54 changes: 25 additions & 29 deletions man/tpm2_certify.1.md
View file
@@ -1,60 +1,57 @@
tpm2_certify 1 "AUGUST 2017" tpm2-tools
==================================================
% tpm2_certify(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_certify(1) - prove that an object is loaded in the tpm.
**tpm2_certify**(1) - prove that an object is loaded in the tpm.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_certify` [OPTIONS]
**tpm2_certify** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_certify(1) proves that an object with a specific _NAME_ is loaded in the TPM.
**tpm2_certify**(1) proves that an object with a specific _NAME_ is loaded in the TPM.
By certifying that the object is loaded, the TPM warrants that a public area
with a given _NAME_ is self-consistent and associated with a valid sensitive area.
If a relying party has a public area that has the same _NAME_ as a _NAME_ certified
with this command, then the values in that public area are correct. The object
may be any object that is loaded with TPM2_Load() or TPM2_CreatePrimary().
An object that only has its public area loaded cannot be certified.

OPTIONS
-------
# OPTIONS

These options control the ceritifcation:

* `-H`, `--objHandle`=_OBJECT\_HANDLE_:
* **-H**, **--objHandle**=_OBJECT\_HANDLE_:
The handle of the object to be certified.

* `-C`, `--objContext`=_FILE_:
* **-C**, **--objContext**=_FILE_:
Use _FILE_ for providing the object context.

* `-k`, `--keyHandle`=_KEY\_HANDLE_:
* **-k**, **--keyHandle**=_KEY\_HANDLE_:
Handle of the key used to sign the attestation structure.

* `-c`, `--keyContext`=_KEY\_CONTEXT_:
* **-c**, **--keyContext**=_KEY\_CONTEXT_:
Filename of the key context used to sign the attestation structure.

* `-P`, `--pwdo`=_OBJECT\_PASSWORD_:
* **-P**, **--pwdo**=_OBJECT\_PASSWORD_:
Use _OBJECT\_PASSWORD_ for providing an authorization value for the object specified
in _OBJECT\_HANDLE_.
Passwords should follow the "password formatting standards, see section
"Password Formatting".

* `-K`, `--pwdk`=_KEY\_PASSWORD_:
* **-K**, **--pwdk**=_KEY\_PASSWORD_:
Use _KEY_PASSWORD_ for providing an authorization value for the key specified
in _KEY\_HANDLE_.
Follows the same formatting guidelines as the object handle password or
-P option.

* `-a`, `--attestFile`=_ATTEST\_FILE_:
* **-a**, **--attestFile**=_ATTEST\_FILE_:
Output file name for the attestation data.

* `-s`, `--sigFile`=_SIG\_FILE_:
* **-s**, **--sigFile**=_SIG\_FILE_:
Output file name for the signature data.

[common options](common/options.md)
Expand All @@ -63,24 +60,23 @@ These options control the ceritifcation:

[password formatting](common/password.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_certify -H 0x81010002 -k 0x81010001 -P 0x0011 -K 0x00FF -g 0x00B -a <fileName> -s <fileName>
tpm2_certify -C obj.context -c key.context -P 0x0011 -K 0x00FF -g 0x00B -a <fileName> -s <fileName>
tpm2_certify -H 0x81010002 -k 0x81010001 -P 0011 -K 00FF -X -g 0x00B -a <fileName> -s <fileName>
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

64 changes: 30 additions & 34 deletions man/tpm2_create.1.md
View file
@@ -1,73 +1,70 @@
tpm2_create 1 "AUGUST 2017" tpm2-tools
==================================================
% tpm2_create(1) tpm2-tools | General Commands Manual
%
% AUGUST 2017

NAME
----
# NAME

tpm2_create(1) - create an object that can be loaded into a TPM using tpm2_load.
**tpm2_create**(1) - create an object that can be loaded into a TPM using tpm2_load.
The object will need to be loaded before it may be used.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_create` [OPTIONS]
**tpm2_create** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_create(1) - create an object that can be loaded into a TPM using tpm2_load.
**tpm2_create**(1) - create an object that can be loaded into a TPM using tpm2_load.
The object will need to be loaded before it may be used.

