On Mon, 2019-12-09 at 08:55 +0000, David Woodhouse wrote:

On Sat, 2019-12-07 at 21:09 -0800, James Bottomley wrote:

quoted

The TCG has defined an OID prefix "2.23.133.10.1" for the various
TPM
key uses.  We've defined three of the available numbers:

2.23.133.10.1.3 TPM Loadable key.  This is an asymmetric key
(Usually
		RSA2048 or Elliptic Curve) which can be imported by a
		TPM2_Load() operation.

2.23.133.10.1.4 TPM Importable Key.  This is an asymmetric key
(Usually
		RSA2048 or Elliptic Curve) which can be imported by a
		TPM2_Import() operation.

Both loadable and importable keys are specific to a given TPM, the
difference is that a loadable key is wrapped with the symmetric
secret, so must have been created by the TPM itself.  An importable
key is wrapped with a DH shared secret, and may be created without
access to the TPM provided you know the public part of the parent
key.

2.23.133.10.1.5 TPM Sealed Data.  This is a set of data (up to 128
		bytes) which is sealed by the TPM.  It usually
		represents a symmetric key and must be unsealed before
		use.

Do we still not have an official reference for these that you can
provide in the commit or the file itself?

It would be very nice to have something more than a verbal assurance
that they're in Monty's spreadsheet.

Well, I've asked Monty several times ... he seems to think it's enough
that it's in his spreadsheet.  I assume at some point the TCG will get
around to publishing it when they identify a document to do it with but
until then we have to take Monty's word.

James