Google Git
Sign in
coral / a71ch-crypto-support / 8dc1f1434da50a4b7361d651239c1f3f4f8cc25b / . / doc / demos / se05x / se05x_policy / Readme.html
blob: f7c1092e098f193997dae8cac0b61f90314e9762 [file] [log] [blame]
<!DOCTYPE html>
<!--
Copyright 2019 NXP
This software is owned or controlled by NXP and may only be used
strictly in accordance with the applicable license terms. By expressly
accepting such terms or by downloading, installing, activating and/or
otherwise using the software, you are agreeing that you have read, and
that you agree to comply with and are bound by, such license terms. If
you do not agree to be bound by the applicable license terms, then you
may not retain, install, activate or otherwise use the software.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title>5.7.4. Using policies for secure objects &#8212; Plug &amp; Trust MW v03.00.05 documentation</title>
<link rel="stylesheet" href="../../../_static/bootstrap-sphinx.css" type="text/css" />
<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
<link rel="stylesheet" type="text/css" href="../../../_static/graphviz.css" />
<script id="documentation_options" data-url_root="../../../" src="../../../_static/documentation_options.js"></script>
<script src="../../../_static/jquery.js"></script>
<script src="../../../_static/underscore.js"></script>
<script src="../../../_static/doctools.js"></script>
<script src="../../../_static/language_data.js"></script>
<link rel="index" title="Index" href="../../../genindex.html" />
<link rel="search" title="Search" href="../../../search.html" />
<link rel="next" title="5.7.5. Get Certificate from the SE" href="../se05x_GetCertificate/Readme.html" />
<link rel="prev" title="5.7.3. APDU Player Demo" href="../../apdu_player/Readme.html" />
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
<meta name="apple-mobile-web-app-capable" content="yes">
<script type="text/javascript" src="../../../_static/js/jquery-1.11.0.min.js "></script>
<script type="text/javascript" src="../../../_static/js/jquery-fix.js "></script>
<script type="text/javascript" src="../../../_static/bootstrap-3.3.7/js/bootstrap.min.js "></script>
<script type="text/javascript" src="../../../_static/bootstrap-sphinx.js "></script>
</head><body>
<div id="navbar" class="navbar navbar-inverse navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<!-- .btn-navbar is used as the toggle for collapsed navbar content -->
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="../../../toc.html"><span><img src="../../../_static/NXP_logo_JPG.jpg"></span>
MW</a>
<span class="navbar-text navbar-version pull-left"><b>v03.00.05</b></span>
</div>
<div class="collapse navbar-collapse nav-collapse">
<ul class="nav navbar-nav">
<li class="dropdown globaltoc-container">
<a role="button"
id="dLabelGlobalToc"
data-toggle="dropdown"
data-target="#"
href="../../../toc.html">TOC <b class="caret"></b></a>
<ul class="dropdown-menu globaltoc"
role="menu"
aria-labelledby="dLabelGlobalToc"><ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../index.html">1. NXP Plug &amp; Trust Middleware</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../organization-of-documentation.html">1.1. Organization of Documentation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../folder-structure.html">1.2. Folder Structure</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sw-prerequisites.html">1.3. List of Platform Prerequisites</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../changes/index.html">2. Changes</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/pending.html">2.1. Pending Refactoring items</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/pending.html#known-limitations">2.2. Known limitations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v03_00_05.html">2.3. Release <code class="docutils literal notranslate"><span class="pre">v03.00.05</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v03_00_04.html">2.4. Release <code class="docutils literal notranslate"><span class="pre">v03.00.04</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v03_00_03.html">2.5. Release <code class="docutils literal notranslate"><span class="pre">v03.00.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v03_00_02.html">2.6. Release <code class="docutils literal notranslate"><span class="pre">v03.00.02</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_16_01.html">2.7. Release <code class="docutils literal notranslate"><span class="pre">v02.16.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_16_00.html">2.8. Release <code class="docutils literal notranslate"><span class="pre">v02.16.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_15_00.html">2.9. Release <code class="docutils literal notranslate"><span class="pre">v02.15.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_14_00.html">2.10. Release <code class="docutils literal notranslate"><span class="pre">v02.14.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_12_00.html">2.11. Release <code class="docutils literal notranslate"><span class="pre">v02.12.05</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_12_00.html#release-v02-12-04">2.12. Release <code class="docutils literal notranslate"><span class="pre">v02.12.04</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_12_00.html#release-v02-12-03">2.13. Release <code class="docutils literal notranslate"><span class="pre">v02.12.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_12_00.html#release-v02-12-02">2.14. Release <code class="docutils literal notranslate"><span class="pre">v02.12.02</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_12_00.html#release-v02-12-01">2.15. Release <code class="docutils literal notranslate"><span class="pre">v02.12.