+	45, // 44: teleport.devicetrust.v1.SyncInventoryDevices.devices:type_name -> teleport.devicetrust.v1.Device
+	14, // 45: teleport.devicetrust.v1.SyncInventoryResult.devices:type_name -> teleport.devicetrust.v1.DeviceOrStatus
+	3,  // 46: teleport.devicetrust.v1.DeviceTrustService.CreateDevice:input_type -> teleport.devicetrust.v1.CreateDeviceRequest
+	4,  // 47: teleport.devicetrust.v1.DeviceTrustService.UpdateDevice:input_type -> teleport.devicetrust.v1.UpdateDeviceRequest
+	5,  // 48: teleport.devicetrust.v1.DeviceTrustService.UpsertDevice:input_type -> teleport.devicetrust.v1.UpsertDeviceRequest
+	6,  // 49: teleport.devicetrust.v1.DeviceTrustService.DeleteDevice:input_type -> teleport.devicetrust.v1.DeleteDeviceRequest
+	7,  // 50: teleport.devicetrust.v1.DeviceTrustService.FindDevices:input_type -> teleport.devicetrust.v1.FindDevicesRequest
+	9,  // 51: teleport.devicetrust.v1.DeviceTrustService.GetDevice:input_type -> teleport.devicetrust.v1.GetDeviceRequest
+	10, // 52: teleport.devicetrust.v1.DeviceTrustService.ListDevices:input_type -> teleport.devicetrust.v1.ListDevicesRequest
+	12, // 53: teleport.devicetrust.v1.DeviceTrustService.BulkCreateDevices:input_type -> teleport.devicetrust.v1.BulkCreateDevicesRequest
+	15, // 54: teleport.devicetrust.v1.DeviceTrustService.CreateDeviceEnrollToken:input_type -> teleport.devicetrust.v1.CreateDeviceEnrollTokenRequest
+	16, // 55: teleport.devicetrust.v1.DeviceTrustService.EnrollDevice:input_type -> teleport.devicetrust.v1.EnrollDeviceRequest
+	31, // 56: teleport.devicetrust.v1.DeviceTrustService.AuthenticateDevice:input_type -> teleport.devicetrust.v1.AuthenticateDeviceRequest
+	38, // 57: teleport.devicetrust.v1.DeviceTrustService.SyncInventory:input_type -> teleport.devicetrust.v1.SyncInventoryRequest
+	45, // 58: teleport.devicetrust.v1.DeviceTrustService.CreateDevice:output_type -> teleport.devicetrust.v1.Device
+	45, // 59: teleport.devicetrust.v1.DeviceTrustService.UpdateDevice:output_type -> teleport.devicetrust.v1.Device
+	45, // 60: teleport.devicetrust.v1.DeviceTrustService.UpsertDevice:output_type -> teleport.devicetrust.v1.Device
+	51, // 61: teleport.devicetrust.v1.DeviceTrustService.DeleteDevice:output_type -> google.protobuf.Empty
+	8,  // 62: teleport.devicetrust.v1.DeviceTrustService.FindDevices:output_type -> teleport.devicetrust.v1.FindDevicesResponse
+	45, // 63: teleport.devicetrust.v1.DeviceTrustService.GetDevice:output_type -> teleport.devicetrust.v1.Device
+	11, // 64: teleport.devicetrust.v1.DeviceTrustService.ListDevices:output_type -> teleport.devicetrust.v1.ListDevicesResponse
+	13, // 65: teleport.devicetrust.v1.DeviceTrustService.BulkCreateDevices:output_type -> teleport.devicetrust.v1.BulkCreateDevicesResponse
+	52, // 66: teleport.devicetrust.v1.DeviceTrustService.CreateDeviceEnrollToken:output_type -> teleport.devicetrust.v1.DeviceEnrollToken
+	17, // 67: teleport.devicetrust.v1.DeviceTrustService.EnrollDevice:output_type -> teleport.devicetrust.v1.EnrollDeviceResponse
+	32, // 68: teleport.devicetrust.v1.DeviceTrustService.AuthenticateDevice:output_type -> teleport.devicetrust.v1.AuthenticateDeviceResponse
+	39, // 69: teleport.devicetrust.v1.DeviceTrustService.SyncInventory:output_type -> teleport.devicetrust.v1.SyncInventoryResponse
+	58, // [58:70] is the sub-list for method output_type
+	46, // [46:58] is the sub-list for method input_type
+	46, // [46:46] is the sub-list for extension type_name
+	46, // [46:46] is the sub-list for extension extendee
+	0,  // [0:46] is the sub-list for field type_name
 }
 
