Re: [strongSwan] Can strongswan tnc be used with TPM 2.0 ?

2019-07-01 Thread Andreas Steffen
Hi Benoit,

you can compile strongSwan with both options --enable-tss-trousers
and --enable-tss-tss2 and the libtpmtss library will automatically
detect wheter a TPM 1.2 or TPM 2.0 device is present, prefering
TPM 2.0 over TPM 1.2.

For TPM 1.2 support the libtspi trousers library is required
and for TPM 2.0 the libtss2 library. Have a look at  the folling
HOWTO on how to install the TPM2-TSS libraries and how to generate
TPM 2.0 attestation keys and certificates:

https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin

Best regards

Andreas

On 15.06.19 15:18, Benoit wrote:
> Hi all,
> 
> I am interested to use the strongswan tnc, specifically the PTS
> (IMV/IMC) mode.
> I went to this following pages : 
> 
>    https://wiki.strongswan.org/projects/strongswan/wiki/IMA
>   
> https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect
>    https://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMV
>    https://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMC
> 
> Pages are talking about TPM 1.2, but TPM 2.0 is never described.
> 
> I am mainly looking for a way to verify if a client is trusted or not.
> And what is described at
> https://wiki.strongswan.org/projects/strongswan/wiki/IMA can match my
> requirements.
> But I would like to have something compliant TPM 1.2 and TPM 2.0
> 
> Is strongswan TNC/PTS feature compliant with TPM 1.2 and TPM 2.0 ?
> 
> Thanks
> 
> 
> 
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


[strongSwan] Can strongswan tnc be used with TPM 2.0 ?

2019-07-01 Thread Benoit
Hi all,

I am interested to use the strongswan tnc, specifically the PTS
(IMV/IMC) mode.
I went to this following pages : 

   https://wiki.strongswan.org/projects/strongswan/wiki/IMA
  
https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect
   https://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMV
   https://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMC

Pages are talking about TPM 1.2, but TPM 2.0 is never described.

I am mainly looking for a way to verify if a client is trusted or not.
And what is described at
https://wiki.strongswan.org/projects/strongswan/wiki/IMA can match my
requirements.
But I would like to have something compliant TPM 1.2 and TPM 2.0

Is strongswan TNC/PTS feature compliant with TPM 1.2 and TPM 2.0 ?

Thanks