Skip to content

Commit

Permalink
swtpm_setup: bugfix: Create ECC storage primary key in owner hierarchy
Browse files Browse the repository at this point in the history 
The ECC storage primary key was mistakently created in the endorsement
hierarchy but should be in the owner hierarchy. This patch corrects this
to have this key created in the owner hierarchy (like the RSA key),
thus using 0x40 00 00 01.

This only mattered if one used --create-spk and --ecc together.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
  • Loading branch information
@stefanberger
stefanberger committed May 1, 2020
1 parent 69e3f79 commit a3c5bc7
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/swtpm_setup/swtpm_setup.sh.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1157,7 +1157,8 @@ tpm2_createprimary_spk_ecc()
off1=126
off2=228

tpm2_createprimary_ecc_params '\\x40\\x00\\x00\\x0b' "${keyflags}" \
# TPM_RH_OWNER
tpm2_createprimary_ecc_params '\\x40\\x00\\x00\\x01' "${keyflags}" \
"${symkeydata}" "${publen}" "${totlen}" "${min_exp}" "${off1}" \
"${off2}" "" ""
return $?
Expand Down

0 comments on commit a3c5bc7

Please sign in to comment.