Trimmed the CC list a bit. Where does this discussion really belong?
Trousers is for TPM 1.2,
and it's not a TSS or TPM device driver issue.
If you're all TCG members, the TCG's TPM WG is the real place to go if you
want to get
something fixed.
James Bottomley <[email protected]> wrote on
01/03/2017 06:22:56 PM:
> >
> > [Note, I haven't looked closely at TPM2, but TPM1.2 has a concept of
> > key usage, and I assume that is carried over in the below comments]
>
> The TPM1.2 all uses the correct signing functions, the problem is only
> with 2.0.
>
> > I think it is very important to natively support the sign-only key
> > usage restriction. TPM1.2 goes so far as to declare keys that can be
> > used for arbitary decrypt as 'legacy do not use'.
TPM 2.0 has several features to support this:
- Signing keys, a usage restriction that can only sign.
- Policy only, with a policy restricted to specific commands, e.g., Quote
or Sign.
- Restricted keys, that have a fixed algorithm and can only sign TPM
generated data.
What it doesn't have is the ability (for a signing key) to prepend a
caller
specified OID and padding.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
tpmdd-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
