summaryrefslogtreecommitdiffstats
path: root/meson.build
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2022-08-17 17:21:57 +0200
committerLennart Poettering <lennart@poettering.net>2022-09-08 16:34:27 +0200
commitd9b5841d40996d42a05b7d6f1adf7a7517966262 (patch)
treea62d8485238558e54f0a73332e195b5cf327b52c /meson.build
parentmeasure: add 'sign' verb (diff)
downloadsystemd-d9b5841d40996d42a05b7d6f1adf7a7517966262.tar.xz
systemd-d9b5841d40996d42a05b7d6f1adf7a7517966262.zip
tpm2-util: extend TPM2 policies to optionally check PCR values against signed values
Traditionally, TPM2 PCR policies are bound against literal PCR values, which makes them hard to work with when updating software that is measured into PCRs: each update will change the PCR values, and thus break TPM2 policies of existing objects. Let's improve the situation: let's allow signed PCR policies. Secrets and other TPM2 objects can be associated with a public key that signs a PCR policy. Thus, if the signed policy and the public key is presented, access to the TPM2 object can be granted. This allows a less brittle handling of updates: for example, whenever a kernel image is updated a new signed PCR policy can be shipped along with it, signed by a private key owned by the kernel vendor (ideally: same private key that is used to sign the kernel image itself). TPM2 objects can then be bound to the associated public key, thus allowing objects that can only be unlocked by kernels of the same vendor. This makes it very easy to update kernels without affecting locked secrets. This does not hook up any of the consuming code (just passes NULL/0 everywhere). This is for later commits.
Diffstat (limited to 'meson.build')
0 files changed, 0 insertions, 0 deletions