Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -307,6 +307,7 @@ shellcheck:
sbin/tpm2-recv \
sbin/tpm2-policy \
initramfs/*/* \
tests/test-enroll.sh \
; do \
shellcheck $$file functions.sh ; \
done
Expand Down
4 changes: 2 additions & 2 deletions docs/attest-enroll.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,14 +93,14 @@ Decryption is implemented by [`sbin/tpm2-recv`](/sbin/tpm2-recv).

Two methods are possible for encryption to a target TPM's `EKpub`:

- the "EK" method (our name for it)
- the "WK" method (our name for it)
- the "TK" method (our name for it)

Both methods support setting a policy on the ciphertext such that any
application using the target's TPM to decrypt it must first execute and
satisfy that policy.

The "EK" method uses `TPM2_MakeCredential()` via tpm2-tools' `tpm2
The "WK" method uses `TPM2_MakeCredential()` via tpm2-tools' `tpm2
makecredential` command, using the `none` TCTI (i.e., implemented in
software). The target's `EKpub` is used as the `handle` input parameter
to `TPM2_MakeCredential()`. A well-known key (`WK`), and the desired policy
Expand Down
Loading