Test PPA: https://launchpad.net/~paride/+archive/ubuntu/strongswan
** Summary changed:
- Strongswan in Focal doesn't support TPM 2.0 through the TSS2 interface...
+ Strongswan doesn't support TPM 2.0 through the TSS2 interface
--
You received this bug notification because you are a member of
The FFe is for this MP:
https://code.launchpad.net/~paride/ubuntu/+source/strongswan/+git/strongswan/+merge/408738
I requested a review from ubuntu-release, as I think it's a nice way to
approve (or disapprove!) the FFe.
--
You received this bug notification because you are a member of Ubuntu
** Merge proposal linked:
https://code.launchpad.net/~paride/ubuntu/+source/strongswan/+git/strongswan/+merge/408738
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940079
Title:
Strongswan in
My MR against the Debian packaging got merged:
https://salsa.debian.org/debian/strongswan/-/commit/b062db8d85e1502010cd45bc2beb5fbd67912cab
so this will be fixed in Debian unstable with the next upload and in
Ubuntu with the merges that will follow. However I'd like to see this
land in Impish,
As ideally we'd like to have this change land in Debian I filed a Debian
bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994396
and opened a MR against the Debian packaging:
https://salsa.debian.org/debian/strongswan/-/merge_requests/11/
--
You received this bug notification because
** Bug watch added: Debian Bug tracker #994396
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994396
** Also affects: strongswan (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994396
Importance: Unknown
Status: Unknown
** Changed in: strongswan (Ubuntu)
> Note: I can't see the libtss2-esys runtime dependency that Tobias
mentioned. @Tobias: is this expected, or am I missing some other flag?
Yes, that's correct. The configure script checks for both tss2-sys and
tss2-esys, but eventually, only tss2-sys is used (possible that Andreas
intended to
** Changed in: strongswan (Ubuntu)
Status: Triaged => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940079
Title:
Strongswan in Focal doesn't support TPM 2.0 through the TSS2
Hi,
I built strongswan 5.9.1-1 with --enable-tss-trousers (extra Build-Dep:
libtspi-dev) and --enable-tss-tss2 (extra B-D: libtss2-dev). The package
built fine, the resulting libstrongswan-extra-plugins binary package has
two extra dependencies:
- libtss2-sys1
- libtspi1 (not in main)
Note: I
FYI bin:libtss2-esys0 from src:tpm2-tss is at least already in main in Focal.
In later releases it is libtss2-esys-3.0.2-0 (also in main)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940079
Title:
> However this is not something like a separate module: support for TSS2
is builtin in the strongswan tools.
Correct, it's just part of libtpmtss.
> I didn't check but I imagine this requires a libtss2-* runtime dep.
Yes, libtss2-esys0 will be required (libtss2-esys-3.0.2-0 for Hirsute
and
** Changed in: strongswan (Ubuntu)
Assignee: (unassigned) => Paride Legovini (paride)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940079
Title:
Strongswan in Focal doesn't support TPM 2.0
Some more info for evaluating this:
* The Impish package builds fine by adding --enable-tss-tss2 in d/rules and
adding libtss2-dev to Build-Depends.
* libtss2-dev is in main in >=Focal.
* The configure flag enables some well-scoped sections of code via #ifdefs.
However this is not something
> The stable Ubuntu releases are "feature frozen", which means that it
is unlikely TSS2 will be enabled in Focal (exceptions are possible, but
a very compelling reason is needed).
Is it a new feature, though? Couldn't it be considered a necessary fix
to actually make the already shipped tpm
I need to jump into this one...
Right now, a number of our projects are dependent on the Focal LTS
release. These projects cannot wait for 22.04 as they will go to market
over the course of the next several months. These same projects make
heavy use of TPM 2.0. They do use the TSS 2.0
Thanks Tobias for the additional information. I think that enabling TSS2
in Ubuntu is something we want to do, however I there are a few things
to consider:
1. The stable Ubuntu releases are "feature frozen", which means that it
is unlikely TSS2 will be enabled in Focal (exceptions are possible,
> what is --enable-tpm option exactly?
It's a plugin in libtpmtss that implements interfaces to provide
certificates, private keys and random numbers from a TPM 2.0 to the IKE
daemon.
> Does it work without --enable-tss-trousers and --enable-tss-tss2?
No, it requires a TSS implementation, in
Thanks for taking the time to file this bug and trying to make Ubuntu
better.
From the upstream documentation:
'''
--enable-tpm
enable plugin to access persistent RSA and ECDSA private keys bound to Trusted
Platform Module 2.0 [ no ]. Since 5.5.2.
'''
The --enable-tpm option was used to build
--enable-tss-trousers is missing too, so TPM 1.2 support isn't available
either. Which makes enabling the tpm plugin completely useless.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940079
Title:
19 matches
Mail list logo
