mirror of
https://github.com/tpm2dev/tpm.dev.tutorials.git
synced 2024-12-11 13:32:11 +00:00
Describe TPM2_PolicyTicket()
This commit is contained in:
parent
6413adfe6b
commit
0b413160d1
1 changed files with 32 additions and 0 deletions
32
TPM-Commands/TPM2_PolicyTicket.md
Normal file
32
TPM-Commands/TPM2_PolicyTicket.md
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
# `TPM2_PolicyTicket()`
|
||||||
|
|
||||||
|
`TPM2_PolicyTicket()` is very similar to
|
||||||
|
[`TPM2_PolicySigned()`](TPM2_PolicySigned.md), except that a
|
||||||
|
TPM-produced ticket is used instead of a signature made by some entity,
|
||||||
|
and the TPM acts as though the [`TPM2_PolicySigned()`](TPM2_PolicySigned.md)
|
||||||
|
or [`TPM2_PolicySecret()`](TPM2_PolicySecret.md) command used to produce
|
||||||
|
the ticket had been executed instead of `TPM2_PolicyTicket()`.
|
||||||
|
|
||||||
|
This is useful for avoiding excessive interactions with a user in a
|
||||||
|
short period of time. E.g., prompting the user at most once every so
|
||||||
|
many minutes for:
|
||||||
|
|
||||||
|
- a password,
|
||||||
|
- smartcard PIN entry,
|
||||||
|
- and/or biometrics identification.
|
||||||
|
|
||||||
|
## Inputs
|
||||||
|
|
||||||
|
- `TPMI_SH_POLICY policySession` (handle to the session being extended)
|
||||||
|
- `TPM2B_DIGEST cpHashA` (the command parameter hash of a single command to be authorized, or `Empty Buffer` to not so-limit the assertion)
|
||||||
|
- `TPM2B_NONCE policyRef` (an opaque value of the caller's and/or signer's choosing that is used to limit the value of the signature and to extend the `policySession`'s `policyDigest` along with the `authObject`'s name)
|
||||||
|
- `TPM2B_NAME authName` (the name of the object used in the `TPM2_PolicySigned()` or `TPM2_PolicySecret()` command that produced the `ticket`)
|
||||||
|
- `INT32 expiration` (a positive or negative number of milliseconds which, if non-zero, sets an expiration for this assertion; if zero or positive then a `policyTicket` will not be output)
|
||||||
|
- `TPMT_TK_AUTH ticket` (the ticket)
|
||||||
|
|
||||||
|
## References
|
||||||
|
|
||||||
|
- [TCG TPM Library part 1: Architecture, section 19.7.12](https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part1_Architecture_pub.pdf)
|
||||||
|
- [TCG TPM Library part 1: Architecture, section 19.7.15](https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part1_Architecture_pub.pdf)
|
||||||
|
- [TCG TPM Library part 3: Commands, section 23.3](https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part3_Commands_pub.pdf)
|
||||||
|
|
Loading…
Reference in a new issue