1swtpm_setup.conf(8) swtpm_setup.conf(8)
2
3
4
6 swtpm_setup.conf - Configuration file for swtpm_setup
7
9 The file /etc/swtpm_setup.conf contains configuration information for
10 swtpm_setup. It must only contain one configuration keyword per line,
11 followed by an equals sign (=) and then followed by appropriate
12 configuration information. A comment at the end of the line may be
13 introduced by a hash (#) sign.
14
15 Users may write their own configuration into
16 ${XDG_CONFIG_HOME}/swtpm_setup.conf or if XDG_CONFIG_HOME is not set it
17 may be in ${HOME}/.config/swtpm_setup.conf.
18
19 The following keywords are recognized:
20
21 create_certs_tool
22 This keyword is to be followed by the name of an executable or
23 executable script used for creating various TPM certificates. The
24 tool will be called with the following options
25
26 --type type
27 This parameter indicates the type of certificate to create. The
28 type parameter may be one of the following: ek, or platform
29
30 --dir dir
31 This parameter indicates the directory into which the
32 certificate is to be stored. It is expected that the EK
33 certificate is stored in this directory under the name ek.cert
34 and the platform certificate under the name platform.cert.
35
36 --ek ek
37 This parameter indicates the modulus of the public key of the
38 endorsement key (EK). The public key is provided as a sequence
39 of ASCII hex digits.
40
41 --vmid ID
42 This parameter indicates the ID of the VM for which to create
43 the certificate.
44
45 --logfile <logfile>
46 The log file to log output to; by default logging goes to
47 stdout and stderr on the console.
48
49 --configfile <configuration file>
50 The configuration file to use. This file typically contains
51 configuration information for the invoked program. If omitted,
52 the program must use its default configuration file.
53
54 --optsfile <options file>
55 The options file to use. This file typically contains options
56 that the invoked program uses. If omitted, the program must use
57 its default options file.
58
59 --tpm-spec-family <family>, --tpm-spec-level <level>,
60 --tpm-spec-revision <revision>
61 These 3 options describe the TPM specification that was
62 followed for the implementation of the TPM and will be part of
63 the EK certificate.
64
65 --tpm2
66 This option is passed in case a TPM 2 compliant certificate
67 needs to be created.
68
69 create_certs_tool_config
70 This keyword is to be followed by the name of a configuration file
71 that will be passed to the invoked program using the --configfile
72 option described above. If omitted, the invoked program will use
73 the default configuration file.
74
75 create_certs_tool_options
76 This keyword is to be followed by the name of an options file that
77 will be passed to the invoked program using the --optsfile option
78 described above. If omitted, the invoked program will use the
79 default options file.
80
81 active_pcr_banks (since v0.7)
82 This keyword is to be followed by a comma-separated list of names
83 of PCR banks. The list must not contain any spaces. Valid PCR bank
84 names are sha1, sha256, sha384, and sha512.
85
87 swtpm_setup
88
90 Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>
91
92
93
94swtpm 2022-07-23 swtpm_setup.conf(8)