mirror of
https://github.com/stefanberger/swtpm.git
synced 2025-08-22 19:04:35 +00:00
3d2747a1be
An apparmor profile was added for Debian-based distributions in order to increase security. This blocks swtpm from accessing restricted and unnecessary files, folders, and network interfaces. swtpm works as normal alongside libvirt and its configurations, however users may run into issues when using swtpm on its own when providing it with a restricted directory. The apparmor profile can be modified to include additional permissions by creating and adding to the file /etc/apparmor.d/local/usr.bin.swtpm. Signed-off-by: Lena Voytek <lena.voytek@canonical.com>
69 lines
2.1 KiB
Plaintext
69 lines
2.1 KiB
Plaintext
Source: swtpm
|
|
Maintainer: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
Section: misc
|
|
Priority: optional
|
|
Standards-Version: 4.5.1
|
|
Rules-Requires-Root: no
|
|
Build-Depends: debhelper (>= 10),
|
|
dh-apparmor,
|
|
expect,
|
|
gawk,
|
|
gnutls-bin,
|
|
gnutls-dev,
|
|
libfuse-dev,
|
|
libglib2.0-dev,
|
|
libjson-glib-dev,
|
|
libseccomp-dev,
|
|
libssl-dev,
|
|
libtasn1-dev,
|
|
libtool,
|
|
libtpms-dev,
|
|
net-tools,
|
|
socat,
|
|
softhsm2
|
|
|
|
Package: swtpm
|
|
Architecture: any
|
|
Depends: swtpm-libs (= ${binary:Version}),
|
|
${misc:Depends},
|
|
${shlibs:Depends}
|
|
Description: Libtpms-based TPM emulator
|
|
The swtpm package provides TPM emulators that listen for TPM commands
|
|
on sockets, character devices, or CUSE devices.
|
|
|
|
Package: swtpm-dev
|
|
Architecture: any
|
|
Depends: ${misc:Depends}
|
|
Description: Include files for the TPM emulator's CUSE interface
|
|
The swtpm-dev package provides include files for developing clients
|
|
controlling the CUSE TPM through ioctls.
|
|
|
|
Package: swtpm-libs
|
|
Architecture: any
|
|
Multi-Arch: same
|
|
Pre-Depends: ${misc:Pre-Depends}
|
|
Depends: libglib2.0-0,
|
|
libtpms0,
|
|
openssl,
|
|
${misc:Depends},
|
|
${shlibs:Depends}
|
|
Description: Common libraries for TPM emulators
|
|
The swtpm-libs package provides the shared libraries for the swtpm
|
|
and swtpm-cuse packages.
|
|
|
|
Package: swtpm-tools
|
|
Architecture: any
|
|
Description: Tools for the TPM emulator
|
|
The swtpm-tools package contains the following types of tools:
|
|
- swtpm_bios: Tool for initializing the TPM
|
|
- swtpm_ioctl: Tool for controlling the CUSE TPM
|
|
- swtpm_setup: Tool for creating the initial state of the TPM; this
|
|
tool basically simulates TPM manufacturing where certificates are
|
|
written into the NVRAM of the TPM
|
|
- swtpm_cert: Creation of certificates for the TPM (x509)
|
|
Depends: gnutls-bin,
|
|
swtpm (= ${binary:Version}),
|
|
${misc:Depends},
|
|
${shlibs:Depends}
|
|
Suggests: trousers (>= 0.3.9)
|