On Mon, Mar 12, 2018 at 08:57:13AM -0700, James Bottomley wrote: > I think the way I'm going to fix the trusted key policy problem is to > move it back into the kernel for the simple PCR lock policy (which will > make changing from 1.2 to 2.0 seamless because the external Key API > will then become the same) so the kernel gets the missing TPM nonce and > can then do TPM2_PolicyAuthValue.
Sounds reasonable. > User generated policy sessions for trusted keys are very flexible but > also a hugely bad idea for consumers because it's so different from the > way 1.2 works and it means now the user has to exercise a TPM API to > produce the policy sessions. > > Longer term, I think having a particular trusted key represent a policy > session which can then be attached to a different trusted key > representing the blob is the best idea because we can expose the policy > build up via the trusted key API and keep all the TPM nastiness inside > the kernel. /Jarkko