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_12_00.html#release-v02-12-00">2.16. Release <code class="docutils literal notranslate"><span class="pre">v02.12.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_11_03.html">2.17. Release <code class="docutils literal notranslate"><span class="pre">v02.11.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_11_01.html">2.18. Internal Release <code class="docutils literal notranslate"><span class="pre">v02.11.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_11_00.html">2.19. Release <code class="docutils literal notranslate"><span class="pre">v02.11.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_10_00.html">2.20. Release <code class="docutils literal notranslate"><span class="pre">v02.10.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_09_00.html">2.21. Release <code class="docutils literal notranslate"><span class="pre">v02.09.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_07_00.html">2.22. Release <code class="docutils literal notranslate"><span class="pre">v02.07.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_06_00.html">2.23. Release <code class="docutils literal notranslate"><span class="pre">v02.06.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_05_00_to_v02_03_00.html">2.24. Release <code class="docutils literal notranslate"><span class="pre">v02.05.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_05_00_to_v02_03_00.html#release-v02-04-00">2.25. Release <code class="docutils literal notranslate"><span class="pre">v02.04.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_05_00_to_v02_03_00.html#release-02-03-00">2.26. Release <code class="docutils literal notranslate"><span class="pre">02.03.00</span></code></a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../stack/index.html">3. Plug &amp; Trust MW Stack</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/features.html">3.1. Features</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/features.html#plug-trust-mw-block-diagram">3.2. Plug &amp; Trust MW : Block Diagram</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sss-apis.html">3.3. SSS APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/se05xfeatures.html">3.4. SSS APIs: SE051 vs SE050</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/param_checks.html">3.5. Parameter Check &amp; Conventions</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/i2cm.html">3.6. I2CM / Secure Sensor</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/logging.html">3.7. Logging</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/feature-file.html">3.8. Feature File - <code class="docutils literal notranslate"><span class="pre">fsl_sss_ftr.h</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/platf-scp-from-fs.html">3.9. Using Platform SCP Keys from File System</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/auth/auth-objects.html">3.10. Auth Objects</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/auth/auth-objects-userid.html">3.11. Auth Objects : UserID</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/auth/auth-objects-aeskey.html">3.12. Auth Objects : AESKey</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/auth/auth-objects-eckey.html">3.13. Auth Objects : ECKey</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/key-id-range.html">3.14. Key Id Range and Purpose</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/key-id-range.html#authentication-keys">3.15. Authentication Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/key-id-range.html#trust-provisioned-keyids">3.16. Trust provisioned KeyIDs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sss/ex/doc/puf-scp03.html">3.17. SCP03 with PUF</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sss/doc/sss_heap_management.html">3.18. SSS Heap Management</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../building/index.html">4. Building / Compiling</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../building/windows.html">4.1. Windows Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../building/frdm-k64f-sdk.html">4.2. Import MCUXPresso projects from SDK</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../building/frdm-k64f-cmake.html">4.3. Freedom K64F Build (CMake - Advanced)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../building/imx6.html">4.4. i.MX Linux Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../building/rpi3.html">4.5. Raspberry Pi Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../building/cmake.html">4.6. CMake</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../scripts/cmake_options.html">4.7. CMake Options</a></li>
</ul>
</li>
