-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Align ek abstraction with TCG EK Credential profile #552
Align ek abstraction with TCG EK Credential profile #552
Conversation
Signed-off-by: Thore Sommer <[email protected]>
04e6225
to
40c623f
Compare
Signed-off-by: Thore Sommer <[email protected]>
…finitionObject Signed-off-by: Thore Sommer <[email protected]>
40c623f
to
a119e8c
Compare
What is currently missing is reading the template and potential nonce from NV. Do we need that feature? Edit: should be possible to implement this via key customization, so not implementing this directly in this PR. |
cb7e1dc
to
0da45ee
Compare
Signed-off-by: Thore Sommer <[email protected]>
0da45ee
to
80f3326
Compare
Signed-off-by: Thore Sommer <[email protected]>
80f3326
to
2176c29
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
LGTM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the fix, much needed that someone with more XP on this refreshed it :)
@@ -42,12 +66,19 @@ pub fn create_ek_public_from_default_template<IKC: IntoKeyCustomization>( | |||
) -> Result<Public> { | |||
let key_customization = key_customization.into_key_customization(); | |||
|
|||
// user_with_auth is not set for the lower profiles (RSA 20248 and ECC P256) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit:
// user_with_auth is not set for the lower profiles (RSA 20248 and ECC P256) | |
// user_with_auth is not set for the lower profiles (RSA 2048 and ECC P256) |
Nevermind, saw the comment in #546 |
This takes the following PRs and from the main branch and adapts them so that they can be merged into the 7.x.y branch: \parallaxsecond#464 (By Ionut Mihalcea <[email protected]>) \parallaxsecond#414 (By Thore Sommer <[email protected]>) \parallaxsecond#552 (By Thore Sommer <[email protected]>) Co-authored-by: Jesper Brynolf <[email protected]> Co-authored-by: Thore Sommer <[email protected]> Co-authored-by: Ionut Mihalcea <[email protected]> Signed-off-by: Jesper Brynolf <[email protected]>
The used hashing and symmetric algorithm and authPolicy are different based on the key size/curve.
While the old generated EKs still work, they are not that useful as they don't match the EK found in provisioned EK certificates according to the TCG EK Credential profile. This fixes that.