On Sat, 2019-12-07 at 21:09 -0800, James Bottomley wrote: > The TCG has defined an OID prefix "2.23.133.10.1" for the various TPM > key uses. We've defined three of the available numbers: > > 2.23.133.10.1.3 TPM Loadable key. This is an asymmetric key (Usually > RSA2048 or Elliptic Curve) which can be imported by a > TPM2_Load() operation. > > 2.23.133.10.1.4 TPM Importable Key. This is an asymmetric key (Usually > RSA2048 or Elliptic Curve) which can be imported by a > TPM2_Import() operation. > > Both loadable and importable keys are specific to a given TPM, the > difference is that a loadable key is wrapped with the symmetric > secret, so must have been created by the TPM itself. An importable > key is wrapped with a DH shared secret, and may be created without > access to the TPM provided you know the public part of the parent key. > > 2.23.133.10.1.5 TPM Sealed Data. This is a set of data (up to 128 > bytes) which is sealed by the TPM. It usually > represents a symmetric key and must be unsealed before > use. Do we still not have an official reference for these that you can provide in the commit or the file itself? It would be very nice to have something more than a verbal assurance that they're in Monty's spreadsheet. > Signed-off-by: James Bottomley > --- > include/linux/oid_registry.h | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h > index 657d6bf2c064..a4cee888f9b0 100644 > --- a/include/linux/oid_registry.h > +++ b/include/linux/oid_registry.h > @@ -107,6 +107,11 @@ enum OID { > OID_gostTC26Sign512B, /* 1.2.643.7.1.2.1.2.2 */ > OID_gostTC26Sign512C, /* 1.2.643.7.1.2.1.2.3 */ > > + /* TCG defined OIDS for TPM based keys */ > + OID_TPMLoadableKey, /* 2.23.133.10.1.3 */ > + OID_TPMImporableKey, /* 2.23.133.10.1.4 */ > + OID_TPMSealedData, /* 2.23.133.10.1.5 */ > + > OID__NR > }; >