From 7a0ca97e8b655676f7414abcabcdc1ce7a1d7239 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 12 Oct 2018 21:06:47 -0700 Subject: [PATCH] Update TPM docs Signed-off-by: David Woodhouse --- www/tpm.xml | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/www/tpm.xml b/www/tpm.xml index d04295d0..21857b67 100644 --- a/www/tpm.xml +++ b/www/tpm.xml @@ -38,16 +38,25 @@ TPM ENGINE or the openssl_tpm2_engine the PEM file has the tag: -
-----BEGIN TSS2 KEY BLOB-----
-The tpm2-tss-engine uses a different PEM tag: -
-----BEGIN TSS PRIVKEY BLOB v1-----
+There are two ENGINE implementations for TPM v2 with OpenSSL, +based on different TSS libraries.

-Both of these OpenSSL engines can be used by OpenConnect if they are installed.

+

openssl_tpm2_engine is based on IBM's TPM 2.0 TSS, while +tss2-tss-engine uses the +Intel/TCG stack. OpenConnect can use +either ENGINE.

-

The GnuTLS build of OpenConnect supports the former variant, when built with libtasn1 and either tss2-esys or IBM TSS 2.0 libraries.

+ +

The GnuTLS build of OpenConnect can use either TSS library.

+ +

Older keys from openssl_tpm2_engine may have the tag: +

-----BEGIN TSS2 KEY BLOB-----

+ +This format is also supported by the GnuTLS builds of OpenConnect. -- 2.49.0