Skip to content
Commit 5beb0c43 authored by Jarkko Sakkinen's avatar Jarkko Sakkinen
Browse files

keys, trusted: seal with a TPM2 authorization policy 



TPM2 supports authorization policies, which are essentially
combinational logic statements repsenting the conditions where the data
can be unsealed based on the TPM state. This patch enables to use
authorization policies to seal trusted keys.

Two following new options have been added for trusted keys:

* 'policydigest=': provide an auth policy digest for sealing.
* 'policyhandle=': provide a policy session handle for unsealing.

If 'hash=' option is supplied after 'policydigest=' option, this
will result an error because the state of the option would become
mixed.

Signed-off-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: default avatarColin Ian King <colin.king@canonical.com>
Reviewed-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: default avatarPeter Huewe <peterhuewe@gmx.de>
parent 5ca4c20c
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment