1tpm2_nvcertify(1)           General Commands Manual          tpm2_nvcertify(1)
2
3
4

NAME

6       tpm2_nvcertify(1)  -  Provides attestation of the contents of an NV in‐
7       dex.
8

SYNOPSIS

10       tpm2_nvcertify [OPTIONS] [ARGUMENTS]
11

DESCRIPTION

13       tpm2_nvcertify(1) - Provides attestation of the contents of an  NV  in‐
14       dex.   NOTE:  As  part of the attestation output, the NV index contents
15       are revealed.
16

OPTIONS

18       These options control the certification:
19
20-C, --signingkey-context=OBJECT:
21
22         The key object that signs the attestation structure.
23
24-P, --signingkey-auth=AUTH:
25
26         The authorization value provided for the object specified with -C.
27
28-c, --nvauthobj-context=OBJECT:
29
30         The object that is the authorization handle for the NV object.  It is
31         either  the  NV  index handle itself or the platform/ owner hierarchy
32         handle.  If not specified it defaults to the NV index handle.
33
34-p, --nvauthobj-auth=AUTH:
35
36         The authorization value provided for the object specified with -c.
37
38-g, --hash-algorithm=ALGORITHM:
39
40         The hash algorithm to use in signature generation.
41
42-s, --scheme=ALGORITHM:
43
44         The signing scheme used to sign the attestation data.
45
46-f, --format=FORMAT:
47
48         Format selection for the signature output file.
49
50-o, --signature=FILE:
51
52         Output file name for the signature data.
53
54-q, --qualification=FILE_OR_HEX_STR:
55
56         Optional, the policy qualifier data that the signer can choose to in‐
57         clude in the signature.  Can be either a hex string or path.
58
59--size=NATURAL_NUMBER:
60
61         Specifies  the  size  of data to be read in bytes, starting from 0 if
62         offset is not specified.  If not specified, the size of the  data  as
63         reported by the public portion of the index will be used.
64
65--offset=NATURAL_NUMBER:
66
67         The offset within the NV index to start reading from.
68
69–attestation=FILE:
70
71         The attestation data of the type TPM2_CREATION_INFO signed with sign‐
72         ing key.
73
74--cphash=FILE
75
76         File path to record the hash of the command parameters.  This is com‐
77         monly termed as cpHash.  NOTE: When this option is selected, The tool
78         will not actually execute the command, it simply returns a cpHash un‐
79         less rphash is also required.
80
81--rphash=FILE
82
83         File  path  to  record  the hash of the response parameters.  This is
84         commonly termed as rpHash.
85
86-S, --session=FILE:
87
88         The session created using tpm2_startauthsession.  This can be used to
89         specify  an  auxiliary session for auditing and or encryption/decryp‐
90         tion of the parameters.
91
92-n, --name=FILE:
93
94         The name of the NV index that must be provided when only  calculating
95         the cpHash without actually dispatching the command to the TPM.
96
97-signer-name=FILE:
98
99         The name of the signing key that must be provided when only calculat‐
100         ing the cpHash without actually dispatching the command to the TPM.
101
102ARGUMENT the command line argument specifies the NV index  or  offset
103         number.
104
105   References

Context Object Format

107       The  type  of a context object, whether it is a handle or file name, is
108       determined according to the following logic in-order:
109
110       • If the argument is a file path, then the file is loaded as a restored
111         TPM transient object.
112
113       • If the argument is a prefix match on one of:
114
115         • owner: the owner hierarchy
116
117         • platform: the platform hierarchy
118
119         • endorsement: the endorsement hierarchy
120
121         • lockout: the lockout control persistent object
122
123       • If  the  argument argument can be loaded as a number it will be treat
124         as a handle, e.g. 0x81010013 and used directly._OBJECT_.
125

