conf: Document options of plugins in libpts
authorTobias Brunner <tobias@strongswan.org>
Fri, 7 Feb 2014 13:44:19 +0000 (14:44 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 12 Feb 2014 13:34:34 +0000 (14:34 +0100)
conf/Makefile.am
conf/options/attest.opt [new file with mode: 0644]
conf/plugins/imc-attestation.opt [new file with mode: 0644]
conf/plugins/imc-swid.opt [new file with mode: 0644]
conf/plugins/imv-attestation.opt [new file with mode: 0644]

index 5c1932e..19fce81 100644 (file)
@@ -8,6 +8,7 @@ optionstemplatedir = $(templatesdir)/strongswan.d
 pluginstemplatedir = $(templatesdir)/plugins
 
 options = \
+       options/attest.opt \
        options/charon.opt \
        options/charon-logging.opt \
        options/imcv.opt \
@@ -37,9 +38,12 @@ plugins = \
        plugins/error-notify.opt \
        plugins/gcrypt.opt \
        plugins/ha.opt \
+       plugins/imc-attestation.opt \
        plugins/imc-os.opt \
        plugins/imc-scanner.opt \
+       plugins/imc-swid.opt \
        plugins/imc-test.opt \
+       plugins/imv-attestation.opt \
        plugins/imv-os.opt \
        plugins/imv-scanner.opt \
        plugins/imv-test.opt \
diff --git a/conf/options/attest.opt b/conf/options/attest.opt
new file mode 100644 (file)
index 0000000..736eb9d
--- /dev/null
@@ -0,0 +1,5 @@
+attest.database =
+       Path to database with file measurement information.
+
+attest.load =
+       Plugins to load in ipsec attest tool.
diff --git a/conf/plugins/imc-attestation.opt b/conf/plugins/imc-attestation.opt
new file mode 100644 (file)
index 0000000..9c10805
--- /dev/null
@@ -0,0 +1,17 @@
+charon.plugins.imc-attestation.aik_blob =
+       AIK encrypted private key blob file.
+
+charon.plugins.imc-attestation.aik_cert =
+       AIK certificate file.
+
+charon.plugins.imc-attestation.aik_key =
+       AIK public key file.
+
+charon.plugins.imc-attestation.nonce_len = 20
+       DH nonce length.
+
+charon.plugins.imc-attestation.use_quote2 = yes
+       Use Quote2 AIK signature instead of Quote signature.
+
+charon.plugins.imc-attestation.pcr_info = yes
+       Whether to send pcr_before and pcr_after info.
\ No newline at end of file
diff --git a/conf/plugins/imc-swid.opt b/conf/plugins/imc-swid.opt
new file mode 100644 (file)
index 0000000..67f7c79
--- /dev/null
@@ -0,0 +1,2 @@
+charon.plugins.imc-swid.swid_directory = ${prefix}/share
+       Directory where SWID tags are located.
diff --git a/conf/plugins/imv-attestation.opt b/conf/plugins/imv-attestation.opt
new file mode 100644 (file)
index 0000000..c0ae204
--- /dev/null
@@ -0,0 +1,29 @@
+charon.plugins.imv-attestation.cadir =
+       Path to directory with AIK cacerts.
+
+charon.plugins.imv-attestation.dh_group = ecp256
+       Preferred Diffie-Hellman group.
+
+charon.plugins.imv-attestation.hash_algorithm = sha256
+       Preferred measurement hash algorithm.
+
+charon.plugins.imv-attestation.min_nonce_len = 0
+       DH minimum nonce length.
+
+charon.plugins.imc-attestation.pcr17_after
+       Dummy data if the TBOOT log is not retrieved.
+
+charon.plugins.imc-attestation.pcr17_before
+       Dummy data if the TBOOT log is not retrieved.
+
+charon.plugins.imc-attestation.pcr17_meas
+       Dummy data if the TBOOT log is not retrieved.
+
+charon.plugins.imc-attestation.pcr18_after
+       Dummy data if the TBOOT log is not retrieved.
+
+charon.plugins.imc-attestation.pcr18_before
+       Dummy data if the TBOOT log is not retrieved.
+
+charon.plugins.imc-attestation.pcr18_meas
+       Dummy data if the TBOOT log is not retrieved.