Trusted Platform Module 2.0 » History » Version 2
Version 1 (Andreas Steffen, 18.02.2017 14:49) → Version 2/158 (Andreas Steffen, 18.02.2017 16:40)
h1. Trusted Platform Module
h2. Connect to a TPM 2.0 device
In order to connect to a TPM 2.0 hardware or firmware device, the TSS2 stack developed by Intel is needed. Since the official Ubuntu *tpm2-tss* package is very old (Version 0.98) and the TPM resource manager TCTI interface has changed several times since, strongSwan currently is based on a recent version drawn from the TPM2-TSS git repository https://github.com/01org/TPM2.0-TSS.
In order to avoid TCTI interface incompatibilities, the latatest *tpm2-tools* version should be fetched from https://github.com/01org/tpm2.0-tools.
h2. Private Key Access via VICI interface
Configuration of TPM private key access in *swanctl.conf*
secrets {
token_ak_rsa {
handle = 81010002
}
token_ak_ecc {
handle = 81010004
}
}
h2. Connect to a TPM 2.0 device
In order to connect to a TPM 2.0 hardware or firmware device, the TSS2 stack developed by Intel is needed. Since the official Ubuntu *tpm2-tss* package is very old (Version 0.98) and the TPM resource manager TCTI interface has changed several times since, strongSwan currently is based on a recent version drawn from the TPM2-TSS git repository https://github.com/01org/TPM2.0-TSS.
In order to avoid TCTI interface incompatibilities, the latatest *tpm2-tools* version should be fetched from https://github.com/01org/tpm2.0-tools.
h2. Private Key Access via VICI interface
Configuration of TPM private key access in *swanctl.conf*
secrets {
token_ak_rsa {
handle = 81010002
}
token_ak_ecc {
handle = 81010004
}
}