OPTIONS
-------
# OPTIONS

These options for creating the tpm entity:

* `-H`, `--pparent`=_PARENT\_HANDLE_:
* **-H**, **--pparent**=_PARENT\_HANDLE_:
The handle of the parent object to create this object under.

* `-c`, `--contextParent`=_PARENT\_CONTEXT\_FILE_:
* **-c**, **--contextParent**=_PARENT\_CONTEXT\_FILE_:
The filename for parent context.

* `-P`, `--pwdp`=_PARENT\_KEY\_PASSWORD_:
* **-P**, **--pwdp**=_PARENT\_KEY\_PASSWORD_:
The password for parent key, optional. Passwords should follow the
"password formatting standards, see section "Password Formatting".

* `-K`, `--pwdk`=_KEY\_PASSWORD_:
* **-K**, **--pwdk**=_KEY\_PASSWORD_:
The password for key, optional. Follows the password formatting of the
"password for parent key" option: -P.

* `-g`, `--halg`=_ALGORITHM_:
* **-g**, **--halg**=_ALGORITHM_:
The hash algorithm to use. Algorithms should follow the
" formatting standards, see section "Algorithm Specifiers".
Also, see section "Supported Hash Algorithms" for a list of supported
hash algorithms.

* `-G`, `--kalg`=_KEY\_ALGORITHM_:
* **-G**, **--kalg**=_KEY\_ALGORITHM_:
The algorithm associated with this object. It accepts friendly names just
like -g option. See section "Supported Public Object Algorithms" for a list
of supported object algorithms.

* `-A`, `--objectAttributes`=_ATTRIBUTES_:
* **-A**, **--objectAttributes**=_ATTRIBUTES_:
The object attributes, optional.

* `-I`, `--inFile`=_FILE_:
* **-I**, **--inFile**=_FILE_:
The data file to be sealed, optional. If file is -, read from stdin.
When sealing data only the TPM_ALG_KEYEDHASH algorithm is allowed.

* `-L`, `--policy-file`=_POLICY\_FILE_:
* **-L**, **--policy-file**=_POLICY\_FILE_:
The input policy file, optional.

* `-E`, `--enforce-policy`:
* **-E**, **--enforce-policy**:
Enforce policy based authorization on the object.

* `-u`, `--pubfile`=_OUTPUT\_PUBLIC\_FILE_:
* **-u**, **--pubfile**=_OUTPUT\_PUBLIC\_FILE_:
The output file which contains the public portion of the created object, optional.

* `-r`, `--privfile`=_OUTPUT\_PRIVATE\_FILE_:
* **-r**, **--privfile**=_OUTPUT\_PRIVATE\_FILE_:
The output file which contains the sensitive portion of the object, optional.

* `-S`, `--input-session-handle`=_SESSION\_HANDLE_:
* **-S**, **--input-session-handle**=_SESSION\_HANDLE_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)
Expand All @@ -82,24 +79,23 @@ These options for creating the tpm entity:

[algorithm specifiers](common/alg.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_create -H 0x81010001 -P abc123 -K def456 -g sha256 -G keyedhash-I data.File -o opu.File
tpm2_create -c parent.context -P abc123 -K def456 -g sha256 -G keyedhash -I data.File -o opu.File
tpm2_create -H 0x81010001 -P 123abc -K 456def -X -g sha256 -G keyedhash -I data.File -o opu.File
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

58 changes: 27 additions & 31 deletions man/tpm2_createpolicy.1.md
View file
@@ -1,53 +1,50 @@
tpm2_createpolicy 1 "AUGUST 2017" tpm2-tools
==================================================
% tpm2_createpolicy(1) tpm2-tools | General Commands Manual
%
% AUGUST 2017

NAME
----
# NAME

tpm2_createpolicy(1) - Creates simple assertion authorization policies based on
**tpm2_createpolicy**(1) - Creates simple assertion authorization policies based on
multiple pcr indices values across multiple enabled banks.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_createpolicy` [OPTIONS]
**tpm2_createpolicy** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_createpolicy(1) - Creates simple assertion authorization policies based on
**tpm2_createpolicy**(1) - Creates simple assertion authorization policies based on
multiple pcr indices values across multiple enabled banks. It can then be used with object creation and or tools using the object.

