On Sun May 19, 2024 at 3:25 AM EEST, Jarkko Sakkinen wrote: > ## Overview > > Introduce tpm2_key_rsa implementing asymmetric TPM RSA key. > > I submit this first as RFC as I could not execute the keyctl padd in the > following sequence (returns EBADF): > > tpm2_createprimary --hierarchy o -G rsa2048 -c owner.txt > tpm2_evictcontrol -c owner.txt 0x81000001 > tpm2_getcap handles-persistent > openssl genrsa -out private.pem 2048 > tpm2_import -C 0x81000001 -G rsa -i private.pem -u key.pub -r key.priv > tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem > openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der > key_serial=`cat key.priv.der | keyctl padd asymmetric tpm @u` After v2 changes it ends up to -EINVAL and: OID is "2.23.133.10.1.3" which is not TPMSealedData which makes total sense. James' old patch set has already TPMLoadableKey parsing PoC'd so I use that as the reference. After the sequence above successfully completes keyctl public key ops are accesible by using $key_serial as the serial. BR, Jarkko