diff --git a/acme/challenge.go b/acme/challenge.go
index fb98b50c..6657962e 100644
--- a/acme/challenge.go
+++ b/acme/challenge.go
@@ -621,16 +621,14 @@ func doTPMAttestationFormat(ctx context.Context, prov Provisioner, ch *Challenge
 		return nil, NewError(ErrorBadAttestationStatementType, "invalid alg in attestation statement")
 	}
 
-	var hash crypto.Hash
-	switch alg {
-	case -257: // RS256
-		hash = crypto.SHA256
-	case -7: // ES256
-		hash = crypto.SHA256
-	default:
+	// only RS256 and ES256 are allowed
+	if alg != -257 && alg != -1 {
 		return nil, NewError(ErrorBadAttestationStatementType, "invalid alg %d in attestation statement", alg)
 	}
 
+	// set the hash algorithm to use to SHA256
+	hash := crypto.SHA256
+
 	// recreate the generated key certification parameter values and verify
 	// the attested key using the public key of the AK.
 	certificationParameters := &attest.CertificationParameters{