Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
- Loading branch information
Showing
3 changed files
with
31 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
<PAGE> | ||
<INCLUDE file="inc/header.tmpl" /> | ||
|
||
<VAR match="VAR_SEL_FEATURES" replace="selected" /> | ||
<VAR match="VAR_SEL_FEATURE_TPM" replace="selected" /> | ||
<PARSE file="menu1.xml" /> | ||
<PARSE file="menu2-features.xml" /> | ||
|
||
<INCLUDE file="inc/content.tmpl" /> | ||
|
||
<h1>Trusted Platform Module (TPM) support</h1> | ||
|
||
<p>OpenConnect supports the use of private keys secured or "wrapped" by a TPM. | ||
These keys appear in the form of a PEM file marked with the tag: | ||
<pre>-----BEGIN TSS KEY BLOB-----</pre> | ||
These files can be created by the <tt>create_tpm_key</tt> tool which is | ||
part of the | ||
<a href="https://sourceforge.net/p/trousers/openssl_tpm_engine">OpenSSL | ||
TPM ENGINE</a> or the <a href="https://www.gnutls.org/manual/html_node/tpmtool-Invocation.html">tpmtool</a> which is part of the GnuTLS distribution.</p> | ||
|
||
<p>Use of TPM-wrapped keys is entirely transparent with GnuTLS. If built with | ||
TPM support, OpenConnect will automatically use the TPM when presented with | ||
an approprate PEM file with a TPM-wrapped key.</p> | ||
<p>For OpenSSL, the TPM ENGINE must be installed correctly on the system, | ||
and OpenConnect will load and use it automatically when appropriate. | ||
</p> | ||
|
||
<INCLUDE file="inc/footer.tmpl" /> | ||
</PAGE> |