| 16 Jul 2021 |
|  Mic92 (Old) joined the room. | 16:35:19 |
| Mic92 (Old) | I kinda stopped using my yubikey as well | 16:35:34 |
| Mic92 (Old) | Is there an ssh-agent for tpm2? | 16:36:34 |
| Mic92 (Old) | Otherwise I am ready: https://www.lenovo.com/us/en/laptops/thinkpad/thinkpad-x/ThinkPad-X13-Intel-/p/20T2CTO1WWENUS0/customize | 16:36:48 |
 andi- | You can use the TPM as pkcs11 device | 16:36:49 |
| andi- | I've been doing that for a few days now | 16:36:59 |
| Mic92 (Old) | Does openssh supports pkcs11? | 16:37:29 |
| Mic92 (Old) | I rather prefer over gnupg codebase | 16:37:39 |
| Mic92 (Old) | * I rather prefer theirs over gnupg codebase | 16:37:48 |
| andi- | Yeah, you basically enable the tpm2 settings in the nixos options. Including the pkcs11 shim and then:
ssh-keygen -D /run/current-system/sw/lib/libtpm2_pkcs11.so
| 16:37:59 |
| Mic92 (Old) | Nice. | 16:38:10 |
| andi- | Yeah except that on current unstable you have to patch the tpm2-tss lib or rather remove our dlopen patch. | 16:38:37 |