 func init() { file_teleport_devicetrust_v1_devicetrust_service_proto_init() }
@@ -3530,7 +3890,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TPMCertificationParameters); i {
+			switch v := v.(*TPMEnrollChallenge); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3542,7 +3902,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TPMEnrollChallenge); i {
+			switch v := v.(*TPMEncryptedCredential); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3566,7 +3926,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthenticateDeviceRequest); i {
+			switch v := v.(*TPMPCR); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3578,7 +3938,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthenticateDeviceResponse); i {
+			switch v := v.(*TPMQuote); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3590,7 +3950,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthenticateDeviceInit); i {
+			switch v := v.(*TPMPlatformParameters); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3602,7 +3962,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthenticateDeviceChallenge); i {
+			switch v := v.(*AuthenticateDeviceRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3614,7 +3974,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthenticateDeviceChallengeResponse); i {
+			switch v := v.(*AuthenticateDeviceResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3626,7 +3986,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SyncInventoryRequest); i {
+			switch v := v.(*AuthenticateDeviceInit); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3638,7 +3998,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SyncInventoryResponse); i {
+			switch v := v.(*TPMAuthenticateDeviceChallenge); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3650,7 +4010,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SyncInventoryStart); i {
+			switch v := v.(*TPMAuthenticateDeviceChallengeResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3662,7 +4022,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SyncInventoryEnd); i {
+			switch v := v.(*AuthenticateDeviceChallenge); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3674,7 +4034,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SyncInventoryDevices); i {
+			switch v := v.(*AuthenticateDeviceChallengeResponse); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3686,7 +4046,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SyncInventoryAck); i {
+			switch v := v.(*SyncInventoryRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -3698,6 +4058,66 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			}
 		}
 		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SyncInventoryResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SyncInventoryStart); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SyncInventoryEnd); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SyncInventoryDevices); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SyncInventoryAck); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[41].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*SyncInventoryResult); i {
 			case 0:
 				return &v.state
@@ -3724,21 +4144,23 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 		(*TPMEnrollPayload_EkCert)(nil),
 		(*TPMEnrollPayload_EkKey)(nil),
 	}
-	file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[25].OneofWrappers = []interface{}{
+	file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[28].OneofWrappers = []interface{}{
 		(*AuthenticateDeviceRequest_Init)(nil),
 		(*AuthenticateDeviceRequest_ChallengeResponse)(nil),
+		(*AuthenticateDeviceRequest_TpmChallengeResponse)(nil),
 	}
-	file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[26].OneofWrappers = []interface{}{
+	file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[29].OneofWrappers = []interface{}{
 		(*AuthenticateDeviceResponse_Challenge)(nil),
 		(*AuthenticateDeviceResponse_UserCertificates)(nil),
+		(*AuthenticateDeviceResponse_TpmChallenge)(nil),
 	}
-	file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[30].OneofWrappers = []interface{}{
+	file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[35].OneofWrappers = []interface{}{
 		(*SyncInventoryRequest_Start)(nil),
 		(*SyncInventoryRequest_End)(nil),
 		(*SyncInventoryRequest_DevicesToUpsert)(nil),
 		(*SyncInventoryRequest_DevicesToRemove)(nil),
 	}
-	file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[31].OneofWrappers = []interface{}{
+	file_teleport_devicetrust_v1_devicetrust_service_proto_msgTypes[36].OneofWrappers = []interface{}{
 		(*SyncInventoryResponse_Ack)(nil),
 		(*SyncInventoryResponse_Result)(nil),
 	}
@@ -3748,7 +4170,7 @@ func file_teleport_devicetrust_v1_devicetrust_service_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_teleport_devicetrust_v1_devicetrust_service_proto_rawDesc,
 			NumEnums:      3,
-			NumMessages:   37,
+			NumMessages:   42,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
diff --git a/api/proto/teleport/devicetrust/v1/device.proto b/api/proto/teleport/devicetrust/v1/device.proto
index 2f3cd678d23cb..ebe5119c66826 100644
--- a/api/proto/teleport/devicetrust/v1/device.proto
+++ b/api/proto/teleport/devicetrust/v1/device.proto
@@ -93,19 +93,14 @@ message DeviceCredential {
   // Unique identifier of the credential, defined client-side.
   string id = 1;
   // Device public key marshaled as a PKIX, ASN.1 DER.
-  // For TPMs, this is the public application key.
+  // If the device is a TPM device, stores the public attestation key to use for
+  // verifying platform attestation.
   bytes public_key_der = 2;
   // The degree to which the device credential is attested.
   DeviceAttestationType device_attestation_type = 3;
   // If the device is a TPM device, stores the serial number from the TPM
   // endorsement certificate.
-  // The certificate is not stored for security reasons, but the serial can be
-  // used to retrieve information about a specific unit from the manufacturer
-  // at a later date.
-  string tpm_serial = 4;
-  // If the device is a TPM device, stores the public AK in PKIX, ASN.1 DER
-  // form.
-  bytes tpm_attestation_key_der = 5;
+  string tpm_ekcert_serial = 4;
 }
 
 // AttestationType indicates the degree to which the device credential has
@@ -114,14 +109,13 @@ enum DeviceAttestationType {
   // Bare public key which has only verified with proof of ownership.
   // Used on macOS.
   DEVICE_ATTESTATION_TYPE_UNSPECIFIED = 0;
-  // Credential was verified through a TPM EK->AK->App key chain on enrollment.
+  // Credential was verified through a TPM EK->AK chain on enrollment.
   DEVICE_ATTESTATION_TYPE_TPM_EKPUB = 1;
-  // Credential was verified through a TPM EKCert->AK->App key chain on
-  // enrollment, but no allow-listed CAs were configured to validate this EKCert
-  // against.
+  // Credential was verified through a TPM EKCert->AK chain on enrollment,
+  // but no allow-listed CAs were configured to validate this EKCert against.
   DEVICE_ATTESTATION_TYPE_TPM_EKCERT = 2;
-  // Credential was verified through a TPM EKCert->AK->App key chain on
-  // enrollment, and the EKCert was signed by a configured allow-listed CA.
+  // Credential was verified through a TPM EKCert->AK chain on enrollment, and
+  // the EKCert was signed by a configured allow-listed CA.
   DEVICE_ATTESTATION_TYPE_TPM_EKCERT_TRUSTED = 3;
 }
 
diff --git a/api/proto/teleport/devicetrust/v1/devicetrust_service.proto b/api/proto/teleport/devicetrust/v1/devicetrust_service.proto
index 19b35f79626ff..9c47b7a279e08 100644
--- a/api/proto/teleport/devicetrust/v1/devicetrust_service.proto
+++ b/api/proto/teleport/devicetrust/v1/devicetrust_service.proto
@@ -373,9 +373,6 @@ message TPMEnrollPayload {
   // The attestation key and the parameters necessary to remotely verify it as
   // related to the endorsement key.
   TPMAttestationParameters attestation_parameters = 3;
-  // The application key and the parameters necessary to remotely certify it as
-  // related to the attestation key.
-  TPMCertificationParameters application_certification_parameters = 4;
 }
 
