Closed williamcroberts closed 5 years ago
any progress?
I need to duplicate an object to another TPM2
-----Original Message----- From: Terry AN (安宏奎) [mailto:notifications@github.com] Sent: Monday, October 22, 2018 1:31 AM To: tpm2-software/tpm2-tools tpm2-tools@noreply.github.com Cc: Roberts, William C william.c.roberts@intel.com; Author author@noreply.github.com Subject: Re: [tpm2-software/tpm2-tools] Implement duplicate (#833)
any progress?
I need to duplicate an object to another TPM2
Nothing yet
Turns out I need this one too.
tpm2_duplicate is going to be a wrapper around Esys_Duplicate(). I have some questions about the implementation and how to name cmd line parameters.
objectHandle - [input] -c / "key-context" ok?
newParentHandle - [input] -C / "parent-key" ok?
encryptionKeyIn - [input] optional filename can be specified by user on the cmd line? Any preference for cmd line arg name?
encryptionKeyOut - [output] optional filename can be specified by user on the cmd line? Any preference for cmd line arg name?
symmetricAlg - [input] Can be TPM2_ALG_NULL or AES 128,192 or 256. (should I reuse -G, --kalg=KEY_ALGORITHM ?)
duplicate - [output] filename specified by user on the cmd line? Any preference for cmd line arg name?
outSymSeed - [output] filename specified by user on the cmd line? Any preference for cmd line arg name?
I may have questions about tpm2_import too
I made some progress with this one but I have some more questions:
1) encryptionKeyIn/encryptionKeyOut are just the keys, raw binary data (TPM2B_DATA). The temptation is to use files_save_tpm_context_to_path() and files_load_bytes_from_path() but that comes with a lot of error checking. Is there a preferred method of loading/saving TPM2B_DATA?
2) How to get from to a TPMI_ALG_PUBLIC (key_type from command line params) to a TPMT_SYM_DEF_OBJECT? Do I have to fill in the structure 'by hand' or is there an existing library function? (I didn't find one)
I have similar questions about the seed & duplicate data but getting some insight on 1 & 2 first would be helpful
Implement a tool to use the duplicate command.