You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Apologies if this isn't the correct place to ask this but I'm not sure where else I should!.
I need to create a duplicate key which also allows for a PCR policy. Basically, I want to encrypt files on TPM-A and decrypt on TPM-B using the same object with a pcr policy so the decryption only work if the pcr values are the same.
I can create the duplicate object using tpm2_duplicate and migrate it do a another TPM but how do you then bind a PCR policy. I cant find documents suggesting it is possible but doesn't give and examples using tpm2_tools .
The two option's I've been investigating are as follows but I'm unsure which is correct or not.
Use tpm2_policycommandcode to create a policy with TPM2_CC_Duplicate and a policy with TPM2_CC_PolicyPCR and use tpm2_policyor to logically OR's two policies. Then apply the policy ?
Use tpm2_policyauthorize to mutable policies by tethering to a signing authority
Any help or assistance would be greatly apricated
The text was updated successfully, but these errors were encountered:
Apologies if this isn't the correct place to ask this but I'm not sure where else I should!.
I need to create a duplicate key which also allows for a PCR policy. Basically, I want to encrypt files on TPM-A and decrypt on TPM-B using the same object with a pcr policy so the decryption only work if the pcr values are the same.
I can create the duplicate object using tpm2_duplicate and migrate it do a another TPM but how do you then bind a PCR policy. I cant find documents suggesting it is possible but doesn't give and examples using tpm2_tools .
The two option's I've been investigating are as follows but I'm unsure which is correct or not.
Any help or assistance would be greatly apricated
The text was updated successfully, but these errors were encountered: