Trimmed the CC list a bit. Where does this discussion really belong?
Trousers is for TPM 1.2,
and it's not a TSS or TPM device driver issue.
If you're all TCG members, the TCG's TPM WG is the real place to go if you
want to get
something fixed.
James Bottomley <james.bottom...@hansenpartnership.com> wrote on
01/03/2017 06:22:56 PM:
> >
> > [Note, I haven't looked closely at TPM2, but TPM1.2 has a concept of
> > key usage, and I assume that is carried over in the below comments]
>
> The TPM1.2 all uses the correct signing functions, the problem is only
> with 2.0.
>
> > I think it is very important to natively support the sign-only key
> > usage restriction. TPM1.2 goes so far as to declare keys that can be
> > used for arbitary decrypt as 'legacy do not use'.
TPM 2.0 has several features to support this:
- Signing keys, a usage restriction that can only sign.
- Policy only, with a policy restricted to specific commands, e.g., Quote
or Sign.
- Restricted keys, that have a fixed algorithm and can only sign TPM
generated data.
What it doesn't have is the ability (for a signing key) to prepend a
caller
specified OID and padding.
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
TrouSerS-tech mailing list
TrouSerS-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-tech
