> what is --enable-tpm option exactly? It's a plugin in libtpmtss that implements interfaces to provide certificates, private keys and random numbers from a TPM 2.0 to the IKE daemon.
> Does it work without --enable-tss-trousers and --enable-tss-tss2? No, it requires a TSS implementation, in particular, a TSS 2.0 implementation (I saw that it basically does nothing without a TPM 2.0). The only one currently available, enabled via --enable-tss-tss2, uses the libraries provided by tpm2-tss. The TSS 1 implementation (enabled via --enable-tss-trousers, which wraps TrouSerS) is only needed for other features, e.g. remote attestation (see e.g. [1]), when using a TPM 1.2. But those are currently not enabled in the Ubuntu build. [1] https://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMC -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940079 Title: Strongswan in Focal doesn't support TPM 2.0 through the TSS2 interface... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1940079/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs