Re: [PATCH v4 0/7] add integrity and security to TPM2 transactions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/22/2018 10:18 AM, James Bottomley wrote:

1 - Any policy that requires a password (policypassword) can
substitute
an HMAC (policyauthvalue) at the callers discretion.  They result
in the same policy digest.

Right but this requires the co-operation of the policy handle creator,
so it's an API change.



In case it wasn't clear:  The choice is not made at the time the
policy is calculated, nor is it made at startauthsession (when
the policy is created).

The choice is made when the policy is being satisfied.

policypassword tells the TPM to expect a plaintext password, while
policyauthvalue tells the TPM to expect an HMAC.

It's subtle that either policy command results in the same policy
digest.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux