Description of problem: GnuPG supports suing a TPM device for storing the private key parts so that they are inaccessible to potential attackers. Version-Release number of selected component (if applicable): > 2.3 How reproducible: Always Steps to Reproduce: 1. gpg2 --edit-key mykey 2. gpg> keytotpm 3. gpg: error from TPM: Not supported Actual results: Inserting the key into the TPM device is not supported Expected results: The packaging of the private key and insertion into the TPM device so that the private key is not available on disk Additional info: The configuration script of the source code supports a flag: --with-tss=autodetect This is not added to the rpm SPEC file. I think this is the cause of the problem, that TSS (TPM Software Stack) is not compiled in. Marking this as medium in severity because we have to keep private keys available on disk until this issue is resolved.
I was trying to make it working for some time already (see the duplicate bug), but it looks like it is not only about installation of the dependency and passing a configure option, but there needs to be some TSSSTARTUP command defined. As I never worked with TPM, I was not able to figure out how to do that. If you have some insights, pull requests or patches will be welcomed. *** This bug has been marked as a duplicate of bug 2089075 ***