Documentation
¶
Overview ¶
Package tpm2 provides TPM2.0 related functionality helpers.
Package tpm2 provides TPM2.0 related functionality helpers.
Package tpm2 provides TPM2.0 related functionality helpers.
Package tpm2 provides TPM2.0 related functionality helpers.
Package tpm2 provides TPM2.0 related functionality helpers.
Package tpm2 provides TPM2.0 related functionality helpers.
Package tpm2 provides TPM2.0 related functionality helpers.
Index ¶
- Constants
- func CalculatePolicy(pcrValue []byte, pcrSelection tpm2.TPMLPCRSelection) ([]byte, error)
- func CalculateSealingPolicyDigest(t transport.TPM, spInfo SealingPolicyDigestInfo) ([]byte, error)
- func CreateSelector(pcrs []int) ([]byte, error)
- func PCRExtend(pcr int, data []byte) error
- func ParsePCRSigningPubKey(file string) (*rsa.PublicKey, error)
- func PolicyPCRDigest(t transport.TPM, policyHandle tpm2.TPMHandle, ...) (*tpm2.TPM2BDigest, error)
- func RSAPubKeyTemplate(bitlen, exponent int, modulus []byte) tpm2.TPMTPublic
- func ReadPCR(t transport.TPM, pcr int) ([]byte, error)
- func Unseal(sealed SealedResponse) ([]byte, error)
- type BankData
- type PCRData
- type SealedResponse
- type SealingPolicyDigestInfo
Constants ¶
const ( // EncryptionSchemaVersionErrata is the errata for the encryption schema version. // Talos versions older than 1.12 locked to PCR 7 and PCR 11 but the luks json header only // saved the PCR 11 value, so if the version is not set or empty we can assume that the keys // are sealed to both PCR 7 and PCR 11. If the version is `1` we can be sure that the keys // are locked to PCR 11 only. EncryptionSchemaVersionErrata = "1" )
Variables ¶
This section is empty.
Functions ¶
func CalculatePolicy ¶
func CalculatePolicy(pcrValue []byte, pcrSelection tpm2.TPMLPCRSelection) ([]byte, error)
CalculatePolicy calculates the policy hash for a given PCR value and PCR selection.
func CalculateSealingPolicyDigest ¶
func CalculateSealingPolicyDigest(t transport.TPM, spInfo SealingPolicyDigestInfo) ([]byte, error)
CalculateSealingPolicyDigest calculates the sealing policy digest for a given public key and PCRs.
func CreateSelector ¶
CreateSelector converts PCR numbers into a bitmask.
func ParsePCRSigningPubKey ¶
ParsePCRSigningPubKey parses a PEM encoded RSA public key.
func PolicyPCRDigest ¶
func PolicyPCRDigest(t transport.TPM, policyHandle tpm2.TPMHandle, pcrSelection tpm2.TPMLPCRSelection) (*tpm2.TPM2BDigest, error)
PolicyPCRDigest executes policyPCR and returns the digest.
func RSAPubKeyTemplate ¶
func RSAPubKeyTemplate(bitlen, exponent int, modulus []byte) tpm2.TPMTPublic
RSAPubKeyTemplate returns a TPM2.0 public key template for RSA keys.
func Unseal ¶
func Unseal(sealed SealedResponse) ([]byte, error)
Unseal unseals a sealed blob using the TPM
Types ¶
type BankData ¶
type BankData struct {
// list of PCR banks
PCRs []int `json:"pcrs"`
// Public key of the TPM
PKFP string `json:"pkfp"`
// Policy digest
Pol string `json:"pol"`
// Signature of the policy digest in base64
Sig string `json:"sig"`
}
BankData constains data for a specific PCR bank.
type PCRData ¶
type PCRData struct {
SHA1 []BankData `json:"sha1,omitempty"`
SHA256 []BankData `json:"sha256,omitempty"`
SHA384 []BankData `json:"sha384,omitempty"`
SHA512 []BankData `json:"sha512,omitempty"`
}
PCRData is the data structure for PCR signature json.
func ParsePCRSignature ¶
ParsePCRSignature parses the PCR signature json file.
Source Files