Authorization Formatting

127       Authorization for use of an object in TPM2.0 can come  in  3  different
128       forms: 1.  Password 2.  HMAC 3.  Sessions
129
130       NOTE:  “Authorizations  default  to  the EMPTY PASSWORD when not speci‐
131       fied”.
132
133   Passwords
134       Passwords are interpreted in the following  forms  below  using  prefix
135       identifiers.
136
137       Note:  By  default  passwords are assumed to be in the string form when
138       they do not have a prefix.
139
140   String
141       A string password, specified by prefix  “str:”  or  it’s  absence  (raw
142       string without prefix) is not interpreted, and is directly used for au‐
143       thorization.
144
145   Examples
146              foobar
147              str:foobar
148
149   Hex-string
150       A hex-string password, specified by prefix “hex:” is converted  from  a
151       hexidecimal  form  into a byte array form, thus allowing passwords with
152       non-printable and/or terminal un-friendly characters.
153
154   Example
155              hex:1122334455667788
156
157   File
158       A file based password, specified be prefix “file:” should be  the  path
159       of  a  file  containing the password to be read by the tool or a “-” to
160       use stdin.  Storing passwords in files  prevents  information  leakage,
161       passwords passed as options can be read from the process list or common
162       shell history features.
163
164   Examples
165              # to use stdin and be prompted
166              file:-
167
168              # to use a file from a path
169              file:path/to/password/file
170
171              # to echo a password via stdin:
172              echo foobar | tpm2_tool -p file:-
173
174              # to use a bash here-string via stdin:
175
176              tpm2_tool -p file:- <<< foobar
177
178   Sessions
179       When using a policy session to authorize the use of an  object,  prefix
180       the  option argument with the session keyword.  Then indicate a path to
181       a session file that was created with tpm2_startauthsession(1).  Option‐
182       ally, if the session requires an auth value to be sent with the session
183       handle (eg policy password), then append a + and a string as  described
184       in the Passwords section.
185
186   Examples
187       To use a session context file called session.ctx.
188
189              session:session.ctx
190
191       To use a session context file called session.ctx AND send the authvalue
192       mypassword.
193
194              session:session.ctx+mypassword
195
196       To use a session context file called session.ctx AND send the HEX auth‐
197       value 0x11223344.
198
199              session:session.ctx+hex:11223344
200
201   PCR Authorizations
202       You  can satisfy a PCR policy using the “pcr:” prefix and the PCR mini‐
203       language.      The     PCR     minilanguage     is     as      follows:
204       <pcr-spec>=<raw-pcr-file>
205
206       The PCR spec is documented in in the section “PCR bank specifiers”.
207
208       The  raw-pcr-file  is  an optional argument that contains the output of
209       the raw PCR contents as returned by tpm2_pcrread(1).
210
211       PCR bank specifiers (pcr.md)
212
213   Examples
214       To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifi‐
215       er of:
216
217              pcr:sha256:0,1,2,3
218
219       specifying AUTH.
220

