swtpm_setup: Write active_pcr_banks into swtpm_setup.conf

Write the active_pcr_banks into swtpm_setup.conf with the default
PCR banks from the configure script.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

diff --git a/samples/swtpm_setup.conf.in b/samples/swtpm_setup.conf.in
index 4256308ce024bdf5099070276f2211b1de59a5db..3ae77e41929286f607e7902d49f6eec5dc7696b0 100644 (file)
--- a/samples/swtpm_setup.conf.in
+++ b/samples/swtpm_setup.conf.in
@@ -2,3 +2,5 @@
 create_certs_tool= @BINDIR@/swtpm_localca
 create_certs_tool_config = @SYSCONFDIR@/swtpm-localca.conf
 create_certs_tool_options = @SYSCONFDIR@/swtpm-localca.options
+# Comma-separated list (no spaces) of PCR banks to activate by default
+active_pcr_banks = @DEFAULT_PCR_BANKS@

diff --git a/src/swtpm_setup/swtpm_setup_utils.c b/src/swtpm_setup/swtpm_setup_utils.c
index b343e1627900f6a84ae55ac949ef2446705eecad..19be02938c7e8f8a2e0f2224d2405e60bb40ecfc 100644 (file)
--- a/src/swtpm_setup/swtpm_setup_utils.c
+++ b/src/swtpm_setup/swtpm_setup_utils.c
@@ -134,10 +134,13 @@ int create_config_files(gboolean overwrite, gboolean root_flag,
     filedata[SWTPM_SETUP_CONF] = g_strdup_printf(
         "create_certs_tool = %s\n"
         "create_certs_tool_config = %s\n"
-        "create_certs_tool_options = %s\n",
+        "create_certs_tool_options = %s\n"
+        "# Comma-separated list (no spaces) of PCR banks to activate by default\n"
+        "active_pcr_banks = %s\n",
         create_certs_tool,
         configfiles[SWTPM_LOCALCA_CONF],
-        configfiles[SWTPM_LOCALCA_OPTIONS]
+        configfiles[SWTPM_LOCALCA_OPTIONS],
+        DEFAULT_PCR_BANKS
     );
 
     /* swtpm-localca.conf */