Using a hardware tpm with Azure (C SDK)

Question

Using a hardware tpm with Azure (C SDK)

Opened this issue 15 days ago · 0 comments

I have a technical question regarding TPM integration. Since the TPM interface (HSM_CLIENT_TPM_INTERFACE) has been deprecated as of around 2023.

OpenSSL 1.1.1 offered an engine interface. The main page under "TPM Individual Enrollment" states "We strongly recommend switching to DPS-X509 authentication using the tpm2tss OpenSSL Engine." However, this isn’t a viable solution, as engines have been deprecated.

While OpenSSL 3.0 provides a provider interface, it does not support TLS.

It’s unclear how to implement the HSM_CLIENT_X509_INTERFACE using a hardware TPM. Specifically, what should hsm_client_get_key() return in this case?

PKCS11 is an engine, so that will not work either.

What is the recommended way for the Azure C SDK to interact with a TPM?

Best regards,
Richard