tspi_tpm_cmksetrestrictions(3) - Linux man page

TCG Software Stack Developer's Reference

Name

Tspi_TPM_CMKSetRestrictions - set restrictions on use of delegated Certified Migratable Keys

Synopsis

#include <tss/tspi.h>

TSS_RESULT Tspi_TPM_CMKSetRestrictions(TSS_HTPM hTPM, TSS_CMK_DELEGATE CmkDelegate);

Description

Tspi_TPM_CMKSetRestrictions is used to set restrictions on the delegated use of Certified Migratable Keys (CMKs). Use of this command cannot itself be delegated.

Parameters

hTPM

The hTPM parameter is used to specify the handle of the TPM object.

CmkDelegate

The CmkDelegate parameter is a bitmask describing the kinds of CMKs that can be used in a delegated auth session. Each bit represents a type of key. If the bit of a key type is set, then the CMK can be used in a delegated authorization session, otherwise use of that key will result in a TPM_E_INVALID_KEYUSAGE return code from the TPM. The possible values of CmkDelegate are any combination of the following flags logically OR'd together:
TSS_CMK_DELEGATE_SIGNING: Allow use of signing keys.
TSS_CMK_DELEGATE_STORAGE: Allow use of storage keys.
TSS_CMK_DELEGATE_BIND: Allow use of binding keys.
TSS_CMK_DELEGATE_LEGACY: Allow use of legacy keys.
TSS_CMK_DELEGATE_MIGRATE: Allow use of migratable keys.

Return Codes

Tspi_TPM_CMKSetRestrictions returns TSS_SUCCESS on success, otherwise one of the following values is returned:

TSS_E_INVALID_HANDLE: hTPM is not a valid handle.
TSS_E_INTERNAL_ERROR: An internal SW error has been detected.

Conforming To

Tspi_TPM_CMKSetRestrictions conforms to the Trusted Computing Group Software Specification version 1.2 Errata A