Abstract
Accessing keys and data in TPM2 requires the use of “names” that uniquely identify a key or piece of data, to ensure that commands operate upon the desired key or data. A TPM2 is a security device, so access to a key or piece of data requires authorisation. TPM2 provides HMAC authorisation sessions (similar to those provided by TPMv1.2) but also provides simpler “password” authorisation (for use when the path to the TPM is trusted) and provides more complex “policy” authorisation sessions (for when multi-factor authorisation, such as use of PCRs, is required).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This total number of sessions is an arbitrary limit, intended to limit TPM complexity. It is not a fundamental architectural limit.
- 2.
sessionAttributes is included in the heading in order that a search for the sessionAttributes parameter will find that section of the specification.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Proudler, G., Chen, L., Dalton, C. (2014). Accessing Keys and Data in TPM2. In: Trusted Computing Platforms. Springer, Cham. https://doi.org/10.1007/978-3-319-08744-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-08744-3_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08743-6
Online ISBN: 978-3-319-08744-3
eBook Packages: Computer ScienceComputer Science (R0)