Hi Lena, Yes, using the latest upstream package, the following config line allows me to use my TPM-sealed key:
providers legacy default tpm2 Order seems to be important, tpm2 must come at the end for it to work. If I configure, for example, "tpm2 legacy default", I get: openvpn[5389]: WARNING:esys:src/tss2-esys/api/Esys_LoadExternal.c:314:Esys_LoadExternal_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_LoadExternal.c:108:Esys_LoadExternal() Esys Finish ErrorCode (0x000002c4) OpenSSL: error:4000000C:tpm2::cannot load key:708 tpm:parameter(2):value is out of range or is not correct for the context OpenSSL: error:0A080006:SSL routines::EVP lib: TLS_ERROR: BIO read tls_read_plaintext error TLS Error: TLS object -> incoming plaintext read error TLS Error: TLS handshake failed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089270 Title: Still need OpenSSL3 patch for tpm2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2089270/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
