Provided by: libtspi-dev_0.3.11.2-1_amd64
Tspi_TPM_CMKSetRestrictions - set restrictions on use of delegated Certified Migratable Keys
#include <tss/tspi.h> TSS_RESULT Tspi_TPM_CMKSetRestrictions(TSS_HTPM hTPM, TSS_CMK_DELEGATE CmkDelegate);
Tspi_TPM_CMKSetRestrictions is used to set restrictions on the delegated use of Certified Migratable Keys (CMKs). Use of this command cannot itself be delegated.
hTPM The hTPM parameter is used to specify the handle of the TPM object. CmkDelegate The CmkDelegate parameter is a bitmask describing the kinds of CMKs that can be used in a delegated auth session. Each bit represents a type of key. If the bit of a key type is set, then the CMK can be used in a delegated authorization session, otherwise use of that key will result in a TPM_E_INVALID_KEYUSAGE return code from the TPM. The possible values of CmkDelegate are any combination of the following flags logically OR'd together: TSS_CMK_DELEGATE_SIGNING Allow use of signing keys. TSS_CMK_DELEGATE_STORAGE Allow use of storage keys. TSS_CMK_DELEGATE_BIND Allow use of binding keys. TSS_CMK_DELEGATE_LEGACY Allow use of legacy keys. TSS_CMK_DELEGATE_MIGRATE Allow use of migratable keys.
Tspi_TPM_CMKSetRestrictions returns TSS_SUCCESS on success, otherwise one of the following values is returned: TSS_E_INVALID_HANDLE hTPM is not a valid handle. TSS_E_INTERNAL_ERROR An internal SW error has been detected.
Tspi_TPM_CMKSetRestrictions conforms to the Trusted Computing Group Software Specification version 1.2 Errata A