Updated IMC/IMV entries in strongswan.conf man page
This commit is contained in:
parent
2997077bae
commit
bfd8f8c5fe
|
@ -51,6 +51,7 @@ plugins = \
|
|||
plugins/imv-attestation.opt \
|
||||
plugins/imv-os.opt \
|
||||
plugins/imv-scanner.opt \
|
||||
plugins/imv-swid.opt \
|
||||
plugins/imv-test.opt \
|
||||
plugins/ipseckey.opt \
|
||||
plugins/led.opt \
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
charon.plugins.imc-attestation.aik_blob =
|
||||
libimcv.plugins.imc-attestation.aik_blob =
|
||||
AIK encrypted private key blob file.
|
||||
|
||||
charon.plugins.imc-attestation.aik_cert =
|
||||
libimcv.plugins.imc-attestation.aik_cert =
|
||||
AIK certificate file.
|
||||
|
||||
charon.plugins.imc-attestation.aik_pubkey =
|
||||
libimcv.plugins.imc-attestation.aik_pubkey =
|
||||
AIK public key file.
|
||||
|
||||
charon.plugins.imc-attestation.mandatory_dh_groups = yes
|
||||
libimcv.plugins.imc-attestation.mandatory_dh_groups = yes
|
||||
Enforce mandatory Diffie-Hellman groups.
|
||||
|
||||
charon.plugins.imc-attestation.nonce_len = 20
|
||||
libimcv.plugins.imc-attestation.nonce_len = 20
|
||||
DH nonce length.
|
||||
|
||||
charon.plugins.imc-attestation.use_quote2 = yes
|
||||
libimcv.plugins.imc-attestation.use_quote2 = yes
|
||||
Use Quote2 AIK signature instead of Quote signature.
|
||||
|
||||
charon.plugins.imc-attestation.pcr_info = no
|
||||
libimcv.plugins.imc-attestation.pcr_info = no
|
||||
Whether to send pcr_before and pcr_after info.
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
charon.plugins.imc-os.device_cert =
|
||||
libimcv.plugins.imc-os.device_cert =
|
||||
Manually set the path to the client device certificate
|
||||
(e.g. /etc/pts/aikCert.der)
|
||||
|
||||
charon.plugins.imc-os.device_id =
|
||||
libimcv.plugins.imc-os.device_id =
|
||||
Manually set the client device ID in hexadecimal format
|
||||
(e.g. 1083f03988c9762703b1c1080c2e46f72b99cc31)
|
||||
|
||||
charon.plugins.imc-os.device_pubkey =
|
||||
libimcv.plugins.imc-os.device_pubkey =
|
||||
Manually set the path to the client device public key
|
||||
(e.g. /etc/pts/aikPub.der)
|
||||
|
||||
charon.plugins.imc-os.push_info = yes
|
||||
libimcv.plugins.imc-os.push_info = yes
|
||||
Send operating system info without being prompted.
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
charon.plugins.imc-scanner.push_info = yes
|
||||
libimcv.plugins.imc-scanner.push_info = yes
|
||||
Send open listening ports without being prompted.
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
charon.plugins.imc-swid.swid_directory = ${prefix}/share
|
||||
libimcv.plugins.imc-swid.swid_directory = ${prefix}/share
|
||||
Directory where SWID tags are located.
|
||||
|
||||
charon.plugins.imc-swid.swid_generator = /usr/local/bin/swid_generator
|
||||
libimcv.plugins.imc-swid.swid_generator = /usr/local/bin/swid_generator
|
||||
SWID generator command to be executed.
|
||||
|
||||
charon.plugins.imc-swid.pretty = FALSE
|
||||
libimcv.plugins.imc-swid.swid_pretty = FALSE
|
||||
Generate XML-encoded SWID tags with pretty indentation.
|
||||
|
||||
charon.plugins.imc-swid.full = FALSE
|
||||
libimcv.plugins.imc-swid.swid_full = FALSE
|
||||
Include file information in the XML-encoded SWID tags.
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
charon.plugins.imc-test.additional_ids = 0
|
||||
libimcv.plugins.imc-test.additional_ids = 0
|
||||
Number of additional IMC IDs.
|
||||
|
||||
charon.plugins.imc-test.command = none
|
||||
libimcv.plugins.imc-test.command = none
|
||||
Command to be sent to the Test IMV.
|
||||
|
||||
charon.plugins.imc-test.dummy_size = 0
|
||||
libimcv.plugins.imc-test.dummy_size = 0
|
||||
Size of dummy attribute to be sent to the Test IMV (0 = disabled).
|
||||
|
||||
charon.plugins.imc-test.retry = no
|
||||
libimcv.plugins.imc-test.retry = no
|
||||
Do a handshake retry.
|
||||
|
||||
charon.plugins.imc-test.retry_command =
|
||||
libimcv.plugins.imc-test.retry_command =
|
||||
Command to be sent to the Test IMV in the handshake retry.
|
||||
|
|
|
@ -1,32 +1,32 @@
|
|||
charon.plugins.imv-attestation.cadir =
|
||||
libimcv.plugins.imv-attestation.cadir =
|
||||
Path to directory with AIK cacerts.
|
||||
|
||||
charon.plugins.imv-attestation.mandatory_dh_groups = yes
|
||||
libimcv.plugins.imv-attestation.mandatory_dh_groups = yes
|
||||
Enforce mandatory Diffie-Hellman groups.
|
||||
|
||||
charon.plugins.imv-attestation.dh_group = ecp256
|
||||
libimcv.plugins.imv-attestation.dh_group = ecp256
|
||||
Preferred Diffie-Hellman group.
|
||||
|
||||
charon.plugins.imv-attestation.hash_algorithm = sha256
|
||||
libimcv.plugins.imv-attestation.hash_algorithm = sha256
|
||||
Preferred measurement hash algorithm.
|
||||
|
||||
charon.plugins.imv-attestation.min_nonce_len = 0
|
||||
libimcv.plugins.imv-attestation.min_nonce_len = 0
|
||||
DH minimum nonce length.
|
||||
|
||||
charon.plugins.imc-attestation.pcr17_after
|
||||
libimcv.plugins.imc-attestation.pcr17_after
|
||||
Dummy data if the TBOOT log is not retrieved.
|
||||
|
||||
charon.plugins.imc-attestation.pcr17_before
|
||||
libimcv.plugins.imc-attestation.pcr17_before
|
||||
Dummy data if the TBOOT log is not retrieved.
|
||||
|
||||
charon.plugins.imc-attestation.pcr17_meas
|
||||
libimcv.plugins.imc-attestation.pcr17_meas
|
||||
Dummy data if the TBOOT log is not retrieved.
|
||||
|
||||
charon.plugins.imc-attestation.pcr18_after
|
||||
libimcv.plugins.imc-attestation.pcr18_after
|
||||
Dummy data if the TBOOT log is not retrieved.
|
||||
|
||||
charon.plugins.imc-attestation.pcr18_before
|
||||
libimcv.plugins.imc-attestation.pcr18_before
|
||||
Dummy data if the TBOOT log is not retrieved.
|
||||
|
||||
charon.plugins.imc-attestation.pcr18_meas
|
||||
libimcv.plugins.imc-attestation.pcr18_meas
|
||||
Dummy data if the TBOOT log is not retrieved.
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
charon.plugins.imv-os.remediation_uri =
|
||||
libimcv.plugins.imv-os.remediation_uri =
|
||||
URI pointing to operating system remediation instructions.
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
charon.plugins.imv-scanner.remediation_uri =
|
||||
libimcv.plugins.imv-scanner.remediation_uri =
|
||||
URI pointing to scanner remediation instructions.
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
libimcv.plugins.imv-swid.rest_api_uri =
|
||||
HTTP URI of the SWID REST API.
|
||||
|
||||
libimcv.plugins.imc-swid.rest_api_timeout = 120
|
||||
Timeout of SWID REST API HTTP POST transaction.
|
|
@ -1,2 +1,2 @@
|
|||
charon.plugins.imv-test.rounds = 0
|
||||
libimcv.plugins.imv-test.rounds = 0
|
||||
Number of IMC-IMV retry rounds.
|
||||
|
|
Loading…
Reference in New Issue