HIRS/tpm_module/man/tpm_module.1

112 lines
2.0 KiB
Groff
Raw Permalink Normal View History

2018-09-06 13:47:33 +00:00
.TH TPM_MODULE 1 "January 11, 2018"
.sp 1
.SH NAME
tpm_module \- interact with the TPM
.SH SYNOPSIS
.B tpm_module
[\-m <mode>] [\-options]
.SH DESCRIPTION
Provide various modes for interacting with the TPM.
.SH MODES
1 Take Ownership of TPM
.br
2 Change Owner Authorization Data
.br
3 Clear Ownership (Disables TPM)
.br
4 Create EK
.br
5 Change SRK Authorization Data
.br
6 Collate Identity Request (Create Identity Key)
.br
7 Activate Identity (Create Identity Key Certificate)
.br
8 Quote
.br
9 Quote 2
.br
10 Seal Data (Encrypt Data to Current Platform State)
.br
11 Seal 2 (Seal Against Future PCRs)
.br
12 Unseal Data
.br
13 Generate Random Bytes
.br
14 Create Signing, Binding, or Storage Key
.br
15 Change Key Authorization Data
.br
16 Get Keyblob
.br
17 Get Key Modulus
.br
18 Clear Key
.br
19 Get PCR
.br
20 Extend PCR (Update PCR Value)
.br
21 Clear PCR
.br
22 Set NVRAM Data
.br
23 Get NVRAM Data
.br
24 Clear NVRAM Data
.br
25 Sign Data
.br
26 Verify Signed Data
.br
27 Bind
.br
28 Unbind
.br
29 Get Public Key
.SH OPTIONS
.B \-h, \-\-help
.IP
display help, use with -m to see help/options for individual modes
.P
.B \-v, \-\-version
.IP
display software version info
.P
.B \-d, \-\-debug
.IP
enable console debugging
.P
.B \-f, \-\-file
.IP
write debugging info to file
.P
.B \-z, \-\-zeros
.IP
fill in authdata with zeroes
.P
.B \-r, \-\-readable
.IP
make output human-readable with delimiters
.P
.B \-nr, \-\-nonce_random
.IP
populate nonce with TPM's random byte generator
.SH EXAMPLES
Take ownership of TPM using a specific nonce and zeroes for auth data:
.IP
tpm_module \-m 1 \-n 0123456789012345678901234567890123456789 \-z
.P
Get help with collate identity request mode:
.IP
tpm_module \-m 6 \-h
.P
Generate a quote2 using the first 16 PCRs, random nonce, identity key with
simple UUID, and omitted SRK auth as zeroes:
.IP
tpm_module \-m 9 \-p ffff00 \-nr \-u 00000000\-0000\-0000\-0000\-040000000001 \-authp_ik password \-z
.SH SEE ALSO
hirs-provisioner(1)