From b8d3971124b5b2ecccaf727ecc48ba94b531df8e Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Fri, 4 Nov 2016 22:34:21 -0600
Subject: [PATCH] Add TPM documentation

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---
 www/Makefile.am        |  2 +-
 www/menu2-features.xml |  1 +
 www/tpm.xml            | 29 +++++++++++++++++++++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 www/tpm.xml

diff --git a/www/Makefile.am b/www/Makefile.am
index 713942c1..51a242ba 100644
--- a/www/Makefile.am
+++ b/www/Makefile.am
@@ -3,7 +3,7 @@
 SUBDIRS = styles inc images
 CONV 	= "$(srcdir)/html.py"
 
-FTR_PAGES = csd.html charset.html token.html pkcs11.html features.html gui.html nonroot.html
+FTR_PAGES = csd.html charset.html token.html pkcs11.html tpm.html features.html gui.html nonroot.html
 START_PAGES = building.html connecting.html manual.html vpnc-script.html 
 INDEX_PAGES = changelog.html download.html index.html packages.html platforms.html
 PROTO_PAGES = anyconnect.html juniper.html
diff --git a/www/menu2-features.xml b/www/menu2-features.xml
index e10c9f1d..112bf794 100644
--- a/www/menu2-features.xml
+++ b/www/menu2-features.xml
@@ -7,5 +7,6 @@
 	<MENU topic="Character sets" link="charset.html" mode="VAR_SEL_FEATURE_CHARSET" />
 	<MENU topic="One Time Passwords" link="token.html" mode="VAR_SEL_FEATURE_TOKEN" />
 	<MENU topic="Smart Cards / PKCS#11" link="pkcs11.html" mode="VAR_SEL_FEATURE_PKCS11" />
+	<MENU topic="Trusted Platform Module (TPM)" link="tpm.html" mode="VAR_SEL_FEATURE_TPM" />
 	<ENDMENU />
 </PAGE>
diff --git a/www/tpm.xml b/www/tpm.xml
new file mode 100644
index 00000000..d1f8994e
--- /dev/null
+++ b/www/tpm.xml
@@ -0,0 +1,29 @@
+<PAGE>
+	<INCLUDE file="inc/header.tmpl" />
+
+	<VAR match="VAR_SEL_FEATURES" replace="selected" />
+	<VAR match="VAR_SEL_FEATURE_TPM" replace="selected" />
+	<PARSE file="menu1.xml" />
+	<PARSE file="menu2-features.xml" />
+
+	<INCLUDE file="inc/content.tmpl" />
+
+<h1>Trusted Platform Module (TPM) support</h1>
+
+<p>OpenConnect supports the use of private keys secured or "wrapped" by a TPM.
+These keys appear in the form of a PEM file marked with the tag:
+<pre>-----BEGIN TSS KEY BLOB-----</pre>
+These files can be created by the <tt>create_tpm_key</tt> tool which is
+part of the
+<a href="https://sourceforge.net/p/trousers/openssl_tpm_engine">OpenSSL
+TPM ENGINE</a> or the <a href="https://www.gnutls.org/manual/html_node/tpmtool-Invocation.html">tpmtool</a> which is part of the GnuTLS distribution.</p>
+
+<p>Use of TPM-wrapped keys is entirely transparent with GnuTLS. If built with
+TPM support, OpenConnect will automatically use the TPM when presented with
+an approprate PEM file with a TPM-wrapped key.</p>
+<p>For OpenSSL, the TPM ENGINE must be installed correctly on the system,
+and OpenConnect will load and use it automatically when appropriate.
+</p>
+
+<INCLUDE file="inc/footer.tmpl" />
+</PAGE>
-- 
2.49.0