From 55944e5e40b1be2afc4855d8d2baf4b73d1876b5 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 10 Apr 2024 22:49:52 +0200
Subject: Adding upstream version 255.4.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 man/systemd-tpm2-setup.service.xml | 82 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 man/systemd-tpm2-setup.service.xml

(limited to 'man/systemd-tpm2-setup.service.xml')

diff --git a/man/systemd-tpm2-setup.service.xml b/man/systemd-tpm2-setup.service.xml
new file mode 100644
index 0000000..8c13895
--- /dev/null
+++ b/man/systemd-tpm2-setup.service.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0"?>
+<!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
+<refentry id="systemd-tpm2-setup.service" conditional='ENABLE_BOOTLOADER'
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <refentryinfo>
+    <title>systemd-tpm2-setup.service</title>
+    <productname>systemd</productname>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>systemd-tpm2-setup.service</refentrytitle>
+    <manvolnum>8</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>systemd-tpm2-setup.service</refname>
+    <refname>systemd-tpm2-setup-early.service</refname>
+    <refname>systemd-tpm2-setup</refname>
+    <refpurpose>Set up the TPM2 Storage Root Key (SRK) at boot</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <para><filename>systemd-tpm2-setup.service</filename></para>
+    <para><filename>/usr/lib/systemd/systemd-tpm2-setup</filename></para>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><filename>systemd-tpm2-setup.service</filename> and
+    <filename>systemd-tpm2-setup-early.service</filename> are services that generate the Storage Root Key
+    (SRK) if it hasn't been generated yet, and stores it in the TPM.</para>
+
+    <para>The services will store the public key of the SRK key pair in a PEM file in
+    <filename>/run/systemd/tpm2-srk-public-key.pem</filename> and
+    <filename>/var/lib/systemd/tpm2-srk-public-key.pem</filename>. It will also store it in TPM2B_PUBLIC
+    format in <filename>/run/systemd/tpm2-srk-public-key.tpm2_public</filename> and
+    <filename>/var/lib/systemd/tpm2-srk-public-key.tpm2b_public</filename>.</para>
+
+    <para><filename>systemd-tpm2-setup-early.service</filename> runs very early at boot (possibly in the
+    initrd), and writes the SRK public key to <filename>/run/systemd/tpm2-srk-public-key.*</filename> (as
+    <filename>/var/</filename> is generally not accessible this early yet), while
+    <filename>systemd-tpm2-setup.service</filename> runs during a later boot phase and saves the public key
+    to <filename>/var/lib/systemd/tpm2-srk-public-key.*</filename>.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Files</title>
+
+    <variablelist>
+      <varlistentry>
+        <term><filename>/run/systemd/tpm2-srk-public-key.pem</filename></term>
+        <term><filename>/run/systemd/tpm2-srk-public-key.tpm2b_public</filename></term>
+
+        <listitem><para>The SRK public key in PEM and TPM2B_PUBLIC format, written during early boot.</para>
+
+        <xi:include href="version-info.xml" xpointer="v255"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><filename>/var/lib/systemd/tpm2-srk-public-key.pem</filename></term>
+        <term><filename>/var/lib/systemd/tpm2-srk-public-key.tpm2_public</filename></term>
+
+        <listitem><para>The SRK public key in PEM and TPM2B_PUBLIC format, written during later boot (once
+        <filename>/var/</filename> is available).</para>
+
+        <xi:include href="version-info.xml" xpointer="v255"/></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>See Also</title>
+    <para>
+      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    </para>
+  </refsect1>
+</refentry>
-- 
cgit v1.2.3