Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

OPTIGA™ TPM Forum Discussions

sanketFT
Level 1
Level 1
First reply posted First question asked Welcome!

Hi Everyone,

W are using the optiga SLB9670 TPM2.0

Where the application note OPTIGA™ TPM Application Note PKCS #11, Revision 1.1 2021.10.18 say there is need of patch while installing the tpm2-pkcs11 there is one step.

As we are using Linux 5.15 does still the patch step to be performed, As the website link of github on    https://github.com/tpm2-software/tpm2-pkcs11 dosent mention about any device patchup.

kindly share some guidance.

 

Thanks and regards,

Sanket 

0 Likes
1 Solution
snehapra
Moderator
Moderator
Moderator
100 sign-ins 25 solutions authored 50 replies posted

There are multiple ways of linking pre-existing TPM key objects (keys that exist prior to the initialization of token) to a pkcs11 token, the default options are listed here: https://github.com/tpm2-software/tpm2-pkcs11/blob/master/docs/INTEROPERABILITY.md. The additional link-persist option allows user to link a persistent key to a pkcs11 token (examples at section 2.2.4 of the AppNote). 

View solution in original post

0 Likes
5 Replies
snehapra
Moderator
Moderator
Moderator
100 sign-ins 25 solutions authored 50 replies posted

Hi @sanketFT,

Please provide the link to the AppNote you are referring to.

 

0 Likes
sanketFT
Level 1
Level 1
First reply posted First question asked Welcome!

https://github.com/Infineon/pkcs11-optiga-tpm  under this there is application note

0 Likes
snehapra
Moderator
Moderator
Moderator
100 sign-ins 25 solutions authored 50 replies posted

Hi @sanketFT,

OPTIGA™ TPM Application Note PKCS #11 provides the patch to use already created (existing) persistent objects while installing PKCS #11. And the GitHub guide provides examples on how tpm2-pkcs11 can be used with pkcs11-tool to generate RSA/ECC key pairs.

0 Likes
snehapra
Moderator
Moderator
Moderator
100 sign-ins 25 solutions authored 50 replies posted

There are multiple ways of linking pre-existing TPM key objects (keys that exist prior to the initialization of token) to a pkcs11 token, the default options are listed here: https://github.com/tpm2-software/tpm2-pkcs11/blob/master/docs/INTEROPERABILITY.md. The additional link-persist option allows user to link a persistent key to a pkcs11 token (examples at section 2.2.4 of the AppNote). 

0 Likes
snehapra
Moderator
Moderator
Moderator
100 sign-ins 25 solutions authored 50 replies posted

Please let us know if your query was resolved. We will lock the thread in 3 days. In case your problem is not resolved, please create a new thread and we will be happy to help. 

0 Likes