1tss2_quote(1)               General Commands Manual              tss2_quote(1)
2
3
4

NAME

6       tss2_quote(1) -
7

SYNOPSIS

9       tss2_quote [OPTIONS]
10

SEE ALSO

12       fapi-config(5)  to  adjust  Fapi parameters like the used cryptographic
13       profile and TCTI or directories for the Fapi metadata storages.
14
15       fapi-profile(5) to determine the cryptographic algorithms  and  parame‐
16       ters for all keys and operations of a specific TPM interaction like the
17       name hash algorithm, the asymmetric signature algorithm, scheme and pa‐
18       rameters and PCR bank selection.
19

DESCRIPTION

21       tss2_quote(1)  -  This  command  performs an attestation using the TPM.
22       The PCR bank for each provided PCR index and signing scheme are set  in
23       the cryptographic profile (cf., fapi-profile(5)).
24

OPTIONS

26       These are the available options:
27
28-x, --pcrList=STRING:
29
30         An array holding the PCR indices to quote against.
31
32-Q, --qualifyingData=FILENAME or - (for stdin):
33
34         A  nonce provided by the caller to ensure freshness of the signature.
35         Optional parameter.
36
37-l, --pcrLog=FILENAME or - (for stdout):
38
39         Returns the PCR log for the chosen PCR.  Optional parameter.
40
41         PCR event logs are a list (arbitrary length JSON array)  of  log  en‐
42         tries with the following content.
43
44                - recnum: Unique record number
45                - pcr: PCR index
46                - digest: The digests
47                - type: The type of event. At the moment the only possible value is: "LINUX_IMA" (legacy IMA)
48                - eventDigest: Digest of the event; e.g. the digest of the measured file
49                - eventName: Name of the event; e.g. the name of the measured file.
50
51-f, --force:
52
53         Force overwriting the output file.
54
55-p, --keyPath=STRING:
56
57         Identifies the signing key.
58
59-q, --quoteInfo=FILENAME or - (for stdout):
60
61         Returns  a JSON-encoded structure holding the inputs to the quote op‐
62         eration.  This includes the digest value and PCR values.
63
64-o, --signature=FILENAME or - (for stdout):
65
66         Returns the signature over the quoted material.
67
68-c, --certificate=FILENAME or - (for stdout):
69
70         The certificate associated with keyPath in PEM format.  Optional  pa‐
71         rameter.
72

COMMON OPTIONS

74       This  collection of options are common to all tss2 programs and provide
75       information that many users may expect.
76
77-h, --help [man|no-man]: Display the tools manpage.  By  default,  it
78         attempts  to  invoke  the  manpager for the tool, however, on failure
79         will output a short tool summary.  This is the same behavior  if  the
80         “man”  option argument is specified, however if explicit “man” is re‐
81         quested, the tool will provide errors from man  on  stderr.   If  the
82         “no-man”  option  if  specified, or the manpager fails, the short op‐
83         tions will be output to stdout.
84
85         To successfully use the manpages feature requires the manpages to  be
86         installed or on MANPATH, See man(1) for more details.
87
88-v,  --version:  Display version information for this tool, supported
89         tctis and exit.
90

EXAMPLE

92              tss2_quote --keyPath=HS/SRK/quotekey --pcrList="10,16" --qualifyingData=qualifyingData.file --signature=signature.file --pcrLog=pcrLog.file --certificate=certificate.file --quoteInfo=quoteInfo.info
93

RETURNS

95       0 on success or 1 on failure.
96

BUGS

98       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
99

HELP

101       See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
102
103
104
105tpm2-tools                        APRIL 2019                     tss2_quote(1)
Impressum