<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">5. Demo and Examples</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../index.html#demo-list">5.1. Demo List</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#sss-api-examples">5.2. SSS API Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#cloud-demos">5.3. Cloud Demos</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#linux-specific-demos">5.4. Linux Specific Demos</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#opc-ua-example">5.5. OPC-UA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#arm-psa-example">5.6. ARM PSA Example</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../../index.html#se05x-examples">5.7. SE05X Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#openssl-examples">5.8. OpenSSL Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#tests-for-user-crypto">5.9. Tests for User Crypto</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#nxpnfcrdlib-examples">5.10. NXPNFCRDLIB examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#ease-of-use-examples">5.11. Ease-of-Use examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#semslite-examples">5.12. Semslite examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#puf-examples">5.13. PUF examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/introduction.html">6.1. Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/introduction.html#building-and-running-the-edgelock-2go-agent">6.2. Building and running the EdgeLock 2GO agent</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/introduction.html#datastore-keystore">6.3. Datastore / Keystore</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/introduction.html#connection-to-the-edgelock-2go-cloud-service">6.4. Connection to the EdgeLock 2GO cloud service</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/introduction.html#claim-codes">6.5. Claim Codes</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/edgelock2go_agent_apis.html">6.6. API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/readme_usage_examples.html">6.7. Usage Examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../semslite/doc/index.html">7. SEMS Lite Agent</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_overview.html">7.1. SEMS Lite Overview (Only for SE051)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_package.html">7.2. Update Package</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_usage.html">7.3. SEMS Lite Agent Usage</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_mgmt_api.html">7.4. SEMS Lite management APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_process.html">7.5. SEMS Lite Agent Package Load Process</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_api.html">7.6. APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_known_issue.html">7.7. SEMS Lite Known Issue</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/demo_update.html">7.8. SEMS Lite DEMOs</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../plugins/index.html">8. Plugins / Add-ins</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../sss/plugin/openssl/scripts/readme.html">8.1. Introduction on OpenSSL engine</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sss/plugin/mbedtls/scripts/readme.html">8.2. Introduction on mbedTLS ALT Implementation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sss/plugin/psa/Readme.html">8.3. Platform Security Architecture</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../plugins/akm.html">8.4. Android Key master</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sss/plugin/open62541/readme.html">8.5. Introduction on Open62541 (OPC UA stack)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../plugins/wifiEAP/wifiEAP.html">8.6. WiFi EAP Demo with Raspberry Pi3</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../plugins/pkcs11.html">8.7. PKCS#11 Standalone Library</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../cli-tool.html">9. CLI Tool</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/introduction.html">9.1. Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/block-diagram.html">9.2. Block Diagram</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/pre-steps.html">9.3. Steps needed before running <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/running.html">9.4. Running the <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool - Windows</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/Provisioning/readme.html">9.5. CLI Provisioning</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/readme_usage_examples.html">9.6. Usage Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/cli_commands_list.html">9.7. List of <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> commands</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/cli_data_format.html">9.8. CLI Data formats</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/cli_object_policy.html">9.9. Object Policies Through ssscli</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/upload_se05x_using_pycli.html">9.10. Upload keys and certificates to SE05X using ssscli tool</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../a71ch.html">10. A71CH</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../a71ch/a71ch_sss.html">10.1. A71CH and SSS API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../a71ch/a71ch_miscellaneous.html">10.2. Miscellaneous</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../a71ch/a71ch_legacy_host_api.html">10.3. A71CH Legacy API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../a71ch/a71ch_legacy_hlse_api.html">10.4. A71CH Legacy HLSE (Generic) API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../a71ch/a71ch_configure_tool.html">10.5. A71CH Legacy Configure Tool</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../appendix.html">11. Appendix</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/glossary.html">11.1. Glossary</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/vcom.html">11.2. APDU Commands over VCOM</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/vs2019-setup.html">11.3. Visual Studio 2019 Setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/ide_mcux.html">11.4. Setting up MCUXPresso IDE</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../dev-platforms.html">11.5. Development Platforms</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/se_uid.html">11.6. How to get SE Platform Information and UID</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/version_info.html">11.7. Version Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../Certificate_Chains/Readme.html">11.8. Certificate Chains</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/rjct_server.html">11.9. JRCP_v1 Server</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/platfscp.html">11.10. Using own Platform SCP03 Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/apdu_write_to_buffer.html">11.11. Write APDU to buffer</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../api/api_list.html">11.12. Plug &amp; Trust MW APIs</a></li>
