]>
Commit | Line | Data |
---|---|---|
e46a2b66 SB |
1 | =head1 NAME |
2 | ||
5311e60e | 3 | swtpm_setup.conf - Configuration file for swtpm_setup |
e46a2b66 SB |
4 | |
5 | =head1 DESCRIPTION | |
6 | ||
7 | The file I</etc/swtpm_setup.conf> contains configuration information for | |
4cd9390b | 8 | swtpm_setup. It must only contain |
2bc601bb | 9 | one configuration keyword per line, followed by an equals sign (=) and then |
e46a2b66 SB |
10 | followed by appropriate configuration information. A comment at the |
11 | end of the line may be introduced by a hash (#) sign. | |
12 | ||
4cd9390b SB |
13 | Users may write their own configuration into |
14 | I<${XDG_CONFIG_HOME}/swtpm_setup.conf> or if XDG_CONFIG_HOME | |
15 | is not set it may be in I<${HOME}/.config/swtpm_setup.conf>. | |
16 | ||
e46a2b66 SB |
17 | The following keywords are recognized: |
18 | ||
19 | =over 4 | |
20 | ||
21 | =item B<create_certs_tool> | |
22 | ||
2bc601bb | 23 | This keyword is to be followed by the name of an executable or executable |
e46a2b66 SB |
24 | script used for creating various TPM certificates. The tool will be |
25 | called with the following options | |
26 | ||
27 | =over 4 | |
28 | ||
29 | =item B<--type type> | |
30 | ||
31 | This parameter indicates the type of certificate to create. The type parameter may | |
32 | be one of the following: I<ek>, or I<platform> | |
33 | ||
34 | =item B<--dir dir> | |
35 | ||
36 | This parameter indicates the directory into which the certificate is to be stored. | |
37 | It is expected that the EK certificate is stored in this directory under the name | |
38 | ek.cert and the platform certificate under the name platform.cert. | |
39 | ||
40 | =item B<--ek ek> | |
41 | ||
42 | This parameter indicates the modulus of the public key of the endorsement key | |
43 | (EK). The public key is provided as a sequence of ASCII hex digits. | |
44 | ||
45 | =item B<--vmid ID> | |
46 | ||
47 | This parameter indicates the ID of the VM for which to create the certificate. | |
48 | ||
49 | =item B<--logfile <logfile>> | |
50 | ||
51 | The log file to log output to; by default logging goes to stdout and stderr | |
52 | on the console. | |
53 | ||
54 | =item B<--configfile <configuration file>> | |
55 | ||
56 | The configuration file to use. This file typically contains configuration | |
57 | information for the invoked program. If omitted, the program must use | |
58 | its default configuration file. | |
59 | ||
60 | =item B<--optsfile <options file>> | |
61 | ||
62 | The options file to use. This file typically contains options that the | |
63 | invoked program uses. If omitted, the program must use its default | |
64 | options file. | |
65 | ||
e2951df7 SB |
66 | =item B<--tpm-spec-family <family>>, B<--tpm-spec-level <level>>, B<--tpm-spec-revision <revision>> |
67 | ||
68 | These 3 options describe the TPM specification that was followed for | |
69 | the implementation of the TPM and will be part of the EK certificate. | |
70 | ||
15226ad9 SB |
71 | =item B<--tpm2> |
72 | ||
73 | This option is passed in case a TPM 2 compliant certificate needs to be | |
74 | created. | |
75 | ||
e46a2b66 SB |
76 | =back |
77 | ||
78 | =item B<create_certs_tool_config> | |
79 | ||
80 | This keyword is to be followed by the name of a configuration file | |
81 | that will be passed to the invoked program using the --configfile | |
82 | option described above. If omitted, the invoked program will use | |
83 | the default configuration file. | |
84 | ||
85 | =item B<create_certs_tool_options> | |
86 | ||
87 | This keyword is to be followed by the name of an options file | |
88 | that will be passed to the invoked program using the --optsfile | |
89 | option described above. If omitted, the invoked program will use | |
90 | the default options file. | |
91 | ||
92 | =back | |
93 | ||
94 | =head1 SEE ALSO | |
95 | ||
96 | B<swtpm_setup> | |
97 | ||
98 | =head1 REPORTING BUGS | |
99 | ||
100 | Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com> |