[strongSwan] Can strongswan tnc be used with TPM 2.0 ?
Andreas Steffen
andreas.steffen at strongswan.org
Mon Jul 1 11:45:32 CEST 2019
Hi Benoit,
you can compile strongSwan with both options --enable-tss-trousers
and --enable-tss-tss2 and the libtpmtss library will automatically
detect wheter a TPM 1.2 or TPM 2.0 device is present, prefering
TPM 2.0 over TPM 1.2.
For TPM 1.2 support the libtspi trousers library is required
and for TPM 2.0 the libtss2 library. Have a look at the folling
HOWTO on how to install the TPM2-TSS libraries and how to generate
TPM 2.0 attestation keys and certificates:
https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin
Best regards
Andreas
On 15.06.19 15:18, Benoit wrote:
> Hi all,
>
> I am interested to use the strongswan tnc, specifically the PTS
> (IMV/IMC) mode.
> I went to this following pages :
>
> https://wiki.strongswan.org/projects/strongswan/wiki/IMA
>
> https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect
> https://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMV
> https://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMC
>
> Pages are talking about TPM 1.2, but TPM 2.0 is never described.
>
> I am mainly looking for a way to verify if a client is trusted or not.
> And what is described at
> https://wiki.strongswan.org/projects/strongswan/wiki/IMA can match my
> requirements.
> But I would like to have something compliant TPM 1.2 and TPM 2.0
>
> Is strongswan TNC/PTS feature compliant with TPM 1.2 and TPM 2.0 ?
>
> Thanks
>
>
>
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[INS-HSR]==
More information about the Users
mailing list