table of contents
- unstable 261~rc3-1
| SYSTEMD-TPM2-SWTPM.SERVICE(8) | systemd-tpm2-swtpm.service | SYSTEMD-TPM2-SWTPM.SERVICE(8) |
NAME¶
systemd-tpm2-swtpm.service, systemd-tpm2-swtpm - Provide a fallback software TPM
SYNOPSIS¶
systemd-tpm2-swtpm.service
/usr/lib/systemd/systemd-tpm2-swtpm
DESCRIPTION¶
The systemd-tpm2-swtpm.service provides fallback software TPM functionality, intended for use in environments where a discrete or firmware TPM ("hardware TPM") is not available. It is pulled into the boot process by systemd-tpm2-generator(8) if a hardware TPM is not available, and the system is configured to provide a software TPM in that case.
Note that a software TPM provides only very weak security properties compared to a hardware TPM, and hence should only be used as a fallback mechanism if a hardware TPM is not available but TPM semantics are desired. This service ultimately wraps swtpm(8).
If the boot secret /.extra/boot-secret (in the initrd) or /run/systemd/stub/boot-secret (on the host) is available the software TPM NVRAM storage is encrypted with this key. See systemd-stub(7) for details.
The TPM NVRAM storage is placed on the EFI System Partition as it needs to be accessible during very early boot-up, in particular before the root file system is decrypted and mounted.
SEE ALSO¶
systemd(1), systemd-tpm2-generator(8), swtpm(8), systemd-stub(7)
| systemd 261~rc3 |