mirror of
https://github.com/tpm2dev/tpm.dev.tutorials.git
synced 2024-11-27 16:12:11 +00:00
WIP
This commit is contained in:
parent
cea79316bf
commit
eca6a3b7d6
1 changed files with 13 additions and 2 deletions
|
@ -346,6 +346,11 @@ used to authenticate the TPM's legitimacy. The EK's public key
|
|||
("EKpub") can be used to uniquely identify a TPM, and possibly link to
|
||||
the platform's, and even the platform's user(s)' identities.
|
||||
|
||||
The `TPM2_CreatePrimary()` and `TPM2_CreateLoaded()` commands create key
|
||||
objects deterministically from the hierarchy's seed and the "template"
|
||||
used to create the key (which includes a "unique" area that provides
|
||||
"entropy" to the key derivation function).
|
||||
|
||||
## Key Wrapping and Resource Management
|
||||
|
||||
Key wrapping is encrypting a secret or private key (key encryotion key,
|
||||
|
@ -395,11 +400,17 @@ needed.
|
|||
Because primary keys (for any hierarchy other than the null hierarchy)
|
||||
are derived deterministically from a built-in and protected seed, and
|
||||
from a template, they are persistent even when not moved to NV storage
|
||||
and even when not saved.
|
||||
and even when not saved as long as the hierarchy's seed is not reset.
|
||||
|
||||
(Resetting the endorsement hierarchy seed is a very dramatic action, as
|
||||
it changes the EK/EKpub and renders any provisioned EKcert useless.
|
||||
Resetting the storage hierarchy seed is much less dramatic. The NULL
|
||||
hierarchy is reset every time the TPM resets.)
|
||||
|
||||
PCRs always persist, but they get reset on restart.
|
||||
|
||||
NV indexes always persist.
|
||||
NV indexes always persist. (But in disorderly resets/shutdowns a
|
||||
hybrid NV index may not be sync'ed to NV.)
|
||||
|
||||
## Non-Volatile (NV) Indexes
|
||||
|
||||
|
|
Loading…
Reference in a new issue