-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable Session Support #65
Comments
And could you please write a draft test script indicating what should be the end result? Some shell script that would setup the TPM, create whatever needs to be created before the openssl commands are executed? |
Really all you have to do it call is Esys_StartAuthSession() With an established ESYS_TR object and then use Esys_TRSess_SetAttributes() To set the flags for encryption. You can use the parent key as tpmKey parameter in the call to Esys_StartAuthSession. The crux is that you need both the handle and a name. The PEM format only has the raw TPM handle Or the primary key is created with createprimary. As a side note, this is what makes ESYS_TRs useful, It’s a coupling of name and handle, this is why you can just pass is to ESys_StartAuthSession and not Worry. The name of an object is unspoofable and unforgeable. Continuing on, there are two ways you can you solve this:
You could use both of these, let OSSL config over ride, so I'd start with 1. It's not as bad as it looks tpm2-pkcs11 does this. Concisely the steps are: Phase 1:
|
Enable Verified Session Support, not sure where you can shove a trusted key in to enable session protections with the TPM.
The text was updated successfully, but these errors were encountered: