Accessing Keys and Data in TPM2

Accessing keys and data in TPM2 requires the use of “names” that uniquely identify a key or piece of data, to ensure that commands operate upon the desired key or data. A TPM2 is a security device, so access to a key or piece of data requires authorisation. TPM2 provides HMAC authorisation sessions (similar to those provided by TPMv1.2) but also provides simpler “password” authorisation (for use when the path to the TPM is trusted) and provides more complex “policy” authorisation sessions (for when multi-factor authorisation, such as use of PCRs, is required).