|
|
|
|
In order to try out the TPM2 support use the -Dtpm2=true build option/flag during the meson _build process.
You can alter the default build and install process as the following:
1 2 3 |
$ meson _build -Dtpm2=true $ ninja -C _build $ ninja -C _build install |
For testing the TPM2 support you need a physical TPM or a TPM emulator. The following sections demonstrate how to setup swtpm emulator and testing out the TPM2 support. If you have access to a TPM you can ignore the emulator section.
swtpm emulator setup:
1 2 3 4 5 6 7 8 9 |
$ dnf install swtpm swtpm-tools tpm2-abrmd tpm2-tss-devel $ eval `dbus-launch --sh-syntax` $ export XDG_CONFIG_HOME=$HOME/.config/swtpm $ /usr/share/swtpm/swtpm-create-user-config-files --root $ mkdir -p ${XDG_CONFIG_HOME}/mytpm1 $ swtpm_setup --tpm2 --tpmstate $XDG_CONFIG_HOME/mytpm1 --createek --allow-signing --decryption --create-ek-cert --create-platform-cert --lock-nvram --overwrite --display $ swtpm socket --tpm2 --tpmstate dir=$XDG_CONFIG_HOME/mytpm1 --flags startup-clear --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --daemon $ tpm2-abrmd --logger=stdout --tcti=swtpm: --session --allow-root --flush-all & $ export TCTI=tabrmd:bus_type=session |
Test TPM2 support:
1 2 3 4 5 6 7 |
$ cd libsecret $ meson _build -Dtpm2=true $ ninja -C _build $ export SECRET_BACKEND=file $ export SECRET_FILE_TEST_PATH=$PWD/keyring $ ./_build/tool/secret-tool store --label=foo bar baz $ ls # keyring |