tpm2_pcrextend(1)

1tpm2_pcrextend(1)           General Commands Manual          tpm2_pcrextend(1)
2
3
4

6       tpm2_pcrextend(1) - Extends a PCR.
7

9       tpm2_pcrextend [OPTIONS] [PCR_DIGEST_SPEC]
10

12       tpm2_pcrextend(1)  Extends  the  pcrs  with values indicated by PCR_DI‐
13       GEST_SPEC.
14
15       A PCR_DIGEST_SPEC is defined as follows:
16
17       · A numerical pcr identifier.
18
19       · A colon followed by the algorithm hash specification.  The  algorithm
20         hash specification is as follows:
21
22         · The algorithm friendly name or raw numerical.
23
24         · An equals sign.
25
26         · The hex hash value.
27
28       Example Digest Specification:
29
30              4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
31
32       Note: that multiple specifications of PCR and hash are allowed.  Multi‐
33       ple hashes cause the pcr to be extended  with  both  hashes.   Multiple
34       same PCR values cause the PCR to be extended multiple times.  Extension
35       is done in order from left to right as specified.  At most 5  hash  ex‐
36       tensions  per PCR entry are supported.  This is to keep the parser sim‐
37       ple.
38

40       This tool accepts no tool specific options.
41

43       This collection of options are common to many programs and provide  in‐
44       formation that many users may expect.
45
46       · -h,  –help: Display the tools manpage.  This requires the manpages to
47         be installed or on MANPATH, See man(1) for more details.
48
49       · -v, –version: Display version information for  this  tool,  supported
50         tctis and exit.
51
52       · -V,  –verbose:  Increase  the information that the tool prints to the
53         console during its execution.  When using this option  the  file  and
54         line number are printed.
55
56       · -Q, –quiet: Silence normal tool output to stdout.
57
58       · -Z,  –enable-errata: Enable the application of errata fixups.  Useful
59         if an errata fixup needs to be applied to commands sent to  the  TPM.
60         # TCTI ENVIRONMENT
61
62       This  collection of environment variables that may be used to configure
63       the various TCTI modules available.
64
65       The values passed through  these  variables  can  be  overridden  on  a
66       per-command basis using the available command line options, see the TC‐
67       TI_OPTIONS section.
68
69       The variables respected depend on how the software was configured.
70
71       · TPM2TOOLS_TCTI_NAME: Select the TCTI used for communication with  the
72         next  component down the TSS stack.  In most configurations this will
73         be the TPM but it could be a simulator or proxy.  The  current  known
74         TCTIs are:
75
76         · tabrmd    -    The    new    resource    manager,   called   tabrmd
77           (https://github.com/01org/tpm2-abrmd).
78
79         · socket - Typically used with the old resource manager,  or  talking
80           directly to a simulator.
81
82         · device - Used when talking directly to a TPM device file.
83
84       · TPM2TOOLS_DEVICE_FILE:  When  using  the device TCTI, specify the TPM
85         device file.  The default is “/dev/tpm0”.
86
87         Note: Using the tpm directly requires the users to ensure  that  con‐
88         current access does not occur and that they manage the tpm resources.
89         These tasks are usually managed by a resource  manager.   Linux  4.12
90         and  greater  supports an in kernel resource manager at “/dev/tpmrm”,
91         typically “/dev/tpmrm0”.
92
93       · TPM2TOOLS_SOCKET_ADDRESS: When using the socket TCTI, specify the do‐
94         main name or IP address used.  The default is 127.0.0.1.
95
96       · TPM2TOOLS_SOCKET_PORT:  When  using the socket TCTI, specify the port
97         number used.  The default is 2321.
98

100       This collection of options are used to configure the varous  TCTI  mod‐
101       ules available.  They override any environment variables.
102
103       · -T, –tcti=TCTI_NAME[:TCTI_OPTIONS]: Select the TCTI used for communi‐
104         cation with the next component down the TSS stack.  In most  configu‐
105         rations    this    will    be    the    resource    manager:   tabrmd
106         (https://github.com/01org/tpm2-abrmd) Optionally, tcti  specific  op‐
107         tions can appended to TCTI_NAME by appending a : to TCTI_NAME.
108
109         · For the device TCTI, the TPM device file for use by the device TCTI
110           can be specified.  The  default  is  /dev/tpm0.   Example:  -T  de‐
111           vice:/dev/tpm0
112
113         · For  the socket TCTI, the domain name or IP address and port number
114           used by the socket can be specified.  The default are 127.0.0.1 and
115           2321.  Example: -T socket:127.0.0.1:2321
116
117         · For the abrmd TCTI, it takes no options.  Example: -T abrmd
118

120       Extend PCR 4's SHA1 bank with a hash:
121
122              tpm2_pcrextend 4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
123
124       Extend PCR 4's SHA1 and SHA256 banks with hashes:
125
126              tpm2_pcrextend 4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15,sha256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
127
128       Extend PCR 4's SHA1 and PCR 7's SHA256 bank with hashes:
129
130              tpm2_pcrextend 4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15 7:sha256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
131

133       0 on success or 1 on failure.
134

136       Github Issues (https://github.com/01org/tpm2-tools/issues)
137

139       See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
140
141
142
143tpm2-tools                      SEPTEMBER 2017               tpm2_pcrextend(1)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

COMMON OPTIONS

TCTI OPTIONS

EXAMPLES

RETURNS

BUGS

HELP