OPTIONS
-------
# OPTIONS

These options control creating the policy authorization session:

* `-f`, `--policy-file`=_POLICY\_FILE_:
* **-f**, **--policy-file**=_POLICY\_FILE_:
File to save the policy digest.

* `-P`, `--policy-pcr`:
* **-P**, **--policy-pcr**:
Identifies the PCR policy type for policy creation.

* `-g`, `--policy-digest-alg`=_HASH\_ALGORITHM_:
* **-g**, **--policy-digest-alg**=_HASH\_ALGORITHM_:
The hash algorithm used in computation of the policy digest. Algorithms
should follow the "formatting standards, see section "Algorithm Specifiers".
Also, see section "Supported Hash Algorithms" for a list of supported hash
algorithms.

* `-L`, `--set-list`=_PCR\_LIST_:
* **-L**, **--set-list**=_PCR\_LIST_:
The list of pcr banks and selected PCRs' ids (0~23) for each bank.

* `-F`, `--pcr-input-file`=_PCR\_FILE_:
* **-F**, **--pcr-input-file**=_PCR\_FILE_:
Optional Path or Name of the file containing expected pcr values for the
specified index. Default is to read the current PCRs per the set list.

* `-e`, `--extend-policy-session`:
* **-e**, **--extend-policy-session**:
Retains the policy session at the end of operation.

* `-a`, `--auth-policy-session`:
Start a policy session of type `TPM_SE_POLICY`. Default without this option
is `TPM_SE_TRIAL`.
* **-a**, **--auth-policy-session**:
Start a policy session of type **TPM_SE_POLICY**. Default without this option
is **TPM_SE_TRIAL**.

[common options](common/options.md)

Expand All @@ -57,22 +54,21 @@ These options control creating the policy authorization session:

[algorithm specifiers](common/alg.md)

EXAMPLES
--------
# EXAMPLES

Create a authorization policy tied to a specific PCR index:

`tpm2_createpolicy -P -L 0x4:0 -f policy.file -F pcr0.bin`
**tpm2_createpolicy -P -L 0x4:0 -f policy.file -F pcr0.bin**

# RETURNS

RETURNS
-------
0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

71 changes: 34 additions & 37 deletions man/tpm2_createprimary.1.md
View file
@@ -1,65 +1,62 @@
tpm2_createprimary 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_createprimary(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_createprimary(1) - Create a primary key under a primary seed or a temporary
primary key under the `TPM_RH_NULL` hierarchy.
**tpm2_createprimary**(1) - Create a primary key under a primary seed or a temporary
primary key under the **TPM_RH_NULL** hierarchy.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_createprimary` [OPTIONS]
**tpm2_createprimary** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_createprimary(1) - This command is used to create a Primary Object under
one of the Primary Seeds or a Temporary Object under `TPM_RH_NULL`. The command
uses a `TPM2B_PUBLIC` as a template for the object to be created. The command
**tpm2_createprimary**(1) - This command is used to create a Primary Object under
one of the Primary Seeds or a Temporary Object under **TPM_RH_NULL**. The command
uses a **TPM2B_PUBLIC** as a template for the object to be created. The command
will create and load a Primary Object. The sensitive area is not returned.

OPTIONS
-------
# OPTIONS

* `-A`, `--auth`=_HIERARCHY_:
* **-A**, **--auth**=_HIERARCHY_:
Specify the hierarchy under which the object is created. This will also dictate which authorization secret (if any) must be supplied.
Supported options are:
* `o` for `TPM_RH_OWNER`
* `p` for `TPM_RH_PLATFORM`
* `e` for `TPM_RH_ENDORSEMENT`
* `n` for `TPM_RH_NULL`
* **o** for **TPM_RH_OWNER**
* **p** for **TPM_RH_PLATFORM**
* **e** for **TPM_RH_ENDORSEMENT**
* **n** for **TPM_RH_NULL**

* `-P`, `--pwdp`=_PARENT\_KEY\_PASSWORD_:
* **-P**, **--pwdp**=_PARENT\_KEY\_PASSWORD_:
Optional authorization string if authorization is required to create object under the specified hierarchy.
Passwords should follow the "password formatting standards, see section "Password Formatting".

