mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-04 00:00:14 -04:00
8249e6afad
Using the trusted RSA or ECC Endorsement Key of the TPM 2.0 a secure session is established via RSA public key encryption or an ephemeral ECDH key exchange, respectively. The session allows HMAC-based authenticated communication with the TPM 2.0 and the exchanged parameters can be encrypted where necessary to guarantee confidentiality.
22 lines
1018 B
Plaintext
22 lines
1018 B
Plaintext
charon.plugins.tpm.use_rng = no
|
|
Whether the TPM should be used as RNG. For security reasons enable only if
|
|
an authenticated session can be set up (see _ek_handle_ option).
|
|
|
|
charon.plugins.tpm.fips_186_4 = no
|
|
Is the TPM 2.0 FIPS-186-4 compliant, forcing e.g. the use of the default
|
|
salt length instead of maximum salt length with RSAPSS padding.
|
|
|
|
charon.plugins.tpm.tcti.name = device|tabrmd
|
|
Name of TPM 2.0 TCTI library. Valid values: _tabrmd_, _device_ or _mssim_.
|
|
Defaults are _device_ if the _/dev/tpmrm0_ in-kernel TPM 2.0 resource manager
|
|
device exists, and _tabrmd_ otherwise, requiring the d-bus based TPM 2.0
|
|
access broker and resource manager to be available.
|
|
|
|
charon.plugins.tpm.tcti.opts = /dev/tpmrm0|<none>
|
|
Options for the TPM 2.0 TCTI library. Defaults are _/dev/tpmrm0_ if the
|
|
TCTI library name is _device_ and no options otherwise.
|
|
|
|
charon.plugins.tpm.ek_handle =
|
|
Handle of the RSA or ECC Endorsement Key (EK) to be used to set up an
|
|
authenticated session with a TPM 2.0 (e.g. 0x81010001).
|