* [tpm2] Persistent key protection
@ 2020-07-27 11:29 Ionut Mihalcea
0 siblings, 0 replies; only message in thread
From: Ionut Mihalcea @ 2020-07-27 11:29 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 1176 bytes --]
Hello all,
I’ve been trying to identify any TPM authorization features that could be used in a user-space persistent key store with hardware backing, but it appears that simply storing the key context, preferably on an encrypted filesystem, is the best solution I could come up with. Keys could have an auth value of their own, but that value must then be stored as well, and any other authorization mechanism ends up reducing to an (indirect) “auth” value that has to be persisted.
The threat I’m trying to work against is simply leaking the persisted key material, allowing the attacker to load and use the keys (assuming they’re authorized to use the hierarchy that the keys belong to).
Am I missing something, or is this due to TPM authorization features being aimed more at lower levels of the stack?
Best regards,
Ionut
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 2462 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-07-27 11:29 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-27 11:29 [tpm2] Persistent key protection Ionut Mihalcea
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.