tpm2_getcap(1)

1tpm2_getcap(1)              General Commands Manual             tpm2_getcap(1)
2
3
4

NAME

6       tpm2_getcap(1) - Display TPM capabilities in a human readable form.
7

SYNOPSIS

9       tpm2_getcap [OPTIONS] [CAPABILITY]
10

DESCRIPTION

12       tpm2_getcap(1)  -  Query the TPM for it’s capabilities / properties and
13       print them to the console.  It takes a string form of the capability to
14       query  as  an  argument  to  the  tool.  Currently supported capability
15       groups are:
16
17       • algorithms: Display data about supported algorithms.
18
19       • commands: Display data about supported commands.
20
21       • pcrs: Display currently allocated PCRs.
22
23       • properties-fixed: Display fixed TPM properties.
24
25       • properties-variable: Display variable TPM properties.
26
27       • ecc-curves: Display data about elliptic curves.
28
29       • handles-transient: Display handles about transient objects.
30
31       • handles-persistent: Display handles about persistent objects.
32
33       • handles-permanent: Display handles about permanent objects.
34
35       • handles-pcr: Display handles about PCRs.
36
37       • handles-nv-index: Display handles about NV Indices.
38
39       • handles-loaded-session: Display handles about both  loaded  HMAC  and
40         policy sessions.
41
42       • handles-saved-session: Display handles about saved sessions.
43
44       • vendor[:num]:  Displays the vendor properties as a hex buffer output.
45         The string “vendor” can be suffixed with a colon followed by a number
46         as understood by strtoul(3) with a 0 base.  That value is used as the
47         property value within the
48       TPM2_GetCapability command, and defaults to 1.  An example to  call  it
49       with a property value of 2 is: tpm2_getcap vendor:2
50
51         NOTE:  if  vendor  requests  hang,  try the “-i” option to ignore the
52         moreData field and only read once.
53

OPTIONS

55       • -l, --list:
56
57         List known supported capability names.  These names can  be  supplied
58         as the argument to the -c option.  Output is in a YAML compliant list
59         to stdout.
60
61         For example:
62
63                  - algorithms
64                  - commands
65                  - properties-fixed
66                  ...
67
68       • --ignore-moredata
69
70       Ignores the moreData field when dealing with buggy TPM responses.
71

COMMON OPTIONS

73       This collection of options are common to many programs and provide  in‐
74       formation that many users may expect.
75
76       • -h,  --help=[man|no-man]:  Display the tools manpage.  By default, it
77         attempts to invoke the manpager for the  tool,  however,  on  failure
78         will  output  a short tool summary.  This is the same behavior if the
79         “man” option argument is specified, however if explicit “man” is  re‐
80         quested,  the  tool  will  provide errors from man on stderr.  If the
81         “no-man” option if specified, or the manpager fails,  the  short  op‐
82         tions will be output to stdout.
83
84         To  successfully use the manpages feature requires the manpages to be
85         installed or on MANPATH, See man(1) for more details.
86
87       • -v, --version: Display version information for this  tool,  supported
88         tctis and exit.
89
90       • -V,  --verbose:  Increase the information that the tool prints to the
91         console during its execution.  When using this option  the  file  and
92         line number are printed.
93
94       • -Q, --quiet: Silence normal tool output to stdout.
95
96       • -Z, --enable-errata: Enable the application of errata fixups.  Useful
97         if an errata fixup needs to be applied to commands sent to  the  TPM.
98         Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.
99

