1tss2_verifyquote(1)         General Commands Manual        tss2_verifyquote(1)
2
3
4

NAME

6       tss2_verifyquote(1) -
7

SYNOPSIS

9       tss2_verifyquote [OPTIONS]
10

SEE ALSO

12       fapi-config(5)  to  adjust  Fapi parameters like the used cryptographic
13       profile and TCTI or directories for the Fapi metadata storages.
14
15       fapi-profile(5) to determine the cryptographic algorithms  and  parame‐
16       ters for all keys and operations of a specific TPM interaction like the
17       name hash algorithm, the asymmetric signature algorithm, scheme and pa‐
18       rameters and PCR bank selection.
19

DESCRIPTION

21       tss2_verifyquote(1) - This command verifies that the data returned by a
22       quote is valid.  This includes
23
24       • Reconstructing the quoteInfo’s PCR values from the  eventLog  (if  an
25         eventLog was provided)
26
27       • Verifying the quoteInfo using the signature and the publicKeyPath
28
29       The used signature verification scheme is specified in the cryptograph‐
30       ic profile (cf., fapi-profile(5)).
31
32       An application using tss2_verifyquote() will further have to
33
34       • Assess the publicKey’s trustworthiness
35
36       • Assess the eventLog entries’ trustworthiness
37

OPTIONS

39       These are the available options:
40
41-Q, --qualifyingData=FILENAME or - (for stdin):
42
43         A nonce provided by the caller to ensure freshness of the  signature.
44         Optional parameter.
45
46-l, --pcrLog=FILENAME or - (for stdin):
47
48         Returns the PCR event log for the chosen PCR.  Optional parameter.
49
50         PCR  event  logs  are a list (arbitrary length JSON array) of log en‐
51         tries with the following content.
52
53                - recnum: Unique record number
54                - pcr: PCR index
55                - digest: The digests
56                - type: The type of event. At the moment the only possible value is: "LINUX_IMA" (legacy IMA)
57                - eventDigest: Digest of the event; e.g. the digest of the measured file
58                - eventName: Name of the event; e.g. the name of the measured file.
59
60-q, --quoteInfo=FILENAME or - (for stdin):
61
62         The JSON-encoded structure holding the inputs to the quote operation.
63         This includes the digest value and PCR values.
64
65-k, --publicKeyPath=STRING:
66
67         Identifies  the signing key.  MAY be a path to the public key hierar‐
68         chy /ext.
69
70-i, --signature=FILENAME or - (for stdin):
71
72         The signature over the quoted material.
73

COMMON OPTIONS

75       This collection of options are common to all tss2 programs and  provide
76       information that many users may expect.
77
78-h,  --help  [man|no-man]: Display the tools manpage.  By default, it
79         attempts to invoke the manpager for the  tool,  however,  on  failure
80         will  output  a short tool summary.  This is the same behavior if the
81         “man” option argument is specified, however if explicit “man” is  re‐
82         quested,  the  tool  will  provide errors from man on stderr.  If the
83         “no-man” option if specified, or the manpager fails,  the  short  op‐
84         tions will be output to stdout.
85
86         To  successfully use the manpages feature requires the manpages to be
87         installed or on MANPATH, See man(1) for more details.
88
89-v, --version: Display version information for this  tool,  supported
90         tctis and exit.
91

EXAMPLE

93                  tss2_verifyquote --publicKeyPath="ext/myNewParent" --qualifyingData=qualifyingData.file --quoteInfo=quoteInfo.file --signature=signature.file --pcrLog=pcrLog.file
94

RETURNS

96       0 on success or 1 on failure.
97

BUGS

99       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
100

HELP

102       See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
103
104
105
106tpm2-tools                        APRIL 2019               tss2_verifyquote(1)
Impressum