TPM 2.0 Sealing Policies with wolfTPM: PCR Policies, Policy Authorize, and NV Storage for TPM 2.0 Secrets

Background: TPM 2.0 Sealing and PCR Policies TPM 2.0 sealing binds a secret to a set of Platform Configuration Register (PCR) values. The TPM will only release the secret when the current PCR state matches what was recorded at seal time. This is the foundation for measured boot, disk encryption key protection, and platform attestation. […]