Open securitykernel opened 9 months ago
TPM 1.2 is deprecated as of https://github.com/randombit/botan/commit/90001378a0f2484731b99526f0b7ed89b6b33f44. @atreiber94 and me will work on (limited) TPM 2.0 support.
This will require a new (optional) dependency to tpm2-tss. This library provides several layers of API abstraction:
The "Enhanced System API" is probably want we want. The "Feature API" seems very convenient but it maintains state on the user's hard drive and is quite obviously geared towards use in applications. We'll (optionally) implement the crypto callbacks to allow tpm2-tss to use Botan's primitives and to avoid a transitive dependency to another crypto library. Note that this requires the use of tpm2-tss 4.0 or newer (January 2023), before ESYS_SetCryptoCallbacks()
is not available.
The ToDo list currently lists this for TPM support:
Is the first one still desired? Given that TPM 1.2 standard was first released in 2003 and superseded by TPM 2.0 in 2014, I'd suggest to deprecate TPM 1.2 support for removal in 4.0 and add basic TPM 2.0 support as a replacement (if still desired).