From 0b413160d14fbf5ba4ac817af16c79c28324b198 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Sat, 28 Aug 2021 15:19:51 -0500 Subject: [PATCH] Describe TPM2_PolicyTicket() --- TPM-Commands/TPM2_PolicyTicket.md | 32 +++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 TPM-Commands/TPM2_PolicyTicket.md diff --git a/TPM-Commands/TPM2_PolicyTicket.md b/TPM-Commands/TPM2_PolicyTicket.md new file mode 100644 index 0000000..a35e407 --- /dev/null +++ b/TPM-Commands/TPM2_PolicyTicket.md @@ -0,0 +1,32 @@ +# `TPM2_PolicyTicket()` + +`TPM2_PolicyTicket()` is very similar to +[`TPM2_PolicySigned()`](TPM2_PolicySigned.md), except that a +TPM-produced ticket is used instead of a signature made by some entity, +and the TPM acts as though the [`TPM2_PolicySigned()`](TPM2_PolicySigned.md) +or [`TPM2_PolicySecret()`](TPM2_PolicySecret.md) command used to produce +the ticket had been executed instead of `TPM2_PolicyTicket()`. + +This is useful for avoiding excessive interactions with a user in a +short period of time. E.g., prompting the user at most once every so +many minutes for: + + - a password, + - smartcard PIN entry, + - and/or biometrics identification. + +## Inputs + + - `TPMI_SH_POLICY policySession` (handle to the session being extended) + - `TPM2B_DIGEST cpHashA` (the command parameter hash of a single command to be authorized, or `Empty Buffer` to not so-limit the assertion) + - `TPM2B_NONCE policyRef` (an opaque value of the caller's and/or signer's choosing that is used to limit the value of the signature and to extend the `policySession`'s `policyDigest` along with the `authObject`'s name) + - `TPM2B_NAME authName` (the name of the object used in the `TPM2_PolicySigned()` or `TPM2_PolicySecret()` command that produced the `ticket`) + - `INT32 expiration` (a positive or negative number of milliseconds which, if non-zero, sets an expiration for this assertion; if zero or positive then a `policyTicket` will not be output) + - `TPMT_TK_AUTH ticket` (the ticket) + +## References + + - [TCG TPM Library part 1: Architecture, section 19.7.12](https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part1_Architecture_pub.pdf) + - [TCG TPM Library part 1: Architecture, section 19.7.15](https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part1_Architecture_pub.pdf) + - [TCG TPM Library part 3: Commands, section 23.3](https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part3_Commands_pub.pdf) +