On Fri, 2014-03-14 at 17:14 +0000, David Howells wrote: > Mimi Zohar <[email protected]> wrote: > > > > As I understand the code, I think operations being performed from > > > ->update() > > > are: > > > > > > (a) Resealing a key with a new pcrs (trusted). > > > > > > (b) Changing the master key (encrypted). > > > > > > Mimi, Dmitry: is this list right? > > > > In addition to resealing trusted keys to a new TPM PCR value, there are > > a few other options that can be modified (eg. keyauth, blobauth, > > pcrlock). Encrypted keys can be encrypted/decrypted with a new master > > key (trusted or user key type). > > Can (re)sealing a key be viewed as encrypting it? Is the difference between > sealing a key and encrypting a key the use of hardware support?
Yes, 'resealing/sealing' is TPM terminology for encrypting/decrypting. The sealing is RSA encryption by a TPM chip, which can only be decrypted by the same chip. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
