man/man8/swtpm_setup.pod

   1 =head1 NAME
   2
   3 swtpm_setup
   4
   5 =head1 SYNOPSIS
   6
   7 B<swtpm_setup [OPTIONS]>
   8
   9 =head1 DESCRIPTION
  10
  11 B<swtpm_setup> is a tool that prepares the intial state for a libtpms-based
  12 TPM.
  13
  14 The following options are supported:
  15
  16 =over 4
  17
  18 =item B<--runas <userid>>
  19
  20 Use this userid to run swtpm_setup.sh; by default 'tss' is used.
  21
  22 =item B<--config <file>>
  23
  24 Path to configuration file containing the tool to use for creating
  25 certificates; see also B<swtpm_setup.conf>
  26
  27 =item B<--tpm-state <dir>>
  28
  29 Path to a directory where the TPM's state will be written into;
  30 this is a mandatory argument
  31
  32 =item B<--tpm-executable>
  33
  34 Path to the TPM executable; this is an optional argument and
  35 by default /usr/bin/swtpm is used
  36
  37 =item B<--createek>
  38
  39 Create the EK
  40
  41 =item B<--take-ownership>
  42
  43 Take ownership; this option implies --createek
  44
  45 =item B<--ownerpass  <password>>
  46
  47 Provide custom owner password; default is ooo
  48
  49 =item B<--owner-well-known>
  50
  51 Use a password of all zeros (20 bytes of zeros) as the owner password
  52
  53 =item B<--srkpass <password>>
  54
  55 Provide custom SRK password; default is sss
  56
  57 =item B<--srk-well-known>
  58
  59 Use a password of all zeros (20 bytes of zeros) as the SRK password
  60
  61 =item B<--create-ek-cert>
  62
  63 Create an EK certificate; this implies --createek
  64 (NOT SUPPORTED YET)
  65
  66 =item B<--create-platform-cert>
  67
  68 Create a platform certificate; this implies --create-ek-cert
  69
  70 =item B<--lock-nvram>
  71
  72 Lock NVRAM access
  73
  74 =item B<--display>
  75
  76 At the end display as much info as possible about the configuration
  77 of the TPM
  78
  79 =item B<--logfile <logfile>>
  80
  81 The logfile to log to. By default logging goes to stdout and stderr.
  82
  83 =item B<--keyfile <keyfile>>
  84
  85 The key file contains an ASCII hex key consisting of 32 hex digits with an
  86 optional leading '0x'. This is the key to be used by the TPM emulator
  87 for encrypting the state of the TPM.
  88
  89 =item B<--pwdfile <passphrase file>>
  90
  91 The passpharse file contains a passphrase from which the TPM emulator
  92 will derive the encyrption key from and use the key for encrypting the TPM
  93 state.
  94
  95 =item B<--help, -h>
  96
  97 Display the help screen
  98
  99 =back
 100
 101 =head1 SEE ALSO
 102
 103 B<swtpm_setup.conf>
 104
 105 =head1 REPORTING BUGS
 106
 107 Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>