Allow generating unexportable binary data in TZ

TZ backend already supports importing exportable binary data. Follow
the same rule for secret derivation and allow storing an exportable
secret (binary data), derived from TZ key, in TZ.

Change-Id: I61d202469a3df43e5f35746a0c09ca179d823336

diff --git a/src/manager/crypto/platform/decider.cpp b/src/manager/crypto/platform/decider.cpp
index ddfc373..ff67a1e 100644 (file)
--- a/src/manager/crypto/platform/decider.cpp
+++ b/src/manager/crypto/platform/decider.cpp
@@ -95,8 +95,7 @@ GStore* Decider::tryBackend(CryptoBackend backend)
  *                     skey   TRUE        NONE
  *                     akey   -           NONE
  *                     cert   -           NONE
- * generate  -         binary FALSE       TZ/SW
- *           -         binary TRUE        SW
+ * generate  -         binary -           TZ/SW
  *           -         cert   -           NONE
  *           -         skey   FALSE       TZ/SW
  *           -         skey   TRUE        SW
@@ -134,7 +133,7 @@ std::deque<CryptoBackend> Decider::getCompatibleBackends(DataType data,
                if (!data.isCertificate() && !data.isChainCert()) {
                        addSW();
 
-                       if (!policy.extractable)
+                       if (data.isBinaryData() || !policy.extractable)
                                addTZ();
                }
        }