 // The attestation key and the parameters necessary to remotely verify it as
@@ -397,34 +394,28 @@ message TPMAttestationParameters {
   bytes create_signature = 4;
 }
 
-// The application key and the parameters necessary to remotely certify it as
-// related to the attestation key.
-// See https://pkg.go.dev/github.com/google/go-attestation/attest#CertificationParameters
-message TPMCertificationParameters {
-  // The encoded TPMT_PUBLIC structure containing the application public key
-  // and signing parameters.
-  bytes public = 1;
-  // The properties of the application key, encoded as a TPMS_CREATION_DATA
-  // structure.
-  bytes create_data = 2;
-  // An assertion as to the details of the key, encoded as a TPMS_ATTEST
-  // structure.
-  bytes create_attestation = 3;
-  // A signature of create_attestation, encoded as a TPMT_SIGNATURE structure.
-  bytes create_signature = 4;
+// The challenge sent to the client by the server during enrollment.
+// The challenge involves two parts:
+// - Solving an encrypted credential with `ActivateCredential`.
+// - Producing a platform attestation using the provided nonce.
+message TPMEnrollChallenge {
+  // The encrypted credential for the client to prove possession of the EK and
+  // AK.
+  TPMEncryptedCredential encrypted_credential = 1;
+  // The nonce to use when producing the quotes over the PCRs with the TPM
+  // during the platform attestation.
+  bytes attestation_nonce = 2;
 }
 
-// The enrollment challenge sent to the client by the server in order to
-// validate it has possession of the EK and AK.
-//
 // These values are used by the TPM2.0 `ActivateCredential` command to produce
-// the solution which proves possession.
+// the solution which proves possession of the EK and AK.
 //
 // For a more in-depth description see:
+// - https://pkg.go.dev/github.com/google/go-attestation/attest#EncryptedCredential
 // - https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part3_Commands_code_pub.pdf (Heading 12.5.1 "TPM2_ActivateCredential" "General Description")
 // - https://github.com/google/go-attestation/blob/v0.4.3/attest/activation.go#L199
 // - https://github.com/google/go-tpm/blob/v0.3.3/tpm2/credactivation/credential_activation.go#L61
-message TPMEnrollChallenge {
+message TPMEncryptedCredential {
   // The `credential_blob` parameter to be used with the `ActivateCredential`
   // command. This is used with the decrypted value of `secret` in a
   // cryptographic process to decrypt the solution.
@@ -439,8 +430,42 @@ message TPMEnrollChallenge {
 // calling the TPM2.0 `ActivateCredential` command on the client with the
 // parameters provided in `TPMEnrollChallenge`.
 message TPMEnrollChallengeResponse {
-  // The proof of possession of both the EK and AK.
+  // The client's solution to `TPMEncryptedCredential` included in
+  // `TPMEnrollChallenge` using ActivateCredential.
   bytes solution = 1;
+  // The result of the client's platform attestation with the nonce provided
+  // in `TPMEnrollChallenge`.
+  TPMPlatformParameters platform_parameters = 2;
+}
+
+// Encapsulates the value of a PCR at a point at time.
+// See https://pkg.go.dev/github.com/google/go-attestation/attest#PCR
+message TPMPCR {
+  // the PCR index in the PCR bank
+  int32 index = 1;
+  // the digest currently held in the PCR
+  bytes digest = 2;
+  // hash algorithm associated with the PCR bank. This value is the underlying
+  // value of the crypto.Hash type.
+  uint64 hash = 3;
+}
+
+// Encapsulates the result of a quote operation against the TPM over a PCR
+// using an attestation key.
+// See https://pkg.go.dev/github.com/google/go-attestation/attest#Quote
+message TPMQuote {
+  bytes quote = 1;
+  bytes signature = 2;
+}
+
+// The quotes, PCRs and event log from a TPM that attest to the booted state
+// of the machine.
+// See https://pkg.go.dev/github.com/google/go-attestation/attest#PlatformParameters
+// Excludes TPMVersion and Public since these are already known values.
+message TPMPlatformParameters {
+  repeated TPMQuote quotes = 1;
+  repeated TPMPCR pcrs = 2;
+  bytes event_log = 3;
 }
 
 // Request for AuthenticateDevice.
@@ -454,6 +479,7 @@ message AuthenticateDeviceRequest {
   oneof payload {
     AuthenticateDeviceInit init = 1;
     AuthenticateDeviceChallengeResponse challenge_response = 2;
+    TPMAuthenticateDeviceChallengeResponse tpm_challenge_response = 3;
   }
 }
 
@@ -462,6 +488,7 @@ message AuthenticateDeviceResponse {
   oneof payload {
     AuthenticateDeviceChallenge challenge = 1;
     UserCertificates user_certificates = 2;
+    TPMAuthenticateDeviceChallenge tpm_challenge = 3;
   }
 }
 
