'\" t
.TH "SYSTEMD\-TPM2\-SWTPM\&.SERVICE" "8" "" "systemd 261~rc3" "systemd-tpm2-swtpm.service"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
systemd-tpm2-swtpm.service, systemd-tpm2-swtpm \- Provide a fallback software TPM
.SH "SYNOPSIS"
.PP
systemd\-tpm2\-swtpm\&.service
.PP
/usr/lib/systemd/systemd\-tpm2\-swtpm
.SH "DESCRIPTION"
.PP
The
systemd\-tpm2\-swtpm\&.service
provides fallback software TPM functionality, intended for use in environments where a discrete or firmware TPM ("hardware TPM") is not available\&. It is pulled into the boot process by
\fBsystemd-tpm2-generator\fR(8)
if a hardware TPM is not available, and the system is configured to provide a software TPM in that case\&.
.PP
Note that a software TPM provides only very weak security properties compared to a hardware TPM, and hence should only be used as a fallback mechanism if a hardware TPM is not available but TPM semantics are desired\&. This service ultimately wraps
\fBswtpm\fR(8)\&.
.PP
If the boot secret
/\&.extra/boot\-secret
(in the initrd) or
/run/systemd/stub/boot\-secret
(on the host) is available the software TPM NVRAM storage is encrypted with this key\&. See
\fBsystemd-stub\fR(7)
for details\&.
.PP
The TPM NVRAM storage is placed on the EFI System Partition as it needs to be accessible during very early boot\-up, in particular before the root file system is decrypted and mounted\&.
.SH "SEE ALSO"
.PP
\fBsystemd\fR(1), \fBsystemd-tpm2-generator\fR(8), \fBswtpm\fR(8), \fBsystemd-stub\fR(7)