[RFC v2 0/5] TPM support for gpg

James Bottomley James.Bottomley at HansenPartnership.com
Mon Mar 12 16:01:13 CET 2018


On Mon, 2018-03-12 at 10:42 +0100, Werner Koch wrote:
> On Sat, 10 Mar 2018 23:50, James.Bottomley at HansenPartnership.com
> said:
> 
> > 
> > package (which is why it hasn't migrated from unstable) and it
> > turns out the person who maintains it has left IBM, so I can't get
> > it fixed.
> 
> Thanks for the background info.

I think once we have the daemon, coping with any potential name change
is quite easy, the AC_CHECK_LIB can just become AC_SEARCH_LIB over all
the names the library has had 

> > How about the below for a stab at gating the configure on the
> > presence of the TPM library.
> 
> Thanks.  I just pushed it with a minor edit (missing tpm2.h in
> Makefile.am which I added later)

Great, thanks.  I made this branch the basis of what I'm working on.

> > I should have removed the direct openssl dependency with the shift
> > to gcrypt AES handling.  However, I'll look at doing a separate
> > daemon.  It certainly should be simple enough.
> 
> It is not urgent, thouigh.  I am actually willing to do the framework
> for a new daemon - or do you want to have it independet from GnuPG?

No ... there's value in having the TPM code cut and pasteable because
this is a nice demo of how to use TPM crypto functions, hence the
desire to keep it GPL2+ but the daemon framework is very gnupg specific
and should be kept there.

I had a brief look at what it would take, and it looks simple enough
except that there's a lot of daemon code in call-scd.c that should be
reused, so it looks like the project would have two stages: 

   1. Separate generic daemon code out of call-scd for reuse
   2. build the tpm handling daemon based on the generic code

I'm guessing you'll have strong opinions on the framework in 1. ...

James

> > 
> > Sure thing.  SPX should work.  I'll keep them at GPL-2.0+ just in
> > case
> > I (or anyone else) need to cut and paste into a GPL-2.0 project.
> 
> Fine with me.
> 
> 
> Salam-Shalom,
> 
>    Werner
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180312/fea5d35d/attachment.sig>


More information about the Gnupg-devel mailing list