Hi Thomas, I documented the mutual attestation between two Raspberry Pi 2 devices equipped with Infineon TPM 1.2 daughterboards:
https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect#Mutual-Attestation-of-IoT-Devices Best regards Andreas On 08/03/2015 08:56 PM, Thomas Strobel wrote: > Hello Andreas, > > thank you very much for your help and the fast reply! Amazing, I'm > looking forward to test it! :) > > Many thanks! > Thomas > > > On 08/03/2015 08:10 PM, Andreas Steffen wrote: >> Hello Thomas, >> >> yes this is possible with strongswan 5.3.2. Have a look at my >> presentation given at the 2015 TCG Members Meeting in Edinburgh: >> >> https://www.strongswan.org/docs/TCG_Edinburgh_2015.pdf >> >> The only thing you have to do is to load the tnc-imc and tmc-imv >> plugins on both the TNC client and TNC server and of course the >> needed IMCs and IMVs (for attestation usually the OS and Attestation >> IMC plus the Attestation IMV). In order to activated the mutual >> attestation capability set the following parameter in strongswan.conf >> >> charon { >> plugins { >> tncss-20 { >> mutual = yes >> } >> } >> } >> >> Best regards >> >> Andreas >> >> On 03.08.2015 19:42, Thomas Strobel wrote: >>> Hello everyone, >>> >>> being new to the mailing list, I first want to thank everyone that is or >>> was involved in developing strongswan as open source project, it's >>> amazing! Thanks! >>> >>> Now my question. I'm thinking of using strongswan to secure P2P networks >>> with mutual TNC remote attestation. Does strongswan support that use >>> case? I mean, is it possible that both sides act as TNC client and >>> server at the same time, and that a connection is only established after >>> both sides verified the integrity of the other side? >>> >>> Many thanks >>> Thomas >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> https://lists.strongswan.org/mailman/listinfo/users >>> >> > -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
