Need help install tpm2-openssl and use tpm2-openssl for create certificate.

[amaranthjinn]

I need help with installing tpm2-openssl on my Debian machine (Debian 13). I followed the instruction to: apt install tpm2-openssl tpm2-tools tpm2-abrmd libtss2-tcti-tabrmd0

but got error:

Package tpm2-abrmd is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source

I did apt update and upgrade, and still doesn't seem to be able to grab the missing dependencies. I prefer not to make and build the packages if that's possible, any suggestions on how I can get this to work?

I want to self-sign a TPM generated key (the public key of the pair) to output a x.509 certificate. I think I can leverage tpm2-openssl for this:

openssl req -provider tpm2 -provider default -propquery '?provider=tpm2' -x509 -subj "/C=GB/CN=foo" -key key_public.pem -out key_cert.pem

where I already created the key in TPM, and get the public key in .pem format. Is above cmd the right usage or I missed something?

Thanks a lot for help! I'm new to openssl and TPM, still ramping up on the tools.

[mcr]

On 2025-08-01, my Devuan Daedalus (same as Debian bookworm, so Debian 12) has a tpm2-abrmd package. If you were really using Debian "13" last year, then I think that would have to have been testing?