-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pxe-server: transport key should have a policy to prevent misuse #121
Comments
requires bumping to new version of tpm2-tools tpm2-software/tpm2-tools#2750 |
osresearch
added a commit
that referenced
this issue
Jun 9, 2021
also the |
osresearch
added a commit
that referenced
this issue
Jun 9, 2021
This creates a policy so that the TK can only be unsealed if PCR11 (`$POLICY_PCR`) is zero. Once the TK has been used, the `bootscript` extends PCR11 so that it is no longer possible to use the TK. This also renamed the `wrapper.pub` key to `transport.pub` to be the same as the documentation.
The sealing policy is hard coded to PCR1 == 0, since generating the policy requires a TPM. I've opened an issue to address that tpm2-software/tpm2-tools#2761 |
osresearch
added a commit
that referenced
this issue
Jul 23, 2021
osresearch
added a commit
that referenced
this issue
Jul 23, 2021
This creates a policy so that the TK can only be unsealed if PCR11 (`$POLICY_PCR`) is zero. Once the TK has been used, the `bootscript` extends PCR11 so that it is no longer possible to use the TK. This also renamed the `wrapper.pub` key to `transport.pub` to be the same as the documentation.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: