swtpm_setup.conf(5) swtpm_setup.conf(5)
NAME
swtpm_setup.conf - Configuration file for swtpm_setup
DESCRIPTION
The file /etc/swtpm_setup.conf contains configuration information for
swtpm_setup. It must only contain one configuration keyword per line,
followed by an equals sign (=) and then followed by appropriate
configuration information. A comment at the end of the line may be
introduced by a hash (#) sign.
Users may write their own configuration into
${XDG_CONFIG_HOME}/swtpm_setup.conf or if XDG_CONFIG_HOME is not set it
may be in ${HOME}/.config/swtpm_setup.conf.
The following keywords are recognized:
create_certs_tool
This keyword is to be followed by the name of an executable or
executable script used for creating various TPM certificates. The
tool will be called with the following options
--type type
This parameter indicates the type of certificate to create. The
type parameter may be one of the following: ek, or platform
--dir dir
This parameter indicates the directory into which the
certificate is to be stored. It is expected that the EK
certificate is stored in this directory under the name ek.cert
and the platform certificate under the name platform.cert.
--ek ek
This parameter indicates the modulus of the public key of the
endorsement key (EK). The public key is provided as a sequence
of ASCII hex digits.
--vmid ID
This parameter indicates the ID of the VM for which to create
the certificate.
--logfile <logfile>
The log file to log output to; by default logging goes to
stdout and stderr on the console.
--configfile <configuration file>
The configuration file to use. This file typically contains
configuration information for the invoked program. If omitted,
the program must use its default configuration file.
--optsfile <options file>
The options file to use. This file typically contains options
that the invoked program uses. If omitted, the program must use
its default options file.
--tpm-spec-family <family>, --tpm-spec-level <level>,
--tpm-spec-revision <revision>
These 3 options describe the TPM specification that was
followed for the implementation of the TPM and will be part of
the EK certificate.
--tpm2
This option is passed in case a TPM 2 compliant certificate
needs to be created.
create_certs_tool_config
This keyword is to be followed by the name of a configuration file
that will be passed to the invoked program using the --configfile
option described above. If omitted, the invoked program will use
the default configuration file.
create_certs_tool_options
This keyword is to be followed by the name of an options file that
will be passed to the invoked program using the --optsfile option
described above. If omitted, the invoked program will use the
default options file.
active_pcr_banks (since v0.7)
This keyword is to be followed by a comma-separated list of names
of PCR banks. The list must not contain any spaces. Valid PCR bank
names are sha1, sha256, sha384, and sha512.
SEE ALSO
swtpm_setup
REPORTING BUGS
Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>
swtpm 2023-05-18 swtpm_setup.conf(5)
Generated by dwww version 1.15 on Sat Jun 29 02:00:46 CEST 2024.