Rethread handling of authorizations for TPM2_PolicySecret

In theory, TPM2_PolicySecret allows multiple different passwords to be
specified to use an object.  However, this is incompatible with the
single password model of openssl (and all other crypto systems), so we
make the rule that if a policy contains TPM2_PolicySecret, meaning the
auth has to be passed in to the policy session, then it can't also be
required to authorize the main command as well (i.e. only a single
authorization string per policy).  We implement this by making the
authorization string a return from tpm2_init_session.  If
authorization hasn't been consumed by policy sessions, it will be the
value of app_data->auth otherwise if it has been consumed, it will be

Signed-off-by: James Bottomley <>
4 files changed