tpm2_nvreadlock(1)

1tpm2_nvreadlock(1)          General Commands Manual         tpm2_nvreadlock(1)
2
3
4

6       tpm2_nvreadlock(1)  -  lock  the  Non-Volatile  (NV)  index for further
7       reads.
8

10       tpm2_nvreadlock [OPTIONS]
11

13       tpm2_nvreadlock(1) - lock  the  Non-Volatile  (NV)  index  for  further
14       reads.  The index is released on subsequent restart of the machine.
15

17       · -x, –index=NV_INDEX: Specifies the index to define the space at.
18
19       · -a,  –auth-handle=SECRET_DATA_FILE:  specifies the handle used to au‐
20         thorize:
21
22         · 0x40000001 for TPM_RH_OWNER
23
24         · 0x4000000C for TPM_RH_PLATFORM
25
26       · -P, –handle-passwd=HANDLE_PASSWORD: specifies the password  of  auth‐
27         Handle.   Passwords should follow the “password formatting standards,
28         see section”Password Formatting“.
29
30       · -S, –input-session-handle=SIZE: Optional Input session handle from  a
31         policy session for authorization.
32

34       This  collection of options are common to many programs and provide in‐
35       formation that many users may expect.
36
37       · -h, –help: Display the tools manpage.  This requires the manpages  to
38         be installed or on MANPATH, See man(1) for more details.
39
40       · -v,  –version:  Display  version information for this tool, supported
41         tctis and exit.
42
43       · -V, –verbose: Increase the information that the tool  prints  to  the
44         console  during  its  execution.  When using this option the file and
45         line number are printed.
46
47       · -Q, –quiet: Silence normal tool output to stdout.
48
49       · -Z, –enable-errata: Enable the application of errata fixups.   Useful
50         if  an  errata fixup needs to be applied to commands sent to the TPM.
51         # TCTI ENVIRONMENT
52
53       This collection of environment variables that may be used to  configure
54       the various TCTI modules available.
55
56       The  values  passed  through  these  variables  can  be overridden on a
57       per-command basis using the available command line options, see the TC‐
58       TI_OPTIONS section.
59
60       The variables respected depend on how the software was configured.
61
62       · TPM2TOOLS_TCTI_NAME:  Select the TCTI used for communication with the
63         next component down the TSS stack.  In most configurations this  will
64         be  the  TPM but it could be a simulator or proxy.  The current known
65         TCTIs are:
66
67         · tabrmd   -   The    new    resource    manager,    called    tabrmd
68           (https://github.com/01org/tpm2-abrmd).
69
70         · socket  -  Typically used with the old resource manager, or talking
71           directly to a simulator.
72
73         · device - Used when talking directly to a TPM device file.
74
75       · TPM2TOOLS_DEVICE_FILE: When using the device TCTI,  specify  the  TPM
76         device file.  The default is “/dev/tpm0”.
77
78         Note:  Using  the tpm directly requires the users to ensure that con‐
79         current access does not occur and that they manage the tpm resources.
80         These  tasks  are  usually managed by a resource manager.  Linux 4.12
81         and greater supports an in kernel resource manager  at  “/dev/tpmrm”,
82         typically “/dev/tpmrm0”.
83
84       · TPM2TOOLS_SOCKET_ADDRESS: When using the socket TCTI, specify the do‐
85         main name or IP address used.  The default is 127.0.0.1.
86
87       · TPM2TOOLS_SOCKET_PORT: When using the socket TCTI, specify  the  port
88         number used.  The default is 2321.
89

91       This  collection  of options are used to configure the varous TCTI mod‐
92       ules available.  They override any environment variables.
93
94       · -T, –tcti=TCTI_NAME[:TCTI_OPTIONS]: Select the TCTI used for communi‐
95         cation  with the next component down the TSS stack.  In most configu‐
96         rations   this    will    be    the    resource    manager:    tabrmd
97         (https://github.com/01org/tpm2-abrmd)  Optionally,  tcti specific op‐
98         tions can appended to TCTI_NAME by appending a : to TCTI_NAME.
99
100         · For the device TCTI, the TPM device file for use by the device TCTI
101           can  be  specified.   The  default  is  /dev/tpm0.  Example: -T de‐
102           vice:/dev/tpm0
103
104         · For the socket TCTI, the domain name or IP address and port  number
105           used by the socket can be specified.  The default are 127.0.0.1 and
106           2321.  Example: -T socket:127.0.0.1:2321
107
108         · For the abrmd TCTI, it takes no options.  Example: -T abrmd
109

111       Passwords are interpreted in  two  forms,  string  and  hex-string.   A
112       string password is not interpreted, and is directly used for authoriza‐
113       tion.  A hex-string, is converted from a hexidecimal form into  a  byte
114       array  form, thus allowing passwords with non-printable and/or terminal
115       un-friendly characters.
116
117       By default passwords are assumed to be in the  string  form.   Password
118       form is specified with special prefix values, they are:
119
120       · str:  -  Used  to indicate it is a raw string.  Useful for escaping a
121         password that starts with the “hex:” prefix.
122
123       · hex: - Used when specifying a password in hex string format.
124

126       To lock an index protected by a password:
127
128              tpm2_nvreadlock -x 0x1500016 -a 0x40000001 -P passwd
129

131       0 on success or 1 on failure.
132

134       Github Issues (https://github.com/01org/tpm2-tools/issues)
135

137       See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
138
139
140
141tpm2-tools                      SEPTEMBER 2017              tpm2_nvreadlock(1)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

COMMON OPTIONS

TCTI OPTIONS

Password Formatting

EXAMPLES

RETURNS

BUGS

HELP