fapi-config - Man Page

See Also



FAPI configuration file

The FAPI parameters which can be adjusted via the configuration file are;

If not otherwise specified during TSS installation, the default location for the exemplary profiles is /etc/tpm2-tss/profiles/ and /etc/tpm2-tss/ for the FAPI configuration file. The environment variable TSS2_FAPICONF can be used to set an alternative pathname for the FAPI configuration file. If the system measurement files (IMA and bios) do not exist /dev/null will be used for firmware_log_file and ima_log_file.


The FAPI configuration file is JSON encoded:

     "profile_name": "P_ECCP256SHA256",
     "profile_dir": "/etc/tpm2-tss/fapi-profiles/",
     "user_dir": "~/.local/share/tpm2-tss/user/keystore/",
     "system_dir": "/home/myhome/keystore/system/keystore",
     "tcti": "",
     "system_pcrs" : [0, 1, 2, 3, 4, 5, 6, 7],
     "log_dir" : "/home/myhome/eventlog/",
     "firmware_log_file" : "/sys/kernel/security/tpm0/binary_bios_measurements",
      "ima_log_file" : "/sys/kernel/security/ima/binary_runtime_measurements"

For this example the default TCTI of the system will be used. The certificates for the stored endorsement keys will be checked. If the certificate checking is not needed the option:

"ek_cert_less": "yes" can be added to the config file. Alternative to the standard certificate checking a fingerprint (hash of the public key) for the stored endorsement key can be defined in the config file:

"ek_fingerprint":  {     "hashAlg" : "sha256",     "digest" : "9e56...214d"     }


This page is part of release 4.0.1 of Open Source implementation of the TCG TPM2 Software Stack (TSS2). A description of the project, information about reporting bugs, and the latest version of this page can be found at https://github.com/tpm2-software/tpm2-tss/.

Referenced By

fapi-profile(5), tss2_authorizepolicy(1), tss2_changeauth(1), tss2_createkey(1), tss2_createnv(1), tss2_createseal(1), tss2_decrypt(1), tss2_delete(1), tss2_encrypt(1), tss2_exportkey(1), tss2_exportpolicy(1), tss2_getappdata(1), tss2_getcertificate(1), tss2_getdescription(1), tss2_getinfo(1), tss2_getplatformcertificates(1), tss2_getrandom(1), tss2_gettpm2object(1), tss2_gettpmblobs(1), tss2_import(1), tss2_list(1), tss2_nvextend(1), tss2_nvincrement(1), tss2_nvread(1), tss2_nvsetbits(1), tss2_nvwrite(1), tss2_pcrextend(1), tss2_pcrread(1), tss2_provision(1), tss2_quote(1), tss2_setappdata(1), tss2_setcertificate(1), tss2_setdescription(1), tss2_sign(1), tss2_unseal(1), tss2_verifyquote(1).

JULI 2020 TPM2 Software Stack