Re: [Ibmtpm20tss-users] [openssl-tpm2-engine] ibmtss

Doug Fraser

Hello All.

On UDEV rules....

(depending on where I search, different answers)

I am currently setting both /dev/tpm0 and /dev/tpmrm0 to mode 0666

I don't care who the owner or group is, since I am not running SUID tss

Is this inherently wrong-headed to be working this way?

How about for openssl-engine?

Thanks all. It is working in this use case (mode 0666 on both) and openssl is happy.

An optional 'use case' question. For the openssl engine, I am using a TPM2 ECC key directly, not a wrapped PEM file.
It works fine that way for my use case, but is there I reason why I would prefer the other method?

Douglas Fraser

Join to automatically receive all group messages.