Ok, I understand that unseal requires authorisation, what Im unsure of is how to supply the authorisation. I have all they keys setup, and I am the owner, so the authorization Im missing is the authorization of the object, trying to set a policy on the object just leads to unseal telling me that "No secret information for addressed policy object". Basically I know I'm missing something, but not sure what. Both "A Practical Guide to Secure Computing" and the TCG introduction to using the TSS that I was able to find don't show a step of a policy to the HENCDATA, and doing myself hasn't worked, so how am I meant to be supplying authorisation data to the object before calling unseal?
On Mon, 24 Feb 2020 at 13:49, Ken Goldman <[email protected]> wrote: > On 2/23/2020 9:04 AM, Sam Jenkins via TrouSerS-users wrote: > > Hi, > > If the problem is not having the authorisation of the object how do I > > solve this? > > Unseal requires authorization. If the caller does not supply > the correct authorization, the TPM will not return the secret. > > > If no policy was set on the object shouldn't it by default use the > > authorisation of the context? Because setting that to the owner doesn't > > seem to make a difference? > > Unseal requires the authorization of the object. The TPM owner is > not like a Unix root that can do anything. > > > -- hello
_______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
