On Fri, Nov 11, 2022 at 03:16:35PM -0800, Evan Green wrote: > We want to ensure that the key used to encrypt the digest What is meant by "the key used to encrypt the digest"? > was created by > the kernel during hibernation. To do this we request that the TPM > include information about the value of PCR 23 at the time of key > creation in the sealed blob. On resume, we can make sure that the PCR > information in the creation data blob (already certified by the TPM to > be accurate) corresponds to the expected value. Since only > the kernel can touch PCR 23, if an attacker generates a key themselves > the value of PCR 23 will have been different, allowing us to reject the > key and boot normally instead of resuming. It seems that PCR 23 is already included in the authorization policy for the key, so why is this extra part needed? - Eric
