Rename "EK method" to "WK method"

Good suggestion by Erik Larsson.
osresearch · Jul 28, 2021 · 4678119 · 4678119
1 parent 831e1fb
commit 4678119
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 16 deletions.
diff --git a/docs/attest-enroll.md b/docs/attest-enroll.md
@@ -93,14 +93,14 @@ Decryption is implemented by [`sbin/tpm2-recv`](/sbin/tpm2-recv).
 
 Two methods are possible for encryption to a target TPM's `EKpub`:
 
- - the "EK" method (our name for it)
+ - the "WK" method (our name for it)
  - the "TK" method (our name for it)
 
 Both methods support setting a policy on the ciphertext such that any
 application using the target's TPM to decrypt it must first execute and
 satisfy that policy.
 
-The "EK" method uses `TPM2_MakeCredential()` via tpm2-tools' `tpm2
+The "WK" method uses `TPM2_MakeCredential()` via tpm2-tools' `tpm2
 makecredential` command, using the `none` TCTI (i.e., implemented in
 software).  The target's `EKpub` is used as the `handle` input parameter
 to `TPM2_MakeCredential()`.  A well-known key (`WK`), and the desired policy

diff --git a/sbin/attest-enroll b/sbin/attest-enroll
@@ -36,7 +36,7 @@ DBDIR="$BASEDIR/build/attest"
 POLICY=
 ESCROW_POLICY=
 ESCROW_PUBS_DIR=
-TRANSPORT_METHOD=EK
+TRANSPORT_METHOD=WK
 DEFAULT_EK_POLICY=
 declare -a GENPROGS
 GENPROGS=(genhostname genrootfskey)
@@ -223,7 +223,7 @@ $(configs)
 		names of hard-coded policies, or names of executables
 		(default: POLICIES[rootkey]=pcr11).
 
-		TRANSPORT_METHOD should be EK or TK (default: EK).
+		TRANSPORT_METHOD should be WK or TK (default: WK).
 
   NOTE: Until https://github.com/tpm2-software/tpm2-tools/issues/2761 is
 	closed, {$PROG} may require a TPM (simulated will suffice) for
@@ -342,9 +342,9 @@ fi
 [[ -z $ESCROW_PUBS_DIR || -d $ESCROW_PUBS_DIR ]] \
 || die "ESCROW_PUBS_DIR -- must be a directory or not given"
 
-# XXX This policy is for the EK method.
+# XXX This policy is for the WK method.
 #
-# FIXME We could make policies for EK/TK have the same digest by using
+# FIXME We could make policies for WK/TK have the same digest by using
 #       TPM2_PolicyOR:
 #
 #       tpm2 policy... -L ...

diff --git a/sbin/tpm2-recv b/sbin/tpm2-recv
@@ -19,7 +19,7 @@ Usage: $PROG CIPHERTEXT OUT [POLICY-CMD [ARGS] [;] ...]
 
   If {CIPHERTEXT}.tk.pem, {CIPHERTEXT}.tk.dpriv, {CIPHERTEXT}.tk.pub,
   and {CIPHERTEXT}.tk.seed exist, then the "TK" method of encryption is
-  assumed.  Otherwise the "EK" method of encryption is assumed.
+  assumed.  Otherwise the "WK" method of encryption is assumed.
 
   See {tpm2-send} for details of the two encryption-to-TPM methods
   supported.
@@ -93,7 +93,7 @@ tpm2 createek					\
 	--public "${d}/ek.pub"			\
 || die "tpm2: unable to create ek object"
 
-# Make policyDigest (needed for EK method, when loading the WK)
+# Make policyDigest (needed for WK method, when loading the WK)
 (($# > 0)) && ! $use_tk							\
 && make_policyDigest "${d}/session" "${d}/policy" $command_code "$@"
 

diff --git a/sbin/tpm2-send b/sbin/tpm2-send
@@ -39,7 +39,7 @@ Usage: $PROG EK-PUB SECRET OUT		 # Null policy
   Options:
 
 	-h		This help message.
-	-M EK|TK	Method to use for encryption to TPM (default: EK).
+	-M WK|TK	Method to use for encryption to TPM (default: WK).
 	-P POLICY	Use the named policy or policyDigest.
 	-f		Overwrite {OUT}.
 	-x		Trace this script.
@@ -65,14 +65,14 @@ Usage: $PROG EK-PUB SECRET OUT		 # Null policy
 
   The two methods of encryption to a TPM are:
 
-   - EK		Uses {TPM2_MakeCredential()} to encrypt an AES key to
+   - WK		Uses {TPM2_MakeCredential()} to encrypt an AES key to
 		the target's EKpub.
 
 		The target uses {TPM2_ActivateCredential()} to decrypt
 		the AES key.
 
-		A well-known key is used as the activation object, and
-		the given policy is associated with it.
+		A well-known key ("WK") is used as the activation object,
+		and the given policy is associated with it.
 		This method produces a single file named {OUT}.
 
    - TK		Uses {TPM2_Duplicate()} to encrypt an RSA private key to
@@ -100,7 +100,7 @@ EOF
 . "$BASEDIR/../functions.sh"
 
 force=false
-method=EK
+method=WK
 policy=
 policyDigest=
 while getopts +:hfxM:P: opt; do
@@ -121,9 +121,9 @@ function err {
 }
 
 case "$method" in
-EK)	command_code=TPM2_CC_ActivateCredential;;
+WK)	command_code=TPM2_CC_ActivateCredential;;
 TK)	command_code=TPM2_CC_RSA_Decrypt;;
-*)	err "METHOD must be \"EK\" or \"TK\"";;
+*)	err "METHOD must be \"WK\" or \"TK\"";;
 esac
 if [[ -n $policy ]] && (($# > 3)); then
 	echo "Error: -P and policy commands are mutually exclusive" 1>&2
@@ -229,7 +229,7 @@ function wkname {
 }
 
 case "$method" in
-EK)	info "Computing WKname"
+WK)	info "Computing WKname"
 	wkname=$(wkname "$@")				\
 	|| die "unable to compute the MakeCredential activation object's cryptographic name"
 	info "Encrypting to EKpub using TPM2_MakeCredential"