** Description changed: [Impact] This is actually borderline between a bugfix and a new feature. It's a bugfix because in the libstrongswan-extra-plugins package description we write: Also included is the libtpmtss library adding support for TPM plugin (https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin) but without a TSS (= TPM Software Stack) implementation the plugin can't do anything useful. OTOH adding tss2 support enables new code sections which were previously disabled, and requires a new dependency, so to some extent this is a new feature. The "new feature" bits are however confined to a library (libtpmtss.so, provided by libstrongswan-extra-plugins), which is basically useless without also enabling a TSS implementation. I think this may fall under the "we sometimes want to introduce new features" SRU safe case, per: https://wiki.ubuntu.com/StableReleaseUpdates#Other_safe_cases [Test Case] We can check that libtpmtss links against libtss2. For example with the proposed change in Focal we have: $ ldd /usr/lib/ipsec/libtpmtss.so | grep tss libtss2-sys.so.0 => /lib/x86_64-linux-gnu/libtss2-sys.so.0 libtss2-mu.so.0 => /lib/x86_64-linux-gnu/libtss2-mu.so.0 and similar in Hirsute. Those are not present in the library provided by the package currently in the archive. A direct verification requires a full IPsec+TPM2 setup to verify that the TPM2 actually work with the proposed package. Test PPA: https://launchpad.net/~paride/+archive/ubuntu/strongswan [Where problems could occur] Given that libtpmtss is already basically nonfunctional without a TSS implementation, the proposed change can't really break it. However I still can imaging a situation where: - The TPM plugin is installed but misconfigured, or there are issues with the TPM; - - The issues doesn't really cause any harm, as without a TSS implementation it can't attempt to do any TPM operation. + - The issues doesn't really cause any harm, as without a TSS implementation it can't attempt to do any TPM operation; - The fixed package allows it to do TPM operation, exposing the misconfiguration/issues and possibly braking a working setup. - - This is a general, high-level description of a possible issue I can't - think of, as I don't really have practical experience with this kind of - setup. [Development Fix] Cherry-pick of a Debian packaging commit, so we'll cleanly drop the delta with the next merge from Debian. [Stable Fix] Same as the Development Fix (same commit, cherry-picked). [Original Description] The Strongswan 5.8.2 (5.8.2-1ubuntu3) for Focal configuration elides the --enable-tss-tss2 option. Without this option, TPM 2.0 is unavailable through the TSS2 interface.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940079 Title: Strongswan doesn't support TPM 2.0 through the TSS2 interface To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1940079/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