* `-K`, `--pwdk`=_KEY\_PASSWORD_:
* **-K**, **--pwdk**=_KEY\_PASSWORD_:
Optional authorization string for the newly created object. Follows the same password formating guidelines
as the parent authorization string under the -P option.

* `-g`, `--halg`=_ALGORITHM_:
* **-g**, **--halg**=_ALGORITHM_:
The hash algorithm to use. Algorithms should follow the
" formatting standards, see section "Algorithm Specifiers".
Also, see section "Supported Hash Algorithms" for a list of supported
hash algorithms.

* `-G`, `--kalg`=_KEY\_ALGORITHM_:
* **-G**, **--kalg**=_KEY\_ALGORITHM_:
Algorithm type for generated key. It supports friendly names like the -g option.
See section "Supported Public Object Algorithms" for a list of supported
object algorithms.

* `-C`, `--context`=_CONTEXT\_FILE_:
* **-C**, **--context**=_CONTEXT\_FILE_:
An optional file used to store the object context returned.

* `-L`, `--policy-file`=_POLICY\_FILE_:
* **-L**, **--policy-file**=_POLICY\_FILE_:
An optional file input that contains the policy digest for policy based authorization of the object.

* `-E`, `--enforce-policy`:
* **-E**, **--enforce-policy**:
Option to enforce policy based authorization on the created primary object.

* `-S`, `--input-session-handle`=_SESSION\_HANDLE_:
* **-S**, **--input-session-handle**=_SESSION\_HANDLE_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)
Expand All @@ -74,21 +71,21 @@ OPTIONS

[algorithm specifiers](common/alg.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_createprimary -A o -g sha256 -G ecc -C context.out
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

51 changes: 24 additions & 27 deletions man/tpm2_dictionarylockout.1.md
View file
@@ -1,68 +1,65 @@
tpm2_dictionarylockout 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_dictionarylockout(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_dictionarylockout(1) - setup or clear dictionary-attack-lockout parameters.
**tpm2_dictionarylockout**(1) - setup or clear dictionary-attack-lockout parameters.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_dictionarylockout` [OPTIONS]
**tpm2_dictionarylockout** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_dictionarylockout(1) - setup dictionary-attack-lockout parameters or clear
**tpm2_dictionarylockout**(1) - setup dictionary-attack-lockout parameters or clear
dictionary-attack-lockout state, if any passwd option is missing, assume NULL.

OPTIONS
-------
# OPTIONS

* `-s`, `--setup-parameters`=_SETUP\_PARAMETERS_:
* **-s**, **--setup-parameters**=_SETUP\_PARAMETERS_:
specifies the tool should operate to setup dictionary-attack-lockout
parameters.

* `-c`, `--clear-lockout`:
* **-c**, **--clear-lockout**:
specifies the tool should operate to clear dictionary-attack-lockout state.

* `-l`, `-lockout-recovery-time`=_LOCKOUT\_TIME_:
* **-l**, **-lockout-recovery-time**=_LOCKOUT\_TIME_:
specifies the wait time in seconds before another TPM_RH_LOCKOUT
authentication attempt can be made after a failed authentication.

* `-t`, `--recovery-time`=_RECOVERY\_TIME_:
* **-t**, **--recovery-time**=_RECOVERY\_TIME_:
specifies the wait time in seconds before another DA-protected-object
authentication attempt can be made after max-tries number of failed
authentications.

* `-n`, `--max-tries`=_MAX\_TRYS_:
* **-n**, **--max-tries**=_MAX\_TRYS_:
specifies the maximum number of allowed authentication attempts on
DA-protected-object; after which DA is activated.

