The source repository for the TPM (Trusted Platform Module) 2 tools
Clone or download
diabonas and williamcroberts tpm2_create: Use better object attributes defaults for authentication
The tpm2_create tool allows to define a policy session or a password for
authentication. By default no policy session is used and the password is
empty, which means that this empty password is used for authentication.

So the default object attribute flag userWithAuth is set in order to use
the empty password. This isn't a good default though if a policy is set,
since in this case the policy session has to be used for authentication
instead of an empty password.

If a policy is defined, the userWithAuth bit has to be clear unless the
user defines a password so in that case authentication would happen only
using the policy session or the defined password.

Also add these cases in the integration test to detect regressions.

Fixes: #1123

Signed-off-by: Javier Martinez Canillas <>
Latest commit 119c29e Sep 21, 2018

Build Status Coverity Scan Coverage Status

This site contains the code for the TPM (Trusted Platform Module) 2.0 tools based on tpm2-tss


  • Release 3.1.2 is now available.
  • A mailing list now exists for support:
  • CVE-2017-7524 - Where an HMAC authorization uses the tpm to perform the hmac calculation. This results in a disclosure of the password to the tpm where the user would not expect it. It appears likely unreachable in the current code base. This has been fixed on releases greater than version 1.1.1.

Build and Installation instructions:

Instructions for building and installing the tpm2-tools are provided in the file.

Release Procedures

Instructions for how releases are conducted, including our QA practices, please see the file.


Please use the mailing list at for general questions. The Issue Tracker on github should be reserved for actual feature requests or bugs. For security bugs, please see for information on how to submit those.


The tpm2-tools wiki:

TPM 2.0 specifications can be found at Trusted Computing Group.

Specifically, the following sections:

The Library Specification

This specifies the external programatic interface to the TPM:

The System API Specification

This is the SAPI dependency mentioned in This is the low-level software API to the tpm. The tpm2-tools project relies heavily on this.

The TCTI Specification

This specifies the transmission interfaces or how bytes get from the system api to the tpm.



Instructions for contributing to the project are provided in the file.