michael-chang
Use TPM2 Policynv to validate sealed key to prevent downgrade attack
a project by michael-chang
Project Description
Currently a key rotation via fdectl regenerate-key is used to revoke all released tpm2 sealed keys. However the procedure can be a bit risky as the result to change key slots. Using tpm2 policynv may provide better approach in this regard given a counter or timestamp can be matched to validate tpm keys before using it.
6
4
4
7
Looking for projects around:
Nothing at the moment
Activity