@@ -486,6 +513,22 @@ message AuthenticateDeviceInit {
   DeviceCollectedData device_data = 3;
 }
 
+// TPMAuthenticateDeviceChallenge carries the authentication challenge
+// specific to TPMs.
+message TPMAuthenticateDeviceChallenge {
+  // Randomly-generated nonce to be used during platform attestation by the
+  // TPM.
+  bytes attestation_nonce = 1;
+}
+
+// TPMAuthenticateDeviceChallengeResponse carries the authentication challenge
+// response specific to TPMs.
+message TPMAuthenticateDeviceChallengeResponse {
+  // The result of the client's platform attestation with the nonce provided
+  // in `TPMAuthenticateDeviceChallenge`.
+  TPMPlatformParameters platform_parameters = 1;
+}
+
 // AuthenticateDeviceChallenge carries the authentication challenge.
 message AuthenticateDeviceChallenge {
   // Randomly-generated, opaque challenge to be signed using the device key.
diff --git a/api/proto/teleport/legacy/types/device.proto b/api/proto/teleport/legacy/types/device.proto
index 0cd74252f6779..2b4a8adb19c6f 100644
--- a/api/proto/teleport/legacy/types/device.proto
+++ b/api/proto/teleport/legacy/types/device.proto
@@ -67,8 +67,7 @@ message DeviceCredential {
   string id = 1 [(gogoproto.jsontag) = "id"];
   bytes public_key_der = 2 [(gogoproto.jsontag) = "public_key_der"];
   string device_attestation_type = 3 [(gogoproto.jsontag) = "device_attestation_type"];
-  string tpm_serial = 4 [(gogoproto.jsontag) = "tpm_serial"];
-  bytes tpm_attestation_key_der = 5 [(gogoproto.jsontag) = "tpm_attestation_key_der"];
+  string tpm_ekcert_serial = 4 [(gogoproto.jsontag) = "tpm_ekcert_serial"];
 }
 
 // DeviceCollectedData is the resource representation of
diff --git a/api/types/device.go b/api/types/device.go
index e1f1ad4db4b9f..27dab6d9a2bec 100644
--- a/api/types/device.go
+++ b/api/types/device.go
@@ -125,8 +125,7 @@ func DeviceFromResource(res *DeviceV1) (*devicepb.Device, error) {
 			Id:                    res.Spec.Credential.Id,
 			PublicKeyDer:          res.Spec.Credential.PublicKeyDer,
 			DeviceAttestationType: attestationType,
-			TpmSerial:             res.Spec.Credential.TpmSerial,
-			TpmAttestationKeyDer:  res.Spec.Credential.TpmAttestationKeyDer,
+			TpmEkcertSerial:       res.Spec.Credential.TpmEkcertSerial,
 		}
 	}
 
@@ -181,8 +180,7 @@ func DeviceToResource(dev *devicepb.Device) *DeviceV1 {
 			DeviceAttestationType: ResourceDeviceAttestationTypeToString(
 				dev.Credential.DeviceAttestationType,
 			),
-			TpmSerial:            dev.Credential.TpmSerial,
-			TpmAttestationKeyDer: dev.Credential.TpmAttestationKeyDer,
+			TpmEkcertSerial: dev.Credential.TpmEkcertSerial,
 		}
 	}
 
diff --git a/api/types/device.pb.go b/api/types/device.pb.go
index 19061e7390858..1f0500142ae9e 100644
--- a/api/types/device.pb.go
+++ b/api/types/device.pb.go
@@ -131,8 +131,7 @@ type DeviceCredential struct {
 	Id                    string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id"`
 	PublicKeyDer          []byte   `protobuf:"bytes,2,opt,name=public_key_der,json=publicKeyDer,proto3" json:"public_key_der"`
 	DeviceAttestationType string   `protobuf:"bytes,3,opt,name=device_attestation_type,json=deviceAttestationType,proto3" json:"device_attestation_type"`
-	TpmSerial             string   `protobuf:"bytes,4,opt,name=tpm_serial,json=tpmSerial,proto3" json:"tpm_serial"`
-	TpmAttestationKeyDer  []byte   `protobuf:"bytes,5,opt,name=tpm_attestation_key_der,json=tpmAttestationKeyDer,proto3" json:"tpm_attestation_key_der"`
+	TpmEkcertSerial       string   `protobuf:"bytes,4,opt,name=tpm_ekcert_serial,json=tpmEkcertSerial,proto3" json:"tpm_ekcert_serial"`
 	XXX_NoUnkeyedLiteral  struct{} `json:"-"`
 	XXX_unrecognized      []byte   `json:"-"`
 	XXX_sizecache         int32    `json:"-"`
@@ -228,51 +227,50 @@ func init() {
 }
 
