[barbican] TPM2.0 backend - openstack-discuss - lists.openstack.org

newer
[ops] OpenStack Ops Meetups team...

[barbican] TPM2.0 backend

older
[trio2o] Current state, community...

Balázs Gibizer

20 Jan 2020 20 Jan '20

3 p.m.

Hi, Looking at the Barbican documentation I see that the secrets can be stored on disk (SimpleCrypto backend) or in a HW vendor specific HSM module. Is there a way to use a TPM 2.0 device as the backend of Barbican via something like [1]? Cheers, gibi [1] https://github.com/tpm2-software/tpm2-pkcs11

Reply

Sign in to reply online Use email software

Show replies by date

Balázs Gibizer

28 Jan 28 Jan

6:30 p.m.

On Mon, Jan 20, 2020 at 10:00, Balázs Gibizer <balazs.gibizer@est.tech> wrote:

Hi,

Looking at the Barbican documentation I see that the secrets can be stored on disk (SimpleCrypto backend) or in a HW vendor specific HSM module. Is there a way to use a TPM 2.0 device as the backend of Barbican via something like [1]?

On the today's barbican IRC meeting I got my question answered. In short it is feasible but at the moment no barbican in-tree implementation exists. Also barbican would accept such contribution. Cheers, gibi [2] http://eavesdrop.openstack.org/meetings/barbican/2020/barbican.2020-01-28-13...

Cheers, gibi

[1] https://github.com/tpm2-software/tpm2-pkcs11

Reply

Sign in to reply online Use email software

1808

Age (days ago)

1816

Last active (days ago)

Download

1 comments

1 participants

tags

participants (1)

Balázs Gibizer