Conversation
Jarkko Sakkinen
jarkko
That pipeline system is gone in tpm2sh. It's now about tags such as "tpm://80000001", "data://base64,..." etc. and expressive policy language which is used by everything from pcr functionality to policy definitions.
Had to do the cli extremely wrong, unintuive and pain to maintain to discover what would be actually right in this case. No one has really ever though how to make TPM2 nice to use from command-line so this part of the process :-)
Had to do the cli extremely wrong, unintuive and pain to maintain to discover what would be actually right in this case. No one has really ever though how to make TPM2 nice to use from command-line so this part of the process :-)
1
0
0
And I added some niceties like for instance:
- When defining a PCR in a policy you can write the data down.
- Altermatively, you can leave it output and the "policy compiler" will read the current PCR value.
Generally it is a great project as without doing tpm2sh simultaneously tpm2-protocol would be shadow of what it is right now. I constantly discover critical bugs while thinking crazy features for this tool :-)
Like one that I have in done is to provide mechanism to do remote attestation from command-line so that you can have e.g., remote attestating applications written in bash.
- When defining a PCR in a policy you can write the data down.
- Altermatively, you can leave it output and the "policy compiler" will read the current PCR value.
Generally it is a great project as without doing tpm2sh simultaneously tpm2-protocol would be shadow of what it is right now. I constantly discover critical bugs while thinking crazy features for this tool :-)
Like one that I have in done is to provide mechanism to do remote attestation from command-line so that you can have e.g., remote attestating applications written in bash.
0
0
0