1tss2_createseal(1)          General Commands Manual         tss2_createseal(1)
2
3
4

NAME

6       tss2_createseal(1) -
7

SYNOPSIS

9       tss2_createseal [OPTIONS]
10

DESCRIPTION

12       tss2_createseal(1) - This command creates a sealed object and stores it
13       in the FAPI metadata store.  If no data is provided (i.e. a NULL-point‐
14       er) then the TPM generates random data and fills the sealed object.
15

OPTIONS

17       These are the available options:
18
19       · -p, --path STRING:
20
21         The path to the new key.
22
23       · -t, --type STRING:
24
25         Identifies the intended usage.  Optional parameter.  Types may be any
26         comma-separated combination of:
27
28                - "exportable": Clears the fixedTPM and fixedParent attributes of a key or
29                  sealed object.
30                - "noda": Sets the noda attribute of a key or NV index.
31                - "system": Stores the data blobs and metadata for a created key or seal
32                  in the system-wide directory instead of user's personal directory.
33                - A hexadecimal number (e.g. "0x81000001"): Marks a key object to be
34                  made persistent and sets the persistent object handle to this value.
35
36       · -P, --policyPath STRING:
37
38         Identifies the policy to be associated with the  new  key.   Optional
39         parameter.   If  omitted  then  no policy will be associated with the
40         key.
41
42         A policyPath is composed of two elements, separated by “/”.  A  poli‐
43         cyPath starts with “/policy”.  The second path element identifies the
44         policy or policy template using a meaningful name.
45
46       · -a, --authValue STRING:
47
48         The new UTF-8 password.  Optional parameter.  If it is neglected then
49         the  user  is  queried interactively for a password.  To set no pass‐
50         word, this option should be used with the empty string ("").
51
52       · -i, --data FILENAME or - (for stdin):
53
54         The data to be sealed by the TPM.  Optional parameter.
55

COMMON OPTIONS

57       This collection of options are common to all tss2 programs and  provide
58       information that many users may expect.
59
60       · -h,  --help  [man|no-man]: Display the tools manpage.  By default, it
61         attempts to invoke the manpager for the  tool,  however,  on  failure
62         will  output  a short tool summary.  This is the same behavior if the
63         “man” option argument is specified, however if explicit “man” is  re‐
64         quested,  the  tool  will  provide errors from man on stderr.  If the
65         “no-man” option if specified, or the manpager fails,  the  short  op‐
66         tions will be output to stdout.
67
68         To  successfully use the manpages feature requires the manpages to be
69         installed or on MANPATH, See man(1) for more details.
70
71       · -v, --version: Display version information for this  tool,  supported
72         tctis and exit.
73

EXAMPLE

75   Create a key with password “abc” and read sealing data from file.
76              tss2_createseal --path HS/SRK/mySealKey --type "noDa" --authValue abc --data data.file
77

RETURNS

79       0 on success or 1 on failure.
80

BUGS

82       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
83

HELP

85       See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
86
87
88
89tpm2-tools                        APRIL 2019                tss2_createseal(1)
Impressum