-
Notifications
You must be signed in to change notification settings - Fork 59
DevID Certificates
DevID certificates are specified by IEEE802.1AR specification. LDevIDs are Local DevID certificates. Version 3 HIRS Attestation Certificate Authority (ACA) added a "Generate LDeVID" policy that will, when enabled via the ACA Portal policy page, generate a local IDevID certificate upon successful validation as part of the provisioning process. This has several applications that may want to take advantage of the LDevID certificate:
- Zero trust implementations
- 802.1x EAP authentication
- Comply to Connect scenarios
When the LDevID policy on the ACA is selected the ACA will issue an LDevID certificate to the device signed by the ACA. The ACA will populate the Subject with the mapping
- CN=Manufacturer
- OU=Model
- SN=Serial Number
The ACA will meet the fields required by the TPM 2.0 Keys for Device Identity and Attestation specification.
Note that DevIDs are guaranteed to be unique and may contain a serial number, but may not contain expected information about a device (e.g. Manufacturer Model). Unlike Platform Certificates IDevID certificates do not contain any attributes or component listing of the device.