update rsa2048 and ecc_nist_p256 to policy_b#3471
Closed
arianvp wants to merge 2 commits intotpm2-software:masterfrom
Closed
update rsa2048 and ecc_nist_p256 to policy_b#3471arianvp wants to merge 2 commits intotpm2-software:masterfrom
arianvp wants to merge 2 commits intotpm2-software:masterfrom
Conversation
Pretty sure this was incorrect. All the EK templates in the High Range should use Policy B; not Policy A See B.4.5 Template H-2: ECC NIST P256 (Storage) for source https://trustedcomputinggroup.org/wp-content/uploads/EK-Credential-Profile-For-TPM-Family-2.0-Level-0-V2.5-R1.0_28March2022.pdf
arianvp
commented
Apr 15, 2025
| static const alg_map alg_maps[] = { | ||
| { "rsa", "rsa2048:aes128cfb", "sha256", &policy_a_sha256, ATTRS_A }, | ||
| { "rsa2048", "rsa2048:aes128cfb", "sha256", &policy_a_sha256, ATTRS_A }, | ||
| { "rsa2048", "rsa2048:aes128cfb", "sha256", &policy_b_sha256, ATTRS_B }, |
Author
There was a problem hiding this comment.
Perhaps instead we want to introduce new rsa2048_high and etc_nist_p256_high aliases?
arianvp
changed the title
Member
|
@arianvp your pr will not compile because policy_b_sha256 is currently not defined. And as you wrote the best solution would be not to delete the old entries in alg_map but add |
JuergenReppSIT
added a commit
to JuergenReppSIT/tpm2-tools
that referenced
this pull request
May 2, 2025
According to the EK Credential Profile B.4.4.1 Template H-1: RSA 2048 (Storage) B.4.4.2 Template H-2: ECC NIST P256 (Storage) and The high range templates are added. Addresses: tpm2-software#3471 Signed-off-by: Juergen Repp <juergen_repp@web.de>
Member
|
@arianvp Thank you for reporting the problem. I have added a PR based on your suggestion. |
AndreasFuchsTPM
pushed a commit
that referenced
this pull request
Oct 15, 2025
According to the EK Credential Profile B.4.4.1 Template H-1: RSA 2048 (Storage) B.4.4.2 Template H-2: ECC NIST P256 (Storage) and The high range templates are added. Addresses: #3471 Signed-off-by: Juergen Repp <juergen_repp@web.de>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pretty sure this was incorrect. All the EK templates in the High Range should use Policy B; not Policy A
See B.4.5 Template H-2: ECC NIST P256 (Storage)
for source https://trustedcomputinggroup.org/wp-content/uploads/EK-Credential-Profile-For-TPM-Family-2.0-Level-0-V2.5-R1.0_28March2022.pdf
Maybe we should come up with better names for these
e.g.
ecc-lowandecc-high?