1tpm2_duplicate(1) General Commands Manual tpm2_duplicate(1)
2
3
4
6 tpm2_duplicate(1) - Duplicates a loaded object so that it may be used
7 in a different hierarchy.
8
10 tpm2_duplicate [OPTIONS]
11
13 tpm2_duplicate(1) - This tool duplicates a loaded object so that it may
14 be used in a different hierarchy. The new parent key for the duplicate
15 may be on the same or different TPM or TPM_RH_NULL.
16
18 These options control the key importation process:
19
20 • -G, --wrapper-algorithm=ALGORITHM:
21 The symmetric algorithm to be used for the inner wrapper. Supports:
22
23 • aes - AES 128 in CFB mode.
24
25 • null - none
26
27 • -i, --encryptionkey-in=FILE:
28
29 Specifies the filename of the symmetric key (128 bit data) to be used
30 for the inner wrapper. Valid only when specified symmetric algorithm
31 is not null
32
33 • -o, --encryptionkey-out=FILE:
34
35 Specifies the filename to store the symmetric key (128 bit data) that
36 was used for the inner wrapper. Valid only when specified symmetric
37 algorithm is not null and --input-key-file is not specified. The TPM
38 generates the key in this case.
39
40 • -C, --parent-context=OBJECT:
41
42 The parent key object.
43
44 • -U, --parent-public=FILE:
45
46 Specifies the file path to the public key of the parent object on the
47 destination TPM. This should be a TPM2B_PUBLIC formatted file.
48
49 • -k, --private-key=FILE:
50
51 Specifies the file path to the external private key be encrypted for
52 the remote TPM. This should be a PEM format private key.
53
54 • -r, --private=FILE:
55
56 Specifies the file path to save the private portion of the duplicated
57 object. # Protection Details
58
59 Objects that can move outside of TPM need to be protected (confiden‐
60 tiality and integrity). For instance, transient objects require that
61 TPM protected data (key or seal material) be stored outside of the TPM.
62 This is seen in tools like tpm2_create(1), where the -r option outputs
63 this protected data. This blob contains the sensitive portions of the
64 object. The sensitive portions of the object are protected by the par‐
65 ent object, using the parent's symmetric encryption details to encrypt
66 the sensitive data and HMAC it.
67
68 In-depth details can be found in sections 23 of:
69
70 • https://trustedcomputinggroup.org/wp-content/up‐
71 loads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf
72
73 Notably Figure 20, is relevant, even though it's specifically referring
74 to duplication blobs, the process is identical.
75
76 If the output is from tpm2_duplicate(1), the output will be slightly
77 different, as described fully in section 23.
78
79 • -u, --public=FILE:
80
81 Specifies the file path to save the public portion of the duplicated
82 object, if an external key is being duplicated.
83
84 • -s, --encrypted-seed=FILE:
85
86 The file to save the encrypted seed of the duplicated object.
87
88 • -p, --auth=AUTH:
89
90 The authorization value for the key, optional.
91
92 • -c, --key-context=OBJECT:
93
94 The object to be duplicated.
95
96 • --cphash=FILE
97
98 File path to record the hash of the command parameters. This is com‐
99 monly termed as cpHash. NOTE: When this option is selected, The tool
100 will not actually execute the command, it simply returns a cpHash.
101
102 References
104 The type of a context object, whether it is a handle or file name, is
105 determined according to the following logic in-order:
106
107 • If the argument is a file path, then the file is loaded as a restored
108 TPM transient object.
109
110 • If the argument is a prefix match on one of:
111
112 • owner: the owner hierarchy
113
114 • platform: the platform hierarchy
115
116 • endorsement: the endorsement hierarchy
117
118 • lockout: the lockout control persistent object
119
120 • If the argument argument can be loaded as a number it will be treat
121 as a handle, e.g. 0x81010013 and used directly.OBJECT.
122
124 Authorization for use of an object in TPM2.0 can come in 3 different
125 forms: 1. Password 2. HMAC 3. Sessions
126
127 NOTE: "Authorizations default to the EMPTY PASSWORD when not speci‐
128 fied".
129
130 Passwords
131 Passwords are interpreted in the following forms below using prefix
132 identifiers.
133
134 Note: By default passwords are assumed to be in the string form when
135 they do not have a prefix.
136
137 String
138 A string password, specified by prefix "str:" or it's absence (raw
139 string without prefix) is not interpreted, and is directly used for au‐
140 thorization.
141
142 Examples
143 foobar
144 str:foobar
145
146 Hex-string
147 A hex-string password, specified by prefix "hex:" is converted from a
148 hexidecimal form into a byte array form, thus allowing passwords with
149 non-printable and/or terminal un-friendly characters.
