{"id":22700210,"url":"https://github.com/simp/pupmod-simp-tpm2","last_synced_at":"2025-10-06T20:05:55.277Z","repository":{"id":33544567,"uuid":"134616637","full_name":"simp/pupmod-simp-tpm2","owner":"simp","description":"SIMP Puppet module to manage TPM 2.0 devices and the tpm2-tools software","archived":false,"fork":false,"pushed_at":"2025-09-25T17:02:12.000Z","size":235,"stargazers_count":0,"open_issues_count":3,"forks_count":11,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-10-02T21:42:04.981Z","etag":null,"topics":["puppet","simp","tpm","tpm2"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/simp.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-05-23T19:30:52.000Z","updated_at":"2025-09-25T16:58:51.000Z","dependencies_parsed_at":"2025-04-13T05:53:44.569Z","dependency_job_id":"1575d7bd-1780-4a35-9caf-9844170101a4","html_url":"https://github.com/simp/pupmod-simp-tpm2","commit_stats":{"total_commits":51,"total_committers":6,"mean_commits":8.5,"dds":"0.33333333333333337","last_synced_commit":"93a58bf7446aedf02217bc1ae7dc34ea9bc9f7ce"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/simp/pupmod-simp-tpm2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-tpm2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-tpm2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-tpm2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-tpm2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/simp","download_url":"https://codeload.github.com/simp/pupmod-simp-tpm2/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-tpm2/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278239970,"owners_count":25954097,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-03T02:00:06.070Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["puppet","simp","tpm","tpm2"],"created_at":"2024-12-10T06:10:29.014Z","updated_at":"2025-10-06T20:05:55.247Z","avatar_url":"https://github.com/simp.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![License](https://img.shields.io/:license-apache-blue.svg)](http://www.apache.org/licenses/LICENSE-2.0.html)\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/73/badge)](https://bestpractices.coreinfrastructure.org/projects/73)\n[![Puppet Forge](https://img.shields.io/puppetforge/v/simp/tpm2.svg)](https://forge.puppetlabs.com/simp/tpm2)\n[![Puppet Forge Downloads](https://img.shields.io/puppetforge/dt/simp/tpm2.svg)](https://forge.puppetlabs.com/simp/tpm2)\n[![Build Status](https://travis-ci.org/simp/pupmod-simp-tpm2.svg)](https://travis-ci.org/simp/pupmod-simp-tpm2)\n\n#### Table of Contents\n\n\u003c!-- vim-markdown-toc GFM --\u003e\n\n* [Description](#description)\n  * [This is a SIMP module](#this-is-a-simp-module)\n* [Setup](#setup)\n  * [What tpm2 affects](#what-tpm2-affects)\n  * [Beginning with tpm2](#beginning-with-tpm2)\n* [Usage](#usage)\n* [Limitations](#limitations)\n* [Reference](#reference)\n* [Development](#development)\n  * [Acceptance tests](#acceptance-tests)\n    * [TPM2 simulator](#tpm2-simulator)\n    * [Debug](#debug)\n    * [Environment variables](#environment-variables)\n\n\u003c!-- vim-markdown-toc --\u003e\n## Description\n\nThis module manages TPM 2.0 devices and the `tpm2-tools` software.\n\n### This is a SIMP module\n\nThis module is a component of the [System Integrity Management Platform][simp],\na compliance-management framework built on Puppet.\n\nIf you find any issues, they may be submitted to our [bug\ntracker][simp-bug-tracker].\n\n\nThis module is optimally designed for use within a larger SIMP ecosystem, but\nit can be used independently:\n\n * When included within the SIMP ecosystem, security compliance settings will\n   be managed from the Puppet server.\n * If used independently, all SIMP-managed security subsystems are disabled by\n   default and must be explicitly opted into by administrators.  Please review\n   the parameters in\n   [`simp/simp_options`](https://github.com/simp/pupmod-simp-simp_options) for\n   details.