[pkg-gnupg-maint] Bug#1058571: Bug#1058571: gnupg2: please enable TPM2 support

Sun Jan 12 16:48:19 GMT 2025

On Wed, Mar 27, 2024 at 05:44:03PM +0800, YunQiang Su wrote:
> Andreas Metzler <ametzler at bebt.de> 于2024年2月3日周六 14:42写道：
> > On 2024-02-03 YunQiang Su <syq at debian.org> wrote:
> > > On Wed, 13 Dec 2023 11:17:10 +0800 YunQiang Su <syq at debian.org> wrote:
> > >> Package: src:gnupg2
> > >> Version: 2.4.3-2
> >
> > >> TPM2 support has been introduced into GnuPG since 2.3.
> > >> https://gnupg.org/blog/20210315-using-tpm-with-gnupg-2.3.html
> > >>
> > >> While TPM2 support is not enabled for Debian's gnupg2 package
> > >> in experimental:
> > [...]
> > > Hi, Andreas
> > > I noticed that you have 2 uploads of gnupg 2.4 to experimental in recent days.
> > > Is there any reason that no enabling TPM2 support?
> > > Is TPM2 support buggy?
> >
> > I am doing noninvasive minimal changes only, keeping the packaging up to
> > date with upstream releases.
> >
> Thanks. I noticed that Fedora has enabled TPM2 (Intel) support.
> I guess it's time for us to do so.

It would be nice to have the TPM support in Trixie. Enabling it isn't
hard, I've put up a simple patch at:

https://salsa.debian.org/noodles/gnupg2/-/tree/enable-tpm

The problem is that the testsuite no longer runs in parallel mode with
the TPM support enabled; the SW TPM emulator used for the tests is
configured to use TCP ports and so can't parallelise. It should be
possible to use Unix sockets instead, but AFAICT that's going to require
patching tpm2d/intel-tss.h to set the appropriate parameters on TCTI
setup, and hacking up the Scheme test files to pass those through to the
tests.

J.

-- 
] https://www.earth.li/~noodles/ []   101 things you can't have too    [
]  PGP/GPG Key @ the.earth.li    []  much of : 8 - Hard drive space.   [
] via keyserver, web or email.   []                                    [
] RSA: 4096/0x94FA372B2DA8B985   []                                    [