mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-28 00:38:56 +00:00
112 lines
2.0 KiB
Groff
112 lines
2.0 KiB
Groff
|
.TH TPM_MODULE 1 "January 11, 2018"
|
||
|
|
||
|
.sp 1
|
||
|
.SH NAME
|
||
|
tpm_module \- interact with the TPM
|
||
|
.SH SYNOPSIS
|
||
|
.B tpm_module
|
||
|
[\-m <mode>] [\-options]
|
||
|
.SH DESCRIPTION
|
||
|
Provide various modes for interacting with the TPM.
|
||
|
.SH MODES
|
||
|
1 Take Ownership of TPM
|
||
|
.br
|
||
|
2 Change Owner Authorization Data
|
||
|
.br
|
||
|
3 Clear Ownership (Disables TPM)
|
||
|
.br
|
||
|
4 Create EK
|
||
|
.br
|
||
|
5 Change SRK Authorization Data
|
||
|
.br
|
||
|
6 Collate Identity Request (Create Identity Key)
|
||
|
.br
|
||
|
7 Activate Identity (Create Identity Key Certificate)
|
||
|
.br
|
||
|
8 Quote
|
||
|
.br
|
||
|
9 Quote 2
|
||
|
.br
|
||
|
10 Seal Data (Encrypt Data to Current Platform State)
|
||
|
.br
|
||
|
11 Seal 2 (Seal Against Future PCRs)
|
||
|
.br
|
||
|
12 Unseal Data
|
||
|
.br
|
||
|
13 Generate Random Bytes
|
||
|
.br
|
||
|
14 Create Signing, Binding, or Storage Key
|
||
|
.br
|
||
|
15 Change Key Authorization Data
|
||
|
.br
|
||
|
16 Get Keyblob
|
||
|
.br
|
||
|
17 Get Key Modulus
|
||
|
.br
|
||
|
18 Clear Key
|
||
|
.br
|
||
|
19 Get PCR
|
||
|
.br
|
||
|
20 Extend PCR (Update PCR Value)
|
||
|
.br
|
||
|
21 Clear PCR
|
||
|
.br
|
||
|
22 Set NVRAM Data
|
||
|
.br
|
||
|
23 Get NVRAM Data
|
||
|
.br
|
||
|
24 Clear NVRAM Data
|
||
|
.br
|
||
|
25 Sign Data
|
||
|
.br
|
||
|
26 Verify Signed Data
|
||
|
.br
|
||
|
27 Bind
|
||
|
.br
|
||
|
28 Unbind
|
||
|
.br
|
||
|
29 Get Public Key
|
||
|
.SH OPTIONS
|
||
|
.B \-h, \-\-help
|
||
|
.IP
|
||
|
display help, use with -m to see help/options for individual modes
|
||
|
.P
|
||
|
.B \-v, \-\-version
|
||
|
.IP
|
||
|
display software version info
|
||
|
.P
|
||
|
.B \-d, \-\-debug
|
||
|
.IP
|
||
|
enable console debugging
|
||
|
.P
|
||
|
.B \-f, \-\-file
|
||
|
.IP
|
||
|
write debugging info to file
|
||
|
.P
|
||
|
.B \-z, \-\-zeros
|
||
|
.IP
|
||
|
fill in authdata with zeroes
|
||
|
.P
|
||
|
.B \-r, \-\-readable
|
||
|
.IP
|
||
|
make output human-readable with delimiters
|
||
|
.P
|
||
|
.B \-nr, \-\-nonce_random
|
||
|
.IP
|
||
|
populate nonce with TPM's random byte generator
|
||
|
.SH EXAMPLES
|
||
|
Take ownership of TPM using a specific nonce and zeroes for auth data:
|
||
|
.IP
|
||
|
tpm_module \-m 1 \-n 0123456789012345678901234567890123456789 \-z
|
||
|
.P
|
||
|
Get help with collate identity request mode:
|
||
|
.IP
|
||
|
tpm_module \-m 6 \-h
|
||
|
.P
|
||
|
Generate a quote2 using the first 16 PCRs, random nonce, identity key with
|
||
|
simple UUID, and omitted SRK auth as zeroes:
|
||
|
.IP
|
||
|
tpm_module \-m 9 \-p ffff00 \-nr \-u 00000000\-0000\-0000\-0000\-040000000001 \-authp_ik password \-z
|
||
|
.SH SEE ALSO
|
||
|
hirs-provisioner(1)
|