From ab40d27ab138e7300a62d9a0367112c3d1824646 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Mon, 12 Oct 2020 18:05:30 -0400
Subject: [PATCH] man: Extend man pages with --flags support for CUSE TPM

Also fix an error in the man page on the way. 'startup-deactivated'
can only be used with a TPM 1.2, not a TPM 2.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 man/man8/swtpm.pod      | 28 ++++++++++++++--------------
 man/man8/swtpm_cuse.pod | 11 +++++++++++
 2 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/man/man8/swtpm.pod b/man/man8/swtpm.pod
index de8a8f3..b5e72f5 100644
--- a/man/man8/swtpm.pod
+++ b/man/man8/swtpm.pod
@@ -141,20 +141,6 @@ This operation requires root privileges.
 
 The control channel enables out-of-band control of the TPM, such as resetting the TPM.
 
-=item B<--flags [not-need-init] [,startup-clear|startup-state|startup-deactivated|startup-none]>
-
-The I<not-need-init> flag enables the TPM to accept TPM commands right after
-start without requiring a INIT to be sent to it through the command channel
-(see the '-i' option of swtpm_ioctl).
-
-The I<startup> options cause a TPM_Startup or TPM2_Startup command to
-automatically be sent. The I<startup-deactivated> option is only valid for
-a TPM 2.0. These options imply I<not-need-init>, except for the
-I<startup-none> option, which results in no command being sent.
-
-If I<--vtpm-proxy> is used, I<startup-clear> is automatically chosen but
-this can be changed with this option.
-
 =back
 
 
@@ -282,6 +268,20 @@ The I<log> action is only available if libseccomp supports logging.
 This option is only available on Linux and only if swtpm was compiled with
 libseccomp support.
 
+=item B<--flags [not-need-init] [,startup-clear|startup-state|startup-deactivated|startup-none]>
+
+The I<not-need-init> flag enables the TPM to accept TPM commands right after
+start without requiring an INIT to be sent to it through the command channel
+(see the '-i' option of swtpm_ioctl).
+
+The I<startup> options cause a TPM_Startup or TPM2_Startup command to
+automatically be sent. The I<startup-deactivated> option is only valid for
+a TPM 1.2. These options imply I<not-need-init>, except for the
+I<startup-none> option, which results in no command being sent.
+
+If I<--vtpm-proxy> is used, I<startup-clear> is automatically chosen but
+this can be changed with this option.
+
 =item B<--print-capabilities> (since v0.2)
 
 Print capabilities that were added to swtpm after version 0.1. The output
diff --git a/man/man8/swtpm_cuse.pod b/man/man8/swtpm_cuse.pod
index ece6421..8cf981d 100644
--- a/man/man8/swtpm_cuse.pod
+++ b/man/man8/swtpm_cuse.pod
@@ -154,6 +154,17 @@ The I<log> action is only available if libseccomp supports logging.
 This option is only available on Linux and only if swtpm was compiled with
 libseccomp support.
 
+=item B<--flags [not-need-init] [,startup-clear|startup-state|startup-deactivated|startup-none]>
+
+The I<not-need-init> flag enables the TPM to accept TPM commands right after
+start without requiring an INIT to be sent to it through the command channel
+(see the '-i' option of swtpm_ioctl).
+
+The I<startup> options cause a TPM_Startup or TPM2_Startup command to
+automatically be sent. The I<startup-deactivated> option is only valid for
+a TPM 1.2. These options imply I<not-need-init>, except for the
+I<startup-none> option, which results in no command being sent.
+
 =item B<--print-capabilities> (since v0.2)
 
 Print capabilities that were added to swtpm after version 0.1. The output