From: David Woodhouse Date: Sat, 13 Oct 2018 04:06:47 +0000 (-0700) Subject: Update TPM docs X-Git-Tag: v8.00~38 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Ftpm2;p=users%2Fdwmw2%2Fopenconnect.git Update TPM docs Signed-off-by: David Woodhouse --- diff --git a/www/tpm.xml b/www/tpm.xml index d04295d0..21857b67 100644 --- a/www/tpm.xml +++ b/www/tpm.xml @@ -38,16 +38,25 @@ TPM ENGINE or the openssl_tpm2_engine the PEM file has the tag: -
-----BEGIN TSS2 KEY BLOB-----
-The tpm2-tss-engine uses a different PEM tag: -
-----BEGIN TSS PRIVKEY BLOB v1-----
+There are two ENGINE implementations for TPM v2 with OpenSSL, +based on different TSS libraries.

-Both of these OpenSSL engines can be used by OpenConnect if they are installed.

+

openssl_tpm2_engine is based on IBM's TPM 2.0 TSS, while +tss2-tss-engine uses the +Intel/TCG stack. OpenConnect can use +either ENGINE.

-

The GnuTLS build of OpenConnect supports the former variant, when built with libtasn1 and either tss2-esys or IBM TSS 2.0 libraries.

+ +

The GnuTLS build of OpenConnect can use either TSS library.

+ +

Older keys from openssl_tpm2_engine may have the tag: +

-----BEGIN TSS2 KEY BLOB-----

+ +This format is also supported by the GnuTLS builds of OpenConnect.