Trusted Platform Module (TPM) support

OpenConnect supports the use of private keys secured or "wrapped" by a TPM. These keys appear in the form of a PEM file marked with the tag:

These files can be created by the create_tpm_key tool which is part of the OpenSSL TPM ENGINE or the tpmtool which is part of the GnuTLS distribution.

Use of TPM-wrapped keys is entirely transparent with GnuTLS. If built with TPM support, OpenConnect will automatically use the TPM when presented with an approprate PEM file with a TPM-wrapped key.

For OpenSSL, the TPM ENGINE must be installed correctly on the system, and OpenConnect will load and use it automatically when appropriate.