150
151 Example
152 hex:0x1122334455667788
153
154 File
155 A file based password, specified be prefix "file:" should be the path
156 of a file containing the password to be read by the tool or a "-" to
157 use stdin. Storing passwords in files prevents information leakage,
158 passwords passed as options can be read from the process list or common
159 shell history features.
160
161 Examples
162 # to use stdin and be prompted
163 file:-
164
165 # to use a file from a path
166 file:path/to/password/file
167
168 # to echo a password via stdin:
169 echo foobar | tpm2_tool -p file:-
170
171 # to use a bash here-string via stdin:
172
173 tpm2_tool -p file:- <<< foobar
174
175 Sessions
176 When using a policy session to authorize the use of an object, prefix
177 the option argument with the session keyword. Then indicate a path to
178 a session file that was created with tpm2_startauthsession(1). Option‐
179 ally, if the session requires an auth value to be sent with the session
180 handle (eg policy password), then append a + and a string as described
181 in the Passwords section.
182
183 Examples
184 To use a session context file called session.ctx.
185
186 session:session.ctx
187
188 To use a session context file called session.ctx AND send the authvalue
189 mypassword.
190
191 session:session.ctx+mypassword
192
193 To use a session context file called session.ctx AND send the HEX auth‐
194 value 0x11223344.
195
196 session:session.ctx+hex:11223344
197
198 PCR Authorizations
199 You can satisfy a PCR policy using the "pcr:" prefix and the PCR mini‐
200 language. The PCR minilanguage is as follows:
201 <pcr-spec>=<raw-pcr-file>
202
203 The PCR spec is documented in in the section "PCR bank specifiers".
204
205 The raw-pcr-file is an optional the output of the raw PCR contents as
206 returned by tpm2_pcrread(1).
207
208 PCR bank specifiers (common/pcr.md)
209
210 Examples
211 To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifi‐
212 er of:
213
214 pcr:sha256:0,1,2,3
215
216 specifying AUTH.
217
219 Options that take algorithms support "nice-names".
220
221 There are two major algorithm specification string classes, simple and
222 complex. Only certain algorithms will be accepted by the TPM, based on
223 usage and conditions.
224
225 Simple specifiers
226 These are strings with no additional specification data. When creating
227 objects, non-specified portions of an object are assumed to defaults.
228 You can find the list of known "Simple Specifiers Below".
229
230 Asymmetric
231 • rsa
232
233 • ecc
234
235 Symmetric
236 • aes
237
238 • camellia
239
240 Hashing Algorithms
241 • sha1
242
243 • sha256
244
245 • sha384
246
247 • sha512
248
249 • sm3_256
250
251 • sha3_256
252
253 • sha3_384
254
255 • sha3_512
256
257 Keyed Hash
258 • hmac
259
260 • xor
261
262 Signing Schemes
263 • rsassa
264
265 • rsapss
266
267 • ecdsa
268
269 • ecdaa
270
271 • ecschnorr
272
273 Asymmetric Encryption Schemes
274 • oaep
275
276 • rsaes
277
278 • ecdh
279
280 Modes
281 • ctr
282
283 • ofb
284
285 • cbc
286
287 • cfb
288
289 • ecb
290
291 Misc
292 • null
293
294 Complex Specifiers
295 Objects, when specified for creation by the TPM, have numerous algo‐
296 rithms to populate in the public data. Things like type, scheme and
297 asymmetric details, key size, etc. Below is the general format for
298 specifying this data: <type>:<scheme>:<symmetric-details>
299
300 Type Specifiers
301 This portion of the complex algorithm specifier is required. The re‐
302 maining scheme and symmetric details will default based on the type
303 specified and the type of the object being created.
304
305 • aes - Default AES: aes128
306
307 • aes128<mode> - 128 bit AES with optional mode (ctr|ofb|cbc|cfb|ecb).
308 If mode is not specified, defaults to null.
309
310 • aes192<mode> - Same as aes128<mode>, except for a 192 bit key size.
311
312 • aes256<mode> - Same as aes128<mode>, except for a 256 bit key size.
313
314 • ecc - Elliptical Curve, defaults to ecc256.
315
316 • ecc192 - 192 bit ECC
317
318 • ecc224 - 224 bit ECC
319
320 • ecc256 - 256 bit ECC
321
322 • ecc384 - 384 bit ECC
323
324 • ecc521 - 521 bit ECC
325
326 • rsa - Default RSA: rsa2048
327
328 • rsa1024 - RSA with 1024 bit keysize.
