[Pkg-swan-devel] Bug#994396: strongswan: Please enable TPM2 via --enable-tss-tss2

Paride Legovini paride at debian.org
Wed Sep 15 14:53:14 BST 2021


Source: strongswan
Version: 5.9.1-1
Severity: normal
X-Debbugs-Cc: paride at debian.org

Spun-off from: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1940079

Hi Yves-Alexis,

The Debian strongswan package doesn't currently have any TPM support,
even if d/rules calls ./configure --enable-tpm, as actually enabling TPM
requires a TSS (Tpm Software Stack) implementation. To enable TPM2 we
need TSS2, which is enabled via --enable-tss-tss2 (which requires an
additional build-dep: libtss2-dev).

Please consider adding those to the strongswan packaging.

Note: this still doesn't enable TPM1.2, for which --enable-tss-trousers
is required. My suggestion is to avoid enabling it, and strongswan
upstream Tobias Brunner agrees, see the discussion in the Ubuntu bug
I linked.

Thanks!

Paride

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled



More information about the Pkg-swan-devel mailing list