.\" -*- mode: troff; coding: utf-8 -*-
.\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
.ie n \{\
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "swtpm_setup.conf 5"
.TH swtpm_setup.conf 5 2024-02-10 swtpm ""
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH NAME
swtpm_setup.conf \- Configuration file for swtpm_setup
.SH DESCRIPTION
.IX Header "DESCRIPTION"
The file \fI/etc/swtpm_setup.conf\fR contains configuration information for
swtpm_setup. It must only contain
one configuration keyword per line, followed by an equals sign (=) and then
followed by appropriate configuration information. A comment at the
end of the line may be introduced by a hash (#) sign.
.PP
Users may write their own configuration into
\&\fI${XDG_CONFIG_HOME}/swtpm_setup.conf\fR or if XDG_CONFIG_HOME
is not set it may be in \fI${HOME}/.config/swtpm_setup.conf\fR.
.PP
The following keywords are recognized:
.IP \fBcreate_certs_tool\fR 4
.IX Item "create_certs_tool"
This keyword is to be followed by the name of an executable or executable
script used for creating various TPM certificates. The tool will be
called with the following options
.RS 4
.IP "\fB\-\-type type\fR" 4
.IX Item "--type type"
This parameter indicates the type of certificate to create. The type parameter may
be one of the following: \fIek\fR, or \fIplatform\fR
.IP "\fB\-\-dir dir\fR" 4
.IX Item "--dir dir"
This parameter indicates the directory into which the certificate is to be stored.
It is expected that the EK certificate is stored in this directory under the name
ek.cert and the platform certificate under the name platform.cert.
.IP "\fB\-\-ek ek\fR" 4
.IX Item "--ek ek"
This parameter indicates the modulus of the public key of the endorsement key
(EK). The public key is provided as a sequence of ASCII hex digits.
.IP "\fB\-\-vmid ID\fR" 4
.IX Item "--vmid ID"
This parameter indicates the ID of the VM for which to create the certificate.
.IP "\fB\-\-logfile <logfile\fR>" 4
.IX Item "--logfile <logfile>"
The log file to log output to; by default logging goes to stdout and stderr
on the console.
.IP "\fB\-\-configfile <configuration file\fR>" 4
.IX Item "--configfile <configuration file>"
The configuration file to use. This file typically contains configuration
information for the invoked program. If omitted, the program must use
its default configuration file.
.IP "\fB\-\-optsfile <options file\fR>" 4
.IX Item "--optsfile <options file>"
The options file to use. This file typically contains options that the
invoked program uses. If omitted, the program must use its default
options file.
.IP "\fB\-\-tpm\-spec\-family <family\fR>, \fB\-\-tpm\-spec\-level <level\fR>, \fB\-\-tpm\-spec\-revision <revision\fR>" 4
.IX Item "--tpm-spec-family <family>, --tpm-spec-level <level>, --tpm-spec-revision <revision>"
These 3 options describe the TPM specification that was followed for
the implementation of the TPM and will be part of the EK certificate.
.IP \fB\-\-tpm2\fR 4
.IX Item "--tpm2"
This option is passed in case a TPM 2 compliant certificate needs to be
created.
.RE
.RS 4
.RE
.IP \fBcreate_certs_tool_config\fR 4
.IX Item "create_certs_tool_config"
This keyword is to be followed by the name of a configuration file
that will be passed to the invoked program using the \-\-configfile
option described above. If omitted, the invoked program will use
the default configuration file.
.IP \fBcreate_certs_tool_options\fR 4
.IX Item "create_certs_tool_options"
This keyword is to be followed by the name of an options file
that will be passed to the invoked program using the \-\-optsfile
option described above. If omitted, the invoked program will use
the default options file.
.IP "\fBactive_pcr_banks\fR (since v0.7)" 4
.IX Item "active_pcr_banks (since v0.7)"
This keyword is to be followed by a comma-separated list
of names of PCR banks. The list must not contain any spaces.
Valid PCR bank names are sha1, sha256, sha384, and sha512.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBswtpm_setup\fR
.SH "REPORTING BUGS"
.IX Header "REPORTING BUGS"
Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>