329
330 • rsa2048 - RSA with 2048 bit keysize.
331
332 • rsa4096 - RSA with 4096 bit keysize.
333
334 Scheme Specifiers
335 Next, is an optional field, it can be skipped.
336
337 Schemes are usually Signing Schemes or Asymmetric Encryption Schemes.
338 Most signing schemes take a hash algorithm directly following the sign‐
339 ing scheme. If the hash algorithm is missing, it defaults to sha256.
340 Some take no arguments, and some take multiple arguments.
341
342 Hash Optional Scheme Specifiers
343 These scheme specifiers are followed by a dash and a valid hash algo‐
344 rithm, For example: oaep-sha256.
345
346 • oaep
347
348 • ecdh
349
350 • rsassa
351
352 • rsapss
353
354 • ecdsa
355
356 • ecschnorr
357
358 Multiple Option Scheme Specifiers
359 This scheme specifier is followed by a count (max size UINT16) then
360 followed by a dash(-) and a valid hash algorithm. * ecdaa For example,
361 ecdaa4-sha256. If no count is specified, it defaults to 4.
362
363 No Option Scheme Specifiers
364 This scheme specifier takes NO arguments. * rsaes
365
366 Symmetric Details Specifiers
367 This field is optional, and defaults based on the type of object being
368 created and it's attributes. Generally, any valid Symmetric specifier
369 from the Type Specifiers list should work. If not specified, an asym‐
370 metric objects symmetric details defaults to aes128cfb.
371
372 Examples
373 Create an rsa2048 key with an rsaes asymmetric encryption scheme
374 tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv
375
376 Create an ecc256 key with an ecdaa signing scheme with a count of 4
377 and sha384 hash
378
379 /tpm2_create -C parent.ctx -G ecc256:ec‐
380 daa4-sha384 -u key.pub -r key.priv cryptographic algorithms ALGORITHM.
381
383 This collection of options are common to many programs and provide in‐
384 formation that many users may expect.
385
386 • -h, --help=[man|no-man]: Display the tools manpage. By default, it
387 attempts to invoke the manpager for the tool, however, on failure
388 will output a short tool summary. This is the same behavior if the
389 "man" option argument is specified, however if explicit "man" is re‐
390 quested, the tool will provide errors from man on stderr. If the
391 "no-man" option if specified, or the manpager fails, the short op‐
392 tions will be output to stdout.
393
394 To successfully use the manpages feature requires the manpages to be
395 installed or on MANPATH, See man(1) for more details.
396
397 • -v, --version: Display version information for this tool, supported
398 tctis and exit.
399
400 • -V, --verbose: Increase the information that the tool prints to the
401 console during its execution. When using this option the file and
402 line number are printed.
403
404 • -Q, --quiet: Silence normal tool output to stdout.
405
406 • -Z, --enable-errata: Enable the application of errata fixups. Useful
407 if an errata fixup needs to be applied to commands sent to the TPM.
408 Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. in‐
409 formation many users may expect.
410
412 The TCTI or "Transmission Interface" is the communication mechanism
413 with the TPM. TCTIs can be changed for communication with TPMs across
414 different mediums.
415
416 To control the TCTI, the tools respect:
417
418 1. The command line option -T or --tcti
419
420 2. The environment variable: TPM2TOOLS_TCTI.
421
422 Note: The command line option always overrides the environment vari‐
423 able.
424
425 The current known TCTIs are:
426
427 • tabrmd - The resource manager, called tabrmd
428 (https://github.com/tpm2-software/tpm2-abrmd). Note that tabrmd and
429 abrmd as a tcti name are synonymous.
430
431 • mssim - Typically used for communicating to the TPM software simula‐
432 tor.
433
434 • device - Used when talking directly to a TPM device file.
435
436 • none - Do not initalize a connection with the TPM. Some tools allow
437 for off-tpm options and thus support not using a TCTI. Tools that do
438 not support it will error when attempted to be used without a TCTI
439 connection. Does not support ANY options and MUST BE presented as
440 the exact text of "none".
441
442 The arguments to either the command line option or the environment
443 variable are in the form:
444
445 <tcti-name>:<tcti-option-config>
446
447 Specifying an empty string for either the <tcti-name> or <tcti-op‐
448 tion-config> results in the default being used for that portion respec‐
449 tively.
450
451 TCTI Defaults
452 When a TCTI is not specified, the default TCTI is searched for using
453 dlopen(3) semantics. The tools will search for tabrmd, device and
454 mssim TCTIs IN THAT ORDER and USE THE FIRST ONE FOUND. You can query
455 what TCTI will be chosen as the default by using the -v option to print
456 the version information. The "default-tcti" key-value pair will indi‐
457 cate which of the aforementioned TCTIs is the default.
