Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Seal Object should be under TCG defined SRK #20

Open
williamcroberts opened this issue Aug 19, 2022 · 0 comments
Open

Seal Object should be under TCG defined SRK #20

williamcroberts opened this issue Aug 19, 2022 · 0 comments
Assignees
@puiterwijk

Comments

@williamcroberts
Copy link

The code seems to be just calling createprimary:

Which means that call will need owner auth on the encrypt and decrypt calls to create the primary key.

The TCG PC Provisioning Guidlines [1] discuss that an SRK should be established and made persistent at address 0x81000001. The SRK has no password and can be used a space for everyone to store their keys under without needing owner auth. The script should probably check for the SRK and use that over creating a primary object, and optionally create the SRK and persist it and then use that.

[1] https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@puiterwijk puiterwijk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@puiterwijk @williamcroberts