On Thu, 2023-06-15 at 16:22 +0200, Maxime Ripard wrote:
> The TPM2TOOLS_TCTI is used to control the location of the TPM with
> Intel's TSS. Let's set it according to our setup of swtpm so that we
> can find it properly.
This Shouldn't be necessary. The Intel TSS wrapper (int tpm2d/intel-
tss.h:TSS_Create) has code to shim the TPM_INTERFACE_TYPE and make it
work. I know it's working in openssl_tpm2_engine, but I haven't yet
been able to find a build system to get gnupg working again with the
Intel TSS.
One of the problems I've been having is that swtpm is now terminally
broken on openSUSE, which is why I've been using ibmswtpm2:
https://build.opensuse.org/package/show/security/swtpm
https://build.opensuse.org/package/show/security/ibmswtpm2
I'd suggest trying to get the Intel TSS working with ibmswtpm2 based
tests first and then trying to extend to swtpm (so you know the problem
is in the swtpm connection layer).
Regards,
James
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
> The TPM2TOOLS_TCTI is used to control the location of the TPM with
> Intel's TSS. Let's set it according to our setup of swtpm so that we
> can find it properly.
This Shouldn't be necessary. The Intel TSS wrapper (int tpm2d/intel-
tss.h:TSS_Create) has code to shim the TPM_INTERFACE_TYPE and make it
work. I know it's working in openssl_tpm2_engine, but I haven't yet
been able to find a build system to get gnupg working again with the
Intel TSS.
One of the problems I've been having is that swtpm is now terminally
broken on openSUSE, which is why I've been using ibmswtpm2:
https://build.opensuse.org/package/show/security/swtpm
https://build.opensuse.org/package/show/security/ibmswtpm2
I'd suggest trying to get the Intel TSS working with ibmswtpm2 based
tests first and then trying to extend to swtpm (so you know the problem
is in the swtpm connection layer).
Regards,
James
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel