]>
Commit | Line | Data |
---|---|---|
2e64cb71 LP |
1 | <?xml version="1.0"?> |
2 | <!--*-nxml-*--> | |
3 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" | |
eea10b26 | 4 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> |
2e64cb71 LP |
5 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
6 | <refentry id="systemd-tpm2-setup.service" conditional='ENABLE_BOOTLOADER' | |
7 | xmlns:xi="http://www.w3.org/2001/XInclude"> | |
8 | ||
9 | <refentryinfo> | |
10 | <title>systemd-tpm2-setup.service</title> | |
11 | <productname>systemd</productname> | |
12 | </refentryinfo> | |
13 | ||
14 | <refmeta> | |
15 | <refentrytitle>systemd-tpm2-setup.service</refentrytitle> | |
16 | <manvolnum>8</manvolnum> | |
17 | </refmeta> | |
18 | ||
19 | <refnamediv> | |
20 | <refname>systemd-tpm2-setup.service</refname> | |
21 | <refname>systemd-tpm2-setup-early.service</refname> | |
22 | <refname>systemd-tpm2-setup</refname> | |
23 | <refpurpose>Set up the TPM2 Storage Root Key (SRK) at boot</refpurpose> | |
24 | </refnamediv> | |
25 | ||
26 | <refsynopsisdiv> | |
27 | <para><filename>systemd-tpm2-setup.service</filename></para> | |
28 | <para><filename>/usr/lib/systemd/systemd-tpm2-setup</filename></para> | |
29 | </refsynopsisdiv> | |
30 | ||
31 | <refsect1> | |
32 | <title>Description</title> | |
33 | ||
34 | <para><filename>systemd-tpm2-setup.service</filename> and | |
35 | <filename>systemd-tpm2-setup-early.service</filename> are services that generate the Storage Root Key | |
36 | (SRK) if it hasn't been generated yet, and stores it in the TPM.</para> | |
37 | ||
38 | <para>The services will store the public key of the SRK key pair in a PEM file in | |
39 | <filename>/run/systemd/tpm2-srk-public-key.pem</filename> and | |
cc59d101 | 40 | <filename>/var/lib/systemd/tpm2-srk-public-key.pem</filename>. They will also store it in TPM2B_PUBLIC |
fbe7db47 LP |
41 | format in <filename>/run/systemd/tpm2-srk-public-key.tpm2_public</filename> and |
42 | <filename>/var/lib/systemd/tpm2-srk-public-key.tpm2b_public</filename>.</para> | |
2e64cb71 LP |
43 | |
44 | <para><filename>systemd-tpm2-setup-early.service</filename> runs very early at boot (possibly in the | |
fbe7db47 | 45 | initrd), and writes the SRK public key to <filename>/run/systemd/tpm2-srk-public-key.*</filename> (as |
2e64cb71 LP |
46 | <filename>/var/</filename> is generally not accessible this early yet), while |
47 | <filename>systemd-tpm2-setup.service</filename> runs during a later boot phase and saves the public key | |
fbe7db47 | 48 | to <filename>/var/lib/systemd/tpm2-srk-public-key.*</filename>.</para> |
2e64cb71 LP |
49 | </refsect1> |
50 | ||
51 | <refsect1> | |
52 | <title>Files</title> | |
53 | ||
54 | <variablelist> | |
55 | <varlistentry> | |
56 | <term><filename>/run/systemd/tpm2-srk-public-key.pem</filename></term> | |
fbe7db47 | 57 | <term><filename>/run/systemd/tpm2-srk-public-key.tpm2b_public</filename></term> |
2e64cb71 | 58 | |
fbe7db47 | 59 | <listitem><para>The SRK public key in PEM and TPM2B_PUBLIC format, written during early boot.</para> |
b8f7a537 AK |
60 | |
61 | <xi:include href="version-info.xml" xpointer="v255"/></listitem> | |
2e64cb71 LP |
62 | </varlistentry> |
63 | ||
64 | <varlistentry> | |
65 | <term><filename>/var/lib/systemd/tpm2-srk-public-key.pem</filename></term> | |
fbe7db47 | 66 | <term><filename>/var/lib/systemd/tpm2-srk-public-key.tpm2_public</filename></term> |
2e64cb71 | 67 | |
fbe7db47 | 68 | <listitem><para>The SRK public key in PEM and TPM2B_PUBLIC format, written during later boot (once |
b8f7a537 AK |
69 | <filename>/var/</filename> is available).</para> |
70 | ||
71 | <xi:include href="version-info.xml" xpointer="v255"/></listitem> | |
2e64cb71 LP |
72 | </varlistentry> |
73 | </variablelist> | |
74 | </refsect1> | |
75 | ||
76 | <refsect1> | |
77 | <title>See Also</title> | |
78 | <para> | |
79 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> | |
80 | </para> | |
81 | </refsect1> | |
82 | </refentry> |