</ul>
</li>
</ul>
</ul>
</li>
<li class="dropdown">
<a role="button"
id="dLabelLocalToc"
data-toggle="dropdown"
data-target="#"
href="#">Page <b class="caret"></b></a>
<ul class="dropdown-menu localtoc"
role="menu"
aria-labelledby="dLabelLocalToc"><ul>
<li><a class="reference internal" href="#">5.7.4. Using policies for secure objects</a><ul>
<li><a class="reference internal" href="#sign-policy">5.7.4.1. Sign Policy</a></li>
<li><a class="reference internal" href="#using-pcr-object">5.7.4.2. Using PCR Object</a></li>
<li><a class="reference internal" href="#console-output">5.7.4.3. Console output</a></li>
</ul>
</li>
</ul>
</ul>
</li>
<li>
<a href="../../apdu_player/Readme.html" title="Previous Chapter: 5.7.3. APDU Player Demo"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm hidden-tablet">&laquo; 5.7.3. APDU P...</span>
</a>
</li>
<li>
<a href="../se05x_GetCertificate/Readme.html" title="Next Chapter: 5.7.5. Get Certificate from the SE"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm hidden-tablet">5.7.5. Get Ce... &raquo;</span>
</a>
</li>
</ul>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-3">
<div id="sidebar" class="bs-sidenav" role="complementary">
<div class="sidebar-header">
<h3>Plug &amp; Trust MW</h3>
</div>
<div class="row">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../index.html">1. NXP Plug &amp; Trust Middleware</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../changes/index.html">2. Changes</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../stack/index.html">3. Plug &amp; Trust MW Stack</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../building/index.html">4. Building / Compiling</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">5. Demo and Examples</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../index.html#demo-list">5.1. Demo List</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#sss-api-examples">5.2. SSS API Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#cloud-demos">5.3. Cloud Demos</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#linux-specific-demos">5.4. Linux Specific Demos</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#opc-ua-example">5.5. OPC-UA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#arm-psa-example">5.6. ARM PSA Example</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../../index.html#se05x-examples">5.7. SE05X Examples</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../se05x_Minimal/readme.html">5.7.1. SE05X Minimal example</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_GetInfo/Readme.html">5.7.2. SE05X Get Info example</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../apdu_player/Readme.html">5.7.3. APDU Player Demo</a></li>
<li class="toctree-l3 current"><a class="current reference internal" href="#">5.7.4. Using policies for secure objects</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_GetCertificate/Readme.html">5.7.5. Get Certificate from the SE</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_RotatePlatformSCP03Keys/Readme.html">5.7.6. SE05X Rotate PlatformSCP Keys Demo</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_I2cMaster/readme.html">5.7.7. I2C Master Example</a></li>
<li class="toctree-l3"><a class="reference internal" href="../ex_se05x_WiFiKDF/Readme.html">5.7.8. SE05X WiFi KDF Example</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_export/readme.html">5.7.9. SE05X Export Transient objects</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_import/readme.html">5.7.10. SE05X Import Transient objects</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_ImportExternalObjectPrepare/Readme.html">5.7.11. Import External Object Prepare</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_MandatePlatformSCP/Readme.html">5.7.12. SE05X Mandate SCP example</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_ReadWithAttestation/Readme.html">5.7.13. Read object with Attestation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_TransportLock/readme.html">5.7.14. SE05X Transport Lock example</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_TransportUnLock/readme.html">5.7.15. SE05X Transport UnLock example</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_TimeStamp/Readme.html">5.7.16. SE05X Timestamp</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_PCR/Readme.html">5.7.17. SE05X PCR example</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_SetAppletFeatures/Readme.html">5.7.18. Configuring Applet Features</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_GetAPDUBuffer/Readme.html">5.7.19. Write APDU to buffer</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_InjectCertificate/Readme.html">5.7.20. Inject Certificate into SE</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_ReadState/Readme.html">5.7.21. SE05X Read State example</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_Perso_Delete_Mod_RSAKeyGen/readme.html">5.7.22. SE05X Personalization Remove RSA Key Generation Module</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_DesfireCRC/Readme.html">5.7.23. Test non deletion of desfire CRC module without Features</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_Personalization/readme.html">5.7.24. DEMO for Personalization of SE051</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_MultiThread/Readme.html">5.7.25. SE05X MultiThread demo</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_InvokeGarbageCollection/readme.html">5.7.26. SE05X Invoke Garbage Collection Example</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_ConcurrentEcc/readme.html">5.7.27. ECC Concurrent Example</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_ConcurrentSymm/readme.html">5.7.28. Symmetric Multi Step Concurrent Example</a></li>
