Dear Luca On Tue, Apr 2, 2024 at 4:32 PM Luca Boccassi <bl...@debian.org> wrote:
> > Hi Zbigniew! > > > > On Tue, Apr 2, 2024 at 1:15 PM Zbigniew Jędrzejewski-Szmek < > > zbyszek(a)in.waw.pl> wrote: > > > > > > Thanks. In the period between the proposal was written and published the > > TPM2 provider has landed in Fedora. > > PKCS#11 provider is already here for a while. > > The fact that such packages are physically present is not enough - they > need to implement all the needed features, and they need to be mature > enough to just work out of the box. Neither of these are true today, and > providers just do not work for very simple use cases like signing a UKI > with a yubikey. At the very least a couple more years of development and > testing is needed before they are anywhere near ready to drop support for > engines, that actually do work out of the box. Not to mention third party > engines that are specific to internal/private build systems - if any such > system runs Fedora as the build host, they'd have to migrate to > Debian/Ubuntu to keep working. > The TPM2 package is suitable for all required operations, AFAIK. I'm also sure about the PKCS11 provider which I follow close enough. Please raise detailed issues if you have something particular. I remember that you mentioned a particular issue about PKCS#11, could you please try the current version? My colleagues working on PKCS#11 are not aware of any Yubikey issues, BTW. Third-party engines may be a problem but as we don't break ABI, it's not a problem of the moment. -- Dmitry Belyavskiy
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
