Re: [Ibmtpm20tss-users] [openssl-tpm2-engine] ibmtss

Ken Goldman <kgold@...>
 

On 1/13/2019 11:45 AM, James Bottomley wrote:
On Sun, 2019-01-13 at 16:07 +0000, Doug Fraser wrote:
James, Ken,

Thanks again for your help and feedback. I am learning this all at a
brisk pace. This past fall was my introduction to TPM as anything
other than a technology buzz word.

James, we are using a TPM key blob from create_tpm2_key that is tied
to a fixed key at 80000001.
Well, firstly, volatile keyhandles aren't deterministic (it won't
always be 80000001), but hopefully you already coped with that in your
script.
Just FYI - not recommended because of resource limitations ...

The TPM does have non-volatile key slots. The usual use is
early in boot, when there is no other key storage. These keys
will have fixed handles.

A typical TPM has 7 slots, reserved by convention as follows:

3 for root keys
1 for the platform OEM
3 for OS and applications

Join openssl-tpm2-engine@groups.io to automatically receive all group messages.