1tpm2_nvlist(1) General Commands Manual tpm2_nvlist(1)
2
6 tpm2_nvlist(1) - display all defined Non-Volatile (NV)s indices.
7 SYNOPSIS
9 tpm2_nvlist [OPTIONS]
10 DESCRIPTION
12 tpm2_nvlist(1) - display all defined Non-Volatile (NV)s indices to std‐
13 out in a YAML format.
14 Display metadata for all defined NV indices. Metadata includes:
16 · The size of the defined region.
18 · The hash algorithm used to compute the name of the index.
20 · The auth policy.
22 · The NV attributes as defined in section “NV Attributes”.
24 Example Output:
26 0x1500015:
28 hash algorithm:
29 friendly: sha256
30 value: 0xB
31 attributes:
32 friendly: ownerwrite|ownerread
33 value: 0x2000200
34 size: 32
35 authorization policy:
36 0x1500017:
38 hash algorithm:
39 friendly: sha256
40 value: 0xB
41 attributes:
42 friendly: ownerwrite|ownerread
43 value: 0x2000200
44 size: 32
45 authorization policy:
46
48 This tool takes no tool specific options.
49
51 This collection of options are common to many programs and provide in‐
52 formation that many users may expect.
53 · -h, –help: Display the tools manpage. This requires the manpages to
55 be installed or on MANPATH, See man(1) for more details.
56 · -v, –version: Display version information for this tool, supported
58 tctis and exit.
59 · -V, –verbose: Increase the information that the tool prints to the
61 console during its execution. When using this option the file and
62 line number are printed.
63 · -Q, –quiet: Silence normal tool output to stdout.
65 · -Z, –enable-errata: Enable the application of errata fixups. Useful
67 if an errata fixup needs to be applied to commands sent to the TPM.
68 # TCTI ENVIRONMENT
69 This collection of environment variables that may be used to configure
71 the various TCTI modules available.
72 The values passed through these variables can be overridden on a
74 per-command basis using the available command line options, see the TC‐
75 TI_OPTIONS section.
76 The variables respected depend on how the software was configured.
78 · TPM2TOOLS_TCTI_NAME: Select the TCTI used for communication with the
80 next component down the TSS stack. In most configurations this will
81 be the TPM but it could be a simulator or proxy. The current known
82 TCTIs are:
83 · tabrmd - The new resource manager, called tabrmd
85 (https://github.com/01org/tpm2-abrmd).
86 · socket - Typically used with the old resource manager, or talking
88 directly to a simulator.
89 · device - Used when talking directly to a TPM device file.
91 · TPM2TOOLS_DEVICE_FILE: When using the device TCTI, specify the TPM
93 device file. The default is “/dev/tpm0”.
94 Note: Using the tpm directly requires the users to ensure that con‐
96 current access does not occur and that they manage the tpm resources.
97 These tasks are usually managed by a resource manager. Linux 4.12
98 and greater supports an in kernel resource manager at “/dev/tpmrm”,
99 typically “/dev/tpmrm0”.
100 · TPM2TOOLS_SOCKET_ADDRESS: When using the socket TCTI, specify the do‐
102 main name or IP address used. The default is 127.0.0.1.
103 · TPM2TOOLS_SOCKET_PORT: When using the socket TCTI, specify the port
105 number used. The default is 2321.
106
108 This collection of options are used to configure the varous TCTI mod‐
109 ules available. They override any environment variables.
110 · -T, –tcti=TCTI_NAME[:TCTI_OPTIONS]: Select the TCTI used for communi‐
112 cation with the next component down the TSS stack. In most configu‐
113 rations this will be the resource manager: tabrmd
114 (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific op‐
115 tions can appended to TCTI_NAME by appending a : to TCTI_NAME.
116 · For the device TCTI, the TPM device file for use by the device TCTI
118 can be specified. The default is /dev/tpm0. Example: -T de‐
119 vice:/dev/tpm0
120 · For the socket TCTI, the domain name or IP address and port number
122 used by the socket can be specified. The default are 127.0.0.1 and
123 2321. Example: -T socket:127.0.0.1:2321
124 · For the abrmd TCTI, it takes no options. Example: -T abrmd
126
128 NV Attributes are used to control various properties of the NV defined
129 space. When specified as an option, either the raw bitfield mask or
130 “nice-names” may be used. The values can be found in Table 204 Part 2
131 of the TPM2.0 specification, which can be found here:
132 <https://trustedcomputinggroup.org/wp-content/uploads/TPM-
134 Rev-2.0-Part-2-Structures-01.38.pdf>
135 Nice names are calculated by taking the name field of table 204 and re‐
137 moving the prefix TPMA_NV_ and lowercasing the result. Thus, TP‐
138 MA_NV_PPWRITE becomes ppwrite. Nice names can be joined using the bit‐
139 wise or “|” symbol.
140 Note that the TPM_NT field is 4 bits wide, and thus can be set via nt=
142 format. For instance, to set The fields TPMA_NV_OWNERREAD, TP‐
143 MA_NV_OWNERWRITE, TPMA_NV_POLICYWRITE, and TPMA_NT = 0x3, the argument
144 would be:
145 ownerread|ownerwrite|policywrite|nt=0x3 # EXAMPLES
147 To list the defined NV indeces to stdout:
149 tpm2_nvlist
151
153 0 on success or 1 on failure.
154
156 Github Issues (https://github.com/01org/tpm2-tools/issues)
157
159 See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
160tpm2-tools SEPTEMBER 2017 tpm2_nvlist(1)