NAME

       Tspi_TPM_CMKSetRestrictions  -  set  restrictions on use of delegated Certified Migratable
       Keys

SYNOPSIS

       #include <tss/tspi.h>

       TSS_RESULT Tspi_TPM_CMKSetRestrictions(TSS_HTPM hTPM, TSS_CMK_DELEGATE CmkDelegate);

DESCRIPTION

       Tspi_TPM_CMKSetRestrictions is used to set restrictions on the delegated use of  Certified
       Migratable Keys (CMKs).  Use of this command cannot itself be delegated.

PARAMETERS

   hTPM
       The hTPM parameter is used to specify the handle of the TPM object.

   CmkDelegate
       The  CmkDelegate parameter is a bitmask describing the kinds of CMKs that can be used in a
       delegated auth session.  Each bit represents a type of key.  If the bit of a key  type  is
       set,  then the CMK can be used in a delegated authorization session, otherwise use of that
       key will result in a TPM_E_INVALID_KEYUSAGE return code from the TPM.

       The possible values of CmkDelegate are any combination of the  following  flags  logically
       OR'd together:

       TSS_CMK_DELEGATE_SIGNING
              Allow use of signing keys.

       TSS_CMK_DELEGATE_STORAGE
              Allow use of storage keys.

       TSS_CMK_DELEGATE_BIND
              Allow use of binding keys.

       TSS_CMK_DELEGATE_LEGACY
              Allow use of legacy keys.

       TSS_CMK_DELEGATE_MIGRATE
              Allow use of migratable keys.

RETURN CODES

       Tspi_TPM_CMKSetRestrictions returns TSS_SUCCESS on success, otherwise one of the following
       values is returned:

       TSS_E_INVALID_HANDLE
              hTPM is not a valid handle.

       TSS_E_INTERNAL_ERROR
              An internal SW error has been detected.

CONFORMING TO

       Tspi_TPM_CMKSetRestrictions conforms to the Trusted Computing Group Software Specification
       version 1.2 Errata A

SEE ALSO

       Tspi_TPM_CMKApproveMA(3), Tspi_TPM_CMKCreateTicket(3), Tspi_Key_CMKCreateBlob(3)