RFC 9684 · PROPOSED STANDARD · 2024 SUN · 14 JUN 2026

A YANG Data Model for Challenge-Response-Based Remote Attestation Procedures Using Trusted Platform Modules

By H. Birkholz, M. Eckel, S. Bhandari, E. Voit, B. Sulzen, L. Xia, T. Laffey, G. C. Fedorkow · Published December 2024 · DOI 10.17487/RFC9684

Overview

RFC 9684, “A YANG Data Model for Challenge-Response-Based Remote Attestation Procedures Using Trusted Platform Modules”, is a Proposed Standard document published in December 2024 by H. Birkholz, M. Eckel, S. Bhandari, E. Voit, B. Sulzen, L. Xia, T. Laffey, G. C. Fedorkow. The canonical text is published by the RFC Editor.

Abstract

This document defines the YANG Remote Procedure Calls (RPCs) and configuration nodes that are required to retrieve attestation evidence about integrity measurements from a device, following the operational context defined in RFC 9683 "TPM-based Network Device Remote Integrity Verification". Complementary measurement logs originating from one or more Roots of Trust for Measurement (RTMs) are also provided by the YANG RPCs. The defined module requires the inclusion of the following in the device components of the composite device on which the YANG server is running: at least one Trusted Platform Module (TPM) of either version 1.2 or 2.0 as well as a corresponding TPM Software Stack (TSS), or an equivalent hardware implementation that includes the protected capabilities as provided by TPMs as well as a corresponding software stack.

Abstract as published in the RFC, via rfc-editor.org.

What “Proposed Standard” means

An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.

Read this RFC

The canonical text of RFC 9684 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.

Read on rfc-editor.org Plain text › HTML › IETF Datatracker › DOI link ›

Other RFCs from 2024

Abstract

What “Proposed Standard” means

Who Is Online