On Wed, Dec 2, 2020 at 12:08 PM Jerry Snitselaar <jsnitsel@xxxxxxxxxx> wrote:
We are looking to no longer support TPM1.2 in RHEL9. Than raised the
question with regards to opencryptoki-tpmtok if it should be changed in
Fedora as well, so I thought I'd see what everyone thinks about future
TPM1.2 support in Fedora. I know at one point in the last year or so
trousers almost dropped from Fedora due to being orphaned for quite a
while. From what I could find the following packages have dependencies:
ecryptfs-utils - --disable-tspi
openconnect - looks like it will only build support if trousers-devel is
there, and makes use of tpm2-tss as well.
strongswan - --enable-tss-tss2 instead of --enable-tss-trousers?
tboot - the trousers dependency was just in a policy tool that has now
been deprecated upstream.
opencryptoki-tpmtok - --disable-tpmtok
tpm-quote-tools, tpm-tools, and trousers are all tpm1.2 specific
packages.
Another thing is that in the kernel there currently is no way to build
with just tpm1.2 or tpm2.0 support so the kernel support for tpm1.2
would still be there.
I don't think Fedora needs to drop the tpm1.2 support if people want to
continue supporting it, but wanted to put the question out there and see
how everyone felt.
How much support is needed? I've written some TPM1.2 code that no one uses, so I don't personally care, but I'm pretty sure there are quite a few systems around that use TPM 1.2 For example, until I manually did the magic incantation to switch my laptop from its TPM 1.2 default to TPM 2 mode, it had TPM 1.2. It's not even particularly old.
I think we should at least keep TPM 1.2 kernel support, but basic user support where it's not too inconvenient seems reasonable.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx