TrustedInfrastructure_Hosts_Hardware_Tpm_EndorsementKeys_UnsealSpec

The public area which corresponding to the EndorsementKeys.UnsealSpec.private-area secret that is being unsealed. The public area is a TPM2B_PUBLIC structure.

Trusted Platform Module Library Part 2: Structures, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.2.5 TPM2B_PUBLIC

This public area is used as the "objectPublic" input to the TPM2_Import command.

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import

A private area that contains a secret to be unsealed. The private area is symmetrically encrypted with the seed value derived from EndorsementKeys.UnsealSpec.seed.

The private area is a TPM2B_PRIVATE structure.

Trusted Platform Module Library Part 2: Structures, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.3.7 TPM2B_PRIVATE

This private area is used as the "duplicate" input to the TPM2_Import command.

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import

A seed value that is encrypted by the TPM endorsement key. The seed will be decrypted with the endorsement key and then will be used as a symmetric key to decrypt EndorsementKeys.UnsealSpec.private-area. This ensures that only a TPM with the expected endorsement key can unseal the secret.

The seed value is a TPM2B_ENCRYPTED_SECRET structure.

Trusted Platform Module Library Part 2: Structures, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 11.4.3 TPM2B_ENCRYPTED_SECRET

This seed is used as the "inSymSeed" input to the TPM2_Import command.

Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import

The EndorsementKeys.PolicyPcrSpec structure contains information that can be used to construct a PCR policy session for unsealing a secret using the EndorsementKeys.unseal operation.