[PATCH tpm-work 0/3] move the tpm-work branch to an assuan based tpm handling daemon

Wiktor Kwapisiewicz wiktor at metacode.biz
Tue Jul 31 09:31:42 CEST 2018

> The difficulty I have with adding PCR policy to TPM protected gpg keys
> is that PCR policy handling is a very esoteric function and it's
> difficult to see value beyond the current platform locking the TPM
> already does since the user would have to understand when the PCR
> values changed and how to update the keys with new PCR values, which
> would really put a kink in usability.

I agree this is more esoteric and probably not that useful for the 
majority of users.

For my use case I'm thinking on full disk encryption with keys copied to 
TPM where I'd like it to break if the configuration changes. If I 
changed it I would copy the keys again, if I didn't do the configuration 
change I'd see it.

One way or another TPM keys are already big improvement for secure 
storage of keys so thank you for working on it!

Have a nice day.

Kind regards,


More information about the Gnupg-devel mailing list