projects / swtpm.git / blame
| Commit | Line | Data |
|---|---|---|
| e46a2b66 SB |
1 | =head1 NAME |
| 2 | ||
| 3 | swtpm_setup | |
| 4 | ||
| 5 | =head1 SYNOPSIS | |
| 6 | ||
| 7 | B<swtpm_setup [OPTIONS]> | |
| 8 | ||
| 9 | =head1 DESCRIPTION | |
| 10 | ||
| 11 | B<swtpm_setup> is a tool that prepares the intial state for a libtpms-based | |
| 12 | TPM. | |
| 13 | ||
| 14 | The following options are supported: | |
| 15 | ||
| 16 | =over 4 | |
| 17 | ||
| 18 | =item B<--runas <userid>> | |
| 19 | ||
| 20 | Use this userid to run swtpm_setup.sh; by default 'tss' is used. | |
| 21 | ||
| 22 | =item B<--config <file>> | |
| 23 | ||
| 24 | Path to configuration file containing the tool to use for creating | |
| 25 | certificates; see also B<swtpm_setup.conf> | |
| 26 | ||
| 27 | =item B<--tpm-state <dir>> | |
| 28 | ||
| 29 | Path to a directory where the TPM's state will be written into; | |
| 30 | this is a mandatory argument | |
| 31 | ||
| 5007f2d0 | 32 | =item B<--tpm <path to executable>> |
| e46a2b66 SB |
33 | |
| 34 | Path to the TPM executable; this is an optional argument and | |
| 5007f2d0 | 35 | by default the swtpm executable found in the PATH will be used. |
| e46a2b66 SB |
36 | |
| 37 | =item B<--createek> | |
| 38 | ||
| 39 | Create the EK | |
| 40 | ||
| 41 | =item B<--take-ownership> | |
| 42 | ||
| 43 | Take ownership; this option implies --createek | |
| 44 | ||
| 45 | =item B<--ownerpass <password>> | |
| 46 | ||
| 47 | Provide custom owner password; default is ooo | |
| 48 | ||
| 49 | =item B<--owner-well-known> | |
| 50 | ||
| 51 | Use a password of all zeros (20 bytes of zeros) as the owner password | |
| 52 | ||
| 53 | =item B<--srkpass <password>> | |
| 54 | ||
| 55 | Provide custom SRK password; default is sss | |
| 56 | ||
| 57 | =item B<--srk-well-known> | |
| 58 | ||
| 59 | Use a password of all zeros (20 bytes of zeros) as the SRK password | |
| 60 | ||
| 61 | =item B<--create-ek-cert> | |
| 62 | ||
| 63 | Create an EK certificate; this implies --createek | |
| 64 | (NOT SUPPORTED YET) | |
| 65 | ||
| 66 | =item B<--create-platform-cert> | |
| 67 | ||
| 68 | Create a platform certificate; this implies --create-ek-cert | |
| 69 | ||
| 70 | =item B<--lock-nvram> | |
| 71 | ||
| 72 | Lock NVRAM access | |
| 73 | ||
| 74 | =item B<--display> | |
| 75 | ||
| 76 | At the end display as much info as possible about the configuration | |
| 77 | of the TPM | |
| 78 | ||
| 79 | =item B<--logfile <logfile>> | |
| 80 | ||
| 81 | The logfile to log to. By default logging goes to stdout and stderr. | |
| 82 | ||
| 83 | =item B<--keyfile <keyfile>> | |
| 84 | ||
| 85 | The key file contains an ASCII hex key consisting of 32 hex digits with an | |
| 86 | optional leading '0x'. This is the key to be used by the TPM emulator | |
| 87 | for encrypting the state of the TPM. | |
| 88 | ||
| 89 | =item B<--pwdfile <passphrase file>> | |
| 90 | ||
| 91 | The passpharse file contains a passphrase from which the TPM emulator | |
| 92 | will derive the encyrption key from and use the key for encrypting the TPM | |
| 93 | state. | |
| 94 | ||
| 95 | =item B<--help, -h> | |
| 96 | ||
| 97 | Display the help screen | |
| 98 | ||
| 99 | =back | |
| 100 | ||
| 101 | =head1 SEE ALSO | |
| 102 | ||
| 103 | B<swtpm_setup.conf> | |
| 104 | ||
| 105 | =head1 REPORTING BUGS | |
| 106 | ||
| 107 | Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com> |