tpm2-pkcs11
tpm2-pkcs11 copied to clipboard
A PKCS#11 interface for TPM2 hardware
When I try to run make check on my rasbian system, I get the following error (for all tests) ``` engine "pkcs11" set. p11_pkey.c:528 pkcs11_try_pkey_ec_sign() not implemented engine "pkcs11" set....
Hello, Currently, function `attr_common_add_data` contains: https://github.com/tpm2-software/tpm2-pkcs11/blob/90482e03c26c8c8d855a2c7297ad24d22dc99f47/src/lib/attrs.c#L523-L534 Adding `CKA_APPLICATION` twice is strange, and doing a `if (CKA_OBJECT_ID does not exist) { add CKA_APPLICATION }` seems also to be strange. This looks...
Currently it all defaults to the owner hierarchy and the default SRK handle location. We will likely want to say, use this persistent key for this hierarchy. So when adding...
The spec allows for C_Initialize with the proper sopin to reinitialize already initialized tokens (reset).
Support AES import in tpm2_ptool
Update the configure checks so if command tpm2 is found, we don't need to check for the tpm2_ commands. Also, update the python script to detect which one and use...
FR to support importing HMAC key and using it via PKCS11, eg, with SoftHSM, i'd define something like the [following](https://github.com/tpm2-software/tpm2-tools/issues/1597) to import an external HMAC key: ```golang hmacKeyTemplate := []*pkcs11.Attribute{...
I'd like to remotely verify that a tpm2-pkcs11-generated key was actually generated on a real TPM. E.g., Yubico's yubico-piv-tool personalization tool supports an "attest" command to generate a signature for...
Hi, I have a strange error when trying to create a new private key inside a tpm2-pkcs11 token. I can query the token freshly created with p11tool and the pin...