tpm2_makecredential(1)

1tpm2_makecredential(1)      General Commands Manual     tpm2_makecredential(1)
2
3
4

6       tpm2_makecredential(1)  - load an object that is not a Protected Object
7       into the TPM.
8

10       tpm2_makecredential [OPTIONS]
11

13       tpm2_makecredential(1) - Use a TPM public key to protect a secret  that
14       is used to encrypt the AK certififcate.
15

17       · -e,  –enckey=PUBLIC_FILE: A tpm Public Key which was used to wrap the
18         seed.
19
20       · -s, –sec=SECRET_DATA_FILE: The secret which will be protected by  the
21         key derived from the random seed.
22
23       · -n,  –name=NAME  The  name  of the key for which certificate is to be
24         created.
25
26       · -o, –out-file=OUT_FILE The output file path, recording the two struc‐
27         tures output by tpm2_makecredential function.
28

30       This  collection of options are common to many programs and provide in‐
31       formation that many users may expect.
32
33       · -h, –help: Display the tools manpage.  This requires the manpages  to
34         be installed or on MANPATH, See man(1) for more details.
35
36       · -v,  –version:  Display  version information for this tool, supported
37         tctis and exit.
38
39       · -V, –verbose: Increase the information that the tool  prints  to  the
40         console  during  its  execution.  When using this option the file and
41         line number are printed.
42
43       · -Q, –quiet: Silence normal tool output to stdout.
44
45       · -Z, –enable-errata: Enable the application of errata fixups.   Useful
46         if  an  errata fixup needs to be applied to commands sent to the TPM.
47         # TCTI ENVIRONMENT
48
49       This collection of environment variables that may be used to  configure
50       the various TCTI modules available.
51
52       The  values  passed  through  these  variables  can  be overridden on a
53       per-command basis using the available command line options, see the TC‐
54       TI_OPTIONS section.
55
56       The variables respected depend on how the software was configured.
57
58       · TPM2TOOLS_TCTI_NAME:  Select the TCTI used for communication with the
59         next component down the TSS stack.  In most configurations this  will
60         be  the  TPM but it could be a simulator or proxy.  The current known
61         TCTIs are:
62
63         · tabrmd   -   The    new    resource    manager,    called    tabrmd
64           (https://github.com/01org/tpm2-abrmd).
65
66         · socket  -  Typically used with the old resource manager, or talking
67           directly to a simulator.
68
69         · device - Used when talking directly to a TPM device file.
70
71       · TPM2TOOLS_DEVICE_FILE: When using the device TCTI,  specify  the  TPM
72         device file.  The default is “/dev/tpm0”.
73
74         Note:  Using  the tpm directly requires the users to ensure that con‐
75         current access does not occur and that they manage the tpm resources.
76         These  tasks  are  usually managed by a resource manager.  Linux 4.12
77         and greater supports an in kernel resource manager  at  “/dev/tpmrm”,
78         typically “/dev/tpmrm0”.
79
80       · TPM2TOOLS_SOCKET_ADDRESS: When using the socket TCTI, specify the do‐
81         main name or IP address used.  The default is 127.0.0.1.
82
83       · TPM2TOOLS_SOCKET_PORT: When using the socket TCTI, specify  the  port
84         number used.  The default is 2321.
85

87       This  collection  of options are used to configure the varous TCTI mod‐
88       ules available.  They override any environment variables.
89
90       · -T, –tcti=TCTI_NAME[:TCTI_OPTIONS]: Select the TCTI used for communi‐
91         cation  with the next component down the TSS stack.  In most configu‐
92         rations   this    will    be    the    resource    manager:    tabrmd
93         (https://github.com/01org/tpm2-abrmd)  Optionally,  tcti specific op‐
94         tions can appended to TCTI_NAME by appending a : to TCTI_NAME.
95
96         · For the device TCTI, the TPM device file for use by the device TCTI
97           can  be  specified.   The  default  is  /dev/tpm0.  Example: -T de‐
98           vice:/dev/tpm0
99
100         · For the socket TCTI, the domain name or IP address and port  number
101           used by the socket can be specified.  The default are 127.0.0.1 and
102           2321.  Example: -T socket:127.0.0.1:2321
103
104         · For the abrmd TCTI, it takes no options.  Example: -T abrmd
105

107              tpm2_makecredential -e <keyFile> -s <secFile> -n <hexString> -o <outFile>
108

110       0 on success or 1 on failure.
111

113       Github Issues (https://github.com/01org/tpm2-tools/issues)
114

116       See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
117
118
119
120tpm2-tools                      SEPTEMBER 2017          tpm2_makecredential(1)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

COMMON OPTIONS

TCTI OPTIONS

EXAMPLES

RETURNS

BUGS

HELP