FreeBSD Manual Pages
swtpm_setup.conf(5) swtpm_setup.conf(5) NAME swtpm_setup.conf - Configuration file for swtpm_setup DESCRIPTION The file /etc/swtpm_setup.conf contains configuration information for swtpm_setup. It must only contain one configuration keyword per line, followed by an equals sign (=) and then followed by appropriate configuration information. A comment at the end of the line may be introduced by a hash (#) sign. Users may write their own configuration into ${XDG_CONFIG_HOME}/swtpm_setup.conf or if XDG_CONFIG_HOME is not set it may be in ${HOME}/.config/swtpm_setup.conf. The following keywords are recognized: create_certs_tool This keyword is to be followed by the name of an executable or executable script used for creating various TPM certificates. The tool will be called with the following options --type type This parameter indicates the type of certificate to create. The type parameter may be one of the following: ek, or platform --dir dir This parameter indicates the directory into which the certificate is to be stored. It is expected that the EK certificate is stored in this directory under the name ek.cert and the platform certificate under the name platform.cert. --ek ek This parameter indicates the modulus of the public key of the endorsement key (EK). The public key is provided as a sequence of ASCII hex digits. --vmid ID This parameter indicates the ID of the VM for which to create the certificate. --logfile <logfile> The log file to log output to; by default logging goes to stdout and stderr on the console. --configfile <configuration file> The configuration file to use. This file typically contains configuration information for the invoked program. If omitted, the program must use its default configuration file. --optsfile <options file> The options file to use. This file typically contains options that the invoked program uses. If omitted, the program must use its default options file. --tpm-spec-family <family>, --tpm-spec-level <level>, --tpm-spec-revision <revision> These 3 options describe the TPM specification that was followed for the implementation of the TPM and will be part of the EK certificate. --tpm2 This option is passed in case a TPM 2 compliant certificate needs to be created. create_certs_tool_config This keyword is to be followed by the name of a configuration file that will be passed to the invoked program using the --configfile option described above. If omitted, the invoked program will use the default configuration file. create_certs_tool_options This keyword is to be followed by the name of an options file that will be passed to the invoked program using the --optsfile option described above. If omitted, the invoked program will use the default options file. active_pcr_banks (since v0.7) This keyword is to be followed by a comma-separated list of names of PCR banks. The list must not contain any spaces. Valid PCR bank names are sha1, sha256, sha384, and sha512. rsa_keysize (since v0.10) This keyword allows to specify the default RSA keysize to be used if it is not provided with a command line option to swtpm_setup. Any value that can be passed to swtpm_setup is also valid here, such as 2048, or 'max'. The supported key sizes depend on the version of libtpms. profile (since v0.10) This keyword allows to specify either the name of a profile or a JSON map describing the profile, such as 'profile = {"Name": "default-v1"}'. Please also refer to the description of the --profile option for swtpm_setup. profile_file (since v0.10) This keyword allows to specify a default profile file. local_profiles_dir (since v0.10) This keyword allows to set a profile directory that contains profiles written by users of the system. SEE ALSO swtpm_setup REPORTING BUGS Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com> swtpm 2025-04-30 swtpm_setup.conf(5)
NAME | DESCRIPTION | SEE ALSO | REPORTING BUGS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=swtpm_setup.conf&sektion=5&manpath=FreeBSD+Ports+15.0>