Showing with 1,119 additions and 1,038 deletions.
  1. +66 −51 Makefile.am
  2. +1 −0 man/.gitignore
  3. +10 −0 man/common/alg.md
  4. +12 −0 man/common/hash.md
  5. +11 −0 man/common/object-alg.md
  6. +13 −0 man/common/password.md
  7. +14 −0 man/common/sign-alg.md
  8. +10 −9 man/common/tcti.md
  9. +78 −0 man/tpm2_activatecredential.1.md
  10. +0 −86 man/tpm2_activatecredential.8.in
  11. +55 −0 man/tpm2_akparse.1.md
  12. +0 −61 man/tpm2_akparse.8.in
  13. +88 −0 man/tpm2_certify.1.md
  14. +0 −97 man/tpm2_certify.8.in
  15. +105 −0 man/tpm2_create.1.md
  16. +0 −99 man/tpm2_create.8.in
  17. +78 −0 man/tpm2_createpolicy.1.md
  18. +0 −71 man/tpm2_createpolicy.8.in
  19. +98 −0 man/tpm2_createprimary.1.md
  20. +0 −84 man/tpm2_createprimary.8.in
  21. +71 −0 man/tpm2_dictionarylockout.1.md
  22. +0 −73 man/tpm2_dictionarylockout.8.in
  23. +65 −0 man/tpm2_dump_capability.1.md
  24. +0 −50 man/tpm2_dump_capability.8.in
  25. +71 −0 man/tpm2_encryptdecrypt.1.md
  26. +0 −77 man/tpm2_encryptdecrypt.8.in
  27. +69 −0 man/tpm2_evictcontrol.1.md
  28. +0 −74 man/tpm2_evictcontrol.8.in
  29. +103 −0 man/tpm2_getmanufec.1.md
  30. +0 −97 man/tpm2_getmanufec.8.in
  31. +95 −0 man/tpm2_getpubak.1.md
  32. +0 −104 man/tpm2_getpubak.8.in
  33. 0 man/{tpm2_getpubek.8.in → tpm2_getpubek.1.in}
  34. 0 man/{tpm2_getrandom.8.in → tpm2_getrandom.1.in}
  35. 0 man/{tpm2_hash.8.in → tpm2_hash.1.in}
  36. 0 man/{tpm2_hmac.8.in → tpm2_hmac.1.in}
  37. 0 man/{tpm2_listpersistent.8.in → tpm2_listpersistent.1.in}
  38. 0 man/{tpm2_load.8.in → tpm2_load.1.in}
  39. 0 man/{tpm2_loadexternal.8.in → tpm2_loadexternal.1.in}
  40. 0 man/{tpm2_makecredential.8.in → tpm2_makecredential.1.in}
  41. 0 man/{tpm2_nvdefine.8.in → tpm2_nvdefine.1.in}
  42. 0 man/{tpm2_nvlist.8.in → tpm2_nvlist.1.in}
  43. 0 man/{tpm2_nvread.8.in → tpm2_nvread.1.in}
  44. 0 man/{tpm2_nvreadlock.8.in → tpm2_nvreadlock.1.in}
  45. 0 man/{tpm2_nvrelease.8.in → tpm2_nvrelease.1.in}
  46. 0 man/{tpm2_nvwrite.8.in → tpm2_nvwrite.1.in}
  47. +6 −5 man/{tpm2_pcrevent.8.md → tpm2_pcrevent.1.md}
  48. 0 man/{tpm2_pcrextend.8.in → tpm2_pcrextend.1.in}
  49. 0 man/{tpm2_pcrlist.8.in → tpm2_pcrlist.1.in}
  50. 0 man/{tpm2_quote.8.in → tpm2_quote.1.in}
  51. 0 man/{tpm2_rc_decode.8.in → tpm2_rc_decode.1.in}
  52. 0 man/{tpm2_readpublic.8.in → tpm2_readpublic.1.in}
  53. 0 man/{tpm2_rsadecrypt.8.in → tpm2_rsadecrypt.1.in}
  54. 0 man/{tpm2_rsaencrypt.8.in → tpm2_rsaencrypt.1.in}
  55. 0 man/{tpm2_send_command.8.in → tpm2_send_command.1.in}
  56. 0 man/{tpm2_sign.8.in → tpm2_sign.1.in}
  57. 0 man/{tpm2_startup.8.in → tpm2_startup.1.in}
  58. 0 man/{tpm2_takeownership.8.in → tpm2_takeownership.1.in}
  59. 0 man/{tpm2_unseal.8.in → tpm2_unseal.1.in}
  60. 0 man/{tpm2_verifysignature.8.in → tpm2_verifysignature.1.in}
117 changes: 66 additions & 51 deletions Makefile.am
View file
Expand Up @@ -232,50 +232,50 @@ endif

