On Mon, Jul 08, 2019 at 06:46:12PM +0200, Daniel Kobras wrote:
Hi all! Using either GnuTLS or one of the TPM2 engines for OpenSSL, it's possible to use keyfiles that are encrypted with a wrapping key from a TPM2 device. Implementations have started to use special PEM headers for these files. If openconnect it can automatically invoke the necessary magic to unwrap the key without any user interaction. A similar patch for wpa_supplicant can be found at http://lists.infradead.org/pipermail/hostap/2019-July/040318.html. Alas, these PEM files currently fail NM's header validation. The attached patch just accepts these keys in NM, assuming further support is present in the backend tools.
Applied, thanks! Beniamino
Attachment:
signature.asc
Description: PGP signature