[RFC v2 0/5] TPM support for gpg
James.Bottomley at HansenPartnership.com
Mon Mar 12 16:01:13 CET 2018
On Mon, 2018-03-12 at 10:42 +0100, Werner Koch wrote:
> On Sat, 10 Mar 2018 23:50, James.Bottomley at HansenPartnership.com
> > package (which is why it hasn't migrated from unstable) and it
> > turns out the person who maintains it has left IBM, so I can't get
> > it fixed.
> Thanks for the background info.
I think once we have the daemon, coping with any potential name change
is quite easy, the AC_CHECK_LIB can just become AC_SEARCH_LIB over all
the names the library has had
> > How about the below for a stab at gating the configure on the
> > presence of the TPM library.
> Thanks. I just pushed it with a minor edit (missing tpm2.h in
> Makefile.am which I added later)
Great, thanks. I made this branch the basis of what I'm working on.
> > I should have removed the direct openssl dependency with the shift
> > to gcrypt AES handling. However, I'll look at doing a separate
> > daemon. It certainly should be simple enough.
> It is not urgent, thouigh. I am actually willing to do the framework
> for a new daemon - or do you want to have it independet from GnuPG?
No ... there's value in having the TPM code cut and pasteable because
this is a nice demo of how to use TPM crypto functions, hence the
desire to keep it GPL2+ but the daemon framework is very gnupg specific
and should be kept there.
I had a brief look at what it would take, and it looks simple enough
except that there's a lot of daemon code in call-scd.c that should be
reused, so it looks like the project would have two stages:
1. Separate generic daemon code out of call-scd for reuse
2. build the tpm handling daemon based on the generic code
I'm guessing you'll have strong opinions on the framework in 1. ...
> > Sure thing. SPX should work. I'll keep them at GPL-2.0+ just in
> > case
> > I (or anyone else) need to cut and paste into a GPL-2.0 project.
> Fine with me.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: This is a digitally signed message part
More information about the Gnupg-devel