![](https://csdnimg.cn/release/download_crawler_static/10429646/bg10.jpg)
Part 1: Architecture Trusted Platform Module Library
Family “2.0” TCG Published Page xvi
Level 00 Revision 01.38 Copyright © TCG 2006-2016 September 29, 2016
18.4
Parameters ................................................................................................................................... 89
18.5 authorizationSize/parameterSize .................................................................................................. 89
18.6 Authorization Area ........................................................................................................................ 90
Introduction ........................................................................................................................... 90
Authorization Structure ......................................................................................................... 91
Session Handles .................................................................................................................. 92
Session Attributes (sessionAttributes) ................................................................................. 92
18.7 Command Parameter Hash (cpHash) .......................................................................................... 94
18.8 Response Parameter Hash (rpHash) ........................................................................................... 95
18.9 Command Example ...................................................................................................................... 95
18.10 Response Example ....................................................................................................................... 97
Authorizations and Acknowledgments ................................................................................................ 98
19.1 Introduction ................................................................................................................................... 98
19.2 Authorization Roles ....................................................................................................................... 98
19.3 Physical Presence Authorization .................................................................................................. 99
19.4 Password Authorizations ............................................................................................................ 100
19.5 Sessions ..................................................................................................................................... 101
19.6 Session-Based Authorizations .................................................................................................... 101
Introduction ......................................................................................................................... 101
Authorization Session Formats .......................................................................................... 102
Session Nonces ................................................................................................................. 102
Authorization Values .......................................................................................................... 104
HMAC Computation ........................................................................................................... 104
Note on Use of Nonces in HMAC Computations ............................................................... 106
Starting an Authorization Session ...................................................................................... 106
sessionKey Creation .......................................................................................................... 107
Unbound and Unsalted Session Key Generation .............................................................. 107
Bound Session Key Generation ......................................................................................... 108
Salted Session Key Generation ......................................................................................... 111
Salted and Bound Session Key Generation ....................................................................... 112
Encryption of salt ................................................................................................................ 113
Caution on use of Unsalted Authorization Sessions .......................................................... 113
No HMAC Authorization ..................................................................................................... 114
Authorization Selection Logic for Objects .......................................................................... 114
Authorization Session Termination .................................................................................... 115
19.7 Enhanced Authorization .............................................................................................................. 115
Introduction ......................................................................................................................... 115
Policy Assertion .................................................................................................................. 116
Policy AND ......................................................................................................................... 116
Policy OR............................................................................................................................ 118
Order of Evaluation ............................................................................................................ 120
Policy Session Creation ..................................................................................................... 120
Policy Assertions (Policy Commands) ............................................................................... 121
Policy Session Context Values .......................................................................................... 124
Policy Example ................................................................................................................... 126
Trial Policy .......................................................................................................................... 126
Modification of Policies ....................................................................................................... 126
TPM2_PolicySigned(), TPM2_PolicySecret(), and TPM2_PolicyTicket() .......................... 128