Conversation
Jarkko Sakkinen
jarkko
Edited 4 days ago
The policy module in tpm2sh is growing enough meaning that I will eventually fully decouple it and introduce 'tpm2-policy' crate.
Just like tpm2-protcol, this is a mailing list project and will be hosted at git.kernel.org.
'tpm2-policy' provides an expressive language for policies and can additionally "open code" input expressions e.g., set actual values for PCRs (if they are unspecified and digest is composed it queries them from TPM).
It can compose digests both via means of TPM2_Policy* command but in addition is capable for software composition (not yet landed tho but coming soon ;-))
The big picture design principle in this crate is, just like in tpm2-protocol, that it scales both to client use, and at the same time software composition engine is capable of empowering TPM emulator or even a real chip.
#linux #rust #tpm
Just like tpm2-protcol, this is a mailing list project and will be hosted at git.kernel.org.
'tpm2-policy' provides an expressive language for policies and can additionally "open code" input expressions e.g., set actual values for PCRs (if they are unspecified and digest is composed it queries them from TPM).
It can compose digests both via means of TPM2_Policy* command but in addition is capable for software composition (not yet landed tho but coming soon ;-))
The big picture design principle in this crate is, just like in tpm2-protocol, that it scales both to client use, and at the same time software composition engine is capable of empowering TPM emulator or even a real chip.
#linux #rust #tpm
0
1
1