We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CreateSigningKeyImportBlob and ImportSigningKey only support restrictions with pcr values.
However, the imorted key does not have any authorization policy that prevent duplication afaik (only pcr binding)
authorization policy
# tpm2_readpublic -c 0x81010001 name: 000b1c71beda21f8f0592d56651a3799fb0f7cd6e8b86a2305c84f9c8c13c9bae8da qualified name: 000b4db0e8e4c7c9e13e51c8a40c686647e13f1236bf0f536d839235c442ed3fabf8 name-alg: value: sha256 raw: 0xb attributes: value: adminwithpolicy|sign raw: 0x40080 type: value: rsa raw: 0x1 exponent: 65537 bits: 2048 scheme: value: rsassa raw: 0x14 scheme-halg: value: sha256 raw: 0xb sym-alg: value: null raw: 0x10 sym-mode: value: (null) raw: 0x0 sym-keybits: 0 rsa: dac81c51f456... authorization policy: 2094289099c2cb180f28f99c71c8d681123935f7330bdae5aa1ae1e09f0fe532
I think something like https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_policyduplicationselect.1.md would be needed
The text was updated successfully, but these errors were encountered:
No branches or pull requests
CreateSigningKeyImportBlob and ImportSigningKey only support restrictions with pcr values.
However, the imorted key does not have any
authorization policythat prevent duplication afaik (only pcr binding)I think something like https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_policyduplicationselect.1.md would be needed
The text was updated successfully, but these errors were encountered: