You obviously don't work for Google.
Yes, you either generate the key on the TPM chip (for SSH authentication, that would be one per user), or you generate it in software and "import" it. I've clarified how it works here:…
GnuTLS can't be a PKCS#11 provider, so no.
> Neat, if you disregard the (justified? unjustified?) widespread suspicion of TPMs. Most of the TPM fears are about its secure booting features, about locking in a machine to a certain OS or DRM code. This isn't using…
You obviously don't work for Google.
Yes, you either generate the key on the TPM chip (for SSH authentication, that would be one per user), or you generate it in software and "import" it. I've clarified how it works here:…
GnuTLS can't be a PKCS#11 provider, so no.
> Neat, if you disregard the (justified? unjustified?) widespread suspicion of TPMs. Most of the TPM fears are about its secure booting features, about locking in a machine to a certain OS or DRM code. This isn't using…