EXTRA_DIST = $(top_srcdir)/man

man8_MANS = \
man/man8/tpm2_createprimary.8 \
man/man8/tpm2_dump_capability.8 \
man/man8/tpm2_send_command.8 \
man/man8/tpm2_startup.8 \
man/man8/tpm2_pcrlist.8 \
man/man8/tpm2_quote.8 \
man/man8/tpm2_takeownership.8 \
man/man8/tpm2_getpubek.8 \
man/man8/tpm2_getpubak.8 \
man/man8/tpm2_getmanufec.8 \
man/man8/tpm2_akparse.8 \
man/man8/tpm2_makecredential.8 \
man/man8/tpm2_activatecredential.8 \
man/man8/tpm2_hash.8 \
man/man8/tpm2_nvlist.8 \
man/man8/tpm2_nvread.8 \
man/man8/tpm2_nvreadlock.8 \
man/man8/tpm2_nvwrite.8 \
man/man8/tpm2_nvdefine.8 \
man/man8/tpm2_nvrelease.8 \
man/man8/tpm2_create.8 \
man/man8/tpm2_hmac.8 \
man/man8/tpm2_certify.8 \
man/man8/tpm2_readpublic.8 \
man/man8/tpm2_getrandom.8 \
man/man8/tpm2_encryptdecrypt.8 \
man/man8/tpm2_evictcontrol.8 \
man/man8/tpm2_load.8 \
man/man8/tpm2_loadexternal.8 \
man/man8/tpm2_rsadecrypt.8 \
man/man8/tpm2_rsaencrypt.8 \
man/man8/tpm2_sign.8 \
man/man8/tpm2_unseal.8 \
man/man8/tpm2_verifysignature.8 \
man/man8/tpm2_listpersistent.8 \
man/man8/tpm2_rc_decode.8 \
man/man8/tpm2_dictionarylockout.8 \
man/man8/tpm2_createpolicy.8 \
man/man8/tpm2_pcrextend.8
man1_MANS = \
man/man1/tpm2_send_command.1 \
man/man1/tpm2_startup.1 \
man/man1/tpm2_pcrlist.1 \
man/man1/tpm2_quote.1 \
man/man1/tpm2_takeownership.1 \
man/man1/tpm2_getpubek.1 \
man/man1/tpm2_makecredential.1 \
man/man1/tpm2_hash.1 \
man/man1/tpm2_nvlist.1 \
man/man1/tpm2_nvread.1 \
man/man1/tpm2_nvreadlock.1 \
man/man1/tpm2_nvwrite.1 \
man/man1/tpm2_nvdefine.1 \
man/man1/tpm2_nvrelease.1 \
man/man1/tpm2_hmac.1 \
man/man1/tpm2_readpublic.1 \
man/man1/tpm2_getrandom.1 \
man/man1/tpm2_load.1 \
man/man1/tpm2_loadexternal.1 \
man/man1/tpm2_rsadecrypt.1 \
man/man1/tpm2_rsaencrypt.1 \
man/man1/tpm2_sign.1 \
man/man1/tpm2_unseal.1 \
man/man1/tpm2_verifysignature.1 \
man/man1/tpm2_listpersistent.1 \
man/man1/tpm2_rc_decode.1 \
man/man1/tpm2_pcrextend.1

if HAVE_MD2MAN_ROFF
man8_MANS += \
man/man8/tpm2_pcrevent.8
man1_MANS += \
man/man1/tpm2_activatecredential.1 \
man/man1/tpm2_akparse.1 \
man/man1/tpm2_certify.1 \
man/man1/tpm2_create.1 \
man/man1/tpm2_createpolicy.1 \
man/man1/tpm2_createprimary.1 \
man/man1/tpm2_dictionarylockout.1 \
man/man1/tpm2_dump_capability.1 \
man/man1/tpm2_encryptdecrypt.1 \
man/man1/tpm2_evictcontrol.1 \
man/man1/tpm2_getmanufec.1 \
man/man1/tpm2_getpubak.1 \
man/man1/tpm2_pcrevent.1
endif

MAN_DEPS := man/common-options.troff man/tcti-options.troff \
Expand All @@ -285,9 +285,9 @@ MAN_DEPS := man/common-options.troff man/tcti-options.troff \
man/alg-notes-common.troff