<li class="toctree-l3"><a class="reference internal" href="../se05x_Delete_and_test_provision/Readme.html">5.7.29. Delete and Test Provision</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#openssl-examples">5.8. OpenSSL Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#tests-for-user-crypto">5.9. Tests for User Crypto</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#nxpnfcrdlib-examples">5.10. NXPNFCRDLIB examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#ease-of-use-examples">5.11. Ease-of-Use examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#semslite-examples">5.12. Semslite examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#puf-examples">5.13. PUF examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../semslite/doc/index.html">7. SEMS Lite Agent</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../plugins/index.html">8. Plugins / Add-ins</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../cli-tool.html">9. CLI Tool</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../a71ch.html">10. A71CH</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../appendix.html">11. Appendix</a></li>
</ul>
</div>
<div class="row">
<form class="form" action="../../../search.html" method="get">
<div class="form-group">
<label for="Search">Search:</label>
<input type="text" name="q" class="form-control" placeholder="Search" />
</div>
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
</div>
<div class="body col-md-9 content" role="main">
<div class="section" id="using-policies-for-secure-objects">
<span id="se05x-policy-demo"></span><h1><span class="section-number">5.7.4. </span>Using policies for secure objects<a class="headerlink" href="#using-policies-for-secure-objects" title="Permalink to this headline">ΒΆ</a></h1>
<p>This demo is to demonstrate the use of policies for secure objects. Object policies such as <code class="docutils literal notranslate"><span class="pre">can_Sign</span></code> or <code class="docutils literal notranslate"><span class="pre">can_Encrypt</span></code> can be used to restrict operations other than the given policies. Objects inside the secure element are linked to a particular authentication object, based on communication authentication type selected. Objects inside the secure element linked with one authentication object cannot be used when session is open with another authentication type.</p>
<p>Authentication Object ID to be linked with secure object can be selected as</p>
<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="cp">#if (SSS_HAVE_SE05X_AUTH_USERID) || (SSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03) </span><span class="c1">//UserID Session</span>
<span class="cp">#define EX_LOCAL_OBJ_AUTH_ID EX_SSS_AUTH_SE05X_UserID_AUTH_ID</span>
<span class="cp">#elif (SSS_HAVE_SE05X_AUTH_NONE) || (SSS_HAVE_SE05X_AUTH_PLATFSCP03) </span><span class="c1">//No auth</span>
<span class="cp">#define EX_LOCAL_OBJ_AUTH_ID EX_SSS_AUTH_SE05X_NONE_AUTH_ID</span>
<span class="cp">#elif (SSS_HAVE_SE05X_AUTH_AESKEY) || (SSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03) </span><span class="c1">//AESKey</span>
<span class="cp">#define EX_LOCAL_OBJ_AUTH_ID EX_SSS_AUTH_SE05X_APPLETSCP_AUTH_ID</span>
<span class="cp">#elif (SSS_HAVE_SE05X_AUTH_ECKEY) || (SSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03) </span><span class="c1">//ECKey session</span>
<span class="cp">#define EX_LOCAL_OBJ_AUTH_ID EX_SSS_AUTH_SE05X_ECKEY_ECDSA_AUTH_ID</span>
<span class="cp">#endif</span>
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Ensure that the authentication object ID in policy set matches the authentication type.</p>
</div>
<div class="section" id="sign-policy">
<h2><span class="section-number">5.7.4.1. </span>Sign Policy<a class="headerlink" href="#sign-policy" title="Permalink to this headline">ΒΆ</a></h2>
<p>Create a policy set using the authentication object ID</p>
<div class="highlight-c notranslate"><div class="highlight"><pre><span></span>
<span class="cm">/*Logic to pass sign &amp; verifypolicy*/</span>
<span class="k">const</span> <span class="kt">int</span> <span class="n">allow_sign</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span>
<span class="k">const</span> <span class="kt">int</span> <span class="n">allow_verify</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span>
<span class="cm">/* doc:start:allow-policy-sign-part1 */</span>
<span class="cm">/* Policies for key */</span>
<span class="k">const</span> <span class="n">sss_policy_u</span> <span class="n">key_withPol</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">type</span> <span class="o">=</span> <span class="n">KPolicy_Asym_Key</span><span class="p">,</span>
<span class="cm">/*Authentication object based on SE05X_AUTH*/</span>
<span class="p">.</span><span class="n">auth_obj_id</span> <span class="o">=</span> <span class="n">EX_LOCAL_OBJ_AUTH_ID</span><span class="p">,</span>
