TPM and PCRs
Grzegorz Kulewski
gk at leniwiec.biz
Thu Sep 4 21:45:55 CEST 2025
Hello,
I know that gnupg supports TPMs (from 2.3 IIRC) via keytotpm command.
But AFAIK the main "selling point" of TPMs is binding encryption of secrets to specific software versions and system state via hashes (PCRs), so that the enrolled key is only accessible (may be "unsealed") if specific trusted software and/or configuration is used.
Does gpg supports binding keys to PCRs' state? Are there any plans to add such feature? Is it possible to somehow work it around before it is implemented?
Thank you in advance.
--
Grzegorz Kulewski
More information about the Gnupg-users
mailing list