TCTI Configuration

101       The  TCTI  or  “Transmission  Interface” is the communication mechanism
102       with the TPM.  TCTIs can be changed for communication with TPMs  across
103       different mediums.
104
105       To control the TCTI, the tools respect:
106
107       1. The command line option -T or --tcti
108
109       2. The environment variable: TPM2TOOLS_TCTI.
110
111       Note:  The  command  line option always overrides the environment vari‐
112       able.
113
114       The current known TCTIs are:
115
116       • tabrmd     -     The     resource     manager,     called      tabrmd
117         (https://github.com/tpm2-software/tpm2-abrmd).   Note that tabrmd and
118         abrmd as a tcti name are synonymous.
119
120       • mssim - Typically used for communicating to the TPM software  simula‐
121         tor.
122
123       • device - Used when talking directly to a TPM device file.
124
125       • none  - Do not initalize a connection with the TPM.  Some tools allow
126         for off-tpm options and thus support not using a TCTI.  Tools that do
127         not  support  it  will error when attempted to be used without a TCTI
128         connection.  Does not support ANY options and MUST  BE  presented  as
129         the exact text of “none”.
130
131       The  arguments  to  either  the  command line option or the environment
132       variable are in the form:
133
134       <tcti-name>:<tcti-option-config>
135
136       Specifying an empty string for  either  the  <tcti-name>  or  <tcti-op‐
137       tion-config> results in the default being used for that portion respec‐
138       tively.
139
140   TCTI Defaults
141       When a TCTI is not specified, the default TCTI is  searched  for  using
142       dlopen(3)  semantics.   The  tools  will  search for tabrmd, device and
143       mssim TCTIs IN THAT ORDER and USE THE FIRST ONE FOUND.  You  can  query
144       what TCTI will be chosen as the default by using the -v option to print
145       the version information.  The “default-tcti” key-value pair will  indi‐
146       cate which of the aforementioned TCTIs is the default.
147
148   Custom TCTIs
149       Any TCTI that implements the dynamic TCTI interface can be loaded.  The
150       tools internally use dlopen(3), and the raw tcti-name value is used for
151       the lookup.  Thus, this could be a path to the shared library, or a li‐
152       brary name as understood by dlopen(3) semantics.
153

TCTI OPTIONS

155       This collection of options are used to configure the various known TCTI
156       modules available:
157
158       • device: For the device TCTI, the TPM character device file for use by
159         the device TCTI can be specified.  The default is /dev/tpm0.
160
161         Example:   -T   device:/dev/tpm0   or   export    TPM2TOOLS_TCTI=“de‐
162         vice:/dev/tpm0”
163
164       • mssim:  For  the  mssim  TCTI, the domain name or IP address and port
165         number used by the simulator  can  be  specified.   The  default  are
166         127.0.0.1 and 2321.
167
168         Example:  -T  mssim:host=localhost,port=2321  or export TPM2TOOLS_TC‐
169         TI=“mssim:host=localhost,port=2321”
170
171       • abrmd: For the abrmd TCTI, the configuration string format is  a  se‐
172         ries  of  simple  key value pairs separated by a `,' character.  Each
173         key and value string are separated by a `=' character.
174
175         • TCTI abrmd supports two keys:
176
177           1. `bus_name' : The name of  the  tabrmd  service  on  the  bus  (a
178              string).
179
180           2. `bus_type' : The type of the dbus instance (a string) limited to
181              `session' and `system'.
182
183         Specify the tabrmd tcti name and a config string of  bus_name=com.ex‐
184         ample.FooBar:
185
186                \--tcti=tabrmd:bus_name=com.example.FooBar
187
188         Specify the default (abrmd) tcti and a config string of bus_type=ses‐
189         sion:
190
191                \--tcti:bus_type=session
192
193         NOTE: abrmd and tabrmd are synonymous.
194

EXAMPLES

196   To list the fixed properties of the TPM
197              tpm2_getcap properties-fixed
198
199   To list the supported capability groups
200              tpm2_getcap -l
201

Returns

203       Tools can return any of the following codes:
204
205       • 0 - Success.
206
207       • 1 - General non-specific error.
208
209       • 2 - Options handling error.
210
211       • 3 - Authentication error.
212
213       • 4 - TCTI related error.
214
215       • 5 - Non supported scheme.  Applicable to tpm2_testparams.
216

BUGS

218       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
219

HELP

221       See the Mailing List (https://lists.linuxfoundation.org/mailman/listin‐
222       fo/tpm2)
223
224
225
226tpm2-tools                                                      tpm2_getcap(1)