SYSTEMD-TPM2-SWTPM.SERVICE(8)                       systemd-tpm2-swtpm.service

NAME
       systemd-tpm2-swtpm.service, systemd-tpm2-swtpm - Provide a fallback
       software TPM

SYNOPSIS
       systemd-tpm2-swtpm.service

       /usr/lib/systemd/systemd-tpm2-swtpm

DESCRIPTION
       The systemd-tpm2-swtpm.service provides fallback software TPM
       functionality, intended for use in environments where a discrete or
       firmware TPM ("hardware TPM") is not available. It is pulled into the
       boot process by systemd-tpm2-generator(8) if a hardware TPM is not
       available, and the system is configured to provide a software TPM in
       that case.

       Note that a software TPM provides only very weak security properties
       compared to a hardware TPM, and hence should only be used as a fallback
       mechanism if a hardware TPM is not available but TPM semantics are
       desired. This service ultimately wraps swtpm(8).

       If the boot secret /.extra/boot-secret (in the initrd) or
       /run/systemd/stub/boot-secret (on the host) is available the software
       TPM NVRAM storage is encrypted with this key. See systemd-stub(7) for
       details.

       The TPM NVRAM storage is placed on the EFI System Partition as it needs
       to be accessible during very early boot-up, in particular before the
       root file system is decrypted and mounted.

SEE ALSO
       systemd(1), systemd-tpm2-generator(8), swtpm(8), systemd-stub(7)

systemd 261                                      SYSTEMD-TPM2-SWTPM.SERVICE(8)