<span class="p">.</span><span class="n">policy</span> <span class="o">=</span> <span class="p">{</span>
<span class="cm">/*Asymmetric key policy*/</span>
<span class="p">.</span><span class="n">asymmkey</span> <span class="o">=</span> <span class="p">{</span>
<span class="cm">/*Policy for sign*/</span>
<span class="p">.</span><span class="n">can_Sign</span> <span class="o">=</span> <span class="n">allow_sign</span><span class="p">,</span>
<span class="cm">/*Policy for verify*/</span>
<span class="p">.</span><span class="n">can_Verify</span> <span class="o">=</span> <span class="n">allow_verify</span><span class="p">,</span>
<span class="cm">/*Policy for encrypt*/</span>
<span class="p">.</span><span class="n">can_Encrypt</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span>
<span class="cm">/*Policy for decrypt*/</span>
<span class="p">.</span><span class="n">can_Decrypt</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span>
<span class="cm">/*Policy for Key Derivation*/</span>
<span class="p">.</span><span class="n">can_KD</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span>
<span class="cm">/*Policy for wrapped object*/</span>
<span class="p">.</span><span class="n">can_Wrap</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span>
<span class="cm">/*Policy to re-write object*/</span>
<span class="p">.</span><span class="n">can_Write</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span>
<span class="cm">/*Policy for reading object*/</span>
<span class="p">.</span><span class="n">can_Read</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span>
<span class="cm">/*Policy to use object for attestation*/</span>
<span class="p">.</span><span class="n">can_Attest</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">};</span>
<span class="cm">/* Common rules */</span>
<span class="k">const</span> <span class="n">sss_policy_u</span> <span class="n">common</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">type</span> <span class="o">=</span> <span class="n">KPolicy_Common</span><span class="p">,</span>
<span class="cm">/*Authentication object based on SE05X_AUTH*/</span>
<span class="p">.</span><span class="n">auth_obj_id</span> <span class="o">=</span> <span class="n">EX_LOCAL_OBJ_AUTH_ID</span><span class="p">,</span>
<span class="p">.</span><span class="n">policy</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">common</span> <span class="o">=</span> <span class="p">{</span>
<span class="cm">/*Secure Messaging*/</span>
<span class="p">.</span><span class="n">req_Sm</span> <span class="o">=</span> <span class="mi">0</span><span class="p">,</span>
<span class="cm">/*Policy to Delete object*/</span>
<span class="p">.</span><span class="n">can_Delete</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span>
<span class="cm">/*Forbid all operations on object*/</span>
<span class="p">.</span><span class="n">forbid_All</span> <span class="o">=</span> <span class="mi">0</span><span class="p">,</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">};</span>
<span class="cm">/* create policy set */</span>
<span class="n">sss_policy_t</span> <span class="n">policy_for_ec_key</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">nPolicies</span> <span class="o">=</span> <span class="mi">2</span><span class="p">,</span>
<span class="p">.</span><span class="n">policies</span> <span class="o">=</span> <span class="p">{</span> <span class="o">&amp;</span><span class="n">key_withPol</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">common</span> <span class="p">}</span>
<span class="p">};</span>
<span class="cm">/* doc:end:allow-policy-sign-part1 */</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_object_init</span><span class="p">(</span><span class="o">&amp;</span><span class="n">object</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">pCtx</span><span class="o">-&gt;</span><span class="n">ks</span><span class="p">);</span>
<span class="k">if</span> <span class="p">(</span><span class="n">status</span> <span class="o">!=</span> <span class="n">kStatus_SSS_Success</span><span class="p">)</span> <span class="p">{</span>
<span class="n">LOG_E</span><span class="p">(</span><span class="s">&quot;sss_key_object_init Failed!!!&quot;</span><span class="p">);</span>
<span class="k">goto</span> <span class="n">exit</span><span class="p">;</span>
<span class="p">}</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_object_allocate_handle</span><span class="p">(</span>
<span class="o">&amp;</span><span class="n">object</span><span class="p">,</span> <span class="n">keyId</span><span class="p">,</span> <span class="n">kSSS_KeyPart_Pair</span><span class="p">,</span> <span class="n">kSSS_CipherType_EC_NIST_P</span><span class="p">,</span> <span class="n">keylen</span><span class="p">,</span> <span class="n">kKeyObject_Mode_Persistent</span><span class="p">);</span>
<span class="k">if</span> <span class="p">(</span><span class="n">status</span> <span class="o">!=</span> <span class="n">kStatus_SSS_Success</span><span class="p">)</span> <span class="p">{</span>
<span class="n">LOG_E</span><span class="p">(</span><span class="s">&quot;key_object_allocate_handle Failed!!!&quot;</span><span class="p">);</span>
<span class="k">goto</span> <span class="n">exit</span><span class="p">;</span>
<span class="p">}</span>
<span class="cm">/* doc:start:allow-policy-sign-part2 */</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_store_generate_key</span><span class="p">(</span>
<span class="o">&amp;</span><span class="n">pCtx</span><span class="o">-&gt;</span><span class="n">ks</span><span class="p">,</span>
