Puppet Class: tpm

Defined in:
manifests/init.pp

Overview

Provides utilities for interacting with a TPM

Parameters:

  • ima (Boolean) (defaults to: false)

    Toggles IMA on or off.

  • take_ownership (Boolean) (defaults to: false)

    Enable to allow Puppet to take ownership of the TPM.

Author:

  • Nick Markowski <nmarkowski@keywcorp.com>

  • Nick Miller <nick.miller@onyxpoint.com>



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'manifests/init.pp', line 11

class tpm (
  Boolean $ima            = false,
  Boolean $take_ownership = false
){
  # Check if the system has a TPM (which also checks that it
  # is a physical machine, and if so install tools and setup
  # tcsd service - uses str2bool because facts return as strings :(
  if str2bool($facts['has_tpm']) {
    package { 'tpm-tools': ensure => latest }
    package { 'trousers': ensure => latest }

    service { 'tcsd':
      ensure  => 'running',
      enable  => true,
      require => Package['tpm-tools'],
    }

    if $take_ownership {
      include '::tpm::ownership'
    }
  }

  if $ima {
    include '::tpm::ima'
  }

}