VMware Developer Documentation
API Reference PowerCLI Reference
vSphere Automation API vCenter REST APIs Data Structures

TrustedInfrastructureHostsHardwareTpmEndorsementKeysUnsealSpec

The EndorsementKeys.UnsealSpec structure contains information that describes the structures required to unseal a secret.

Properties

string as binary
private_area Required

A private area that contains a secret to be unsealed. The private area is symmetrically encrypted with the seed value derived from EndorsementKeys.UnsealSpec.seed.

The private area is a TPM2B_PRIVATE structure.

Trusted Platform Module Library Part 2: Structures, Family “2.0”, Level 00 Revision 01.59, November 8, 2019, Section 12.3.7 TPM2B_PRIVATE

This private area is used as the “duplicate” input to the TPM2_Import command.

Trusted Platform Module Library Part 3: Commands, Family “2.0”, Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import
string as binary
public_area Required

The public area which corresponding to the EndorsementKeys.UnsealSpec.private-area secret that is being unsealed. The public area is a TPM2B_PUBLIC structure.

Trusted Platform Module Library Part 2: Structures, Family “2.0”, Level 00 Revision 01.59, November 8, 2019, Section 12.2.5 TPM2B_PUBLIC

This public area is used as the “objectPublic” input to the TPM2_Import command.

Trusted Platform Module Library Part 3: Commands, Family “2.0”, Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import
string as binary
seed Required

A seed value that is encrypted by the TPM endorsement key. The seed will be decrypted with the endorsement key and then will be used as a symmetric key to decrypt EndorsementKeys.UnsealSpec.private-area. This ensures that only a TPM with the expected endorsement key can unseal the secret.

The seed value is a TPM2B_ENCRYPTED_SECRET structure.

Trusted Platform Module Library Part 2: Structures, Family “2.0”, Level 00 Revision 01.59, November 8, 2019, Section 11.4.3 TPM2B_ENCRYPTED_SECRET

This seed is used as the “inSymSeed” input to the TPM2_Import command.

Trusted Platform Module Library Part 3: Commands, Family “2.0”, Level 00 Revision 01.59, November 8, 2019, Section 13.3 TPM2_Import
TrustedInfrastructureHostsHardwareTpmEndorsementKeysPolicyPcrSpec
policy_pcr Optional

PCR policy required to unseal the secret. Used as input to the TPM2_PolicyPCR command on a session that is created for issuing the TPM2_Unseal command.

Trusted Platform Module Library Part 3: Commands, Family “2.0”, Level 00 Revision 01.59, November 8, 2019, Section 23.7 TPM2_PolicyPCR

If unset, then a zeroed authorization policy is used for the TPM2_Unseal session.

JSON Example

{
	"private_area": "string",
	"public_area": "string",
	"seed": "string"
}
Parameter To

Unseal Hosts Hardware TPM Endorsement Keys

Generated on: 2023-03-02 14:13 UTC
Feedback

Was this page helpful?

©2023 VMware Inc. Terms of Use Privacy Your California Privacy Rights Accessibility Trademarks Glossary Help Contact Us