On 20 March 2017 at 03:28, Mario Six <[email protected]> wrote: > If we want to load a key into a TPM, we need to know the designated parent > key's handle, so that the TPM is able to insert the key at the correct place > in > the key hierarchy. > > However, if we want to load a key whose designated parent key we also > previously loaded ourselves, we first need to memorize this parent key's > handle > (since the handles for the key are chosen at random when they are inserted > into > the TPM). If we are, however, unable to do so, for example if the parent key > is > loaded into the TPM during production, and its child key during the actual > boot, we must find a different mechanism to identify the parent key. > > To solve this problem, we add a function that allows U-Boot to load a key into > the TPM using their designated parent key's SHA1 hash, and the corresponding > auth data. > > Signed-off-by: Mario Six <[email protected]> > --- > cmd/tpm.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ > drivers/tpm/Kconfig | 8 ++++++++ > include/tpm.h | 12 ++++++++++++ > lib/tpm.c | 40 ++++++++++++++++++++++++++++++++++++++++ > 4 files changed, 109 insertions(+)
Reviewed-by: Simon Glass <[email protected]> Perhaps you don't need a new Kconfig option? Is that to save code space? _______________________________________________ U-Boot mailing list [email protected] https://lists.denx.de/listinfo/u-boot
