tpm2_flushcontext(1)

1tpm2_flushcontext(1)        General Commands Manual       tpm2_flushcontext(1)
2
3
4

NAME

6       tpm2_flushcontext(1) - Remove a specified handle, or all contexts asso‐
7       ciated with a transient object, loaded session or  saved  session  from
8       the TPM.
9

SYNOPSIS

11       tpm2_flushcontext [OPTIONS] [ARGUMENT]
12

DESCRIPTION

14       tpm2_flushcontext(1) - Remove a specified handle, or all contexts asso‐
15       ciated with a transient object, loaded session or  saved  session  from
16       the  TPM.   The object to be flushed is specified as the first argument
17       to the tool and is in one of the following forms: - The handle  of  the
18       object  to  be flushed from the TPM.  Must be a valid handle number.  -
19       Flush a session via a session file.  A session file is  generated  from
20       tpm2_startauthsession(1)’s -S option.
21

OPTIONS

23       • -t, --transient-object:
24
25         Remove all transient objects.
26
27       • -l, --loaded-session:
28
29         Remove all loaded sessions.
30
31       • -s, --saved-session:
32
33         Remove all saved sessions.
34
35       • ARGUMENT the command line argument specifies the OBJECT to be removed
36         from the TPM resident memory.
37
38       • --cphash=FILE
39
40         File path to record the hash of the command parameters.  This is com‐
41         monly termed as cpHash.  NOTE: When this option is selected, The tool
42         will not actually execute the command, it simply returns a cpHash.
43

COMMON OPTIONS

45       This collection of options are common to many programs and provide  in‐
46       formation that many users may expect.
47
48       • -h,  --help=[man|no-man]:  Display the tools manpage.  By default, it
49         attempts to invoke the manpager for the  tool,  however,  on  failure
50         will  output  a short tool summary.  This is the same behavior if the
51         “man” option argument is specified, however if explicit “man” is  re‐
52         quested,  the  tool  will  provide errors from man on stderr.  If the
53         “no-man” option if specified, or the manpager fails,  the  short  op‐
54         tions will be output to stdout.
55
56         To  successfully use the manpages feature requires the manpages to be
57         installed or on MANPATH, See man(1) for more details.
58
59       • -v, --version: Display version information for this  tool,  supported
60         tctis and exit.
61
62       • -V,  --verbose:  Increase the information that the tool prints to the
63         console during its execution.  When using this option  the  file  and
64         line number are printed.
65
66       • -Q, --quiet: Silence normal tool output to stdout.
67
68       • -Z, --enable-errata: Enable the application of errata fixups.  Useful
69         if an errata fixup needs to be applied to commands sent to  the  TPM.
70         Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.
71

TCTI Configuration

73       The  TCTI  or  “Transmission  Interface” is the communication mechanism
74       with the TPM.  TCTIs can be changed for communication with TPMs  across
75       different mediums.
76
77       To control the TCTI, the tools respect:
78
79       1. The command line option -T or --tcti
80
81       2. The environment variable: TPM2TOOLS_TCTI.
82
83       Note:  The  command  line option always overrides the environment vari‐
84       able.
85
86       The current known TCTIs are:
87
88       • tabrmd     -     The     resource     manager,     called      tabrmd
89         (https://github.com/tpm2-software/tpm2-abrmd).   Note that tabrmd and
90         abrmd as a tcti name are synonymous.
91
92       • mssim - Typically used for communicating to the TPM software  simula‐
93         tor.
94
95       • device - Used when talking directly to a TPM device file.
96
97       • none  - Do not initalize a connection with the TPM.  Some tools allow
98         for off-tpm options and thus support not using a TCTI.  Tools that do
99         not  support  it  will error when attempted to be used without a TCTI
100         connection.  Does not support ANY options and MUST  BE  presented  as
101         the exact text of “none”.
102
103       The  arguments  to  either  the  command line option or the environment
104       variable are in the form:
105
106       <tcti-name>:<tcti-option-config>
107
108       Specifying an empty string for  either  the  <tcti-name>  or  <tcti-op‐
109       tion-config> results in the default being used for that portion respec‐
110       tively.
111
112   TCTI Defaults
113       When a TCTI is not specified, the default TCTI is  searched  for  using
114       dlopen(3)  semantics.   The  tools  will  search for tabrmd, device and
115       mssim TCTIs IN THAT ORDER and USE THE FIRST ONE FOUND.  You  can  query
116       what TCTI will be chosen as the default by using the -v option to print
117       the version information.  The “default-tcti” key-value pair will  indi‐
118       cate which of the aforementioned TCTIs is the default.
119
120   Custom TCTIs
121       Any TCTI that implements the dynamic TCTI interface can be loaded.  The
122       tools internally use dlopen(3), and the raw tcti-name value is used for
123       the lookup.  Thus, this could be a path to the shared library, or a li‐
124       brary name as understood by dlopen(3) semantics.
125

