Provided by: libtss2-doc_3.2.1-3ubuntu1_all bug

SEE ALSO
       fapi-profile(5)


DESCRIPTION
       FAPI configuration file

       The FAPI parameters which can be adjusted via the configuration file are;

       • profile_name:  Name  of  the  default  cryptographic profile chosen from the profile_dir
         directory.

       • profile_dir: Directory that contains all cryptographic profiles known to FAPI.

       • user_dir: The directory where user objects are stored.

       • system_dir: The directory where system  objects,  policies,  and  imported  objects  are
         stored.

       • tcti: The TCTI interface which will be used.

       • system_pcrs: The PCR registers which are used by the system.

       • log_dir: The directory for the event log.

       • ek_cert_less: A switch to disable certificate verification (optional).

       • ek_fingerprint: The fingerprint of the endorsement key (optional).

       If not otherwise specified during TSS installation, the default location for the exemplary
       profiles is /etc/tpm2-tss/profiles/ and /etc/tpm2-tss/ for the  FAPI  configuration  file.
       The  environment variable TSS2_FAPICONF can be used to set an alternative pathname for the
       FAPI configuration file.


EXAMPLES
       The FAPI configuration file is JSON encoded:

              {
                   "profile_name": "P_ECCP256SHA256",
                   "profile_dir": "/etc/tpm2-tss/fapi-profiles/",
                   "user_dir": "~/.local/share/tpm2-tss/user/keystore/",
                   "system_dir": "/home/myhome/keystore/system/keystore",
                   "tcti": "",
                   "system_pcrs" : [0, 1, 2, 3, 4, 5, 6, 7],
                   "log_dir" : "/home/myhome/eventlog/"
              }

       For this example the default TCTI of the system will be used.  The  certificates  for  the
       stored  endorsement  keys  will be checked.  If the certificate checking is not needed the
       option:

       "ek_cert_less": "yes" can be added to  the  config  file.   Alternative  to  the  standard
       certificate checking a fingerprint (hash of the public key) for the stored endorsement key
       can be defined in the config file:

       "ek_fingerprint":  {     "hashAlg" : "sha256",     "digest" : "9e56...214d"     }


COLOPHON
       This page is part of release 3.2.1 of Open Source implementation of the TCG TPM2  Software
       Stack  (TSS2).  A  description  of  the project, information about reporting bugs, and the
       latest version of this page can be found at https://github.com/tpm2-software/tpm2-tss/.