# DEPRECATED - No more raw troff files for manpages, use markdown (below).
man/man8/%.8 : man/%.8.in $(MAN_DEPS)
man/man1/%.1 : man/%.1.in $(MAN_DEPS)
rm -f $@
mkdir -p man/man8
mkdir -p man/man1
if HAVE_TCTI_DEV
echo ".nr HAVE_TCTI_DEV 1" >> $@
endif
Expand Down Expand Up @@ -315,16 +315,31 @@ endif
< $< >> $@

MARKDOWN_COMMON_DEPS = \
man/common/alg.md \
man/common/hash.md \
man/common/object-alg.md \
man/common/options.md \
man/common/password.md \
man/common/sign-alg.md \
man/common/tcti.md

man/man8/%.8 : man/%.8.md $(MARKDOWN_COMMON_DEPS)
man/man1/%.1 : man/%.1.md $(MARKDOWN_COMMON_DEPS)
rm -f $@
mkdir -p man/man8
sed -e '/@COMMON_OPTIONS@/r man/common/options.md' \
-e '/@COMMON_OPTIONS@/d' \
-e '/@COMMON_TCTI@/r man/common/tcti.md' \
-e '/@COMMON_TCTI@/d' \
mkdir -p man/man1
sed -e '/\[common options\]/r man/common/options.md' \
-e '/\[common options\]/d' \
-e '/\[common tcti options\]/r man/common/tcti.md' \
-e '/\[common tcti options\]/d' \
-e '/\[password formatting\]/r man/common/password.md' \
-e '/\[password formatting\]/d' \
-e '/\[supported hash algorithms\]/r man/common/hash.md' \
-e '/\[supported hash algorithms\]/d' \
-e '/\[algorithm specifiers\]/r man/common/alg.md' \
-e '/\[algorithm specifiers\]/d' \
-e '/\[supported public object algorithms\]/r man/common/object-alg.md' \
-e '/\[supported public object algorithms\]/d' \
-e '/\[supported signing algorithms\]/r man/common/sign-alg.md' \
-e '/\[supported signing algorithms\]/d' \
< $< | md2man-roff > $@

CLEANFILES = $(man8_MANS)
CLEANFILES = $(man1_MANS)
1 change: 1 addition & 0 deletions man/.gitignore
View file
@@ -1 +1,2 @@
man8/
man1/
10 changes: 10 additions & 0 deletions man/common/alg.md
View file
@@ -0,0 +1,10 @@
Algorithm Specfiers
-------------------

Options that take algorithms support "nice-names". Nice names, like sha1 can be
used in place of the raw hex for sha1: 0x4. The nice names are converted by
stripping the leading `TPM_ALG_` from the Algorithm Name field and converting
it to lower case. For instance `TPM_ALG_SHA3_256` becomes `sha3_256`.

The algorithms can be found at:
<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
12 changes: 12 additions & 0 deletions man/common/hash.md
View file
@@ -0,0 +1,12 @@
Supported Hash Algorithms
-------------------------

Supported hash algorithms are:

* `0x4` or `sha1` for `TPM_ALG_SHA1` **(default)**
* `0xB` or `sha256` for `TPM_ALG_SHA256`
* `0xC` or `sha384` for `TPM_ALG_SHA384`
* `0xD` or `sha512` for `TPM_ALG_SHA512`
* `0x12` or `sm3_256` for `TPM_ALG_SM3_256`

**NOTE**: Your TPM may not support all algorithms.
11 changes: 11 additions & 0 deletions man/common/object-alg.md
View file
@@ -0,0 +1,11 @@
Supported Public Object Algorithms
----------------------------------

Supported public object algorithms are:

* `0x1` or `rsa` for `TPM_ALG_RSA` (**default**).
* `0x8` or `keyedhash` for `TPM_ALG_KEYEDHASH`.
* `0x23` or `ecc` for `TPM_ALG_ECC`.
* `0x25` or `symcipher` for `TPM_ALG_SYMCIPHER`.

**NOTE**: Your TPM may not support all algorithms.
13 changes: 13 additions & 0 deletions man/common/password.md
View file
@@ -0,0 +1,13 @@
## Password Formatting

Passwords are interpreted in two forms, string and hex-string. A string password is not
interpreted, and is directly used for authorization. A hex-string, is converted from
a hexidecimal form into a byte array form, thus allowing passwords with non-printable
and/or terminal un-friendly characters.

