tpm-tools discussion

Registered by Gary Ekker on 2011-10-24

tpm-tools is an important feature in the enterprise from secure boot to 802.1x network authentication.

Blueprint information

Status:
Started
Approver:
Steve Langasek
Priority:
High
Drafter:
Stéphane Graber
Direction:
Approved
Assignee:
Stéphane Graber
Definition:
Approved
Series goal:
Accepted for precise
Implementation:
Beta Available
Milestone target:
milestone icon ubuntu-12.04-beta-2
Started by
Stéphane Graber on 2012-03-22

Related branches

Sprints

Whiteboard

== Notes from the session ==

Debian dropped tpm-tools from their archive due to lack of maintenance and Ubuntu replicated this change in the Oneiric release. This included dropping non-functional patches to wpa-supplicant and NetworkManager.

Dependencies needed:
libtpm-unseal
libtspi1 (still in main for oneiric)
opencryptoki (still in main for oneiric)
trousers (still in main for oneiric)

Discussion items:
 - No debian or ubuntu maintainer
 - Methods for utilizing tpm
  - whole disk encryption
  - 802.1x use case
  - trusted boot
- some advantage to having the same person maintain the whole stack, tpm-tools, opencryptoki, etc.

== Actions ==

Work items:
[vorlon] Talk to Martin about how we can provide Debian/Ubuntu maintenance of the tpm packages (tpm-tools, opencryptoki): DONE
[etienne-goyer-outlands] Document the positive features we can add with tpm support, as well as documenting the setup
[mathieu-tl] Rework the NetworkManager patch for PKCS11/TPM support and push upstream: DONE
[vorlon] Investigate tpm integration for luks (and find someone to give him a laptop he doesn't mind losing his filesystem on)
[vorlon] Investigate machine-based authentication for kerberos via pkinit with tpm
[stgraber] reintroduce tpm-tools to Ubuntu: DONE
[stgraber] Test the tpm-tools + opencryptoki once we have tpm-tools again and post step-by-step instructions on initializing the TPM and using it with PKCS11: POSTPONED
Look at kernel encrypted/trusted keys as an alternative to luks passphrases for full-disk encryption: POSTPONED

(?)

Work Items