search

fdo-rs / fido-device-onboard-rs

An implementation of the FIDO Device Onboard (FDO) spec written in Rust.
BSD 3-Clause "New" or "Revised" License
58 stars 33 forks source link

Change TCTI type from `Tabrmd` to `Device` (Kernel RM) #536

Closed 7flying closed 1 year ago

7flying commented 1 year ago

We were using Tabrmd as the way to communicate with the TPM, however we should be using the Kernel resource manager instead. This PR changes that and we default to using /dev/tpmrm0 if no other named config is passed via environment variables (TPM2TOOLS_TCTI, TCTI, TEST_TCTI).

This change is documented in the HOWTO. This PR also adds a test checking that device credentials can be generated with a TPM.

We also disable using TPMs by default when using the aio tool as it now requires using the kernel resource manager which is not always available.

Fixes #531 Fixes rhbz#2223779, rhbz#2220851

7flying commented 1 year ago

Re-tested, all good on my end, marked as ready to review again.

7flying commented 1 year ago

/test-container