]>
Commit | Line | Data |
---|---|---|
e46a2b66 SB |
1 | =head1 NAME |
2 | ||
3 | swtpm_setup | |
4 | ||
5 | =head1 SYNOPSIS | |
6 | ||
7 | B<swtpm_setup [OPTIONS]> | |
8 | ||
9 | =head1 DESCRIPTION | |
10 | ||
11 | B<swtpm_setup> is a tool that prepares the intial state for a libtpms-based | |
12 | TPM. | |
13 | ||
14 | The following options are supported: | |
15 | ||
16 | =over 4 | |
17 | ||
18 | =item B<--runas <userid>> | |
19 | ||
20 | Use this userid to run swtpm_setup.sh; by default 'tss' is used. | |
21 | ||
22 | =item B<--config <file>> | |
23 | ||
24 | Path to configuration file containing the tool to use for creating | |
25 | certificates; see also B<swtpm_setup.conf> | |
26 | ||
27 | =item B<--tpm-state <dir>> | |
28 | ||
29 | Path to a directory where the TPM's state will be written into; | |
30 | this is a mandatory argument | |
31 | ||
5007f2d0 | 32 | =item B<--tpm <path to executable>> |
e46a2b66 SB |
33 | |
34 | Path to the TPM executable; this is an optional argument and | |
5007f2d0 | 35 | by default the swtpm executable found in the PATH will be used. |
e46a2b66 SB |
36 | |
37 | =item B<--createek> | |
38 | ||
39 | Create the EK | |
40 | ||
41 | =item B<--take-ownership> | |
42 | ||
43 | Take ownership; this option implies --createek | |
44 | ||
45 | =item B<--ownerpass <password>> | |
46 | ||
47 | Provide custom owner password; default is ooo | |
48 | ||
49 | =item B<--owner-well-known> | |
50 | ||
51 | Use a password of all zeros (20 bytes of zeros) as the owner password | |
52 | ||
53 | =item B<--srkpass <password>> | |
54 | ||
55 | Provide custom SRK password; default is sss | |
56 | ||
57 | =item B<--srk-well-known> | |
58 | ||
59 | Use a password of all zeros (20 bytes of zeros) as the SRK password | |
60 | ||
61 | =item B<--create-ek-cert> | |
62 | ||
63 | Create an EK certificate; this implies --createek | |
64 | (NOT SUPPORTED YET) | |
65 | ||
66 | =item B<--create-platform-cert> | |
67 | ||
68 | Create a platform certificate; this implies --create-ek-cert | |
69 | ||
70 | =item B<--lock-nvram> | |
71 | ||
72 | Lock NVRAM access | |
73 | ||
74 | =item B<--display> | |
75 | ||
76 | At the end display as much info as possible about the configuration | |
77 | of the TPM | |
78 | ||
79 | =item B<--logfile <logfile>> | |
80 | ||
81 | The logfile to log to. By default logging goes to stdout and stderr. | |
82 | ||
83 | =item B<--keyfile <keyfile>> | |
84 | ||
85 | The key file contains an ASCII hex key consisting of 32 hex digits with an | |
86 | optional leading '0x'. This is the key to be used by the TPM emulator | |
87 | for encrypting the state of the TPM. | |
88 | ||
89 | =item B<--pwdfile <passphrase file>> | |
90 | ||
91 | The passpharse file contains a passphrase from which the TPM emulator | |
92 | will derive the encyrption key from and use the key for encrypting the TPM | |
93 | state. | |
94 | ||
95 | =item B<--help, -h> | |
96 | ||
97 | Display the help screen | |
98 | ||
99 | =back | |
100 | ||
101 | =head1 SEE ALSO | |
102 | ||
103 | B<swtpm_setup.conf> | |
104 | ||
105 | =head1 REPORTING BUGS | |
106 | ||
107 | Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com> |