Provided by: swtpm-tools_0.7.3-0ubuntu7_amd64 bug

NAME
       swtpm_setup.conf - Configuration file for swtpm_setup


DESCRIPTION
       The file /etc/swtpm_setup.conf contains configuration information for swtpm_setup. It must only contain
       one configuration keyword per line, followed by an equals sign (=) and then followed by appropriate
       configuration information. A comment at the end of the line may be introduced by a hash (#) sign.

       Users may write their own configuration into ${XDG_CONFIG_HOME}/swtpm_setup.conf or if XDG_CONFIG_HOME is
       not set it may be in ${HOME}/.config/swtpm_setup.conf.

       The following keywords are recognized:

       create_certs_tool
           This  keyword  is  to be followed by the name of an executable or executable script used for creating
           various TPM certificates. The tool will be called with the following options

           --type type
               This parameter indicates the type of certificate to create. The type parameter may be one of  the
               following: ek, or platform

           --dir dir
               This  parameter  indicates  the  directory  into  which  the  certificate is to be stored.  It is
               expected that the EK certificate is stored in this directory  under  the  name  ek.cert  and  the
               platform certificate under the name platform.cert.

           --ek ek
               This  parameter  indicates  the modulus of the public key of the endorsement key (EK). The public
               key is provided as a sequence of ASCII hex digits.

           --vmid ID
               This parameter indicates the ID of the VM for which to create the certificate.

           --logfile <logfile>
               The log file to log output to; by default logging goes to stdout and stderr on the console.

           --configfile <configuration file>
               The configuration file to use. This file typically contains  configuration  information  for  the
               invoked program. If omitted, the program must use its default configuration file.

           --optsfile <options file>
               The  options  file to use. This file typically contains options that the invoked program uses. If
               omitted, the program must use its default options file.

           --tpm-spec-family <family>, --tpm-spec-level <level>, --tpm-spec-revision <revision>
               These 3 options describe the TPM specification that was followed for the  implementation  of  the
               TPM and will be part of the EK certificate.

           --tpm2
               This option is passed in case a TPM 2 compliant certificate needs to be created.

       create_certs_tool_config
           This keyword is to be followed by the name of a configuration file that will be passed to the invoked
           program  using  the --configfile option described above. If omitted, the invoked program will use the
           default configuration file.

       create_certs_tool_options
           This keyword is to be followed by the name of an options file that will  be  passed  to  the  invoked
           program  using  the  --optsfile  option described above. If omitted, the invoked program will use the
           default options file.

       active_pcr_banks (since v0.7)
           This keyword is to be followed by a comma-separated list of names of PCR banks.  The  list  must  not
           contain any spaces.  Valid PCR bank names are sha1, sha256, sha384, and sha512.


SEE ALSO
       swtpm_setup


REPORTING BUGS
       Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>

swtpm                                              2024-07-09                                swtpm_setup.conf(8)