Domů Procházet Nápověda
Přihlásit se
SoftwareDesign
/
csu3_am335x
8
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Větev: master
Větve Značky
csu3_am335x
/
EVSE
/
GPL
/
tpm2-tss-3.2.0
/
man
/
fapi-config.5.in

fapi-config.5.in 2.2 KB
Trvalý odkaz Historie Surový

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. .\" Automatically generated by Pandoc 1.19.2.1
    2. 

  2. .\"
    3. 

  3. .TH "fapi-config" 5 "JULI 2020" "TPM2 Software Stack"
    4. 

  4. .hy
    5. 

  5. .SH "SEE ALSO"
    6. 

  6. .BR fapi-profile (5)
    7. 

  7. .SH DESCRIPTION
    8. 

  8. .SB FAPI configuration file
    9. 

  9. .PP
    10. 

  10. The FAPI parameters which can be adjusted via the configuration file are;
    11. 

  11. .IP \[bu] 2
    12. 

  12. profile_name: Name of the default cryptographic profile chosen from the
    13. 

  13. profile_dir directory.
    14. 

  14. .IP \[bu] 2
    15. 

  15. profile_dir: Directory that contains all cryptographic profiles known to
    16. 

  16. FAPI.
    17. 

  17. .IP \[bu] 2
    18. 

  18. user_dir: The directory where user objects are stored.
    19. 

  19. .IP \[bu] 2
    20. 

  20. system_dir: The directory where system objects, policies, and imported
    21. 

  21. objects are stored.
    22. 

  22. .IP \[bu] 2
    23. 

  23. tcti: The TCTI interface which will be used.
    24. 

  24. .IP \[bu] 2
    25. 

  25. system_pcrs: The PCR registers which are used by the system.
    26. 

  26. .IP \[bu] 2
    27. 

  27. log_dir: The directory for the event log.
    28. 

  28. .IP \[bu] 2
    29. 

  29. ek_cert_less: A switch to disable certificate verification (optional).
    30. 

  30. .IP \[bu] 2
    31. 

  31. ek_fingerprint: The fingerprint of the endorsement key (optional).
    32. 

  32. .PP
    33. 

  33. If not otherwise specified during TSS installation, the default location
    34. 

  34. for the exemplary profiles is /etc/tpm2\-tss/profiles/ and
    35. 

  35. /etc/tpm2\-tss/ for the FAPI configuration file.
    36. 

  36. The environment variable TSS2_FAPICONF can be used to set an alternative
    37. 

  37. pathname for the FAPI configuration file.
    38. 

  38. .SH EXAMPLES
    39. 

  39. .PP
    40. 

  40. The FAPI configuration file is JSON encoded:
    41. 

  41. .IP
    42. 

  42. .nf
    43. 

  43. \f[C]
    44. 

  44. {
    45. 

  45. \ \ \ \ \ "profile_name":\ "P_ECCP256SHA256",
    46. 

  46. \ \ \ \ \ "profile_dir":\ "/etc/tpm2\-tss/fapi\-profiles/",
    47. 

  47. \ \ \ \ \ "user_dir":\ "~/.local/share/tpm2\-tss/user/keystore/",
    48. 

  48. \ \ \ \ \ "system_dir":\ "/home/myhome/keystore/system/keystore",
    49. 

  49. \ \ \ \ \ "tcti":\ "",
    50. 

  50. \ \ \ \ \ "system_pcrs"\ :\ [0,\ 1,\ 2,\ 3,\ 4,\ 5,\ 6,\ 7],
    51. 

  51. \ \ \ \ \ "log_dir"\ :\ "/home/myhome/eventlog/"
    52. 

  52. }
    53. 

  53. \f[]
    54. 

  54. .fi
    55. 

  55. .PP
    56. 

  56. For this example the default TCTI of the system will be used.
    57. 

  57. The certificates for the stored endorsement keys will be checked.
    58. 

  58. If the certificate checking is not needed the option:
    59. 

  59. .PP
    60. 

  60. \f[C]"ek_cert_less":\ "yes"\f[] can be added to the config file.
    61. 

  61. Alternative to the standard certificate checking a fingerprint (hash of
    62. 

  62. the public key) for the stored endorsement key can be defined in the
    63. 

  63. config file:
    64. 

  64. .PP
    65. 

  65. \f[C]"ek_fingerprint":\ \ {\ \ \ \ \ "hashAlg"\ :\ "sha256",\ \ \ \ \ "digest"\ :\ "9e56...214d"\ \ \ \ \ }\f[]
    66.