* [tpm2] How can I use a persisted object without it’s primary key?
@ 2021-05-06 5:17 Rowan Moul
0 siblings, 0 replies; only message in thread
From: Rowan Moul @ 2021-05-06 5:17 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 557 bytes --]
Hello,
I’m just trying to get a better sense of how the TPM storage hierarchy works.
Say I create a primary key under the owner hierarchy, and then I create a signing key under that. I persist the signing key with tpm2_evictcontrol but I do NOT persist the primary key.
How am I able to use the signing key on subsequent boots without the primary key existing in the TPM memory? Isn’t it needed to decrypt the signing key? Or is the persisted signing key not encrypted by the primary key when it resides inside the TPM hardware?
Thanks,
Rowan
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-05-06 5:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-06 5:17 [tpm2] How can I use a persisted object without it’s primary key? Rowan Moul
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.