Page MenuHomePhabricator
Create Task
Maniphest T931

Testing tpm2-pkcs11with KVM vTPM 2.0
Closed, InvalidPublic
Actions

Description

KVM supports emulated TPM2 hardware and the version in Bullseye gains the ability to encrypt its secrets [0]. tpm2-pk11 [1] is a program that allows protecting OpenSSH and firefox private keys using the TPM. If the package finds a new upstream maintainer we can test it in Debian stable-next with the virtual TPM hardware.

Debian maintainers will move to tpm2-pkcs11 [3]

[0] http://forums.whonix.org/t/kvm-virtual-tpm-aka-the-universal-smartcard/8244

[1] https://github.com/irtimmer/tpm2-pk11

[2] https://github.com/irtimmer/tpm2-pk11/wiki

[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941951#10

EDIT:

The above package depends on gnupg-pkcs11-scd which is available in Debian.

https://packages.debian.org/source/stable/gnupg-pkcs11-scd

https://packages.debian.org/buster/simple-tpm-pk11

only works for TPM 1.2

Opened a RFP for this package which fulfills this ticket in case someone upstream picks it up. https://bugs.debian.org/941951

The upstream TPM2 project is looking at consolidating the multiple code projects out there into an upstream implementation superseding the projects above.

https://github.com/tpm2-software/tpm2-tools/issues/518

https://github.com/tpm2-software/tpm2-pkcs11

Details

Impact
Normal

Event Timeline

HulaHoop triaged this task as Normal priority.Oct 4 2019, 2:22 PM
HulaHoop created this task.
Herald added a project: Whonix. · View Herald TranscriptOct 4 2019, 2:22 PM
Herald added a subscriber: entr0py. · View Herald Transcript
HulaHoop updated the task description. (Show Details)Oct 4 2019, 2:33 PM
HulaHoop updated the task description. (Show Details)Oct 4 2019, 4:06 PM
HulaHoop added a comment.EditedOct 5 2019, 3:10 PM

TPM hw not working. Troubleshooting thread:

https://www.redhat.com/archives/libvirt-users/2019-October/msg00006.html

Turns out it isn;t packaged for Debian yet. Opened a RFP: https://bugs.debian.org/941939

HulaHoop updated the task description. (Show Details)Oct 7 2019, 7:28 PM
HulaHoop updated the task description. (Show Details)Oct 7 2019, 7:40 PM
HulaHoop updated the task description. (Show Details)Oct 7 2019, 9:13 PM
HulaHoop updated the task description. (Show Details)Oct 7 2019, 9:29 PM
HulaHoop added a comment.Oct 10 2019, 1:47 PM

Already packaged in Debian but is currently orphaned and needs a maintainer accoridng to its ex-maintainer:

https://tracker.debian.org/pkg/tpm2-pk11

HulaHoop renamed this task from Packaging for tpm2-pk11 to Testing tpm2-pk11 with KVM vTPM 2.0.Oct 10 2019, 1:49 PM
HulaHoop claimed this task.
HulaHoop updated the task description. (Show Details)
HulaHoop removed a project: packaging.
HulaHoop renamed this task from Testing tpm2-pk11 with KVM vTPM 2.0 to Testing tpm2-pkcs11with KVM vTPM 2.0.Oct 10 2019, 1:54 PM
HulaHoop updated the task description. (Show Details)
Patrick closed this task as Invalid.Jan 19 2023, 10:53 AM

Due to https://www.whonix.org/wiki/Reporting_Bugs#Transition_to_Discourse_Forums all tickets need to be migrated to forums. Please re-open in forums if this still still relevant.

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer