From: Ken G. <kgo...@us...> - 2013-09-24 12:55:25
|
On 9/23/2013 11:19 PM, 张智 wrote: > We may argue that the key that TPM_Seal uses is non-migratable > and thus the sealed blob migration is not available, what if the > non-migratable key is wrapped with migratable keys, then it would become > migratable ? You cannot wrap a child non-migratable key with a parent migratable key. See TPM_CreateWrapKey Action 5. 5. If parentHandle -> keyFlags -> migratable is TRUE and keyInfo -> keyFlags -> migratable is FALSE then return TPM_INVALID_KEYUSAGE |