From: narcis2004(a)yahoo.com To: tpm2(a)lists.01.org Date: 02/17/2021 03:36 PM Subject: [EXTERNAL] [tpm2] policies in conjunctive normal form Question: is it possible to structure a policy using tpm2-tools in the following form? policy = (a OR b) AND (c OR d) - where a, b, c, d are simple pcr policies. I tried this, and apparently creating an *AND* of policy *OR* did not work as i thought. "and.policy" will contain the hash of the second tpm2_policyor instead of generating a new hash tpm2_startauthsession --session session.ctx tpm2_policyor --session session.ctx sha256:a.policy,b.policy tpm2_policyor --session session.ctx sha256:c.policy,d.policy -- policy and.policy tpm2_flushcontext session.ctx Plan B would be to structure the policy in the equivalent disjunctive normal form, which works but is less scalable. i.e.: policy = (a AND c) OR (a AND d) OR (b AND c) OR (b AND d) Thanks, Narcis _______________________________________________ tpm2 mailing list -- tpm2(a)lists.01.org To unsubscribe send an email to tpm2-leave(a)lists.01.org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s