We are seeing a lot of churn having to fix and change tpm code to resolves issues within tpm2-software projects. The past 2 weeks, all the time I have had to work on keylime has been trying to debug breakages with different tool versions or bugs in tpm2-abrmd.
From what I have seen there are two other possible alternatives
go-tpm looks promising, but its a go library and unless we want to create our own bindings, its not the most pragmatic of routes to pursue.
ibm-tss also looks promising, and also provides command line equivalents of the tss stack. It hjas a resource manager and works well with the simulator (as expected).
We can also consider that 3.x tools will be legacy soon, and 4.0 will stabilize.
Another option is to write our own tools that bind round tss, but we might find ourselves having to do a lot of maintenance work to keep up with tss changes.
enable provider verifier to run on the same machine as a tenant verifier
Project Board
https://github.com/orgs/keylime/projects/1
Attendees
Topics
TPM stack and tools assessment
We are seeing a lot of churn having to fix and change tpm code to resolves issues within tpm2-software projects. The past 2 weeks, all the time I have had to work on keylime has been trying to debug breakages with different tool versions or bugs in tpm2-abrmd.
From what I have seen there are two other possible alternatives
go-tpm
ibm-tss
go-tpm looks promising, but its a go library and unless we want to create our own bindings, its not the most pragmatic of routes to pursue.
ibm-tss also looks promising, and also provides command line equivalents of the tss stack. It hjas a resource manager and works well with the simulator (as expected).
We can also consider that 3.x tools will be legacy soon, and 4.0 will stabilize.
Another option is to write our own tools that bind round tss, but we might find ourselves having to do a lot of maintenance work to keep up with tss changes.
enable provider verifier to run on the same machine as a tenant verifier
keylime/keylime#194
Fedora packaging:
bugzilla :
https://bugzilla.redhat.com/show_bug.cgi?id=1759276
blocked:
invoke_get_quote fails on tornado 6.0
keylime/keylime#196
Tools issues
HW tpm support yaml formatting
keylime/keylime#160 keylime/keylime#206 keylime/keylime#208 keylime/keylime#204
Keylime Raspberry Pi
UI Work
@amylily1011
Rust Agent
Documentation help:
vTPM port
Need Help!
Parked
Implement rhboot
keylime/keylime#63 @lukehinds