TCTI OPTIONS

127       This collection of options are used to configure the various known TCTI
128       modules available:
129
130       • device: For the device TCTI, the TPM character device file for use by
131         the device TCTI can be specified.  The default is /dev/tpm0.
132
133         Example:   -T   device:/dev/tpm0   or   export    TPM2TOOLS_TCTI=“de‐
134         vice:/dev/tpm0”
135
136       • mssim:  For  the  mssim  TCTI, the domain name or IP address and port
137         number used by the simulator  can  be  specified.   The  default  are
138         127.0.0.1 and 2321.
139
140         Example:  -T  mssim:host=localhost,port=2321  or export TPM2TOOLS_TC‐
141         TI=“mssim:host=localhost,port=2321”
142
143       • abrmd: For the abrmd TCTI, the configuration string format is  a  se‐
144         ries  of  simple  key value pairs separated by a `,' character.  Each
145         key and value string are separated by a `=' character.
146
147         • TCTI abrmd supports two keys:
148
149           1. `bus_name' : The name of  the  tabrmd  service  on  the  bus  (a
150              string).
151
152           2. `bus_type' : The type of the dbus instance (a string) limited to
153              `session' and `system'.
154
155         Specify the tabrmd tcti name and a config string of  bus_name=com.ex‐
156         ample.FooBar:
157
158                \--tcti=tabrmd:bus_name=com.example.FooBar
159
160         Specify the default (abrmd) tcti and a config string of bus_type=ses‐
161         sion:
162
163                \--tcti:bus_type=session
164
165         NOTE: abrmd and tabrmd are synonymous.
166

EXAMPLES

168   Flushing a Transient Object
169       Typically, when using the TPM, the interactions  occur  through  a  re‐
170       source  manager, like tpm2-abrmd(8).  When the process exits, transient
171       object handles are flushed.  Thus, flushing transient  objects  through
172       the  command  line is not required.  However, when interacting with the
173       TPM directly, this scenario is possible.  The below example assumes di‐
174       rect  TPM  access  not brokered by a resource manager.  Specifically we
175       will use the simulator.
176
177              tpm2_createprimary -Tmssim -c primary.ctx
178
179              tpm2_getcap -T mssim handles-transient
180              - 0x80000000
181
182              tpm2_flushcontext -T mssim 0x80000000
183
184   Flush All the Transient Objects
185              tpm2_flushcontext \--transient-object
186
187   Flush a Session
188              tpm2_startauthsession -S session.dat
189
190              tpm2_flushcontext session.dat
191

Returns

193       Tools can return any of the following codes:
194
195       • 0 - Success.
196
197       • 1 - General non-specific error.
198
199       • 2 - Options handling error.
200
201       • 3 - Authentication error.
202
203       • 4 - TCTI related error.
204
205       • 5 - Non supported scheme.  Applicable to tpm2_testparams.
206

BUGS

208       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
209

HELP

211       See the Mailing List (https://lists.linuxfoundation.org/mailman/listin‐
212       fo/tpm2)
213
214
215
216tpm2-tools                                                tpm2_flushcontext(1)