458
459 Custom TCTIs
460 Any TCTI that implements the dynamic TCTI interface can be loaded. The
461 tools internally use dlopen(3), and the raw tcti-name value is used for
462 the lookup. Thus, this could be a path to the shared library, or a li‐
463 brary name as understood by dlopen(3) semantics.
464
466 This collection of options are used to configure the various known TCTI
467 modules available:
468
469 • device: For the device TCTI, the TPM character device file for use by
470 the device TCTI can be specified. The default is /dev/tpm0.
471
472 Example: -T device:/dev/tpm0 or export TPM2TOOLS_TCTI="de‐
473 vice:/dev/tpm0"
474
475 • mssim: For the mssim TCTI, the domain name or IP address and port
476 number used by the simulator can be specified. The default are
477 127.0.0.1 and 2321.
478
479 Example: -T mssim:host=localhost,port=2321 or export TPM2TOOLS_TC‐
480 TI="mssim:host=localhost,port=2321"
481
482 • abrmd: For the abrmd TCTI, the configuration string format is a se‐
483 ries of simple key value pairs separated by a ',' character. Each
484 key and value string are separated by a '=' character.
485
486 • TCTI abrmd supports two keys:
487
488 1. 'bus_name' : The name of the tabrmd service on the bus (a
489 string).
490
491 2. 'bus_type' : The type of the dbus instance (a string) limited to
492 'session' and 'system'.
493
494 Specify the tabrmd tcti name and a config string of bus_name=com.ex‐
495 ample.FooBar:
496
497 \--tcti=tabrmd:bus_name=com.example.FooBar
498
499 Specify the default (abrmd) tcti and a config string of bus_type=ses‐
500 sion:
501
502 \--tcti:bus_type=session
503
504 NOTE: abrmd and tabrmd are synonymous. the various known TCTI mod‐
505 ules.
506
508 To duplicate a key, one needs the key to duplicate, created with a pol‐
509 icy that
510 allows duplication and a new parent:
511
512 tpm2_startauthsession -S session.dat
513 tpm2_policycommandcode -S session.dat -L policy.dat TPM2_CC_Duplicate
514 tpm2_flushcontext session.dat
515
516 tpm2_createprimary -C o -g sha256 -G rsa -c primary.ctxt
517 tpm2_create -C primary.ctxt -g sha256 -G rsa -r key.prv -u key.pub \
518 -L policy.dat -a "sensitivedataorigin"
519
520 tpm2_loadexternal -C o -u new_parent.pub -c new_parent.ctxt
521
522 tpm2_startauthsession \--policy-session -S session.dat
523 tpm2_policycommandcode -S session.dat -L policy.dat TPM2_CC_Duplicate
524 tpm2_duplicate -C new_parent.ctxt -c key.ctxt -G null -p "session:session.dat" \
525 -r duprv.bin -s seed.dat
526 tpm2_flushcontext session.dat
527
528 As an end-to-end example, the following will transfer an RSA key gener‐
529 ated on TPM-A to TPM-B
530
531 On TPM-B
532 Create a parent object that will be used to wrap/transfer the key.
533
534 tpm2_createprimary -C o -g sha256 -G rsa -c primary.ctx
535
536 tpm2_create -C primary.ctx -g sha256 -G rsa \
537 -r new_parent.prv -u new_parent.pub \
538 -a "restricted|sensitivedataorigin|decrypt|userwithauth"
539
540 Copy new_parent.pub to TPM-A.
541
542 On TPM-A
543 Create root object and auth policy allows duplication only
544
545 tpm2_createprimary -C o -g sha256 -G rsa -c primary.ctx
546
547 tpm2_startauthsession -S session.dat
548
549 tpm2_policycommandcode -S session.dat -L dpolicy.dat TPM2_CC_Duplicate
550
551 tpm2_flushcontext session.dat
552
553 rm session.dat
554
555 Generate an RSA keypair on TPM-A that will be duplicated (note the
556 passphrase is 'foo')
557
558 tpm2_create -C primary.ctx -g sha256 -G rsa -p foo -r key.prv \
559 -u key.pub -L dpolicy.dat -a "sensitivedataorigin|userwithauth|decrypt|sign"
560
561 tpm2_load -C primary.ctx -r key.prv -u key.pub -c key.ctx
562
563 tpm2_readpublic -c key.ctx -o dup.pub
564
565 Test sign and encryption locally (so we can compare later that the same
566 key was transferred).