<span class="o">&amp;</span><span class="n">object</span><span class="p">,</span>
<span class="n">ECC_KEY_BIT_LEN</span><span class="p">,</span>
<span class="o">&amp;</span><span class="n">policy_for_ec_key</span><span class="p">);</span>
<span class="cm">/* doc:end:allow-policy-sign-part2 */</span>
</pre></div>
</div>
</div>
<div class="section" id="using-pcr-object">
<h2><span class="section-number">5.7.4.2. </span>Using PCR Object<a class="headerlink" href="#using-pcr-object" title="Permalink to this headline">ΒΆ</a></h2>
<p>PCR is a special secure object which stores 32-byte data. A PCR object can be used to ensure that secure objects inside the SE cannot be used if the PCR object value is altered.</p>
<p>We can assign a PCR policy to a secure object as given in the following sample code</p>
<div class="highlight-c notranslate"><div class="highlight"><pre><span></span><span class="n">SSS_HAVE_SE05X_VER_GTE_06_00</span>
<span class="kt">uint8_t</span> <span class="n">pcr_expected_value</span><span class="p">[]</span> <span class="o">=</span> <span class="p">{</span> <span class="mh">0x87</span><span class="p">,</span> <span class="mh">0xD3</span><span class="p">,</span> <span class="mh">0xE3</span><span class="p">,</span> <span class="mh">0x93</span><span class="p">,</span> <span class="mh">0x19</span><span class="p">,</span> <span class="mh">0x8F</span><span class="p">,</span> <span class="mh">0x5C</span><span class="p">,</span> <span class="mh">0x80</span><span class="p">,</span> <span class="mh">0xE0</span><span class="p">,</span> <span class="mh">0xBC</span><span class="p">,</span> <span class="mh">0x9B</span><span class="p">,</span> <span class="mh">0xC9</span><span class="p">,</span> <span class="mh">0x82</span><span class="p">,</span> <span class="mh">0x00</span><span class="p">,</span> <span class="mh">0x1F</span><span class="p">,</span> <span class="mh">0xB0</span><span class="p">,</span> <span class="mh">0xEE</span><span class="p">,</span> <span class="mh">0x20</span><span class="p">,</span> <span class="mh">0x1C</span><span class="p">,</span> <span class="mh">0x27</span><span class="p">,</span> <span class="mh">0x0B</span><span class="p">,</span> <span class="mh">0x6D</span><span class="p">,</span> <span class="mh">0xC8</span><span class="p">,</span> <span class="mh">0x84</span><span class="p">,</span> <span class="mh">0x52</span><span class="p">,</span> <span class="mh">0xE4</span><span class="p">,</span> <span class="mh">0x13</span><span class="p">,</span> <span class="mh">0xA3</span><span class="p">,</span> <span class="mh">0x25</span><span class="p">,</span> <span class="mh">0x56</span><span class="p">,</span> <span class="mh">0x81</span><span class="p">,</span> <span class="mh">0x75</span> <span class="p">};</span>
<span class="n">e</span>
<span class="kt">uint8_t</span> <span class="n">pcr_expected_value</span><span class="p">[]</span> <span class="o">=</span> <span class="p">{</span> <span class="mh">0x89</span><span class="p">,</span> <span class="mh">0x51</span><span class="p">,</span> <span class="mh">0x56</span><span class="p">,</span> <span class="mh">0x9f</span><span class="p">,</span> <span class="mh">0x41</span><span class="p">,</span> <span class="mh">0x5f</span><span class="p">,</span> <span class="mh">0xeb</span><span class="p">,</span> <span class="mh">0x4f</span><span class="p">,</span> <span class="mh">0xb6</span><span class="p">,</span> <span class="mh">0x37</span><span class="p">,</span> <span class="mh">0x02</span><span class="p">,</span> <span class="mh">0x86</span><span class="p">,</span> <span class="mh">0xe7</span><span class="p">,</span> <span class="mh">0xdd</span><span class="p">,</span> <span class="mh">0xa0</span><span class="p">,</span> <span class="mh">0x99</span><span class="p">,</span> <span class="mh">0x33</span><span class="p">,</span> <span class="mh">0x6c</span><span class="p">,</span> <span class="mh">0x46</span><span class="p">,</span> <span class="mh">0x36</span><span class="p">,</span> <span class="mh">0xbc</span><span class="p">,</span> <span class="mh">0xbb</span><span class="p">,</span> <span class="mh">0x4c</span><span class="p">,</span> <span class="mh">0x11</span><span class="p">,</span> <span class="mh">0x04</span><span class="p">,</span> <span class="mh">0x10</span><span class="p">,</span> <span class="mh">0x0a</span><span class="p">,</span> <span class="mh">0x86</span><span class="p">,</span> <span class="mh">0x0d</span><span class="p">,</span> <span class="mh">0x0c</span><span class="p">,</span> <span class="mh">0xa4</span><span class="p">,</span> <span class="mh">0x14</span> <span class="p">};</span>
<span class="k">if</span>
<span class="kt">size_t</span> <span class="n">pcr_expected_value_size</span> <span class="o">=</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">pcr_expected_value</span><span class="p">);</span>
<span class="n">LOG_I</span><span class="p">(</span><span class="s">&quot;Setting PCR Expected value as:&quot;</span><span class="p">);</span>
<span class="n">LOG_AU8_I</span><span class="p">(</span><span class="n">pcr_expected_value</span><span class="p">,</span> <span class="n">pcr_expected_value_size</span><span class="p">);</span>
<span class="k">const</span> <span class="n">sss_policy_u</span> <span class="n">common</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">type</span> <span class="o">=</span> <span class="n">KPolicy_Common</span><span class="p">,</span>
<span class="p">.</span><span class="n">auth_obj_id</span> <span class="o">=</span> <span class="n">TST_LOCAL_OBJ_AUTH_ID</span><span class="p">,</span>
