Hello, I have a server that receives a .CSR from a machine with TPM, I would like to know the best way to ensure the attestation of this machine, which is a genuine machine with TPM, I read about using the CA authority of Infenion which is the manufacturer, and then apply a cryptographic challenge using a nonce using the ek and ak public keys, but I'm having difficulty applying using tpm2_tools, any help?