\n\n## Setup\n\n### What tpm2 affects\n\nThe **tpm2** module manages:\n\n* [`tpm2-software`][tpm2-software] packages and services (e.g., [`tpm2-tools`][tpm2-tools], etc.,)\n* The `tpm2` Facter fact\n* **TODO**: Ownership of a TPM2 device's endorsement hierarchy\n\n\n### Beginning with tpm2\n\n```puppet\ninclude 'tpm2'\n```\n\n## Usage\n\nTo set the authentication passwords on the system:\n\nInclude the tpm module and set the following in hiera:\n\nNote: You must indicate the desired status of all three authentications settings.\nIf using tpm2_tools version 4 or later you can use ignore to skip any of the settings.\nOtherwise they must each be set to  'clear' or 'set'.\n\ntpm2::take_ownership: true\ntpm2::ownership::owner: set\ntpm2::ownership::lock:  set\ntpm2::ownership::endorsement: set\n\nThe passwords will default to automatically generated passwords using passgen.  If\nyou want to set them to specific passwords then set them in hiera using the\nfollowing settings (it expects a minumum password length of 14 charaters):\n\ntpm2::ownership::owner_auth: 'MyOwnerPassword'\ntpm2::ownership::lock_auth:  'MyLockPassword'\ntpm2::ownership::endorse_autt: 'MyEndorsePassword'\n\n\n\n## Limitations\n\nThe tpm2_takeownership module cannot be used to change the current password. It would\ncontinually try to reset the password and would lock out the TPM.  It should be used\nto initialized or clear the TPM only.\n\nIf the tpm2_tools are not installed it will take 2 passes to set or clear the authentication\nsettings because it must first determine the version of tpm2_getcap installed.  The \ntpm2::ownership modules can be use directly if you know what version of the tools will be installed.\nSee the examples in the modules.\n\n\nSIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux\nand compatible distributions, such as CentOS. Please see the\n[`metadata.json` file](./metadata.json) for the most up-to-date list of\nsupported operating systems, Puppet versions, and module dependencies.\n\n## Reference\n\nSee [REFERENCE.md](./REFERENCE.md) for API documentation.\n\n## Development\n\nPlease read our [Contribution Guide](https://simp.readthedocs.io/en/stable/contributors_guide/index.html).\n\n### Acceptance tests\n\nThis module includes [Beaker](https://github.com/puppetlabs/beaker) acceptance\ntests using the SIMP [Beaker Helpers](https://github.com/simp/rubygem-simp-beaker-helpers).\nBy default the tests use [Vagrant](https://www.vagrantup.com/) with\n[VirtualBox](https://www.virtualbox.org) as a back-end; Vagrant and VirtualBox\nmust both be installed to run these tests without modification. To execute the\ntests run the following:\n\n```shell\nbundle install\nbundle exec rake beaker:suites\n```\n\n#### TPM2 simulator\n\nThe acceptance tests spin up a tpm2-simulator.  These simulators have been\ncompiled and package by simp and are available in the simp-project\nrepos, https://download.simp-project.com/simp/yum/.  See the spec/acceptance/nodesets\nfor the exact repo.\n\n#### Debug\n\nThe TPM2 developers provide a debug flag. Set the environemnt variable\nG_MESSAGES_DEBUG=all and run tpm2-abrmd in a terminal.\n\n#### Environment variables\n\n\n* `BEAKER_download_pre_suite_rpms` When '`yes`', downloads a tarball of RPMs to install before running the first Beaker suite\n\n* `BEAKER_tpm2_rpms_tarball_url`\n\n**FIXME:** Ensure the *Acceptance tests* section is correct and complete, including any module-specific instructions, and remove this message!\n\nPlease refer to the [SIMP Beaker Helpers documentation](https://github.com/simp/rubygem-simp-beaker-helpers/blob/master/README.md)\nfor more information.\n\n[simp]: https://simp-project.com\n[simp-bug-tracker]: https://simp-project.atlassian.net/\n[tpm2-tools]: https://github.com/tpm2-software/tpm2-toolso\n[tpm2-software]: https://github.com/tpm2-software/\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimp%2Fpupmod-simp-tpm2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimp%2Fpupmod-simp-tpm2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimp%2Fpupmod-simp-tpm2/lists"}