* `-S`, `--input-session-handle`=_SESSION\_HANDLE_:
* **-S**, **--input-session-handle**=_SESSION\_HANDLE_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)

[common tcti options](common/tcti.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_dictionarylockout -c -p passwd
tpm2_dictionarylockout -s -n 5 -t 6 -l 7 -p passwd
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

41 changes: 19 additions & 22 deletions man/tpm2_dump_capability.1.md
View file
@@ -1,27 +1,24 @@
tpm2_dump_capability 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_dump_capability(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_dump_capability(1) - Display TPM capabilities in a human readable form.
**tpm2_dump_capability**(1) - Display TPM capabilities in a human readable form.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_dump_capability` [OPTIONS]
**tpm2_dump_capability** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_dump_capability(1) - Query the TPM for it's capabilities / properties and
**tpm2_dump_capability**(1) - Query the TPM for it's capabilities / properties and
dump them to the console. This is a thin wrapper around the GetCapability
command.

OPTIONS
-------
# OPTIONS

* `-c`, `--capability`=_CAPABILITY\_NAME_:
* **-c**, **--capability**=_CAPABILITY\_NAME_:
The name of the capability group to query.
Currently supported capability groups are:

Expand All @@ -44,22 +41,22 @@ OPTIONS

[common tcti options](common/tcti.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_dump_capability --capability="properties-fixed"
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

49 changes: 23 additions & 26 deletions man/tpm2_encryptdecrypt.1.md
View file
@@ -1,43 +1,40 @@
tpm2_encryptdecrypt 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_encryptdecrypt(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_encryptdecrypt(1) - performs symmetric encryption or decryption.
**tpm2_encryptdecrypt**(1) - performs symmetric encryption or decryption.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_encryptdecrypt` [OPTIONS]
**tpm2_encryptdecrypt** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_encryptdecrypt(1) - performs symmetric encryption or decryption with a
specified symmetric key.

OPTIONS
-------
# OPTIONS

* `-k`, `--keyHandle`=_KEY\_HANDLE_:
* **-k**, **--keyHandle**=_KEY\_HANDLE_:
the symmetric key used for the operation (encryption/decryption).

* `-c`, `--keyContext`=_KEY\_CONTEXT\_FILE_:
* **-c**, **--keyContext**=_KEY\_CONTEXT\_FILE_:
filename of the key context used for the operation.

* `-P`, `--pwdk`=_KEY\_PASSWORD_:
* **-P**, **--pwdk**=_KEY\_PASSWORD_:
filename of the key context used for the operation.
The password for parent key, optional. Passwords should follow the
"password formatting standards, see section "Password Formatting".

* `-D`, `--decrypt`:
* **-D**, **--decrypt**:
Perform a decrypt operation. Default is encryption.

* `-I`, `--inFile`=_INPUT\_FILE_:
* **-I**, **--inFile**=_INPUT\_FILE_:
Input file path containing data for decrypt or encrypt operation.

* `-S`, `--input-session-handle`=_SESSION\_HANDLE_:
* **-S**, **--input-session-handle**=_SESSION\_HANDLE_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)
Expand All @@ -46,23 +43,23 @@ OPTIONS

[password formatting](common/password.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_encryptdecrypt -k 0x81010001 -P abc123 -D NO -I <filePath> -o <filePath>
tpm2_encryptdecrypt -c key.context -P abc123 -D NO -I <filePath> -o <filePath>
tpm2_encryptdecrypt -k 0x81010001 -P 123abca -X -D NO -I <filePath> -o <filePath>
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

57 changes: 27 additions & 30 deletions man/tpm2_evictcontrol.1.md
View file
@@ -1,46 +1,43 @@
tpm2_evictcontrol 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_evictcontrol(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_evictcontrol(1) - Make a transient object persistent or evict a persistent object.
**tpm2_evictcontrol**(1) - Make a transient object persistent or evict a persistent object.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_evictcontrol` [OPTIONS]
**tpm2_evictcontrol** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_evictcontrol(1) - allows a transient object to be made persistent or a persistent object to
**tpm2_evictcontrol**(1) - allows a transient object to be made persistent or a persistent object to
be evicted.

