]>
Commit | Line | Data |
---|---|---|
e46a2b66 SB |
1 | =head1 NAME |
2 | ||
5311e60e | 3 | swtpm_setup.conf - Configuration file for swtpm_setup |
e46a2b66 SB |
4 | |
5 | =head1 DESCRIPTION | |
6 | ||
7 | The file I</etc/swtpm_setup.conf> contains configuration information for | |
8 | the swtpm_setup and swtpm_setup.sh programs. It must only contain | |
2bc601bb | 9 | one configuration keyword per line, followed by an equals sign (=) and then |
e46a2b66 SB |
10 | followed by appropriate configuration information. A comment at the |
11 | end of the line may be introduced by a hash (#) sign. | |
12 | ||
13 | The following keywords are recognized: | |
14 | ||
15 | =over 4 | |
16 | ||
17 | =item B<create_certs_tool> | |
18 | ||
2bc601bb | 19 | This keyword is to be followed by the name of an executable or executable |
e46a2b66 SB |
20 | script used for creating various TPM certificates. The tool will be |
21 | called with the following options | |
22 | ||
23 | =over 4 | |
24 | ||
25 | =item B<--type type> | |
26 | ||
27 | This parameter indicates the type of certificate to create. The type parameter may | |
28 | be one of the following: I<ek>, or I<platform> | |
29 | ||
30 | =item B<--dir dir> | |
31 | ||
32 | This parameter indicates the directory into which the certificate is to be stored. | |
33 | It is expected that the EK certificate is stored in this directory under the name | |
34 | ek.cert and the platform certificate under the name platform.cert. | |
35 | ||
36 | =item B<--ek ek> | |
37 | ||
38 | This parameter indicates the modulus of the public key of the endorsement key | |
39 | (EK). The public key is provided as a sequence of ASCII hex digits. | |
40 | ||
41 | =item B<--vmid ID> | |
42 | ||
43 | This parameter indicates the ID of the VM for which to create the certificate. | |
44 | ||
45 | =item B<--logfile <logfile>> | |
46 | ||
47 | The log file to log output to; by default logging goes to stdout and stderr | |
48 | on the console. | |
49 | ||
50 | =item B<--configfile <configuration file>> | |
51 | ||
52 | The configuration file to use. This file typically contains configuration | |
53 | information for the invoked program. If omitted, the program must use | |
54 | its default configuration file. | |
55 | ||
56 | =item B<--optsfile <options file>> | |
57 | ||
58 | The options file to use. This file typically contains options that the | |
59 | invoked program uses. If omitted, the program must use its default | |
60 | options file. | |
61 | ||
e2951df7 SB |
62 | =item B<--tpm-spec-family <family>>, B<--tpm-spec-level <level>>, B<--tpm-spec-revision <revision>> |
63 | ||
64 | These 3 options describe the TPM specification that was followed for | |
65 | the implementation of the TPM and will be part of the EK certificate. | |
66 | ||
15226ad9 SB |
67 | =item B<--tpm2> |
68 | ||
69 | This option is passed in case a TPM 2 compliant certificate needs to be | |
70 | created. | |
71 | ||
e46a2b66 SB |
72 | =back |
73 | ||
74 | =item B<create_certs_tool_config> | |
75 | ||
76 | This keyword is to be followed by the name of a configuration file | |
77 | that will be passed to the invoked program using the --configfile | |
78 | option described above. If omitted, the invoked program will use | |
79 | the default configuration file. | |
80 | ||
81 | =item B<create_certs_tool_options> | |
82 | ||
83 | This keyword is to be followed by the name of an options file | |
84 | that will be passed to the invoked program using the --optsfile | |
85 | option described above. If omitted, the invoked program will use | |
86 | the default options file. | |
87 | ||
88 | =back | |
89 | ||
90 | =head1 SEE ALSO | |
91 | ||
92 | B<swtpm_setup> | |
93 | ||
94 | =head1 REPORTING BUGS | |
95 | ||
96 | Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com> |