摘要 |
Verification of an encrypted blob of data passed to a sealed storage function in a trusted platform module (TPM) of a computing platform by a software component, may be accomplished by receiving the encrypted blob of data and a digital signature for each of a set of platform configuration register (PCR) indicators and PCR value pairs from the software component. The encrypted blob of data may be decrypted using a TPM key to form a decrypted blob of data, the decrypted blob of data including a secret and a verification key. For each received digital signature of the set of PCR identifier and PCR value pairs, it may be determined if each received digital signature verifies using the verification key and rejecting the decrypted blob of data when any signature is not verified. For each received digital signature of the set of PCR identifier and a PCR value pairs, it may be determined if each received PCR value matches a current value stored in a corresponding PCR in the TPM and rejecting the decrypted blob of data when any corresponding pair of PCR values do not match. The secret may be output from the decrypted blob of data when the decrypted blob of data has not been rejected. |