James Bottomley has a new blog post on TPM v2 and Linux:
See his pervious blog posts for more on TPM and Linux.
Blogging aside, James also posted a TPM2 patch to TouSerS to allow support for OpenSSL:
[TrouSerS-tech] [PATCH 0/1] TPM2 engine support for openssl
This is a completed version of the original RFC. It’s working now both on the TPM2 simulator and on real hardware (I’ve converted my laptop to TPM2). I’ve updated it to use the latest version of the ASN.1 for the key format (still using a TCG OID). I have it building here (it’s what I’m currently using for my laptop VPNs):
But note that this version also has experimental patches to activate the in-kernel TPM Resource Manager because for multiple applications TPM2 really doesn’t work well without one. Since the patch for the RM is currently not upstream (yet), it’s not going to work unless you have a patched kernel.