** Description changed: + [Impact] + + [Test Case] + + We can check that libtpmtss (installed by: libstrongswan-extra-plugins) + links against libtss2. For example with the proposed change in Focal we + have: + + $ ldd /usr/lib/ipsec/libtpmtss.so | grep tss + libtss2-sys.so.0 => /lib/x86_64-linux-gnu/libtss2-sys.so.0 + libtss2-mu.so.0 => /lib/x86_64-linux-gnu/libtss2-mu.so.0 + + and similar in Hirsute. Those are not present in the library provided by + the package currently in the archive. + + A direct verification requires a full IPsec+TPM2 setup to verify that + the TPM2 actually work with the proposed package. + + [Where problems could occur] + + + [Development Fix] + + Cherry-pick of a Debian packaging commit, so we'll cleanly drop the + delta with the next merge from Debian. + + [Stable Fix] + + Same as the Development Fix (same commit, cherry-picked). + + [Original Description] + The Strongswan 5.8.2 (5.8.2-1ubuntu3) for Focal configuration elides the --enable-tss-tss2 option. Without this option, TPM 2.0 is unavailable through the TSS2 interface.
** Description changed: [Impact] + + This is actually borderline between a bugfix and a new feature. It's a + bugfix because in the libstrongswan-extra-plugins package description we + write: + + Also included is the libtpmtss library adding support for TPM plugin + (https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin) + + but without a TSS (= TPM Software Stack) implementation the plugin can't + do anything useful. OTOH adding tss2 support enables new code sections + which were previously disabled, and requires a new dependency, so to + some extent this is a new feature. + + The "new feature" bits are however confined to a library (libtpmtss.so, + provided by libstrongswan-extra-plugins), which is basically useless + without also enabling a TSS implementation. I think this may fall under + the "we sometimes want to introduce new features" SRU safe case, per: + + https://wiki.ubuntu.com/StableReleaseUpdates#Other_safe_cases [Test Case] - We can check that libtpmtss (installed by: libstrongswan-extra-plugins) - links against libtss2. For example with the proposed change in Focal we - have: + We can check that libtpmtss links against libtss2. For example with the + proposed change in Focal we have: $ ldd /usr/lib/ipsec/libtpmtss.so | grep tss - libtss2-sys.so.0 => /lib/x86_64-linux-gnu/libtss2-sys.so.0 - libtss2-mu.so.0 => /lib/x86_64-linux-gnu/libtss2-mu.so.0 + libtss2-sys.so.0 => /lib/x86_64-linux-gnu/libtss2-sys.so.0 + libtss2-mu.so.0 => /lib/x86_64-linux-gnu/libtss2-mu.so.0 and similar in Hirsute. Those are not present in the library provided by the package currently in the archive. A direct verification requires a full IPsec+TPM2 setup to verify that the TPM2 actually work with the proposed package. [Where problems could occur] - [Development Fix] Cherry-pick of a Debian packaging commit, so we'll cleanly drop the delta with the next merge from Debian. [Stable Fix] Same as the Development Fix (same commit, cherry-picked). [Original Description] The Strongswan 5.8.2 (5.8.2-1ubuntu3) for Focal configuration elides the --enable-tss-tss2 option. Without this option, TPM 2.0 is unavailable through the TSS2 interface. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940079 Title: Strongswan doesn't support TPM 2.0 through the TSS2 interface To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1940079/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
