1tpm2_nvwrite(1)             General Commands Manual            tpm2_nvwrite(1)
2
3
4

NAME

6       tpm2_nvwrite(1) - Write data to a Non-Volatile (NV) index.
7

SYNOPSIS

9       tpm2_nvwrite [OPTIONS] FILE
10

DESCRIPTION

12       tpm2_nvwrite(1)  - Write data specified via FILE to a Non-Volatile (NV)
13       index.  If FILE is not specified, it defaults to stdout.
14

OPTIONS

16       · -x, –index=NV_INDEX: Specifies the index to define the space at.
17
18       · -o, –offset=OFFSET: The offset within the NV index to  start  writing
19         at.
20
21       · -a,  –auth-handle=SECRET_DATA_FILE:  specifies the handle used to au‐
22         thorize:
23
24         · 0x40000001 for TPM_RH_OWNER
25
26         · 0x4000000C for TPM_RH_PLATFORM
27
28       · -P, –handle-passwd=HANDLE_PASSWORD: specifies the password  of  auth‐
29         Handle.   Passwords should follow the “password formatting standards,
30         see section”Password Formatting“.
31
32       · -S, –input-session-handle=SIZE: Optional Input session handle from  a
33         policy session for authorization.
34
35       · -L, –set-list==PCR_SELECTION_LIST:
36
37         The  list  of  pcr  banks and selected PCRs' ids.  PCR_SELECTION_LIST
38         values should follow the pcr bank specifiers standards,  see  section
39         “PCR Bank Specfiers”.
40
41       · -F,**–pcr-input-file=PCR_INPUT_FILE
42
43         Optional  Path or Name of the file containing expected pcr values for
44         the specified index.  Default is to read the current PCRs per the set
45         list.
46

COMMON OPTIONS

48       This  collection of options are common to many programs and provide in‐
49       formation that many users may expect.
50
51       · -h, –help: Display the tools manpage.  This requires the manpages  to
52         be installed or on MANPATH, See man(1) for more details.
53
54       · -v,  –version:  Display  version information for this tool, supported
55         tctis and exit.
56
57       · -V, –verbose: Increase the information that the tool  prints  to  the
58         console  during  its  execution.  When using this option the file and
59         line number are printed.
60
61       · -Q, –quiet: Silence normal tool output to stdout.
62
63       · -Z, –enable-errata: Enable the application of errata fixups.   Useful
64         if  an  errata fixup needs to be applied to commands sent to the TPM.
65         # TCTI ENVIRONMENT
66
67       This collection of environment variables that may be used to  configure
68       the various TCTI modules available.
69
70       The  values  passed  through  these  variables  can  be overridden on a
71       per-command basis using the available command line options, see the TC‐
72       TI_OPTIONS section.
73
74       The variables respected depend on how the software was configured.
75
76       · TPM2TOOLS_TCTI_NAME:  Select the TCTI used for communication with the
77         next component down the TSS stack.  In most configurations this  will
78         be  the  TPM but it could be a simulator or proxy.  The current known
79         TCTIs are:
80
81         · tabrmd   -   The    new    resource    manager,    called    tabrmd
82           (https://github.com/01org/tpm2-abrmd).
83
84         · socket  -  Typically used with the old resource manager, or talking
85           directly to a simulator.
86
87         · device - Used when talking directly to a TPM device file.
88
89       · TPM2TOOLS_DEVICE_FILE: When using the device TCTI,  specify  the  TPM
90         device file.  The default is “/dev/tpm0”.
91
92         Note:  Using  the tpm directly requires the users to ensure that con‐
93         current access does not occur and that they manage the tpm resources.
94         These  tasks  are  usually managed by a resource manager.  Linux 4.12
95         and greater supports an in kernel resource manager  at  “/dev/tpmrm”,
96         typically “/dev/tpmrm0”.
97
98       · TPM2TOOLS_SOCKET_ADDRESS: When using the socket TCTI, specify the do‐
99         main name or IP address used.  The default is 127.0.0.1.
100
101       · TPM2TOOLS_SOCKET_PORT: When using the socket TCTI, specify  the  port
102         number used.  The default is 2321.
103

TCTI OPTIONS

105       This  collection  of options are used to configure the varous TCTI mod‐
106       ules available.  They override any environment variables.
107
108       · -T, –tcti=TCTI_NAME[:TCTI_OPTIONS]: Select the TCTI used for communi‐
109         cation  with the next component down the TSS stack.  In most configu‐
110         rations   this    will    be    the    resource    manager:    tabrmd
111         (https://github.com/01org/tpm2-abrmd)  Optionally,  tcti specific op‐
112         tions can appended to TCTI_NAME by appending a : to TCTI_NAME.
113
114         · For the device TCTI, the TPM device file for use by the device TCTI
115           can  be  specified.   The  default  is  /dev/tpm0.  Example: -T de‐
116           vice:/dev/tpm0
117
118         · For the socket TCTI, the domain name or IP address and port  number
119           used by the socket can be specified.  The default are 127.0.0.1 and
120           2321.  Example: -T socket:127.0.0.1:2321
121
122         · For the abrmd TCTI, it takes no options.  Example: -T abrmd
123

Password Formatting

125       Passwords are interpreted in  two  forms,  string  and  hex-string.   A
126       string password is not interpreted, and is directly used for authoriza‐
127       tion.  A hex-string, is converted from a hexidecimal form into  a  byte
128       array  form, thus allowing passwords with non-printable and/or terminal
129       un-friendly characters.
130
131       By default passwords are assumed to be in the  string  form.   Password
132       form is specified with special prefix values, they are:
133
134       · str:  -  Used  to indicate it is a raw string.  Useful for escaping a
135         password that starts with the “hex:” prefix.
136
137       · hex: - Used when specifying a password in hex string format.
138

EXAMPLES

140       To write the file nv.data to index 0x150016:
141
142              tpm2_nvwrite -x 0x1500016 -a 0x40000001 nv.data
143

RETURNS

145       0 on success or 1 on failure.
146

BUGS

148       Github Issues (https://github.com/01org/tpm2-tools/issues)
149

HELP

151       See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
152
153
154
155tpm2-tools                      SEPTEMBER 2017                 tpm2_nvwrite(1)
Impressum