On UDEV rules....
(depending on where I search, different answers)
I am currently setting both /dev/tpm0 and /dev/tpmrm0 to mode 0666
I don't care who the owner or group is, since I am not running SUID tss
Is this inherently wrong-headed to be working this way?
How about for openssl-engine?
Thanks all. It is working in this use case (mode 0666 on both) and openssl is happy.
An optional 'use case' question. For the openssl engine, I am using a TPM2 ECC key directly, not a wrapped PEM file.
It works fine that way for my use case, but is there I reason why I would prefer the other method?