I'm working on a project where the board has a TPM2 device, and the idea is to put a key info in that and retrieve it to load a certificate. I'm learning as I go, have to use .NET 8 runtimes, and have been searching up and down the Internet for information.
In .NET 8, there's this routine that looks like it will do exactly what I want on Linux:
SafeEvpPKeyHandle.OpenPrivateKeyFromEngine
And there's a question on StackOverflow that seems to hint at the exact solution I need.
How to use X.509 certificate generated on TPM for Azure DPS on Linux and C#
But it talks of an "openssl engine" that's called "tpm2tss", and I don't know how to get this installed/running. I tried getting the various tpm2-tss and tpm2-tss-engine packages (which is difficult because the device I'm using has been "restricted" in what it can do - like apt/apt-get don't work, but snap does, and I can download .deb packages and install them).
If anyone has some guidance on what's involved to get a tpm2tss OpenSSL engine available, I would really appreciate it. Thanks.