 var fileDescriptor_aceaef1b58496e7d = []byte{
-	// 692 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xcd, 0x6e, 0xd3, 0x4a,
-	0x14, 0xae, 0x93, 0x36, 0x6d, 0x26, 0x49, 0x75, 0xeb, 0xa6, 0xb7, 0x56, 0xef, 0x55, 0xa6, 0x37,
-	0xba, 0x0b, 0xc4, 0x4f, 0x2c, 0x40, 0x42, 0x48, 0x08, 0x09, 0x4c, 0x17, 0x48, 0x48, 0x08, 0x26,
-	0x15, 0x0b, 0x36, 0xd6, 0xc4, 0x3e, 0x18, 0x0b, 0x3b, 0x33, 0xb2, 0x27, 0x15, 0x79, 0x0b, 0x1e,
-	0x82, 0xc7, 0xe0, 0x01, 0xba, 0xec, 0x13, 0x0c, 0xd0, 0xa5, 0x17, 0x3c, 0x03, 0xf2, 0x19, 0xa7,
-	0x71, 0xaa, 0x56, 0x74, 0x63, 0xcd, 0x7c, 0xe7, 0x3b, 0xdf, 0x9c, 0xf3, 0xcd, 0x19, 0x93, 0xa1,
-	0x82, 0x04, 0xa4, 0xc8, 0x94, 0x9b, 0x40, 0xc4, 0x83, 0xb9, 0xab, 0xe6, 0x12, 0x72, 0x37, 0x84,
-	0x93, 0x38, 0x80, 0x91, 0xcc, 0x84, 0x12, 0xf6, 0x06, 0x62, 0x07, 0xfd, 0x48, 0x44, 0x02, 0x11,
-	0xb7, 0x5c, 0x99, 0xe0, 0x01, 0x8d, 0x84, 0x88, 0x12, 0x70, 0x71, 0x37, 0x99, 0x7d, 0x70, 0x55,
-	0x9c, 0x42, 0xae, 0x78, 0x2a, 0x2b, 0xc2, 0x7f, 0x57, 0x9f, 0x80, 0x5f, 0x43, 0x19, 0x7e, 0x26,
-	0x5b, 0x47, 0x78, 0xe0, 0xbb, 0xfb, 0xf6, 0x13, 0xd2, 0x7a, 0x09, 0x3c, 0x84, 0xcc, 0xb1, 0x0e,
-	0xad, 0x5b, 0x9d, 0x07, 0x7b, 0x23, 0xc3, 0x64, 0x90, 0x8b, 0x59, 0x16, 0x80, 0x09, 0x7a, 0xdd,
-	0x53, 0x4d, 0xd7, 0xce, 0x34, 0xb5, 0x0a, 0x4d, 0xd7, 0x58, 0x95, 0x62, 0xbb, 0x64, 0x3d, 0x97,
-	0x10, 0x38, 0x1b, 0x98, 0xba, 0x53, 0xa5, 0x1a, 0xed, 0xb1, 0x84, 0xc0, 0xdb, 0x2a, 0x34, 0x45,
-	0x0a, 0xc3, 0xef, 0xf0, 0x57, 0x93, 0x90, 0x65, 0xd8, 0xfe, 0x9f, 0x6c, 0x8a, 0xdc, 0x2f, 0xb3,
-	0xf0, 0xf4, 0xb6, 0xd7, 0x29, 0x34, 0x5d, 0x40, 0xac, 0x25, 0xf2, 0xe3, 0xb9, 0x04, 0xfb, 0x36,
-	0x69, 0xf3, 0x3c, 0x07, 0xe5, 0x2b, 0x1e, 0x39, 0x0d, 0xe4, 0xf5, 0x0a, 0x4d, 0x97, 0x20, 0xdb,
-	0xc2, 0xe5, 0x31, 0x8f, 0xec, 0x37, 0xa4, 0x13, 0x64, 0xc0, 0x15, 0xf8, 0xa5, 0x2f, 0x4e, 0x13,
-	0x0b, 0x3b, 0x18, 0x19, 0xd3, 0x46, 0x0b, 0xd3, 0x46, 0xc7, 0x0b, 0xd3, 0xbc, 0xdd, 0x42, 0xd3,
-	0x7a, 0xca, 0x97, 0xef, 0xd4, 0x62, 0xc4, 0x00, 0x25, 0xab, 0x54, 0x9c, 0xc9, 0xf0, 0x42, 0x71,
-	0xfd, 0x66, 0x8a, 0xb5, 0x14, 0xa3, 0x68, 0x00, 0x54, 0x7c, 0x44, 0x7a, 0x30, 0xcd, 0x44, 0x92,
-	0xf8, 0xb9, 0xe2, 0x6a, 0x96, 0xa3, 0x7d, 0x6d, 0x6f, 0xa7, 0xd0, 0x74, 0x35, 0xc0, 0xba, 0x66,
-	0x3b, 0xc6, 0x9d, 0xfd, 0x96, 0x94, 0x75, 0x85, 0x30, 0x55, 0x31, 0x4f, 0x9c, 0x16, 0x16, 0xb2,
-	0xbf, 0xe2, 0xf9, 0x8b, 0x8b, 0xb0, 0xe7, 0x14, 0x9a, 0xf6, 0x97, 0xf4, 0xbb, 0x22, 0x8d, 0x15,
-	0xa4, 0x52, 0xcd, 0x59, 0x4d, 0xc4, 0xf6, 0xc9, 0x76, 0x20, 0x92, 0x04, 0x02, 0x05, 0xa1, 0x1f,
-	0x72, 0xc5, 0x9d, 0xcd, 0xc3, 0x26, 0xf6, 0xb7, 0x22, 0xbb, 0xa0, 0x1c, 0x71, 0xc5, 0xbd, 0x7f,
-	0x0b, 0x4d, 0x9d, 0xd5, 0xac, 0x9a, 0x7a, 0x2f, 0xa8, 0x93, 0x87, 0xdf, 0x1a, 0xe4, 0xaf, 0xcb,
-	0xb5, 0xd9, 0x7f, 0x93, 0x46, 0x1c, 0x56, 0x37, 0xde, 0x2a, 0x34, 0x6d, 0xc4, 0x21, 0x6b, 0xc4,
