Admin creates the primary key by calling utility script create_primary.sh on the tpm capable host. Provides the key password to the OOM which will be passed on to the CA container for key import.
Distribution center container
INPUT
This container expects list of SRK public keys for each host under ~/volume/host_<host name>/out_parent_public and passphrase under ~/volume/passphrase
...
Encrypted private key and certificate under mount ~/volume
ca.cert
privkey.pem.gpg
TABRMD-INIT container
INPUT
This container expects encrypted password and passphrase srkhandle and tpm_status.yaml under ~/volume/host_<host name> mountname>
passwordsrkhandle
passphrase
tpm_status.yaml
OUTPUT
This will output SRK public key under ~/volume/host_<host name>/out_parent_public and updates tpm_status.yaml file
CA Container
INPUT
upin and sopin under ~/volume/host_<hostname>
upin
sopin
This container expects following files under ~/volume/host_<host name> for TPM capable host
srkhandle
password.txt.gpg - TPM import key password
password - passphrase
ca.cert
dupEncKey
dupPriv
dupPub
dupSymseed
Expects following files under ~/vloume/host_<host name> for Softhsm only system
ca.cert
privkey-passphrase
privkey.pem.gpg
OUTPUT
none