Algorithm Specifiers

222       Options that take algorithms support “nice-names”.
223
224       There  are two major algorithm specification string classes, simple and
225       complex.  Only certain algorithms will be accepted by the TPM, based on
226       usage and conditions.
227
228   Simple specifiers
229       These are strings with no additional specification data.  When creating
230       objects, non-specified portions of an object are assumed  to  defaults.
231       You can find the list of known “Simple Specifiers” below.
232
233   Asymmetric
234       • rsa
235
236       • ecc
237
238   Symmetric
239       • aes
240
241       • camellia
242
243       • sm4
244
245   Hashing Algorithms
246       • sha1
247
248       • sha256
249
250       • sha384
251
252       • sha512
253
254       • sm3_256
255
256       • sha3_256
257
258       • sha3_384
259
260       • sha3_512
261
262   Keyed Hash
263       • hmac
264
265       • xor
266
267   Signing Schemes
268       • rsassa
269
270       • rsapss
271
272       • ecdsa
273
274       • ecdaa
275
276       • ecschnorr
277
278       • sm2
279
280   Asymmetric Encryption Schemes
281       • oaep
282
283       • rsaes
284
285       • ecdh
286
287   Modes
288       • ctr
289
290       • ofb
291
292       • cbc
293
294       • cfb
295
296       • ecb
297
298   Misc
299       • null
300
301   Complex Specifiers
302       Objects,  when  specified  for creation by the TPM, have numerous algo‐
303       rithms to populate in the public data.  Things like  type,  scheme  and
304       asymmetric  details,  key  size,  etc.  Below is the general format for
305       specifying this data: <type>:<scheme>:<symmetric-details>
306
307   Type Specifiers
308       This portion of the complex algorithm specifier is required.   The  re‐
309       maining  scheme  and  symmetric  details will default based on the type
310       specified and the type of the object being created.
311
312       • aes - Default AES: aes128
313
314       • aes128<mode> - 128 bit AES with optional mode  (ctr|ofb|cbc|cfb|ecb).
315         If mode is not specified, defaults to null.
316
317       • aes192<mode> - Same as aes128<mode>, except for a 192 bit key size.
318
319       • aes256<mode> - Same as aes128<mode>, except for a 256 bit key size.
320
321       • sm4 - Default SM4: sm4128
322
323       • sm4128   or   sm4_128  <mode>  -  128  bit  SM4  with  optional  mode
324         (ctr|ofb|cbc|cfb|ecb).  If mode is not specified, defaults to null.
325
326       • ecc - Elliptical Curve, defaults to ecc256.
327
328       • ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve
329
330       • ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve
331
332       • ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve
333
334       • ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve
335
336       • ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve
337
338       • ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve
339
340       • rsa - Default RSA: rsa2048
341
342       • rsa1024 - RSA with 1024 bit keysize.
343
344       • rsa2048 - RSA with 2048 bit keysize.
345
346       • rsa3072 - RSA with 3072 bit keysize.
347
348       • rsa4096 - RSA with 4096 bit keysize.
349
350   Scheme Specifiers
351       Next, is an optional field, it can be skipped.
352
353       Schemes are usually Signing Schemes or Asymmetric  Encryption  Schemes.
354       Most signing schemes take a hash algorithm directly following the sign‐
355       ing scheme.  If the hash algorithm is missing, it defaults  to  sha256.
356       Some take no arguments, and some take multiple arguments.
357
358   Hash Optional Scheme Specifiers
359       These  scheme  specifiers are followed by a dash and a valid hash algo‐
360       rithm, For example: oaep-sha256.
361
362       • oaep
363
364       • ecdh
365
366       • rsassa
367
368       • rsapss
369
370       • ecdsa
371
372       • ecschnorr
373
374       • sm2
375
376   Multiple Option Scheme Specifiers
377       This scheme specifier is followed by a count  (max  size  UINT16)  then
378       followed by a dash(-) and a valid hash algorithm.  * ecdaa For example,
379       ecdaa4-sha256.  If no count is specified, it defaults to 4.
380
381   No Option Scheme Specifiers
382       This scheme specifier takes NO arguments.  * rsaes
383
384   Symmetric Details Specifiers
385       This field is optional, and defaults based on the type of object  being
386       created  and it’s attributes.  Generally, any valid Symmetric specifier
387       from the Type Specifiers list should work.  If not specified, an  asym‐
388       metric objects symmetric details defaults to aes128cfb.
389
390   Examples
391   Create an rsa2048 key with an rsaes asymmetric encryption scheme
392       tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv
393
394   Create  an  ecc256  key  with an ecdaa signing scheme with a count of 4 and
395       sha384 hash
396       /tpm2_create  -C  parent.ctx  -G  ecc256:ecdaa4-sha384  -u  key.pub  -r
397       key.priv cryptographic algorithms ALGORITHM.
398

Signature Format Specifiers

400       Format selection for the signature output file.  tss (the default) will
401       output a binary blob according to the TPM 2.0 specification and any po‐
402       tential  compiler padding.  The option plain will output the plain sig‐
403       nature data as defined by the used cryptographic algorithm.   signature
404       FORMAT.
405

COMMON OPTIONS

407       This  collection of options are common to many programs and provide in‐
408       formation that many users may expect.
409
410-h, --help=[man|no-man]: Display the tools manpage.  By  default,  it
411         attempts  to  invoke  the  manpager for the tool, however, on failure
412         will output a short tool summary.  This is the same behavior  if  the
413         “man”  option argument is specified, however if explicit “man” is re‐
414         quested, the tool will provide errors from man  on  stderr.   If  the
415         “no-man”  option  if  specified, or the manpager fails, the short op‐
416         tions will be output to stdout.
417
418         To successfully use the manpages feature requires the manpages to  be
419         installed or on MANPATH, See man(1) for more details.
420
421-v,  --version:  Display version information for this tool, supported
422         tctis and exit.
423
424-V, --verbose: Increase the information that the tool prints  to  the
425         console  during  its  execution.  When using this option the file and
426         line number are printed.
427
428-Q, --quiet: Silence normal tool output to stdout.
429
430-Z, --enable-errata: Enable the application of errata fixups.  Useful
431         if  an  errata fixup needs to be applied to commands sent to the TPM.
432         Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.   in‐
433         formation many users may expect.
434

