Harry Check
Reputation: 37
Is it safe to use a non-pcr key after verifying some pcr7 key is working find after os start on tpm2.0?
So the question is: If we reboot a os and wanted to sign something using tpm. And let say we want to secure the boot environment using pcr7 policy crypto key. Is it safe to use non-pcr policy key together with a pcr7 policy key ?
More formally:
- At program we want to use tpm to sign someting. During its initialization, use pcr7 policy key to verify boot environment doesn't got changed.
- Then the program switch to use a non-policy key to start it's own job. (Do all kinds of stuff : signing , encypt , decrypt ...)
The reason I want to use this is I notice that non-policy key has much better performance compare with pcr policy key.
Upvotes: 0
Views: 27
Answers (0)
Related Questions
- I am trying to create a tpm2-based auto unlock sh script, but the script fails with file not found
- How to encrypt bytes using the TPM (Trusted Platform Module)
- How to encrypt data in one app and decrypt it in different Windows app with RSA keys tied to local system?
- RSA Encryption - Encrypt with private key
- How do I feed OpenSSL random data for use in ECDSA signing?
- Asymmetric authenticated encryption
- Can I use RSACryptoServiceProvider public/private keys to interop with Crypto++?
- Generating PGP keypair, and signing text with an encrypted PGP private key, in Javascript
- Is my signature and encryption scheme secure?