tss2_provision(1)

1tss2_provision(1)           General Commands Manual          tss2_provision(1)
2
3
4

6       tss2_provision(1) -
7

9       tss2_provision [OPTIONS]
10

12       fapi-config(5)  to  adjust  Fapi parameters like the used cryptographic
13       profile and TCTI or directories for the Fapi metadata storages.
14
15       fapi-profile(5) to determine the cryptographic algorithms  and  parame‐
16       ters for all keys and operations of a specific TPM interaction like the
17       name hash algorithm, the asymmetric signature algorithm, scheme and pa‐
18       rameters and PCR bank selection.
19

21       tss2_provision(1) - This command provisions a FAPI instance and its as‐
22       sociated TPM.  The steps taken are:
23
24       • Retrieve the EK template, nonce and  certificate,  verify  that  they
25         match the TPM’s EK and store them in the key store.
26
27       • Set  the  authValues  and policies for the Owner (Storage Hierarchy),
28         the Privacy Administrator (Endorsement Hierarchy) and the lockout au‐
29         thority.
30
31       • Scan  the  TPM’s  nv  indices and create entries in the FAPI metadata
32         store.  This operation MAY use a heuristic to guess  the  originating
33         programs for nv indices found and name the entries accordingly.
34
35       • Create  the SRK (storage primary key) inside the TPM and make it per‐
36         sistent if required by  the  cryptographic  profile  (cf.,  fapi-pro‐
37         file(5))  and  store  its  metadata  in the system-wide FAPI metadata
38         store.  Note that the SRK will not have an authorization value  asso‐
39         ciated.
40
41       If  an authorization value is associated with the storage hierarchy, it
42       is highly recommended that the SRK without authorization value is  made
43       persistent.
44
45       The  paths  of  the different metadata storages for keys and nv indices
46       are configured in the FAPI configuration file (cf., fapi-config(5)).
47

49       These are the available options:
50
51       • -E, --authValueEh=STRING: The authorization value for the privacy ad‐
52         min, i.e. the endorsement hierarchy.  Optional parameter.
53
54       • -S,  --authValueSh=STRING:  The  authorization  value  for the owner,
55         i.e. the storage hierarchy.  Optional parameter.
56
57       • -L, --authValueLockout=STRING: The authorization value for the  lock‐
58         out authorization.  Optional parameter.
59

61       This  collection of options are common to all tss2 programs and provide
62       information that many users may expect.
63
64       • -h, --help [man|no-man]: Display the tools manpage.  By  default,  it
65         attempts  to  invoke  the  manpager for the tool, however, on failure
66         will output a short tool summary.  This is the same behavior  if  the
67         “man”  option argument is specified, however if explicit “man” is re‐
68         quested, the tool will provide errors from man  on  stderr.   If  the
69         “no-man”  option  if  specified, or the manpager fails, the short op‐
70         tions will be output to stdout.
71
72         To successfully use the manpages feature requires the manpages to  be
73         installed or on MANPATH, See man(1) for more details.
74
75       • -v,  --version:  Display version information for this tool, supported
76         tctis and exit.
77

79              tss2_provision
80

82       0 on success or 1 on failure.
83

85       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
86

88       See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
89
90
91
92tpm2-tools                        APRIL 2019                 tss2_provision(1)

NAME

SYNOPSIS

SEE ALSO

DESCRIPTION

OPTIONS

COMMON OPTIONS

EXAMPLE

RETURNS

BUGS

HELP