GitLab

TPMv2.0 is a completely different beast to TPM 1.2, and needs to be added on top of TPM 1.2 because the TPMv1.2 hardware is still in common use.

The TPMv2.0 model still doesn't lend itself well to being exposed via PKCS#11 completely, just as TPMv1.2 didn't. There is a different format for the PEM storage of wrapped keys, and there are different fields to be included in a TPMv2.0-capable update to the TPM URI draft, but I think it still makes sense to support them in the same way we do TPMv1.2.

We should

• extend the current code to TPM 2.0,
• add support for transparent loading of TPM2 wrapped keys (PEM-formatted) by gnutls_privkey_import_x509_raw and possibly gnutls_x509_privkey_import.