-	0xa1, 0xfd, 0x98, 0x6c, 0xcb, 0xd9, 0x24, 0x89, 0x03, 0xff, 0x13, 0xcc, 0xfd, 0x72, 0x26, 0xcb,
-	0xdb, 0xee, 0x7a, 0x76, 0xa1, 0xe9, 0xa5, 0x08, 0xeb, 0x9a, 0xfd, 0x2b, 0x98, 0x1f, 0x41, 0x66,
-	0x8f, 0xc9, 0xbe, 0x79, 0x42, 0x3e, 0x57, 0xaa, 0xbc, 0x07, 0x15, 0x8b, 0xa9, 0x19, 0xac, 0x26,
-	0x1e, 0xf3, 0x4f, 0xa1, 0xe9, 0x75, 0x14, 0xb6, 0x67, 0x02, 0xcf, 0x97, 0x38, 0xce, 0xdd, 0x3d,
-	0x42, 0x94, 0x4c, 0xfd, 0x1c, 0xb2, 0xd2, 0xef, 0x75, 0xd4, 0xd9, 0x2e, 0x34, 0xad, 0xa1, 0xac,
-	0xad, 0x64, 0x3a, 0xc6, 0xa5, 0xcd, 0xc8, 0x7e, 0x19, 0xa8, 0xab, 0x2f, 0xda, 0xd8, 0xc0, 0x36,
-	0xb0, 0x86, 0x6b, 0x28, 0xac, 0xaf, 0x64, 0x5a, 0x2b, 0xc0, 0xf4, 0x35, 0xfc, 0xda, 0x20, 0xbb,
-	0x57, 0xdc, 0x81, 0x3d, 0x26, 0xdd, 0xca, 0x67, 0x33, 0x95, 0xd6, 0x1f, 0xa7, 0xb2, 0x5f, 0x68,
-	0xba, 0x92, 0x83, 0x63, 0xd9, 0xa9, 0x90, 0xc5, 0xa4, 0x67, 0x10, 0x88, 0x2c, 0x34, 0x9a, 0x8d,
-	0x9b, 0x4d, 0x7a, 0x2d, 0xc5, 0x4c, 0xba, 0x01, 0x50, 0xb1, 0xf6, 0xbe, 0x9b, 0xd7, 0xbf, 0xef,
-	0x67, 0xa4, 0x67, 0xdc, 0xf4, 0xa7, 0xb3, 0x74, 0x02, 0x59, 0x65, 0x35, 0xda, 0xb5, 0x12, 0xa8,
-	0x8d, 0x59, 0xd7, 0x04, 0x5e, 0x23, 0xee, 0x3d, 0x3d, 0xfd, 0x39, 0x58, 0x3b, 0x3d, 0x1f, 0x58,
-	0x67, 0xe7, 0x03, 0xeb, 0xc7, 0xf9, 0xc0, 0x7a, 0x7f, 0x27, 0x8a, 0xd5, 0xc7, 0xd9, 0x64, 0x14,
-	0x88, 0xd4, 0x8d, 0x32, 0x7e, 0x12, 0x1b, 0x5b, 0x79, 0xe2, 0x5e, 0xfc, 0x1e, 0xb9, 0x8c, 0xcd,
-	0x5f, 0x71, 0xd2, 0xc2, 0xde, 0x1e, 0xfe, 0x0e, 0x00, 0x00, 0xff, 0xff, 0x70, 0xb5, 0x84, 0xbb,
-	0x9d, 0x05, 0x00, 0x00,
+	// 674 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0xd1, 0x6e, 0xd3, 0x3c,
+	0x18, 0x5d, 0xda, 0xad, 0xdb, 0xdc, 0x76, 0xff, 0xbf, 0x6c, 0x63, 0xd1, 0x40, 0xf5, 0xa8, 0xb8,
+	0x40, 0x80, 0x1a, 0x01, 0x12, 0x42, 0x42, 0x48, 0x2c, 0x0c, 0x09, 0x09, 0x09, 0x41, 0x3a, 0x71,
+	0xc1, 0x4d, 0xe4, 0x26, 0x1f, 0x21, 0x5a, 0x52, 0x47, 0x89, 0x33, 0xd1, 0xb7, 0xe0, 0x21, 0x78,
+	0x98, 0x5d, 0xee, 0x09, 0x0c, 0xec, 0xd2, 0x17, 0x3c, 0x01, 0x17, 0x28, 0x9f, 0xd3, 0x36, 0x1d,
+	0x9b, 0xd8, 0x4d, 0x14, 0x9f, 0xef, 0x7c, 0xc7, 0xf6, 0xf1, 0xb1, 0x49, 0x5f, 0x40, 0x0c, 0x29,
+	0xcf, 0x84, 0x1d, 0x43, 0xc8, 0xfc, 0x89, 0x2d, 0x26, 0x29, 0xe4, 0x76, 0x00, 0x27, 0x91, 0x0f,
+	0x83, 0x34, 0xe3, 0x82, 0x9b, 0x2b, 0x88, 0xed, 0x6d, 0x87, 0x3c, 0xe4, 0x88, 0xd8, 0xe5, 0x9f,
+	0x2e, 0xee, 0xd1, 0x90, 0xf3, 0x30, 0x06, 0x1b, 0x47, 0xa3, 0xe2, 0x93, 0x2d, 0xa2, 0x04, 0x72,
+	0xc1, 0x92, 0xb4, 0x22, 0xdc, 0xbe, 0x7c, 0x06, 0xfc, 0x6a, 0x4a, 0xff, 0x0b, 0x59, 0x3b, 0xc4,
+	0x09, 0x3f, 0x3c, 0x34, 0x9f, 0x91, 0xd6, 0x6b, 0x60, 0x01, 0x64, 0x96, 0xb1, 0x6f, 0xdc, 0x6d,
+	0x3f, 0xda, 0x19, 0x68, 0xa6, 0x0b, 0x39, 0x2f, 0x32, 0x1f, 0x74, 0xd1, 0xe9, 0x9c, 0x4a, 0xba,
+	0x74, 0x26, 0xa9, 0xa1, 0x24, 0x5d, 0x72, 0xab, 0x16, 0xd3, 0x26, 0xcb, 0x79, 0x0a, 0xbe, 0xb5,
+	0x82, 0xad, 0x9b, 0x55, 0xab, 0xd6, 0x1e, 0xa6, 0xe0, 0x3b, 0x6b, 0x4a, 0x52, 0xa4, 0xb8, 0xf8,
