tpm2-common: add processing of TPM2_PolicySecret

This uses the consumable authorization scheme where if PolicySecret is
specified, it consumes the password in app_data->auth and no password
is passed in to the main command.  Although TPM2_PolicySecret has many
options, the only ones that really matter to the policy hash are the
name of the object and the policyRef.  We also add a possibly zero
handle hint at the beginning to identify persistent objects easily,
since finding by name is hard.

Signed-off-by: James Bottomley <>
1 file changed