* [tpm2] policies in conjunctive normal form
@ 2021-02-17 20:36 narcis2004
0 siblings, 0 replies; only message in thread
From: narcis2004 @ 2021-02-17 20:36 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 791 bytes --]
Question: is it possible to structure a policy using tpm2-tools in the following form?
policy = (a OR b) AND (c OR d)
- where a, b, c, d are simple pcr policies.
I tried this, and apparently creating an *AND* of policy *OR* did not work as i thought. "and.policy" will contain the hash of the second tpm2_policyor instead of generating a new hash
tpm2_startauthsession --session session.ctx
tpm2_policyor --session session.ctx sha256:a.policy,b.policy
tpm2_policyor --session session.ctx sha256:c.policy,d.policy --policy and.policy
tpm2_flushcontext session.ctx
Plan B would be to structure the policy in the equivalent disjunctive normal form, which works but is less scalable. i.e.:
policy = (a AND c) OR (a AND d) OR (b AND c) OR (b AND d)
Thanks,
Narcis
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-02-17 20:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-17 20:36 [tpm2] policies in conjunctive normal form narcis2004
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.