Secure Execution Environments

Restrict signatures

Signatures made by the TPM over TPM internal data, mainly for attestation. This proves that the data was generated by the TPM.

These signatures can also be made over externally provided data.

  • Hashed by the TPM.

    • Internal hashing produces a ticket that unlocks a restricted signature.

  • However, the external data cannot reproduce internal values.

    • 4-byte magic value (TPM_GENERATED)

    • Used when hashing internal data structures

    • Cannot be at the beginning of the hashed external data

PreviousKey managementNextSessions

Last updated