-
Notifications
You must be signed in to change notification settings - Fork 381
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tpm2 policy creation tools without TCTI #2761
Comments
I think you mean
|
I should have phrased that a little differently... I understand why |
So no reason except that TPM is convenient. One could implement this with the |
Ideally every operation that can be implemented in software should be available as implemented in software so as to avoid needing to spin up a software TPM and resource manager. The list of things to implement in software:
Use case: encryption to
The decrypt side is The sender side of all of this can be entirely implemented in software. |
Is there a reason to require a TCTI for policy tools that do not interact with the TPM when they are not invoked with
--policy-session
? I need to build an policy for create a duplicate object and do not want to be throttled by talking to the physical TPM.As a workaround I can pre-compute the policy hash and hard-code it in the scripts, but that is not as flexible:
This is likely unrelated, but using a 64-byte hex dump instead of the 32-byte binary file "works" for
tpm2 duplicate
, but thetpm2 import
fails with an HMAC size error:The text was updated successfully, but these errors were encountered: