*The actual hardware interaction.* - [ ] **Dynamic TPM Loader:** Implement a singleton wrapper to `dlopen` `libtss2-esys.so.0` using `RTLD_LAZY | RTLD_LOCAL`. - [ ] **ESYS Pipeline:** Implement `TpmEngine` for sealing and unsealing using NIST P-256 for the Primary Root Key (or persisting the SRK for faster logins). - [ ] **Server-Side Biometric Gating:** Integrate the unseal operation atomically into the successful `AUTH_REQUEST` response for privileged clients (`uid == 0`).
The actual hardware interaction.
dlopenlibtss2-esys.so.0usingRTLD_LAZY | RTLD_LOCAL.TpmEnginefor sealing and unsealing using NIST P-256 for the Primary Root Key (or persisting the SRK for faster logins).AUTH_REQUESTresponse for privileged clients (uid == 0).