Bug 2165266
| Summary: | Support TSS (TPM Software Stack) for GnuPG | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Paul Alesius <Paul> |
| Component: | gnupg2 | Assignee: | Jakub Jelen <jjelen> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 37 | CC: | bcl, crypto-team, jjelen, tm |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-01-30 09:35:31 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I was trying to make it working for some time already (see the duplicate bug), but it looks like it is not only about installation of the dependency and passing a configure option, but there needs to be some TSSSTARTUP command defined. As I never worked with TPM, I was not able to figure out how to do that. If you have some insights, pull requests or patches will be welcomed. *** This bug has been marked as a duplicate of bug 2089075 *** |
Description of problem: GnuPG supports suing a TPM device for storing the private key parts so that they are inaccessible to potential attackers. Version-Release number of selected component (if applicable): > 2.3 How reproducible: Always Steps to Reproduce: 1. gpg2 --edit-key mykey 2. gpg> keytotpm 3. gpg: error from TPM: Not supported Actual results: Inserting the key into the TPM device is not supported Expected results: The packaging of the private key and insertion into the TPM device so that the private key is not available on disk Additional info: The configuration script of the source code supports a flag: --with-tss=autodetect This is not added to the rpm SPEC file. I think this is the cause of the problem, that TSS (TPM Software Stack) is not compiled in. Marking this as medium in severity because we have to keep private keys available on disk until this issue is resolved.