+	0xed, 0xff, 0x6a, 0x12, 0x32, 0x2f, 0x9b, 0x77, 0xc8, 0x2a, 0xcf, 0xbd, 0xb2, 0x0b, 0x67, 0x5f,
+	0x77, 0xda, 0x4a, 0xd2, 0x29, 0xe4, 0xb6, 0x78, 0x7e, 0x34, 0x49, 0xc1, 0xbc, 0x47, 0xd6, 0x59,
+	0x9e, 0x83, 0xf0, 0x04, 0x0b, 0xad, 0x06, 0xf2, 0xba, 0x4a, 0xd2, 0x39, 0xe8, 0xae, 0xe1, 0xef,
+	0x11, 0x0b, 0xcd, 0x77, 0xa4, 0xed, 0x67, 0xc0, 0x04, 0x78, 0xa5, 0x2f, 0x56, 0x13, 0x17, 0xb6,
+	0x37, 0xd0, 0xa6, 0x0d, 0xa6, 0xa6, 0x0d, 0x8e, 0xa6, 0xa6, 0x39, 0x5b, 0x4a, 0xd2, 0x7a, 0xcb,
+	0xd7, 0xef, 0xd4, 0x70, 0x89, 0x06, 0x4a, 0x56, 0xa9, 0x58, 0xa4, 0xc1, 0x4c, 0x71, 0xf9, 0x7a,
+	0x8a, 0xb5, 0x16, 0xad, 0xa8, 0x01, 0x54, 0x7c, 0x42, 0xba, 0x30, 0xce, 0x78, 0x1c, 0x7b, 0xb9,
+	0x60, 0xa2, 0xc8, 0xd1, 0xbe, 0x75, 0x67, 0x53, 0x49, 0xba, 0x58, 0x70, 0x3b, 0x7a, 0x38, 0xc4,
+	0x91, 0xf9, 0x9e, 0x94, 0xeb, 0x0a, 0x60, 0x2c, 0x22, 0x16, 0x5b, 0x2d, 0x5c, 0xc8, 0xee, 0x82,
+	0xe7, 0x2f, 0x67, 0x65, 0xc7, 0x52, 0x92, 0x6e, 0xcf, 0xe9, 0x0f, 0x78, 0x12, 0x09, 0x48, 0x52,
+	0x31, 0x71, 0x6b, 0x22, 0xa6, 0x47, 0x36, 0x7c, 0x1e, 0xc7, 0xe0, 0x0b, 0x08, 0xbc, 0x80, 0x09,
+	0x66, 0xad, 0xee, 0x37, 0x71, 0x7f, 0x0b, 0xb2, 0x53, 0xca, 0x21, 0x13, 0xcc, 0xb9, 0xa5, 0x24,
+	0xb5, 0x16, 0xbb, 0x6a, 0xea, 0x5d, 0xbf, 0x4e, 0xee, 0xff, 0x36, 0xc8, 0xff, 0x17, 0xd7, 0x66,
+	0xde, 0x20, 0x8d, 0x28, 0xa8, 0x4e, 0xbc, 0xa5, 0x24, 0x6d, 0x44, 0x81, 0xdb, 0x88, 0x02, 0xf3,
+	0x29, 0xd9, 0x48, 0x8b, 0x51, 0x1c, 0xf9, 0xde, 0x31, 0x4c, 0xbc, 0x32, 0x93, 0xe5, 0x69, 0x77,
+	0x1c, 0x53, 0x49, 0x7a, 0xa1, 0xe2, 0x76, 0xf4, 0xf8, 0x0d, 0x4c, 0x0e, 0x21, 0x33, 0x87, 0x64,
+	0x57, 0x5f, 0x21, 0x8f, 0x09, 0x51, 0x9e, 0x83, 0x88, 0xf8, 0x58, 0x07, 0xab, 0x89, 0xd3, 0xdc,
+	0x54, 0x92, 0x5e, 0x45, 0x71, 0x77, 0x74, 0xe1, 0x60, 0x8e, 0x63, 0xee, 0x0e, 0xc8, 0xa6, 0x48,
+	0x13, 0x0f, 0x8e, 0x7d, 0xc8, 0x84, 0x97, 0x43, 0x56, 0xda, 0xbe, 0x8c, 0x72, 0x3b, 0x4a, 0xd2,
+	0xbf, 0x8b, 0xee, 0x7f, 0x22, 0x4d, 0x5e, 0x21, 0x32, 0x44, 0xa0, 0xff, 0xad, 0x41, 0xb6, 0x2e,
+	0xf1, 0xd0, 0x1c, 0x92, 0x4e, 0xe5, 0x93, 0x4e, 0x95, 0xf1, 0xcf, 0x54, 0x6d, 0x2b, 0x49, 0x17,
+	0x7a, 0x30, 0x56, 0xed, 0x0a, 0x99, 0x26, 0x35, 0x03, 0x9f, 0x67, 0x81, 0xd6, 0x6c, 0x5c, 0x2f,
+	0xa9, 0xb5, 0x16, 0x9d, 0x54, 0x0d, 0xa0, 0x62, 0xed, 0x7e, 0x36, 0xaf, 0xbe, 0x9f, 0x2f, 0x48,
+	0x57, 0xef, 0xdf, 0x1b, 0x17, 0xc9, 0x08, 0xb2, 0xca, 0x23, 0xb4, 0x7c, 0xa1, 0x50, 0x8b, 0x49,
+	0x47, 0x17, 0xde, 0x22, 0xee, 0x3c, 0x3f, 0xfd, 0xd9, 0x5b, 0x3a, 0x3d, 0xef, 0x19, 0x67, 0xe7,
+	0x3d, 0xe3, 0xc7, 0x79, 0xcf, 0xf8, 0x78, 0x3f, 0x8c, 0xc4, 0xe7, 0x62, 0x34, 0xf0, 0x79, 0x62,
+	0x87, 0x19, 0x3b, 0x89, 0xf4, 0xb9, 0xb0, 0xd8, 0x9e, 0x3d, 0x6f, 0x2c, 0x8d, 0xf4, 0xab, 0x36,
+	0x6a, 0xe1, 0xde, 0x1e, 0xff, 0x09, 0x00, 0x00, 0xff, 0xff, 0xc9, 0x2b, 0xc0, 0x34, 0x5d, 0x05,
+	0x00, 0x00,
 }
 
