fmaury/tpm.dev.tutorials
1
0
Fork 0
mirror of https://github.com/tpm2dev/tpm.dev.tutorials.git synced 2024-11-21 13:32:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

WIP

Browse source
This commit is contained in:
Nicolas Williams 2021-05-14 14:40:55 -05:00
parent 63f5e96b0f
commit ca4b14f5a2
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
Intro/README.md
View file

@ -52,8 +52,7 @@ TPMs have a very rich set of options for authorization. It's not just
restricted keys to allow access only to applications that also have
other access.
Where to start? Let's start with hash extension, which may be the only
trivial concept in the world of TPMs!
Where to start? Let's start with hash extension.
## Hash Extension
@ -282,8 +281,8 @@ the platform's, and even the platform's user(s)' identities.
## Key Wrapping
The primary key is always a decrypt-only asymmetric private key, and its
corresponding public key is therefore encrypt-only. This is largely
The primary key is generally a decrypt-only asymmetric private key, and
its corresponding public key is therefore encrypt-only. This is largely
because of _key wrapping_, where a secret or private key is encrypted to
a TPM's EKpub so that it can be safely sent to that TPM so that that TPM
can then decrypt and use that secret.
@ -455,7 +454,8 @@ An unrestricted signing key can be used to sign arbitrary content.
A restricted signing key can be used to sign only TPM-generated content
as part of specific TPM restricted signing commands. Such content
always begins with a magic byte sequence.
always begins with a magic byte sequence, and the TPM refuses to sign
externally generated content that starts with that magic byte sequence.
A restricted decryption key can only be used to decrypt ciphertexts
whose plaintexts have a certain structure. In particular these are used