.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "swtpm-localca.conf 5" .TH swtpm-localca.conf 5 2024-04-01 swtpm "" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME swtpm\-localca.conf \- Configuration file for swtpm_localca .SH DESCRIPTION .IX Header "DESCRIPTION" The file \fI/etc/swtpm\-localca.conf\fR contains configuration variables for the \fIswtpm_localca\fR program. .PP Entries may contain environment variables that will be resolved. All environment variables must be formatted like this: '${varname}'. .PP Users may write their own configuration into \&\fI${XDG_CONFIG_HOME}/swtpm\-localca.conf\fR or if XDG_CONFIG_HOME is not set it may be in \fI${HOME}/.config/swtpm\-localca.conf\fR. .PP The following configuration variables are supported: .IP \fBstatedir\fR 4 .IX Item "statedir" The name of a directory where to store data into. A lock will be created in this directory. .IP \fBsigninkey\fR 4 .IX Item "signinkey" The file containing the key used for signing the certificates. Provide a key in PEM format or a pkcs11 URI. .IP \fBsigningkey_password\fR 4 .IX Item "signingkey_password" The password to use for the signing key. .IP \fBissuercert\fR 4 .IX Item "issuercert" The file containing the certificate for this CA. Provide a certificate in PEM format. .IP \fBcertserial\fR 4 .IX Item "certserial" The name of file containing the serial number for the next certificate. .IP \fBTSS_TCSD_HOSTNAME\fR 4 .IX Item "TSS_TCSD_HOSTNAME" This variable can be set to the host where \fBtcsd\fR is running on in case the signing key is a GnuTLS TPM 1.2 key. By default \fIlocalhost\fR will be used. .IP \fBTSS_TCSD_PORT\fR 4 .IX Item "TSS_TCSD_PORT" This variable can be set to the port on which \fBtcsd\fR is listening for connections. By default port \fI30003\fR will be used. .IP "\fBenv:>" 4 .IX Item "env:>" Environment variables, that are needed by pkcs11 modules, can be set using this format. An example for such an environment variable may look like this: .Sp .Vb 1 \& env:MY_MODULE_PKCS11_CONFIG = /tmp/mymodule\-pkcs11.conf .Ve .Sp The line must not contain any trailing spaces. .SH EXAMPLE .IX Header "EXAMPLE" An example \fIswtpm\-localca.conf\fR file may look as follows: .PP .Vb 4 \& statedir = /var/lib/swtpm_localca \& signingkey = /var/lib/swtpm_localca/signkey.pem \& issuercert = /var/lib/swtpm_localca/issuercert.pem \& certserial = /var/lib/swtpm_localca/certserial .Ve .PP With a PKCS11 URI it may look like this: .PP .Vb 5 \& statedir = /var/lib/swtpm\-localca \& signingkey = pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=891b99c169e41301;token=mylabel;id=%00;object=mykey;type=public \& issuercert = /var/lib/swtpm\-localca/swtpm\-localca\-tpmca\-cert.pem \& certserial = /var/lib/swtpm\-localca/certserial \& SWTPM_PKCS11_PIN = 1234 .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBswtpm_localca\fR .SH "REPORTING BUGS" .IX Header "REPORTING BUGS" Report bugs to Stefan Berger