RFC: "Hardened" trusted keys

RFC: "Hardened" trusted keys

[Jarkko Sakkinen]

After LSS2016 I got this idea of having hardened trusted keys for TPM2
where the key material is never exposed to kernel. Child keys of a
hardened trusted key would be unsealed using TPM2_EncryptDecrypt
operation.

To retain backwards compatibility with the exiting trusted keys format,
this would probably require a new option to keyctl.

This is not my priority at the moment but just wanted to mirror does
this sound like a grazy idea?

/Jarkko

------------------------------------------------------------------------------

Re: RFC: "Hardened" trusted keys

[Ken Goldman]

On 8/29/2016 3:05 PM, Jarkko Sakkinen wrote:
> After LSS2016 I got this idea of having hardened trusted keys for TPM2
> where the key material is never exposed to kernel. Child keys of a
> hardened trusted key would be unsealed using TPM2_EncryptDecrypt
> operation.

Beware that the TPM2_EncryptDecrypt command is optional.  I know of at 
least one TPM vendor that does not implement the command due to export 
restrictions.

Why not seal to a parent symmetric key and use TPM2_Unseal?  Unseal is 
just a restricted decryption operation.




------------------------------------------------------------------------------