567
568 echo "meet me at.." >file.txt
569 tpm2_rsaencrypt -c key.ctx -o data.encrypted file.txt
570 tpm2_sign -c key.ctx -g sha256 -f plain -p foo -o sign.raw file.txt
571
572 Compare the signature hash (we will use this later to confirm the key
573 was transferred to TPM-B):
574
575 sha256sum sign.raw
576
577 a1b4e3fbaa29e6e46d95cff498150b6b8e7d9fd21182622e8f5a3ddde257879e
578
579 Start an auth session and policy command to allow duplication
580
581 tpm2_startauthsession --policy-session -S session.dat
582
583 tpm2_policycommandcode -S session.dat -L dpolicy.dat TPM2_CC_Duplicate
584
585 Load the new_parent.pub file transferred from TPM-B
586
587 tpm2_loadexternal -C o -u new_parent.pub -c new_parent.ctx
588
589 Start the duplication
590
591 tpm2_duplicate -C new_parent.ctx -c key.ctx -G null \
592 -p "session:session.dat" -r dup.dpriv -s dup.seed
593
594 Copy the following files to TPM-B: * dup.pub * dup.dpriv * dup.seed *
595 (optionally data.encrypted just to test decryption)
596
597 On TPM-B
598 Start an auth,policy session
599
600 tpm2_startauthsession --policy-session -S session.dat
601
602 tpm2_policycommandcode -S session.dat -L dpolicy.dat TPM2_CC_Duplicate
603
604 Load the context we used to transfer
605
606 tpm2_flushcontext --transient-object
607
608 tpm2_load -C primary.ctx -u new_parent.pub -r new_parent.prv -c new_parent.ctx
609
610 Import the duplicated context against the parent we used
611
612 tpm2_import -C new_parent.ctx -u dup.pub -i dup.dpriv \
613 -r dup.prv -s dup.seed -L dpolicy.dat
614
615 Load the duplicated key context
616
617 tpm2_flushcontext --transient-object
618
619 tpm2_load -C new_parent.ctx -u dup.pub -r dup.prv -c dup.ctx
620
621 Test the imported key matches
622
623 • Sign
624
625 echo "meet me at.." >file.txt
626
627 tpm2_sign -c dup.ctx -g sha256 -o sig.rss -p foo file.txt
628
629 dd if=sig.rss of=sign.raw bs=1 skip=6 count=256
630
631 Compare the signature file hash:
632
633 $ sha256sum sign.raw
634
635 a1b4e3fbaa29e6e46d95cff498150b6b8e7d9fd21182622e8f5a3ddde257879e
636
637 • Decryption
638
639 tpm2_flushcontext --transient-object
640
641 tpm2_rsadecrypt -p foo -c dup.ctx -o data.ptext data.encrypted
642
643 # cat data.ptext
644 meet me at..
645
646 Exporting an OpenSSL RSA key for a remote TPM
647 To securely send an OpenSSL generated RSA key to a remote TPM such that
648 only that remote TPM will be able to load it, and without exposing the
649 private key to the host operating system on the remote machine:
650
651 • On the destination TPM-B, create a primary context and read its pub‐
652 lic key, then send primary.pub to the source machine:
653
654 tpm2_createprimary -c primary.ctx
655 tpm2_readpublic -c primary.ctx -o primary.pub
656
657 • On the source machine create the RSA private key and wrap it for the
658 destination TPM's public key. Similar to tpm2_makecredential, this
659 step should not require a TPM.
660
661 openssl genrsa -out rsa.pem
662 tpm2_duplicate -U primary.pub -G rsa -k rsa.pem -u rsa.pub -r rsa.dpriv -s rsa.seed
663
664 • Send the rsa.pub, rsa.dpriv and rsa.seed to the destination TPM-B and
665 import the files, which will decrypt them using the primary.ctx to
666 produce rsa.priv, which can then be loaded and used as a TPM key:
667
668 tpm2_import -C primary.ctx -G rsa -i rsa.dpriv -s rsa.seed -u rsa.pub -r rsa.priv
669 tpm2_load -C primary.ctx -c rsa.ctx -u rsa.pub -r rsa.priv
670
672 Tools can return any of the following codes:
673
674 • 0 - Success.
675
676 • 1 - General non-specific error.
677
678 • 2 - Options handling error.
679
680 • 3 - Authentication error.
681
682 • 4 - TCTI related error.
683
684 • 5 - Non supported scheme. Applicable to tpm2_testparams.
685
687 Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
688
690 See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
691
692
693
694tpm2-tools tpm2_duplicate(1)