Will definitively take a look at it once the tpm2-pkcs11 approach works!
Are you talking about this commit in master branch of wpa_supplicant?
The reason why we moved forward with the pkcs11 approach is mostly because it has the PKCS
standard in the package name, (..."The PKCS #11 standard defines a
platform-independent API to cryptographic tokens, such as hardware security modules (HSM)
and smart cards"..).
Our assumption is that, if we make the PKCS#11 module work for wpa_supplicant, we will
also enable any software that wants to use the TPM by just using the PKCS#11 standard,
which is much more easier than implementing specific logic to talk with the TPM in
specific platforms (standards are good
Additionally, to have this widely available, we need to make this packages available in
the target distros (Fedora and Ubuntu for now).
There is a tpm2-pkcs11 package available in Fedora as today:
I just found that there is a tpm2-pk11 package in Ubuntu as well, that also uses tpm2-tss
As regards the tpm2-tss-engine, there is no package for Ubuntu. There is an rpm for Fedora
being assembled here https://bugzilla.redhat.com/show_bug.cgi?id=1773855
So I hope that all this exercise makes the process more stable for everybody!