On Tue, Jun 16, 2020 at 09:02:26AM -0700, James Bottomley wrote: > The current implementation appends a migratable flag to the end of a > key, meaning the format isn't exactly interoperable because the using > party needs to know to strip this extra byte. However, all other > consumers of TPM sealed blobs expect the unseal to return exactly the > key. Since TPM2 keys have a key property flag that corresponds to > migratable, use that flag instead and make the actual key the only > sealed quantity. This is secure because the key properties are bound > to a hash in the private part, so if they're altered the key won't > load. > > Backwards compatibility is implemented by detecting whether we're > loading a new format key or not and correctly setting migratable from > the last byte of old format keys. > > Signed-off-by: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> /Jarkko
