[tpm2] Re: How to use tpm2 tool to unload an external key

[tpm2] Re: How to use tpm2 tool to unload an external key

[Chenxi Z]

[-- Attachment #1: Type: text/plain, Size: 359 bytes --]

Thank you, Andreas,

Would you know what command is used to list all objects currently loaded into the TPM?
"tpm2_getcap handles-transient" doesn't work.

Steps:
openssl ecparam -genkey -name prime256v1 -noout -out ec256-key-pair.pem
tpm2_loadexternal -C n -G ecc -r ec256-key-pair.pem -c eckey.ctx
tpm2_getcap handles-transient ----> return nonthing.

[tpm2] Re: How to use tpm2 tool to unload an external key

[Fuchs, Andreas]

[-- Attachment #1: Type: text/plain, Size: 1065 bytes --]

You are probably going through a resource manager and that removes transient handles when a program (such as tpm2_loadexternal) exits.
That also makes sense and is the default way of doing things.
For subseuent usage of the loaded key you will be using eckey.ctx anyways.

________________________________________
Von: Chenxi Z <cxzhang1981(a)hotmail.com>
Gesendet: Donnerstag, 22. April 2021 20:13
An: tpm2(a)lists.01.org
Betreff: [tpm2] Re: How to use tpm2 tool to unload an external key

Thank you, Andreas,

Would you know what command is used to list all objects currently loaded into the TPM?
"tpm2_getcap handles-transient" doesn't work.

Steps:
openssl ecparam -genkey -name prime256v1 -noout -out ec256-key-pair.pem
tpm2_loadexternal -C n -G ecc -r ec256-key-pair.pem -c eckey.ctx
tpm2_getcap handles-transient ----> return nonthing.
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org
To unsubscribe send an email to tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

[tpm2] Re: How to use tpm2 tool to unload an external key

[Fuchs, Andreas]

[-- Attachment #1: Type: text/plain, Size: 897 bytes --]

tpm2_flushcontent --transient-object

this removes all key object currently loaded into the TPM's RAM.

________________________________________
Von: Kenneth Goldman <kgoldman(a)us.ibm.com>
Gesendet: Donnerstag, 22. April 2021 00:29
Cc: tpm2(a)lists.01.org
Betreff: [tpm2] Re: How to use tpm2 tool to unload an external key

> From: "Chenxi Z" <cxzhang1981(a)hotmail.com>
>
> I loaded an ecdsa P256 key, which was generated by openssl, into
> TPM. Once the key is not longer needed for my use case, I would like
> to unload the key. Can I know what tpm2 tool command that I can use
> to unload the external key?
> I am assuming if I don't unload the key, the key context/memory will
> forever be held by TPM (unless reboot). If I never release that and
> I keep loading new keys into TPM, the TPM will eventually run out of memory.
>

Look for something like 'flushcontext'.

[tpm2] Re: How to use tpm2 tool to unload an external key

[Kenneth Goldman]

[-- Attachment #1: Type: text/plain, Size: 563 bytes --]

> From: "Chenxi Z" <cxzhang1981(a)hotmail.com>
>
> I loaded an ecdsa P256 key, which was generated by openssl, into
> TPM. Once the key is not longer needed for my use case, I would like
> to unload the key. Can I know what tpm2 tool command that I can use
> to unload the external key?
> I am assuming if I don't unload the key, the key context/memory will
> forever be held by TPM (unless reboot). If I never release that and
> I keep loading new keys into TPM, the TPM will eventually run out of
memory.
>

Look for something like 'flushcontext'.

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 763 bytes --]