projects / swtpm.git / blame
| Commit | Line | Data |
|---|---|---|
| e46a2b66 SB |
1 | =head1 NAME |
| 2 | ||
| 5311e60e | 3 | swtpm_setup.conf - Configuration file for swtpm_setup |
| e46a2b66 SB |
4 | |
| 5 | =head1 DESCRIPTION | |
| 6 | ||
| 7 | The file I</etc/swtpm_setup.conf> contains configuration information for | |
| 8 | the swtpm_setup and swtpm_setup.sh programs. It must only contain | |
| 2bc601bb | 9 | one configuration keyword per line, followed by an equals sign (=) and then |
| e46a2b66 SB |
10 | followed by appropriate configuration information. A comment at the |
| 11 | end of the line may be introduced by a hash (#) sign. | |
| 12 | ||
| 13 | The following keywords are recognized: | |
| 14 | ||
| 15 | =over 4 | |
| 16 | ||
| 17 | =item B<create_certs_tool> | |
| 18 | ||
| 2bc601bb | 19 | This keyword is to be followed by the name of an executable or executable |
| e46a2b66 SB |
20 | script used for creating various TPM certificates. The tool will be |
| 21 | called with the following options | |
| 22 | ||
| 23 | =over 4 | |
| 24 | ||
| 25 | =item B<--type type> | |
| 26 | ||
| 27 | This parameter indicates the type of certificate to create. The type parameter may | |
| 28 | be one of the following: I<ek>, or I<platform> | |
| 29 | ||
| 30 | =item B<--dir dir> | |
| 31 | ||
| 32 | This parameter indicates the directory into which the certificate is to be stored. | |
| 33 | It is expected that the EK certificate is stored in this directory under the name | |
| 34 | ek.cert and the platform certificate under the name platform.cert. | |
| 35 | ||
| 36 | =item B<--ek ek> | |
| 37 | ||
| 38 | This parameter indicates the modulus of the public key of the endorsement key | |
| 39 | (EK). The public key is provided as a sequence of ASCII hex digits. | |
| 40 | ||
| 41 | =item B<--vmid ID> | |
| 42 | ||
| 43 | This parameter indicates the ID of the VM for which to create the certificate. | |
| 44 | ||
| 45 | =item B<--logfile <logfile>> | |
| 46 | ||
| 47 | The log file to log output to; by default logging goes to stdout and stderr | |
| 48 | on the console. | |
| 49 | ||
| 50 | =item B<--configfile <configuration file>> | |
| 51 | ||
| 52 | The configuration file to use. This file typically contains configuration | |
| 53 | information for the invoked program. If omitted, the program must use | |
| 54 | its default configuration file. | |
| 55 | ||
| 56 | =item B<--optsfile <options file>> | |
| 57 | ||
| 58 | The options file to use. This file typically contains options that the | |
| 59 | invoked program uses. If omitted, the program must use its default | |
| 60 | options file. | |
| 61 | ||
| e2951df7 SB |
62 | =item B<--tpm-spec-family <family>>, B<--tpm-spec-level <level>>, B<--tpm-spec-revision <revision>> |
| 63 | ||
| 64 | These 3 options describe the TPM specification that was followed for | |
| 65 | the implementation of the TPM and will be part of the EK certificate. | |
| 66 | ||
| 15226ad9 SB |
67 | =item B<--tpm2> |
| 68 | ||
| 69 | This option is passed in case a TPM 2 compliant certificate needs to be | |
| 70 | created. | |
| 71 | ||
| e46a2b66 SB |
72 | =back |
| 73 | ||
| 74 | =item B<create_certs_tool_config> | |
| 75 | ||
| 76 | This keyword is to be followed by the name of a configuration file | |
| 77 | that will be passed to the invoked program using the --configfile | |
| 78 | option described above. If omitted, the invoked program will use | |
| 79 | the default configuration file. | |
| 80 | ||
| 81 | =item B<create_certs_tool_options> | |
| 82 | ||
| 83 | This keyword is to be followed by the name of an options file | |
| 84 | that will be passed to the invoked program using the --optsfile | |
| 85 | option described above. If omitted, the invoked program will use | |
| 86 | the default options file. | |
| 87 | ||
| 88 | =back | |
| 89 | ||
| 90 | =head1 SEE ALSO | |
| 91 | ||
| 92 | B<swtpm_setup> | |
| 93 | ||
| 94 | =head1 REPORTING BUGS | |
| 95 | ||
| 96 | Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com> |