Tspi_TPM_CMKSetRestrictions(3)
NAME
Tspi_TPM_CMKSetRestrictions - set restrictions on use of delegated Certified Migratable Keys
SYNOPSIS
#include <tss/tspi.h> TSS_RESULT Tspi_TPM_CMKSetRestrictions(TSS_HTPM hTPM, TSS_CMK_DELEGATE CmkDelegate);
DESCRIPTION
Tspi_TPM_CMKSetRestrictions is used to set restrictions on the delegated use of Certified Migratable Keys (CMKs). Use of this command cannot
itself be delegated.
PARAMETERS
- hTPM
- The hTPM parameter is used to specify the handle of the TPM object.
- CmkDelegate
- The CmkDelegate parameter is a bitmask describing the kinds of CMKs that can be used in a delegated auth session. Each bit represents a type of key. If the bit of a key type is set, then the CMK can be used in a delegated authorization session, otherwise use of that key will result in a TPM_E_INVALID_KEYUSAGE return code from the TPM.
- The possible values of CmkDelegate are any combination of the following flags logically OR'd together:
- TSS_CMK_DELEGATE_SIGNING
Allow use of signing keys.
- TSS_CMK_DELEGATE_STORAGE
Allow use of storage keys.
- TSS_CMK_DELEGATE_BIND
Allow use of binding keys.
- TSS_CMK_DELEGATE_LEGACY
Allow use of legacy keys.
- TSS_CMK_DELEGATE_MIGRATE
Allow use of migratable keys.
RETURN CODES
Tspi_TPM_CMKSetRestrictions returns TSS_SUCCESS on success, otherwise
one of the following values is returned:
- TSS_E_INVALID_HANDLE
- hTPM is not a valid handle.
- TSS_E_INTERNAL_ERROR
- An internal SW error has been detected.
CONFORMING TO
Tspi_TPM_CMKSetRestrictions conforms to the Trusted Computing Group
Software Specification version 1.2 Errata A