tpm2_getrandom(1)

1tpm2_getrandom(1)           General Commands Manual          tpm2_getrandom(1)
2
3
4

6       tpm2_getrandom(1) - Retrieves random bytes from the TPM.
7

9       tpm2_getrandom [OPTIONS] [ARGUMENT]
10

12       tpm2_getrandom(1) - Returns the next SIZE octets from the random number
13       generator.  The SIZE parameter is expected as the only argument to  the
14       tool.
15
16       Note that the TPM specification recommends that TPM’s fix the number of
17       available entry to the maximum size  of  a  hash  algorithm  output  in
18       bytes.
19
20       Most TPMs do this, and thus the tool verifies that input size is bound‐
21       ed by property TPM2_PT_MAX_DIGEST and issues an  error  if  it  is  too
22       large.
23
24       Output  defaults to stdout and binary format unless otherwise specified
25       with -o and –hex options respectively.
26

28       • -o, --output=FILE
29
30         Specifies the filename to output the raw bytes to.  Defaults to  std‐
31         out as a hex string.
32
33       • --hex
34
35         Convert the output data to hex format without a leading “0x”.
36
37       • -f, --force
38         Override checking that the:
39
40         • Requested size is within the hash size limit of the TPM.
41
42         • Number of retrieved random bytes matches requested amount.
43
44       • -S, --session=FILE:
45
46         The  session  created using tpm2_startauthsession.  Multiple of these
47         can be specified.  For example, you can have one session for auditing
48         and another for encryption of the parameters.
49
50       • --cphash=FILE:
51
52         File path to record the hash of the command parameters.  This is com‐
53         monly termed as cpHash.  NOTE: When this option is selected,  in  ab‐
54         sence  of  rphash option, The tool will not actually execute the com‐
55         mand, it simply returns a cpHash.
56
57       • --rphash=FILE:
58
59         File path to record the hash of the  response  parameters.   This  is
60         commonly termed as rpHash.
61
62       • ARGUMENT the command line argument specifies the size of the output.
63
64   References

66       This  collection of options are common to many programs and provide in‐
67       formation that many users may expect.
68
69       • -h, --help=[man|no-man]: Display the tools manpage.  By  default,  it
70         attempts  to  invoke  the  manpager for the tool, however, on failure
71         will output a short tool summary.  This is the same behavior  if  the
72         “man”  option argument is specified, however if explicit “man” is re‐
73         quested, the tool will provide errors from man  on  stderr.   If  the
74         “no-man”  option  if  specified, or the manpager fails, the short op‐
75         tions will be output to stdout.
76
77         To successfully use the manpages feature requires the manpages to  be
78         installed or on MANPATH, See man(1) for more details.
79
80       • -v,  --version:  Display version information for this tool, supported
81         tctis and exit.
82
83       • -V, --verbose: Increase the information that the tool prints  to  the
84         console  during  its  execution.  When using this option the file and
85         line number are printed.
86
87       • -Q, --quiet: Silence normal tool output to stdout.
88
89       • -Z, --enable-errata: Enable the application of errata fixups.  Useful
90         if  an  errata fixup needs to be applied to commands sent to the TPM.
91         Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.   in‐
92         formation many users may expect.
93

