Add TPM documentation

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/www/Makefile.am b/www/Makefile.am
index 713942c1e01c79e0635c9d3c366e3eaea951b73c..51a242babe4c9e8f236226426bacba1243b447b3 100644 (file)
--- a/www/Makefile.am
+++ b/www/Makefile.am
@@ -3,7 +3,7 @@
 SUBDIRS = styles inc images
 CONV   = "$(srcdir)/html.py"
 
-FTR_PAGES = csd.html charset.html token.html pkcs11.html features.html gui.html nonroot.html
+FTR_PAGES = csd.html charset.html token.html pkcs11.html tpm.html features.html gui.html nonroot.html
 START_PAGES = building.html connecting.html manual.html vpnc-script.html 
 INDEX_PAGES = changelog.html download.html index.html packages.html platforms.html
 PROTO_PAGES = anyconnect.html juniper.html

diff --git a/www/menu2-features.xml b/www/menu2-features.xml
index e10c9f1db42a12f48a47eb54793ca7ee059b39a2..112bf794d6e51963b2bbc9462ff754e038c7e253 100644 (file)
--- a/www/menu2-features.xml
+++ b/www/menu2-features.xml
@@ -7,5 +7,6 @@
        <MENU topic="Character sets" link="charset.html" mode="VAR_SEL_FEATURE_CHARSET" />
        <MENU topic="One Time Passwords" link="token.html" mode="VAR_SEL_FEATURE_TOKEN" />
        <MENU topic="Smart Cards / PKCS#11" link="pkcs11.html" mode="VAR_SEL_FEATURE_PKCS11" />
+       <MENU topic="Trusted Platform Module (TPM)" link="tpm.html" mode="VAR_SEL_FEATURE_TPM" />
        <ENDMENU />
 </PAGE>

diff --git a/www/tpm.xml b/www/tpm.xml
new file mode 100644 (file)
index 0000000..d1f8994
--- /dev/null
+++ b/www/tpm.xml
@@ -0,0 +1,29 @@
+<PAGE>
+       <INCLUDE file="inc/header.tmpl" />
+
+       <VAR match="VAR_SEL_FEATURES" replace="selected" />
+       <VAR match="VAR_SEL_FEATURE_TPM" replace="selected" />
+       <PARSE file="menu1.xml" />
+       <PARSE file="menu2-features.xml" />
+
+       <INCLUDE file="inc/content.tmpl" />
+
+<h1>Trusted Platform Module (TPM) support</h1>
+
+<p>OpenConnect supports the use of private keys secured or "wrapped" by a TPM.
+These keys appear in the form of a PEM file marked with the tag:
+<pre>-----BEGIN TSS KEY BLOB-----</pre>
+These files can be created by the <tt>create_tpm_key</tt> tool which is
+part of the
+<a href="https://sourceforge.net/p/trousers/openssl_tpm_engine">OpenSSL
+TPM ENGINE</a> or the <a href="https://www.gnutls.org/manual/html_node/tpmtool-Invocation.html">tpmtool</a> which is part of the GnuTLS distribution.</p>
+
+<p>Use of TPM-wrapped keys is entirely transparent with GnuTLS. If built with
+TPM support, OpenConnect will automatically use the TPM when presented with
+an approprate PEM file with a TPM-wrapped key.</p>
+<p>For OpenSSL, the TPM ENGINE must be installed correctly on the system,
+and OpenConnect will load and use it automatically when appropriate.
+</p>
+
+<INCLUDE file="inc/footer.tmpl" />
+</PAGE>