Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SigningKeyImportBlob to support duplication policy #350

Open
salrashid123 opened this issue Aug 28, 2023 · 0 comments
Open

SigningKeyImportBlob to support duplication policy #350

salrashid123 opened this issue Aug 28, 2023 · 0 comments

Comments

@salrashid123
Copy link

CreateSigningKeyImportBlob and ImportSigningKey only support restrictions with pcr values.

However, the imorted key does not have any authorization policy that prevent duplication afaik (only pcr binding)

# tpm2_readpublic -c  0x81010001
name: 000b1c71beda21f8f0592d56651a3799fb0f7cd6e8b86a2305c84f9c8c13c9bae8da
qualified name: 000b4db0e8e4c7c9e13e51c8a40c686647e13f1236bf0f536d839235c442ed3fabf8
name-alg:
  value: sha256
  raw: 0xb
attributes:
  value: adminwithpolicy|sign
  raw: 0x40080
type:
  value: rsa
  raw: 0x1
exponent: 65537
bits: 2048
scheme:
  value: rsassa
  raw: 0x14
scheme-halg:
  value: sha256
  raw: 0xb
sym-alg:
  value: null
  raw: 0x10
sym-mode:
  value: (null)
  raw: 0x0
sym-keybits: 0
rsa: dac81c51f456...
authorization policy: 2094289099c2cb180f28f99c71c8d681123935f7330bdae5aa1ae1e09f0fe532

I think something like https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_policyduplicationselect.1.md would be needed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant