If you use loadkey, you'll also need createwrapkey to create the key and flushspecific to unload it.
However, if you're very early in a boot cycle, perhaps you don't have disk access yet to get the key. Can seal to the SRK rather than loading a key? What are you sealing to? If it's the current PCR state, you need pcrread. Unseal can use osap or oiap. Either way, you might want getrandom to generate your random nonce. Finally, depending upon what ran before you, you might need continueselftest. On 2/25/2014 1:20 PM, Robert Sutton II wrote: > > Which TPM commands does the TPM_Seal and TPM_Unseal command depend on? > Obviously, Unseal depends on Seal, because you need to Seal something in > order to Unseal it. But it seems that Seal requires an OSAP session, so > I need to use TPM_OSAP. And it seems that to start an OSAP session, you > need to load a key, so I need TPM_LoadKey. An in order to use LoadKey, I > need to take ownership, so I need TPM_TakeOwnership. So it seems that I > need to execute the following TPM commands to use Seal and Unseal: > TPM_TakeOwnership -> TPM_LoadKey -> TPM_OSAP -> TPM_Seal -> TPM_Unseal. > Is this correct? The spec is not clear in exactly which commands depend > on other commands, so this is confusing to me. ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