 func (m *DeviceV1) Marshal() (dAtA []byte, err error) {
@@ -442,17 +440,10 @@ func (m *DeviceCredential) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 		i -= len(m.XXX_unrecognized)
 		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.TpmAttestationKeyDer) > 0 {
-		i -= len(m.TpmAttestationKeyDer)
-		copy(dAtA[i:], m.TpmAttestationKeyDer)
-		i = encodeVarintDevice(dAtA, i, uint64(len(m.TpmAttestationKeyDer)))
-		i--
-		dAtA[i] = 0x2a
-	}
-	if len(m.TpmSerial) > 0 {
-		i -= len(m.TpmSerial)
-		copy(dAtA[i:], m.TpmSerial)
-		i = encodeVarintDevice(dAtA, i, uint64(len(m.TpmSerial)))
+	if len(m.TpmEkcertSerial) > 0 {
+		i -= len(m.TpmEkcertSerial)
+		copy(dAtA[i:], m.TpmEkcertSerial)
+		i = encodeVarintDevice(dAtA, i, uint64(len(m.TpmEkcertSerial)))
 		i--
 		dAtA[i] = 0x22
 	}
@@ -630,11 +621,7 @@ func (m *DeviceCredential) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovDevice(uint64(l))
 	}
-	l = len(m.TpmSerial)
-	if l > 0 {
-		n += 1 + l + sovDevice(uint64(l))
-	}
-	l = len(m.TpmAttestationKeyDer)
+	l = len(m.TpmEkcertSerial)
 	if l > 0 {
 		n += 1 + l + sovDevice(uint64(l))
 	}
@@ -1216,7 +1203,7 @@ func (m *DeviceCredential) Unmarshal(dAtA []byte) error {
 			iNdEx = postIndex
 		case 4:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TpmSerial", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field TpmEkcertSerial", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -1244,41 +1231,7 @@ func (m *DeviceCredential) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.TpmSerial = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 5:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TpmAttestationKeyDer", wireType)
-			}
-			var byteLen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowDevice
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				byteLen |= int(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if byteLen < 0 {
-				return ErrInvalidLengthDevice
-			}
-			postIndex := iNdEx + byteLen
-			if postIndex < 0 {
-				return ErrInvalidLengthDevice
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.TpmAttestationKeyDer = append(m.TpmAttestationKeyDer[:0], dAtA[iNdEx:postIndex]...)
-			if m.TpmAttestationKeyDer == nil {
-				m.TpmAttestationKeyDer = []byte{}
-			}
+			m.TpmEkcertSerial = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
diff --git a/api/types/device_test.go b/api/types/device_test.go
index 1a1810c9f6025..c838a13c5fb59 100644
--- a/api/types/device_test.go
+++ b/api/types/device_test.go
@@ -118,8 +118,7 @@ func TestDeviceConversions_toAndFrom(t *testing.T) {
 			Id:                    "557762f0-4cd4-4b75-aaee-575c57237c0b",
 			PublicKeyDer:          []byte("insert public key here"),
 			DeviceAttestationType: devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED,
-			TpmSerial:             "1234-5678",
-			TpmAttestationKeyDer:  []byte("insert public key here"),
+			TpmEkcertSerial:       "00:00:00:00:00:00:00:00:00:00:00:DE:AD:BE:EF:CA:FE",
 		},
 		CollectedData: []*devicepb.DeviceCollectedData{
 			{