[U-Boot] [PATCH 1/3] tpm: Add function to load keys via their parent's SHA1 hash
Simon Glass
sjg at chromium.org
Wed Mar 22 13:05:53 UTC 2017
On 20 March 2017 at 03:28, Mario Six <mario.six at gdsys.cc> wrote:
> If we want to load a key into a TPM, we need to know the designated parent
> key's handle, so that the TPM is able to insert the key at the correct place in
> the key hierarchy.
>
> However, if we want to load a key whose designated parent key we also
> previously loaded ourselves, we first need to memorize this parent key's handle
> (since the handles for the key are chosen at random when they are inserted into
> the TPM). If we are, however, unable to do so, for example if the parent key is
> loaded into the TPM during production, and its child key during the actual
> boot, we must find a different mechanism to identify the parent key.
>
> To solve this problem, we add a function that allows U-Boot to load a key into
> the TPM using their designated parent key's SHA1 hash, and the corresponding
> auth data.
>
> Signed-off-by: Mario Six <mario.six at gdsys.cc>
> ---
> cmd/tpm.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
> drivers/tpm/Kconfig | 8 ++++++++
> include/tpm.h | 12 ++++++++++++
> lib/tpm.c | 40 ++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 109 insertions(+)
Reviewed-by: Simon Glass <sjg at chromium.org>
Perhaps you don't need a new Kconfig option? Is that to save code space?
More information about the U-Boot
mailing list