Tspi_TPM_CMKSetRestrictions(3) set restrictions on use of delegated Certified Migratable Keys

SYNOPSIS

#include <tss/tspi.h>


TSS_RESULT Tspi_TPM_CMKSetRestrictions(TSS_HTPM hTPM, TSS_CMK_DELEGATE CmkDelegate);

DESCRIPTION

Tspi_TPM_CMKSetRestrictions is used to set restrictions on the delegated use of Certified Migratable Keys (CMKs). Use of this command cannot itself be delegated.

PARAMETERS

hTPM

The hTPM parameter is used to specify the handle of the TPM object.

CmkDelegate

The CmkDelegate parameter is a bitmask describing the kinds of CMKs that can be used in a delegated auth session. Each bit represents a type of key. If the bit of a key type is set, then the CMK can be used in a delegated authorization session, otherwise use of that key will result in a TPM_E_INVALID_KEYUSAGE return code from the TPM.

The possible values of CmkDelegate are any combination of the following flags logically OR'd together:

TSS_CMK_DELEGATE_SIGNING
Allow use of signing keys.

TSS_CMK_DELEGATE_STORAGE
Allow use of storage keys.

TSS_CMK_DELEGATE_BIND
Allow use of binding keys.

TSS_CMK_DELEGATE_LEGACY
Allow use of legacy keys.

TSS_CMK_DELEGATE_MIGRATE
Allow use of migratable keys.

RETURN CODES

Tspi_TPM_CMKSetRestrictions returns TSS_SUCCESS on success, otherwise one of the following values is returned:

TSS_E_INVALID_HANDLE
hTPM is not a valid handle.

TSS_E_INTERNAL_ERROR
An internal SW error has been detected.

CONFORMING TO

Tspi_TPM_CMKSetRestrictions conforms to the Trusted Computing Group Software Specification version 1.2 Errata A