By default passwords are assumed to be in the string form. Password form is specified
with special prefix values, they are:

* str: - Used to indicate it is a raw string. Useful for escaping a password that starts
with the "hex:" prefix.
* hex: - Used when specifying a password in hex string format.
14 changes: 14 additions & 0 deletions man/common/sign-alg.md
View file
@@ -0,0 +1,14 @@
Supported Signing Algorithms
-------------------------

Supported algorithms are:

* `0x5` or `hmac` for `TPM_ALG_HMAC` **(default)**
* `0x14` or `rsassa` for `TPM_ALG_RSASSA`
* `0x16` or `rsapss` for `TPM_ALG_RSAPSS`
* `0x18` or `ecdsa` for `TPM_ALG_ECDSA`
* `0x1A` or `ecdaa` for `TPM_ALG_ECDAA`
* `0x1B` or `sm2` for `TPM_ALG_SM2`
* `0x1C` or `ecschnorr` for `TPM_ALG_ECSCHNORR`

**NOTE**: Your TPM may not support all algorithms.
19 changes: 10 additions & 9 deletions man/common/tcti.md
View file
Expand Up @@ -42,18 +42,19 @@ TCTI OPTIONS
This collection of options are used to configure the varous TCTI modules
available. They override any environment variables.

* `-T`, `--tcti`=_TCTI_NAME_:
* `-T`, `--tcti`=_TCTI\_NAME_`[`:_TCTI\_OPTIONS_`]`:
Select the TCTI used for communication with the next component down the TSS
stack. In most configurations this will be the resource manager:
[tabrmd](https://github.com/01org/tpm2-abrmd)
Optionally, tcti specific options can appended to _TCTI\_NAME_ by appending
a `:` to _TCTI\_NAME_.

* `-d`, `--device-file`=_DEVICE_FILE_:
Specify the TPM device file for use by the device TCTI. The default is
/dev/tpm0.
* For the device TCTI, the TPM device file for use by the device TCTI can be specified.
The default is /dev/tpm0.
Example: `-T device:/dev/tpm0`

* `-R`, `--socket-address`=_SOCKET_ADDRESS_:
Specify the domain name or IP address used by the socket TCTI. The default
is 127.0.0.1.
* For the socket TCTI, the domain name or IP address and port number used by the socket
can be specified. The default are 127.0.0.1 and 2321.
Example: `-T socket:127.0.0.1:2321`

* `-p`, `--socket-port`=_SOCKET_PORT_:
Specify the port number used by the socket TCTI. The default is 2321.
* For the abrmd TCTI, it takes no options. Example: `-T abrmd`
78 changes: 78 additions & 0 deletions man/tpm2_activatecredential.1.md
View file
@@ -0,0 +1,78 @@
tpm2_activatecredential 1 "AUGUST 2017" tpm2-tools
==================================================

NAME
----

tpm2_activatecredential(1) - verify that an object is protected with a specific
key.

SYNOPSIS
--------

`tpm2_activatecredential` [OPTIONS]

DESCRIPTION
-----------
Verify that the given content is protected with given keyHandle for given
handle, and then decrypt and return the secret, if any passwd option is
missing, assume NULL. Currently only support using TCG profile compliant EK as
the keyHandle.

OPTIONS
-------

These options control the object verification:

* `-H`, `--handle`=_HANDLE_:
_HANDLE_ of the object associated with the created certificate by CA.

* `-k`, `--key-handle`=_KEY\_HANDLE_:
The _KEY\_HANDLE_ of Loaded key used to decrypt the the random seed.

* `-C`, `--keyContext`=_KEY\_CONTEXT\_FILE_:
_KEY\_CONTEXT\_FILE_ is the path to a context file.

* `-P`, `--password`=_PASSWORD_:
Use _PASSWORD_ for providing an authorization value for the _KEY\_HANDLE_.
Passwords should follow the "password formatting standards, see section "Password Formatting".

* `-e`, `--endorsePassword`=_ENDORSE\_PASSWORD_:
The endorsement password, optional. Follows the same formating guidelines as the handle password option -P.

* `-f`, `--inFile`=_INPUT\_FILE_:
Input file path, containing the two structures needed by tpm2_activatecredential function. This is created
via the tpm2_makecredential(1) command.

* `-o`, `--outFile`=_OUTPUT\_FILE_:
Output file path, record the secret to decrypt the certificate.

[common options](common/options.md)

[common tcti options](common/tcti.md)

[password formatting](common/password.md)

EXAMPLES
--------

```
tpm2_activatecredential -H 0x81010002 -k 0x81010001 -P abc123 -e abc123 -f <filePath> -o <filePath>
tpm2_activatecredential -c ak.context -C ek.context -P abc123 -e abc123 -f <filePath> -o <filePath>
tpm2_activatecredential -H 0x81010002 -k 0x81010001 -P 123abc -e 1a1b1c -X -f <filePath> -o <filePath>
```

RETURNS
-------
0 on success or 1 on failure.

BUGS
----
[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

## AUTHOR
William Roberts <william.c.roberts@intel.com>