TrustedInfrastructure_Hosts_Hardware_Tpm_EndorsementKeys_UnsealSpec
The EndorsementKeys.UnsealSpec structure contains information that describes the structures required to unseal a secret.
{
"public_area": "string",
"private_area": "string",
"seed": "string",
"policy_pcr": {
"pcrs": "string",
"pcr_digest": "string"
}
}
The public area which corresponding to the EndorsementKeys.UnsealSpec.private-area secret that is being unsealed. The public area is a TPM2B_PUBLIC structure.
Trusted Platform Module Library Part 2: Structures, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.2.5 TPM2B_PUBLIC
This public area is used as the "objectPublic" input to the TPM2_Import command.
Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import
A private area that contains a secret to be unsealed. The private area is symmetrically encrypted with the seed value derived from EndorsementKeys.UnsealSpec.seed.
The private area is a TPM2B_PRIVATE structure.
Trusted Platform Module Library Part 2: Structures, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 12.3.7 TPM2B_PRIVATE
This private area is used as the "duplicate" input to the TPM2_Import command.
Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import
A seed value that is encrypted by the TPM endorsement key. The seed will be decrypted with the endorsement key and then will be used as a symmetric key to decrypt EndorsementKeys.UnsealSpec.private-area. This ensures that only a TPM with the expected endorsement key can unseal the secret.
The seed value is a TPM2B_ENCRYPTED_SECRET structure.
Trusted Platform Module Library Part 2: Structures, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 11.4.3 TPM2B_ENCRYPTED_SECRET
This seed is used as the "inSymSeed" input to the TPM2_Import command.
Trusted Platform Module Library Part 3: Commands, Family "2.0", Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import
The EndorsementKeys.PolicyPcrSpec structure contains information that can be used to construct a PCR policy session for unsealing a secret using the EndorsementKeys.unseal operation.