Software
TPM 2.0 software
- tpm2-tss
- TPM2-Tools
- PKCS11
- OpenSSL 1.x
- OpenSSL 3.x
- TPM2-TOTP
- ESAPI Rust Wrapper Docs
- tpm2-pytss
- TPM-JS
Software with direct TPM 2.0 support
- OpenConnect Docs
- (systemd-)cryptsetup/LUKS
- StrongSwan
- Clevis (Howto)
- LVFS / fwupd: Post1, Post2
- libsecret/gnome-keyring
Software with indirect TPM 2.0 support
- NGINX via OpenSSL tpm2-tss-egnine Demo
- SSH via tpm2-PKCS11 Demo
- GIT via SSH and tpm2-PKCS11 Demo
- OpenVPN 2.6.0 and later via OpenSSL 3.x and tpm2-openssl
- TODO (add links to demos): Firefox, Chromium, Thunderbird, Evolution, JDK-Keystore, wpa_supplicant, GNU-TLS (all via tpm2-pkcs11)
Ideas for adding TPM 2.0 support
- WireGuard
- Tinc
- NetworkManager/wpa_supplicant 802.1X
- KDE wallet
- GNU-TLS
- certbot (to create Certs with PKCS11 support)
- WebCrypto (Firefox, WebKit, Chromium, epiphany)
- WebAuthn (Firefox, WebKit, Chromium)
- OpenSSH HostKey ((non-)PKCS11), ClientKey ((non-)PKCS11)
- Wireshark TPM Cmd/Rsp/Buffer with TCTI-PCAP module or /dev/tpmrm0 sniffing (partial, TPM-Headers only yet)
- mbed-crypto / mbed-tls
- OpenJDK keystore
- Firefox/Thunderbird/Chromium/epiphany password managers: Epiphany via gnome-keyring ?
- systemd-journald signing
- systemd-networkd 802.1x
- empathy/telepathy jabber (via PKCS11?)
- GnuPG (also leads to git tag and release signing)
- Telegram desktop
Please feel free to also add notes to this list wrt means of integration, e.g. if a project could be enabled using tpm2-pkcs11 and p11-kit because it already provides a pkcs11 interfaces for authentication.