upate readme; session example

salrashid123 · Jun 17, 2024 · 8c80892 · 8c80892
1 parent e77c7a9
commit 8c80892
Showing 1 changed file with 20 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -315,8 +315,6 @@ $ go run policy_password/main.go --persistentHandle=0x81008002 --tpm-path=/dev/t
 $ go run policy_pcr/main.go --persistentHandle=0x81008003 --tpm-path=/dev/tpm0
 ```
 
-For more information, see [TPM2 Policy](https://github.com/salrashid123/tpm2/tree/master/policy)
-
 Note, you can define your own policy for import too...just implement the "session" interface from the signer:
 
 ```golang
@@ -325,28 +323,29 @@ type Session interface {
 }
 ```
 
-eg: 
+for example, for a PCR and [AuthPolicy](https://github.com/google/go-tpm/pull/359) enforcement (eg, a PCR and password), you can define a custom session callback
 
 ```golang
-// for pcr sessions
-type MyCustomSession struct {
-	rwr transport.TPM
-	sel []tpm2.TPMSPCRSelection
+type MyPCRAndPolicyAuthValueSession struct {
+	rwr      transport.TPM
+	sel      []tpm2.TPMSPCRSelection
+	password []byte
 }
 
-func NewMyCustomSession(rwr transport.TPM, sel []tpm2.TPMSPCRSelection) (MyCustomSession, error) {
-	return MyCustomSession{rwr, sel}, nil
+func NewPCRAndPolicyAuthValueSession(rwr transport.TPM, sel []tpm2.TPMSPCRSelection, password []byte) (MyPCRAndPolicyAuthValueSession, error) {
+	return MyPCRAndPolicyAuthValueSession{rwr, sel, password}, nil
 }
 
-func (p MyCustomSession) GetSession() (auth tpm2.Session, closer func() error, err error) {
+func (p MyPCRAndPolicyAuthValueSession) GetSession() (auth tpm2.Session, closer func() error, err error) {
+
+	var options []tpm2.AuthOption
+	options = append(options, tpm2.Auth(p.password))
 
-	sess, closer, err := tpm2.PolicySession(p.rwr, tpm2.TPMAlgSHA256, 16)
+	sess, closer, err := tpm2.PolicySession(p.rwr, tpm2.TPMAlgSHA256, 16, options...)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	// implement whatever you want here, i'm just using policypcr
-
 	_, err = tpm2.PolicyPCR{
 		PolicySession: sess.Handle(),
 		Pcrs: tpm2.TPMLPCRSelection{
@@ -356,6 +355,14 @@ func (p MyCustomSession) GetSession() (auth tpm2.Session, closer func() error, e
 	if err != nil {
 		return nil, nil, err
 	}
+
+	_, err = tpm2.PolicyAuthValue{
+		PolicySession: sess.Handle(),
+	}.Execute(p.rwr)
+	if err != nil {
+		return nil, nil, err
+	}
+
 	return sess, closer, nil
 }
 ```