Add TPM documentation

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
sailfishos-mirror · Nov 5, 2016 · b8d3971 · b8d3971
1 parent dadbd59
commit b8d3971
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 1 deletion.
diff --git a/www/Makefile.am b/www/Makefile.am
@@ -3,7 +3,7 @@
 SUBDIRS = styles inc images
 CONV 	= "$(srcdir)/html.py"
 
-FTR_PAGES = csd.html charset.html token.html pkcs11.html features.html gui.html nonroot.html
+FTR_PAGES = csd.html charset.html token.html pkcs11.html tpm.html features.html gui.html nonroot.html
 START_PAGES = building.html connecting.html manual.html vpnc-script.html 
 INDEX_PAGES = changelog.html download.html index.html packages.html platforms.html
 PROTO_PAGES = anyconnect.html juniper.html

diff --git a/www/menu2-features.xml b/www/menu2-features.xml
@@ -7,5 +7,6 @@
 	<MENU topic="Character sets" link="charset.html" mode="VAR_SEL_FEATURE_CHARSET" />
 	<MENU topic="One Time Passwords" link="token.html" mode="VAR_SEL_FEATURE_TOKEN" />
 	<MENU topic="Smart Cards / PKCS#11" link="pkcs11.html" mode="VAR_SEL_FEATURE_PKCS11" />
+	<MENU topic="Trusted Platform Module (TPM)" link="tpm.html" mode="VAR_SEL_FEATURE_TPM" />
 	<ENDMENU />
 </PAGE>
diff --git a/www/tpm.xml b/www/tpm.xml
@@ -0,0 +1,29 @@
+<PAGE>
+	<INCLUDE file="inc/header.tmpl" />
+
+	<VAR match="VAR_SEL_FEATURES" replace="selected" />
+	<VAR match="VAR_SEL_FEATURE_TPM" replace="selected" />
+	<PARSE file="menu1.xml" />
+	<PARSE file="menu2-features.xml" />
+
+	<INCLUDE file="inc/content.tmpl" />
+
+<h1>Trusted Platform Module (TPM) support</h1>
+
+<p>OpenConnect supports the use of private keys secured or "wrapped" by a TPM.
+These keys appear in the form of a PEM file marked with the tag:
+<pre>-----BEGIN TSS KEY BLOB-----</pre>
+These files can be created by the <tt>create_tpm_key</tt> tool which is
+part of the
+<a href="https://sourceforge.net/p/trousers/openssl_tpm_engine">OpenSSL
+TPM ENGINE</a> or the <a href="https://www.gnutls.org/manual/html_node/tpmtool-Invocation.html">tpmtool</a> which is part of the GnuTLS distribution.</p>
+
+<p>Use of TPM-wrapped keys is entirely transparent with GnuTLS. If built with
+TPM support, OpenConnect will automatically use the TPM when presented with
+an approprate PEM file with a TPM-wrapped key.</p>
+<p>For OpenSSL, the TPM ENGINE must be installed correctly on the system,
+and OpenConnect will load and use it automatically when appropriate.
+</p>
+
+<INCLUDE file="inc/footer.tmpl" />
+</PAGE>