1tpm2_dictionarylockout(1)   General Commands Manual  tpm2_dictionarylockout(1)
2
3
4

NAME

6       tpm2_dictionarylockout(1)  -  setup  or clear dictionary-attack-lockout
7       parameters.
8

SYNOPSIS

10       tpm2_dictionarylockout [OPTIONS]
11

DESCRIPTION

13       tpm2_dictionarylockout(1) - setup dictionary-attack-lockout  parameters
14       or clear dictionary-attack-lockout state, if any passwd option is miss‐
15       ing, assume NULL.
16

OPTIONS

18       · -s, –setup-parameters=SETUP_PARAMETERS: specifies the tool should op‐
19         erate to setup dictionary-attack-lockout parameters.
20
21       · -c,  –clear-lockout:  specifies the tool should operate to clear dic‐
22         tionary-attack-lockout state.
23
24       · -l, -lockout-recovery-time=LOCKOUT_TIME: specifies the wait  time  in
25         seconds  before  another TPM_RH_LOCKOUT authentication attempt can be
26         made after a failed authentication.
27
28       · -t, –recovery-time=RECOVERY_TIME: specifies the wait time in  seconds
29         before another DA-protected-object authentication attempt can be made
30         after max-tries number of failed authentications.
31
32       · -n, –max-tries=MAX_TRYS: specifies the maximum number of allowed  au‐
33         thentication attempts on DA-protected-object; after which DA is acti‐
34         vated.
35
36       · -S, –input-session-handle=SESSION_HANDLE: Optional Input session han‐
37         dle from a policy session for authorization.
38

COMMON OPTIONS

40       This  collection of options are common to many programs and provide in‐
41       formation that many users may expect.
42
43       · -h, –help: Display the tools manpage.  This requires the manpages  to
44         be installed or on MANPATH, See man(1) for more details.
45
46       · -v,  –version:  Display  version information for this tool, supported
47         tctis and exit.
48
49       · -V, –verbose: Increase the information that the tool  prints  to  the
50         console  during  its  execution.  When using this option the file and
51         line number are printed.
52
53       · -Q, –quiet: Silence normal tool output to stdout.
54
55       · -Z, –enable-errata: Enable the application of errata fixups.   Useful
56         if  an  errata fixup needs to be applied to commands sent to the TPM.
57         # TCTI ENVIRONMENT
58
59       This collection of environment variables that may be used to  configure
60       the various TCTI modules available.
61
62       The  values  passed  through  these  variables  can  be overridden on a
63       per-command basis using the available command line options, see the TC‐
64       TI_OPTIONS section.
65
66       The variables respected depend on how the software was configured.
67
68       · TPM2TOOLS_TCTI_NAME:  Select the TCTI used for communication with the
69         next component down the TSS stack.  In most configurations this  will
70         be  the  TPM but it could be a simulator or proxy.  The current known
71         TCTIs are:
72
73         · tabrmd   -   The    new    resource    manager,    called    tabrmd
74           (https://github.com/01org/tpm2-abrmd).
75
76         · socket  -  Typically used with the old resource manager, or talking
77           directly to a simulator.
78
79         · device - Used when talking directly to a TPM device file.
80
81       · TPM2TOOLS_DEVICE_FILE: When using the device TCTI,  specify  the  TPM
82         device file.  The default is “/dev/tpm0”.
83
84         Note:  Using  the tpm directly requires the users to ensure that con‐
85         current access does not occur and that they manage the tpm resources.
86         These  tasks  are  usually managed by a resource manager.  Linux 4.12
87         and greater supports an in kernel resource manager  at  “/dev/tpmrm”,
88         typically “/dev/tpmrm0”.
89
90       · TPM2TOOLS_SOCKET_ADDRESS: When using the socket TCTI, specify the do‐
91         main name or IP address used.  The default is 127.0.0.1.
92
93       · TPM2TOOLS_SOCKET_PORT: When using the socket TCTI, specify  the  port
94         number used.  The default is 2321.
95

TCTI OPTIONS

97       This  collection  of options are used to configure the varous TCTI mod‐
98       ules available.  They override any environment variables.
99
100       · -T, –tcti=TCTI_NAME[:TCTI_OPTIONS]: Select the TCTI used for communi‐
101         cation  with the next component down the TSS stack.  In most configu‐
102         rations   this    will    be    the    resource    manager:    tabrmd
103         (https://github.com/01org/tpm2-abrmd)  Optionally,  tcti specific op‐
104         tions can appended to TCTI_NAME by appending a : to TCTI_NAME.
105
106         · For the device TCTI, the TPM device file for use by the device TCTI
107           can  be  specified.   The  default  is  /dev/tpm0.  Example: -T de‐
108           vice:/dev/tpm0
109
110         · For the socket TCTI, the domain name or IP address and port  number
111           used by the socket can be specified.  The default are 127.0.0.1 and
112           2321.  Example: -T socket:127.0.0.1:2321
113
114         · For the abrmd TCTI, it takes no options.  Example: -T abrmd
115

EXAMPLES

117              tpm2_dictionarylockout -c -p passwd
118              tpm2_dictionarylockout -s -n 5 -t 6 -l 7 -p passwd
119

RETURNS

121       0 on success or 1 on failure.
122

BUGS

124       Github Issues (https://github.com/01org/tpm2-tools/issues)
125

HELP

127       See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
128
129
130
131tpm2-tools                      SEPTEMBER 2017       tpm2_dictionarylockout(1)
Impressum