stefanberger · stefanberger · Nov 8, 2024 · Nov 8, 2024 · Nov 8, 2024
diff --git a/man/man8/swtpm.pod b/man/man8/swtpm.pod
@@ -551,9 +551,25 @@ may use I<swtpm> as follows.
     $ swtpm socket --tpmstate dir=./ --tpm2 --print-info 0x08 | jq
     {
       "RuntimeAlgorithms": {
-        "Implemented": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,ecc-nist-p192,ecc-nist-p224,ecc-nist-p256,ecc-nist-p384,ecc-nist-p521,ecc-bn-p256,ecc-bn-p638,ecc-sm2-p256,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
-        "CanBeDisabled": "tdes,sha1,sha512,rsassa,rsaes,rsapss,ecmqv,ecc-nist-p192,ecc-nist-p224,ecc-nist-p521,ecc-bn-p256,ecc-bn-p638,ecc-sm2-p256,camellia,cmac,ctr,ofb,cbc,ecb",
-        "Enabled": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
+        "Implemented": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,\
+                        hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,\
+                        sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,\
+                        ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,\
+                        kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,\
+                        ecc-nist-p192,ecc-nist-p224,ecc-nist-p256,\
+                        ecc-nist-p384,ecc-nist-p521,ecc-bn-p256,ecc-bn-p638,\
+                        ecc-sm2-p256,symcipher,camellia,camellia-min-size=128,\
+                        cmac,ctr,ofb,cbc,cfb,ecb",
+        "CanBeDisabled": "tdes,sha1,sha512,rsassa,rsaes,rsapss,ecmqv,\
+                          ecc-nist-p192,ecc-nist-p224,ecc-nist-p521,\
+                          ecc-bn-p256,ecc-bn-p638,ecc-sm2-p256,camellia,cmac,\
+                          ctr,ofb,cbc,ecb",
+        "Enabled": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,\
+                    aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,\
+                    sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,\
+                    ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,\
+                    ecc-min-size=192,ecc-nist,ecc-bn,symcipher,camellia,\
+                    camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
         "Disabled": ""
       }
     }
@@ -563,9 +579,18 @@ To see the list of supported commands:
     $ swtpm socket --tpmstate dir=./ --tpm2 --print-info 0x10 | jq
     {
       "RuntimeCommands": {
-        "Implemented": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197,0x199-0x19c",
-        "CanBeDisabled": "0x11f,0x121-0x122,0x124-0x128,0x12a,0x12c-0x12e,0x130,0x132-0x13b,0x13d-0x140,0x142,0x146-0x147,0x149-0x14d,0x14f-0x152,0x154-0x155,0x159,0x15b,0x15d-0x15e,0x160-0x164,0x167-0x168,0x16a-0x172,0x174,0x177-0x178,0x17b,0x17f-0x181,0x183-0x184,0x187-0x193,0x197,0x199-0x19c",
-        "Enabled": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197,0x199-0x19c",
+        "Implemented": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,\
+                        0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,\
+                        0x17a-0x193,0x197,0x199-0x19c",
+        "CanBeDisabled": "0x11f,0x121-0x122,0x124-0x128,0x12a,0x12c-0x12e,\
+                          0x130,0x132-0x13b,0x13d-0x140,0x142,0x146-0x147,\
+                          0x149-0x14d,0x14f-0x152,0x154-0x155,0x159,0x15b,\
+                          0x15d-0x15e,0x160-0x164,0x167-0x168,0x16a-0x172,\
+                          0x174,0x177-0x178,0x17b,0x17f-0x181,0x183-0x184,\
+                          0x187-0x193,0x197,0x199-0x19c",
+        "Enabled": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,\
+                    0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,\
+                    0x17a-0x193,0x197,0x199-0x19c",
         "Disabled": ""
       }
     }
@@ -575,9 +600,14 @@ To see the list of supported attributes:
     $ swtpm socket --tpmstate dir=./ --tpm2 --print-info 0x80 | jq
     {
       "RuntimeAttributes": {
-        "Implemented": "no-unpadded-encryption,no-sha1-signing,no-sha1-verification,no-sha1-hmac-creation,no-sha1-hmac-verification,no-sha1-hmac,fips-host",
-        "CanBeDisabled": "no-unpadded-encryption,no-sha1-signing,no-sha1-verification,no-sha1-hmac-creation,no-sha1-hmac-verification,no-sha1-hmac,fips-host",
-        "Enabled": "no-unpadded-encryption,no-sha1-signing,no-sha1-verification,no-sha1-hmac",
+        "Implemented": "no-unpadded-encryption,no-sha1-signing,\
+                        no-sha1-verification,no-sha1-hmac-creation,\
+                        no-sha1-hmac-verification,no-sha1-hmac,fips-host",
+        "CanBeDisabled": "no-unpadded-encryption,no-sha1-signing,\
+                          no-sha1-verification,no-sha1-hmac-creation,\
+                          no-sha1-hmac-verification,no-sha1-hmac,fips-host",
+        "Enabled": "no-unpadded-encryption,no-sha1-signing,\
+                    no-sha1-verification,no-sha1-hmac",
         "Disabled": "no-sha1-hmac-creation,no-sha1-hmac-verification,fips-host"
       }
     }
@@ -593,23 +623,55 @@ To see the list of available profiles:
         {
           "Name": "default-v1",
           "StateFormatLevel": 4,
-          "Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197,0x199-0x19a",
-          "Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
-          "Description": "This profile enables all currently supported commands and algorithms. It is applied when the user chooses no profile."
+          "Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,\
+                       0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,\
+                       0x17a-0x193,0x197,0x199-0x19a",
+          "Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,\
+                         hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,\
+                         sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,\
+                         ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,\
