Bug 2165266 - Support TSS (TPM Software Stack) for GnuPG
Summary: Support TSS (TPM Software Stack) for GnuPG
Keywords:
Status: CLOSED DUPLICATE of bug 2089075
Alias: None
Product: Fedora
Classification: Fedora
Component: gnupg2
Version: 37
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Jakub Jelen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-01-29 00:31 UTC by Paul Alesius
Modified: 2023-01-30 09:35 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-01-30 09:35:31 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FC-724 0 None None None 2023-01-29 00:33:14 UTC

Description Paul Alesius 2023-01-29 00:31:26 UTC
Description of problem:
GnuPG supports suing a TPM device for storing the private key parts so that they are inaccessible to potential attackers.

Version-Release number of selected component (if applicable):
> 2.3

How reproducible:
Always

Steps to Reproduce:
1. gpg2 --edit-key mykey
2. gpg> keytotpm
3. gpg: error from TPM: Not supported

Actual results:
Inserting the key into the TPM device is not supported

Expected results:
The packaging of the private key and insertion into the TPM device so that the private key is not available on disk

Additional info:
The configuration script of the source code supports a flag:
--with-tss=autodetect

This is not added to the rpm SPEC file. I think this is the cause of the problem, that TSS (TPM Software Stack) is not compiled in.

Marking this as medium in severity because we have to keep private keys available on disk until this issue is resolved.

Comment 1 Jakub Jelen 2023-01-30 09:35:31 UTC
I was trying to make it working for some time already (see the duplicate bug), but it looks like it is not only about installation of the dependency and passing a configure option, but there needs to be some TSSSTARTUP command defined. As I never worked with TPM, I was not able to figure out how to do that. If you have some insights, pull requests or patches will be welcomed.

*** This bug has been marked as a duplicate of bug 2089075 ***


Note You need to log in before you can comment on or make changes to this bug.