95       The  TCTI  or  “Transmission  Interface” is the communication mechanism
96       with the TPM.  TCTIs can be changed for communication with TPMs  across
97       different mediums.
98
99       To control the TCTI, the tools respect:
100
101       1. The command line option -T or --tcti
102
103       2. The environment variable: TPM2TOOLS_TCTI.
104
105       Note:  The  command  line option always overrides the environment vari‐
106       able.
107
108       The current known TCTIs are:
109
110       • tabrmd     -     The     resource     manager,     called      tabrmd
111         (https://github.com/tpm2-software/tpm2-abrmd).   Note that tabrmd and
112         abrmd as a tcti name are synonymous.
113
114       • mssim - Typically used for communicating to the TPM software  simula‐
115         tor.
116
117       • device - Used when talking directly to a TPM device file.
118
119       • none  - Do not initalize a connection with the TPM.  Some tools allow
120         for off-tpm options and thus support not using a TCTI.  Tools that do
121         not  support  it  will error when attempted to be used without a TCTI
122         connection.  Does not support ANY options and MUST  BE  presented  as
123         the exact text of “none”.
124
125       The  arguments  to  either  the  command line option or the environment
126       variable are in the form:
127
128       <tcti-name>:<tcti-option-config>
129
130       Specifying an empty string for  either  the  <tcti-name>  or  <tcti-op‐
131       tion-config> results in the default being used for that portion respec‐
132       tively.
133
134   TCTI Defaults
135       When a TCTI is not specified, the default TCTI is  searched  for  using
136       dlopen(3)  semantics.   The  tools  will  search for tabrmd, device and
137       mssim TCTIs IN THAT ORDER and USE THE FIRST ONE FOUND.  You  can  query
138       what TCTI will be chosen as the default by using the -v option to print
139       the version information.  The “default-tcti” key-value pair will  indi‐
140       cate which of the aforementioned TCTIs is the default.
141
142   Custom TCTIs
143       Any TCTI that implements the dynamic TCTI interface can be loaded.  The
144       tools internally use dlopen(3), and the raw tcti-name value is used for
145       the lookup.  Thus, this could be a path to the shared library, or a li‐
146       brary name as understood by dlopen(3) semantics.
147

149       This collection of options are used to configure the various known TCTI
150       modules available:
151
152       • device: For the device TCTI, the TPM character device file for use by
153         the device TCTI can be specified.  The default is /dev/tpm0.
154
155         Example:   -T   device:/dev/tpm0   or   export    TPM2TOOLS_TCTI=“de‐
156         vice:/dev/tpm0”
157
158       • mssim:  For  the  mssim  TCTI, the domain name or IP address and port
159         number used by the simulator  can  be  specified.   The  default  are
160         127.0.0.1 and 2321.
161
162         Example:  -T  mssim:host=localhost,port=2321  or export TPM2TOOLS_TC‐
163         TI=“mssim:host=localhost,port=2321”
164
165       • abrmd: For the abrmd TCTI, the configuration string format is  a  se‐
166         ries  of  simple  key value pairs separated by a `,' character.  Each
167         key and value string are separated by a `=' character.
168
169         • TCTI abrmd supports two keys:
170
171           1. `bus_name' : The name of  the  tabrmd  service  on  the  bus  (a
172              string).
173
174           2. `bus_type' : The type of the dbus instance (a string) limited to
175              `session' and `system'.
176
177         Specify the tabrmd tcti name and a config string of  bus_name=com.ex‐
178         ample.FooBar:
179
180                \--tcti=tabrmd:bus_name=com.example.FooBar
181
182         Specify the default (abrmd) tcti and a config string of bus_type=ses‐
183         sion:
184
185                \--tcti:bus_type=session
186
187         NOTE: abrmd and tabrmd are synonymous.  the various known  TCTI  mod‐
188         ules.
189

191   Generate a random 20 bytes and output the binary data to a file
192              tpm2_getrandom -o random.out 20
193
194   Generate a random 8 bytes and output the hex formatted data to stdout
195              tpm2_getrandom 8
196

198       Tools can return any of the following codes:
199
200       • 0 - Success.
201
202       • 1 - General non-specific error.
203
204       • 2 - Options handling error.
205
206       • 3 - Authentication error.
207
208       • 4 - TCTI related error.
209
210       • 5 - Non supported scheme.  Applicable to tpm2_testparams.
211

213       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
214

216       See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
217
218
219
220tpm2-tools                                                   tpm2_getrandom(1)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

COMMON OPTIONS

TCTI Configuration

TCTI OPTIONS

EXAMPLES

Returns

BUGS

HELP