Puppet Class: tpm::ownership

Defined in:
manifests/ownership.pp

Overview

Enabling this class will take ownership of the TPM in the system, using an auto-generated password created with simplib’s passgen.

The password must be generated with passgen in order for most of the facts to be functional post-ownership, as the tpm commands from tpm-tools require the owner password.

Parameters:

  • owner_pass (String) (defaults to: passgen( "${facts['fqdn']}_tpm0_owner_pass", { 'length' => 20 } ))

    The TPM owner password

  • srk_pass (Optional[String]) (defaults to: undef)

    The TPM SRK password. This is defaulted to an empty because according to the [trousers documentation](trousers.sourceforge.net/pkcs11.html) it needs to be null to be useful.

  • advanced_facts (Boolean) (defaults to: false)

    This option will enable facts that require the owner password to function. The password will be on the client filesystem (in ‘$vardir/simp`) if enabled.

  • owned (Boolean) (defaults to: true)

Author:

  • Nick Miller <nick.miller@onyxpoint.com>



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'manifests/ownership.pp', line 20

class tpm::ownership (
  Boolean          $owned          = true,
  String           $owner_pass     = passgen( "${facts['fqdn']}_tpm0_owner_pass", { 'length' => 20 } ),
  Optional[String] $srk_pass       = undef,
  Boolean          $advanced_facts = false
) {

  tpm_ownership { 'tpm0':
    owned          => $owned,
    owner_pass     => $owner_pass,
    srk_pass       => $srk_pass,
    advanced_facts => $advanced_facts,
  }

}