On Thu, Nov 03, 2022 at 11:01:13AM -0700, Evan Green wrote: > From: Matthew Garrett <matthewgarrett@xxxxxxxxxx> > > When TPMs generate keys, they can also generate some information > describing the state of the PCRs at creation time. This data can then > later be certified by the TPM, allowing verification of the PCR values. > This allows us to determine the state of the system at the time a key > was generated. Add an additional argument to the trusted key creation > options, allowing the user to provide the set of PCRs that should have > their values incorporated into the creation data. > > Link: https://lore.kernel.org/lkml/20210220013255.1083202-6-matthewgarrett@xxxxxxxxxx/ > Signed-off-by: Matthew Garrett <mjg59@xxxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