<span class="p">.</span><span class="n">policy</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">common</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">req_Sm</span> <span class="o">=</span> <span class="mi">0</span><span class="p">,</span>
<span class="p">.</span><span class="n">can_Delete</span> <span class="o">=</span> <span class="mi">1</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">};</span>
<span class="k">const</span> <span class="n">sss_policy_u</span> <span class="n">file</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">type</span> <span class="o">=</span> <span class="n">KPolicy_File</span><span class="p">,</span>
<span class="p">.</span><span class="n">auth_obj_id</span> <span class="o">=</span> <span class="n">TST_LOCAL_OBJ_AUTH_ID</span><span class="p">,</span>
<span class="p">.</span><span class="n">policy</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">file</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">can_Read</span> <span class="o">=</span> <span class="mi">1</span><span class="p">,</span>
<span class="p">.</span><span class="n">can_Write</span> <span class="o">=</span> <span class="mi">1</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">};</span>
<span class="n">sss_policy_u</span> <span class="n">pcr1</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">type</span> <span class="o">=</span> <span class="n">KPolicy_Common_PCR_Value</span><span class="p">,</span>
<span class="p">.</span><span class="n">auth_obj_id</span> <span class="o">=</span> <span class="n">TST_LOCAL_OBJ_AUTH_ID</span><span class="p">,</span>
<span class="p">.</span><span class="n">policy</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">common_pcr_value</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">pcrObjId</span> <span class="o">=</span> <span class="mh">0x7fffffff</span><span class="p">,</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">};</span>
<span class="n">memset</span><span class="p">(</span><span class="n">pcr1</span><span class="p">.</span><span class="n">policy</span><span class="p">.</span><span class="n">common_pcr_value</span><span class="p">.</span><span class="n">pcrExpectedValue</span><span class="p">,</span>
<span class="mh">0x00</span><span class="p">,</span>
<span class="k">sizeof</span><span class="p">(</span><span class="n">pcr1</span><span class="p">.</span><span class="n">policy</span><span class="p">.</span><span class="n">common_pcr_value</span><span class="p">.</span><span class="n">pcrExpectedValue</span><span class="p">));</span>
<span class="n">memcpy</span><span class="p">(</span><span class="n">pcr1</span><span class="p">.</span><span class="n">policy</span><span class="p">.</span><span class="n">common_pcr_value</span><span class="p">.</span><span class="n">pcrExpectedValue</span><span class="p">,</span> <span class="n">pcr_expected_value</span><span class="p">,</span> <span class="n">pcr_expected_value_size</span><span class="p">);</span>
<span class="n">sss_policy_t</span> <span class="n">policy_for_binary_object</span> <span class="o">=</span> <span class="p">{</span>
<span class="p">.</span><span class="n">nPolicies</span> <span class="o">=</span> <span class="mi">3</span><span class="p">,</span>
<span class="p">.</span><span class="n">policies</span> <span class="o">=</span> <span class="p">{</span> <span class="o">&amp;</span><span class="n">common</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">pcr1</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">file</span> <span class="p">}</span>
<span class="p">};</span>
<span class="cm">/* clang-format on */</span>
<span class="n">NVM_RESET</span><span class="p">();</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">sss_key_store_set_key</span><span class="p">(</span><span class="o">&amp;</span><span class="n">gtCtx</span><span class="p">.</span><span class="n">ks</span><span class="p">,</span>
<span class="o">&amp;</span><span class="n">gtCtx</span><span class="p">.</span><span class="n">key</span><span class="p">,</span>
<span class="n">binary_object</span><span class="p">,</span>
<span class="k">sizeof</span><span class="p">(</span><span class="n">binary_object</span><span class="p">),</span>
<span class="k">sizeof</span><span class="p">(</span><span class="n">binary_object</span><span class="p">),</span>
<span class="o">&amp;</span><span class="n">policy_for_binary_object</span><span class="p">,</span>
<span class="k">sizeof</span><span class="p">(</span><span class="n">policy_for_binary_object</span><span class="p">));</span>
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Ensure that the <code class="docutils literal notranslate"><span class="pre">pcrObjID</span></code> in PCR policy is the same object ID at which the PCR is stored.</p>
</div>
</div>
<div class="section" id="console-output">
<h2><span class="section-number">5.7.4.3. </span>Console output<a class="headerlink" href="#console-output" title="Permalink to this headline">ΒΆ</a></h2>
<p>If everything is successful, the output will be similar to:</p>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span>App :INFO :This example is to demonstrate the use of policies <span class="k">for</span> secure objects
App :INFO :Signing was succesful
App :INFO :Example Success
App :INFO :ex_sss Finished
</pre></div>
</div>
</div>
</div>
</div>
</div>
</div>
<footer class="footer">
<div class="container">
<p class="pull-right">
<a href="#">Back to top</a>
</p>
<p>
&copy; Copyright 2018-2020, NXP.<br/>
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 2.4.1.<br/>
</p>
</div>
</footer>
</body>
</html>