Arch Linux

tpm2-tss seems to be only required to run tpm2-tests: https://gitlab.com/gnutls/gnutls/-/merge_requests/1498/diffs

Adding tpm2-tss at build time won't enable tpm2 support. I guess this would require to also add trousers (currently in AUR).

checking for P11_KIT... yes
checking for TSS2... yes
checking for tss library... no
configure: WARNING:
***
*** trousers was not found. TPM support will be disabled.

I don't have any intention to add another security related dependency to core here unless we have a strong need for this. Leaving tpm headers, manpage and doc is no bug to me.

Sorry for misunderstanding which dependency is needed. I've also discovered that tpmtool only supports TPM 1.2, which greatly limits its usefulness. Nevertheless, I have made a tpmtool AUR package for the benefit of any other Arch users who go looking for it.

TPM 1.2 and TPM 2.0 support are provided by two different libraries that can be enabled independently from each other:

TPM 1.2 (accessed through the "trousers" stack) is unmaintained legacy hard- and software, so I would be hesitant to bring it into the official repositories. tpmtool only supports TPM 1.2, so it is not useful unless you have a legacy TPM 1.2 device. The equivalent of tpmtool for TPM 2.0 devices is tpm2tss-genkey from the tpm2-tss-engine package.

Regarding TPM 2.0 support, you can see that it is already enabled "by accident" in gnutls from the above configure output: "checking for TSS2... yes" (as well as "TPM2 support: yes" further down) indicates that tpm2-tss was found in the build environment because it is a transitive dependency of the base-devel group. I therefore suggest enabling it "properly" by adding it explicitly to make- and optdepends (gnutls uses dlopen() to load the library on request, so no need for a hard dependency) and by adding the necessary checkdepends for the tpm2.sh test. The necessary changes to the PKGBUILD for this are attached to my comment.