In line. On 2/25/2014 2:50 PM, Robert Sutton II wrote: > Thanks for the quick reply. Yes, I would like to seal to the SRK. I am > also sealing to PCR state. > > [snip] > > Since I am sealing to the SRK, I need keyHandle to be the SRK handle. > But which command do I use to obtain the SRK keyHandle?
The SRK handle is hard coded to 0x40000000. See Part 2 Reserved Key Handles. > It says the authHandle must be OSAP. However, in the TPM_Seal Actions, > it says that authHandle indicates the ADIP used to decrypt encAuth. Does > this mean I need to execute a command to set authHandle to indicate this > ADIP? The ADIP encryption type is set up when the session is started. In TPM_OSAP(), see the entityType parameter. Reading Part 2 for TPM_ENTITY_TYPE, LSB is 0x04 (SRK) and MSB is your ADIP algorithm, XOR or AES. AES might be optional for your platform. > Looking at the Actions of TPM_Seal, it doesn't use pubAuth anywhere. So > what should I put for it? That's the authorization for the key, the SRK in your case. It's used implicitly in Action 1. The spec doesn't list the authorization calculation for each command, because it's always the same. It just says something like "validate the authorization" or "validate the parameters" or "validate the authData" or some similar wording. It's the HMAC of the parameters using the SRK auth as the HMAC key. ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
