Puppet Class: tpm::ownership

Defined in:
manifests/ownership.pp

Summary

Take ownership of the TPM in the system, using an auto-generated password created with simplib's passgen.

Overview

The password must be generated with passgen in order for most of the facts to be functional post-ownership, as the tpm commands from tpm-tools require the owner password.

Parameters:

  • owned (Boolean) (defaults to: true)

    Whether or not the module should take ownership

  • owner_pass (Variant[Enum['well-known'],String[20]]) (defaults to: simplib::passgen( "${facts['fqdn']}_tpm0_owner_pass", { 'length' => 20 } ))

    The TPM owner password

  • srk_pass (Optional[String]) (defaults to: undef)

    The TPM SRK password

  • advanced_facts (Boolean) (defaults to: false)

    Enable facts that require the owner password to function. The password will be on the client filesystem (in ‘$vardir/simp`) if enabled.

Author:

  • Nick Miller <nick.miller@onyxpoint.com>



26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'manifests/ownership.pp', line 26

class tpm::ownership (
  Boolean                                $owned          = true,
  Variant[Enum['well-known'],String[20]] $owner_pass     = simplib::passgen( "${facts['fqdn']}_tpm0_owner_pass", { 'length' => 20 } ),
  Optional[String]                       $srk_pass       = undef,
  Boolean                                $advanced_facts = false
) {

  tpm_ownership { 'tpm0':
    owned          => $owned,
    owner_pass     => $owner_pass,
    srk_pass       => $srk_pass,
    advanced_facts => $advanced_facts,
  }
}