+ Imran, he might have some additional suggestions. Yes and no. Depends on how you set up the key. You would probably want to lock it to a PCR Policy, or something like policy signed. Where you can sign a policy with a key on your server And send down a PCR policy. This way if PCR's change, you just update your policy. This would be fixed to measured system state. You can set up attributes on the key so that it cannot be exported from the TPM. You would want fixedtpm and fixedparent in your attribute set. You could lock It to PCR state. Hopefully a mis measure would occur causing the key not to be available. You could even store an auth value secret on the server, and require the client to perform an attestation before sending the secret to unlock it. > > > > Am I missing something, or is this due to TPM authorization features being aimed > more at lower levels of the stack? > > > > Best regards, > > Ionut > > > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended recipient, > please notify the sender immediately and do not disclose the contents to any > other person, use it for any purpose, or store or copy the information in any > medium. Thank you.