TCTI Configuration

436       The  TCTI  or  “Transmission  Interface” is the communication mechanism
437       with the TPM.  TCTIs can be changed for communication with TPMs  across
438       different mediums.
439
440       To control the TCTI, the tools respect:
441
442       1. The command line option -T or --tcti
443
444       2. The environment variable: TPM2TOOLS_TCTI.
445
446       Note:  The  command  line option always overrides the environment vari‐
447       able.
448
449       The current known TCTIs are:
450
451       • tabrmd     -     The     resource     manager,     called      tabrmd
452         (https://github.com/tpm2-software/tpm2-abrmd).   Note that tabrmd and
453         abrmd as a tcti name are synonymous.
454
455       • mssim - Typically used for communicating to the TPM software  simula‐
456         tor.
457
458       • device - Used when talking directly to a TPM device file.
459
460       • none  - Do not initalize a connection with the TPM.  Some tools allow
461         for off-tpm options and thus support not using a TCTI.  Tools that do
462         not  support  it  will error when attempted to be used without a TCTI
463         connection.  Does not support ANY options and MUST  BE  presented  as
464         the exact text of “none”.
465
466       The  arguments  to  either  the  command line option or the environment
467       variable are in the form:
468
469       <tcti-name>:<tcti-option-config>
470
471       Specifying an empty string for  either  the  <tcti-name>  or  <tcti-op‐
472       tion-config> results in the default being used for that portion respec‐
473       tively.
474
475   TCTI Defaults
476       When a TCTI is not specified, the default TCTI is  searched  for  using
477       dlopen(3)  semantics.   The  tools  will  search for tabrmd, device and
478       mssim TCTIs IN THAT ORDER and USE THE FIRST ONE FOUND.  You  can  query
479       what TCTI will be chosen as the default by using the -v option to print
480       the version information.  The “default-tcti” key-value pair will  indi‐
481       cate which of the aforementioned TCTIs is the default.
482
483   Custom TCTIs
484       Any TCTI that implements the dynamic TCTI interface can be loaded.  The
485       tools internally use dlopen(3), and the raw tcti-name value is used for
486       the lookup.  Thus, this could be a path to the shared library, or a li‐
487       brary name as understood by dlopen(3) semantics.
488

TCTI OPTIONS

490       This collection of options are used to configure the various known TCTI
491       modules available:
492
493device: For the device TCTI, the TPM character device file for use by
494         the device TCTI can be specified.  The default is /dev/tpm0.
495
496         Example:   -T   device:/dev/tpm0   or   export    TPM2TOOLS_TCTI=“de‐
497         vice:/dev/tpm0”
498
499mssim:  For  the  mssim  TCTI, the domain name or IP address and port
500         number used by the simulator  can  be  specified.   The  default  are
501         127.0.0.1 and 2321.
502
503         Example:  -T  mssim:host=localhost,port=2321  or export TPM2TOOLS_TC‐
504         TI=“mssim:host=localhost,port=2321”
505
506abrmd: For the abrmd TCTI, the configuration string format is  a  se‐
507         ries  of  simple  key value pairs separated by a `,' character.  Each
508         key and value string are separated by a `=' character.
509
510         • TCTI abrmd supports two keys:
511
512           1. `bus_name' : The name of  the  tabrmd  service  on  the  bus  (a
513              string).
514
515           2. `bus_type' : The type of the dbus instance (a string) limited to
516              `session' and `system'.
517
518         Specify the tabrmd tcti name and a config string of  bus_name=com.ex‐
519         ample.FooBar:
520
521                \--tcti=tabrmd:bus_name=com.example.FooBar
522
523         Specify the default (abrmd) tcti and a config string of bus_type=ses‐
524         sion:
525
526                \--tcti:bus_type=session
527
528         NOTE: abrmd and tabrmd are synonymous.  the various known  TCTI  mod‐
529         ules.
530

EXAMPLES

532              tpm2_nvdefine -s 32 -a "authread|authwrite" 1
533
534              dd if=/dev/urandom bs=1 count=32 status=none| \
535              tpm2_nvwrite 1 -i-
536
537              tpm2_createprimary -C o -c primary.ctx -Q
538
539              tpm2_create -G rsa -u rsa.pub -r rsa.priv -C primary.ctx -c signing_key.ctx -Q
540
541              tpm2_readpublic -c signing_key.ctx -f pem -o sslpub.pem -Q
542
543              tpm2_nvcertify -C signing_key.ctx -g sha256 -f plain -s rsassa \
544              -o signature.bin --attestation attestation.bin --size 32 1
545

Returns

547       Tools can return any of the following codes:
548
549       • 0 - Success.
550
551       • 1 - General non-specific error.
552
553       • 2 - Options handling error.
554
555       • 3 - Authentication error.
556
557       • 4 - TCTI related error.
558
559       • 5 - Non supported scheme.  Applicable to tpm2_testparams.
560

BUGS

562       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
563

HELP

565       See the Mailing List (https://lists.linuxfoundation.org/mailman/listin
566       fo/tpm2)
567
568
569
570tpm2-tools                                                   tpm2_nvcertify(1)
Impressum