[PATCH 0/5] Add TPM2 support to gnupg

James Bottomley James.Bottomley at HansenPartnership.com
Wed Jun 24 18:42:33 CEST 2020


On Wed, 2020-06-24 at 12:53 +0200, Werner Koch wrote:
> Hi!
> 
> thanks for the patches.  They are quite large and thus I don not want
> to have them in our 2.2 LTS branch.  Instead I started to port them
> to master (2.3). 

Thanks.  I've actually got a v2 coming that strips out more of the
scdaemon pieces that were copied over.  It also adds support for
systems which don't have the persistent storage key provisioned, which
seems like it's going to be all of them.

>  There are a couple of changes how scdaemon is managed in master and
> thus part 2 of your packages requires quiet some changes.
> 
> I really liked your changes to separate things as far as possible.
> 
> I have pushed part 1 and part 2 as a start and will look into adding
> the remaining patches as time permits.

OK, I can base off that.  I have a minor update ... some pieces of
patches 1 and 2 managed to stray into the later series which I noticed
after I'd sent it, but I can do an explicit interdiff.

>   To avoid build problems and also because we do not want to include
> the TPM thing into our regular tests, the TPM support will need to be
> hidden" behind a configure option; I hope that is okay for you.

I'm fairly ambivalent.  I like systems that just build according to the
capabilities, but it is nice to have autoconf tell you why the --with-
tpm you selected can't work without X packages. However, for testing
there's no reason why TPM support should impact the regular tests at
all.  As long as you don't have a TPM format key and never exercise
keytotpm, the TPM side will never get used.

I can also give you a test harness based on the software TPM emulator
that can run TPM based tests.  You can see how I use it here:

https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/tree/tests

Although I bet I should have used a test runner to start and stop the
software TPM.

James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20200624/8eb3792e/attachment.sig>


More information about the Gnupg-devel mailing list