+                         kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,\
+                         symcipher,camellia,camellia-min-size=128,cmac,ctr,\
+                         ofb,cbc,cfb,ecb",
+          "Description": "This profile enables all currently supported \
+                          commands and algorithms. It is applied when the \
+                          user chooses no profile."
         },
         {
           "Name": "null",
           "StateFormatLevel": 1,
-          "Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197",
-          "Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
-          "Description": "The profile enables the commands and algorithms that were enabled in libtpms v0.9. This profile is automatically used when the state does not have a profile, for example when it was created by libtpms v0.9 or before."
+          "Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,\
+                       0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,\
+                       0x17a-0x193,0x197",
+          "Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,\
+                         hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,\
+                         sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,\
+                         ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,\
+                         kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,\
+                         symcipher,camellia,camellia-min-size=128,cmac,ctr,\
+                         ofb,cbc,cfb,ecb",
+          "Description": "The profile enables the commands and algorithms \
+                          that were enabled in libtpms v0.9. This profile is \
+                          automatically used when the state does not have a \
+                          profile, for example when it was created by \
+                          libtpms v0.9 or before."
         },
         {
           "Name": "custom",
           "StateFormatLevel": 2,
-          "Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197",
-          "Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,ecc-sm2-p256,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
-          "Description": "This profile allows customization of enabled algorithms and commands. This profile requires at least libtpms v0.10."
+          "Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,\
+                       0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,\
+                       0x17a-0x193,0x197",
+          "Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,\
+                         hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,\
+                         sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,\
+                         ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,\
+                         kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,\
+                         ecc-sm2-p256,symcipher,camellia,\
+                         camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
+          "Description": "This profile allows customization of enabled \
+                          algorithms and commands. This profile requires at \
+                          least libtpms v0.10."
         }
       ]
     }
@@ -622,9 +684,19 @@ message on port 2322:
       "ActiveProfile": {
         "Name": "default-v1",
         "StateFormatLevel": 4,
-        "Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,0x17a-0x193,0x197,0x199-0x19a",
-        "Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,symcipher,camellia,camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb",
-        "Description": "This profile enables all currently supported commands and algorithms. It is applied when the user chooses no profile."
+        "Commands": "0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,\
+                     0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,\
+                     0x17a-0x193,0x197,0x199-0x19a",
+        "Algorithms": "rsa,rsa-min-size=1024,tdes,tdes-min-size=128,sha1,\
+                       hmac,aes,aes-min-size=128,mgf1,keyedhash,xor,sha256,\
+                       sha384,sha512,null,rsassa,rsaes,rsapss,oaep,ecdsa,\
+                       ecdh,ecdaa,sm2,ecschnorr,ecmqv,kdf1-sp800-56a,kdf2,\
+                       kdf1-sp800-108,ecc,ecc-min-size=192,ecc-nist,ecc-bn,\
+                       symcipher,camellia,camellia-min-size=128,cmac,ctr,\
+                       ofb,cbc,cfb,ecb",
+        "Description": "This profile enables all currently supported \
+                        commands and algorithms. It is applied when the \
+                        user chooses no profile."
       }
     }
 

diff --git a/man/man8/swtpm_setup.pod b/man/man8/swtpm_setup.pod
@@ -241,6 +241,9 @@ prefix the name with 'builtin:'
 All profiles loaded from the above mentioned directories require that the
 file is available under the given name with '.json' appended.
 
+Use the I<--print-profiles> and I<--tpm2> options to display all available
+profiles.
+
 =item B<--profile-file <file>> (since v0.10)
 
 Configure a TPM 2 with a profile from a file.
@@ -267,10 +270,13 @@ I<swtpm>.
 =item B<--print-profiles> (since v0.10)
 
 Print all profiles found in the local and disto profiles directories and
-the built-in ones. All profiles stored in files must have the .json
+display the built-in ones. All profiles stored in files must have the .json
 extension. The names in the displayed JSON will show the name under
 which these profiles can be loaded with the I<--profile-name> option,
-i.e., they will show their filename without the .json extension.
+i.e., they will show their filename without the .json extension. Therefore,
+a profile with filename myprofile.json will show the I<Name> 'myprofile'.
+The author of the profile may want to set the I<Name> in the profile's JSON
+to 'custom:myprofile'.
 
 =item B<--print-capabilities> (since v0.2)