Resource Type: tpm_ownership

Defined in:

lib/puppet/type/tpm_ownership.rb

Providers:

trousers

Overview

A type to manage ownership of a TPM. ‘owner_pass` is required, while `srk-pass` is only necessary if you aren’t using Trusted Boot or the PKCS#11 interface. The SRK password must be to be null in order to use those features.

If you need to use a ‘well-known’ password, make the password equal to the string ‘well-known’. The provider will then use the ‘-z` or `-y` option when taking ownership of the TPM with `tpm_takeownership`.

Example:

include 'tpm'

tpm_ownership { 'tpm0':
  owned      => true,
  owner_pass => 'badpass',
}

Properties

• owned

  Ownership status of the TPM

  Supported values:

  • true
  • false

Parameters

• advanced_facts (defaults to: false)

  Enabling the advanced facts will write your owner password to a file on the system, only readable by the root user. It will be used to query the TPM using trousers.

  Supported values:

  • true
  • false
  • yes
  • no
• name (namevar) (defaults to: tpm0)

  The name of the resource - usually tpm0, the default device.

• owner_pass

  The owner password of the TPM

• provider

  The specific backend to use for this ‘tpm_ownership` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

• srk_pass (defaults to: well-known)

  The Storage Root Key(SRK) password of the TPM

Features

• take_ownership —

  The ability to take ownership of a TPM