OPTIONS
-------
# OPTIONS

* `-A`, `--auth`=_AUTH_:
* **-A**, **--auth**=_AUTH_:
The authorization used to authorize the commands. Valid choices are:
* `o` for `TPM_RH_OWNER`
* `p` for `TPM_RH_PLATFORM`
* **o** for **TPM_RH_OWNER**
* **p** for **TPM_RH_PLATFORM**

* `-H`, `--handle`=_HANDLE_:
* **-H**, **--handle**=_HANDLE_:
The handle of a loaded transient or a persistent object.

If the handle is for a transient object, then a handle that will be assigned to the persisted
object must also be specified with the `-S` option.
object must also be specified with the **-S** option.

If the handle is for a persistent object, then the `-S` does not need to be provided since the
If the handle is for a persistent object, then the **-S** does not need to be provided since the
handle must be the same for both options.

* `-c`, `--context`=_OBJECT\_CONTEXT\_FILE_:
* **-c**, **--context**=_OBJECT\_CONTEXT\_FILE_:
Filename for object context.

* `-S`, `--persistent`=_PERSISTENT\_HANDLE_:
* **-S**, **--persistent**=_PERSISTENT\_HANDLE_:
The persistent handle for the object handle specified via _HANDLE_.

* `-P`, `--pwda`=_AUTH\_PASSWORD_:
* **-P**, **--pwda**=_AUTH\_PASSWORD_:
authorization password, optional. Passwords should follow the
"password formatting standards, see section "Password Formatting".

Expand All @@ -50,23 +47,23 @@ OPTIONS

[password formatting](common/password.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_evictcontrol -A o -c object.context -S 0x81010002 -P abc123
tpm2_evictcontrol -A o -H 0x81010002 -S 0x81010002 -P abc123
tpm2_evictcontrol -A o -H 0x81010002 -S 0x81010002 -P 123abc
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

68 changes: 32 additions & 36 deletions man/tpm2_getmanufec.1.md
View file
@@ -1,73 +1,70 @@
tpm2_getmanufec 1 "AUGUST 2017" tpm2-tools
==================================================
% tpm2_getmanufec(1) tpm2-tools | General Commands Manual
%
% AUGUST 2017

NAME
----
# NAME

tpm2_getmanufec(1) - Retrieve the Endorsement Credential Certificate for the TPM
**tpm2_getmanufec**(1) - Retrieve the Endorsement Credential Certificate for the TPM
endorsement key from the TPM manufacturer's endorsement certificate hosting
server.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_getmanufec` [OPTIONS]
**tpm2_getmanufec** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_getmanufec(1) - Retrieve the Endorsement Credential Certificate for the TPM
**tpm2_getmanufec**(1) - Retrieve the Endorsement Credential Certificate for the TPM
endorsement key from the TPM manufacturer's endorsement certificate hosting
server.

OPTIONS
-------
# OPTIONS

* `-e`, `--endorsePasswd`=_ENDORSE\_PASSWORD_:
* **-e**, **--endorsePasswd**=_ENDORSE\_PASSWORD_:
specifies current endorse password (string, optional,default:NULL).

* `-o`, `--ownerPasswd`=_OWNER\_PASSWORD_:
* **-o**, **--ownerPasswd**=_OWNER\_PASSWORD_:
specifies current owner password (string, optional,default:NULL).

* `-P`, `--ekPasswd`=_EK\_PASSWORD_:
* **-P**, **--ekPasswd**=_EK\_PASSWORD_:
specifies the EK password when created (string,optional,default:NULL).

Passwords should follow the password formatting standards, see
section "Password Formatting".

* `-H`, `--handle`=_HANDLE_:
* **-H**, **--handle**=_HANDLE_:
specifies the handle used to make EK persistent (hex).

* `-g`, `--alg`=_ALGORITHM_:
* **-g**, **--alg**=_ALGORITHM_:
specifies the algorithm type of EK.
See section "Supported Public Object Algorithms" for a list of supported
object algorithms. See section "Algorithm Specifiers" on how to specify
an algorithm argument.

* `-f`, `--file`=_FILE_:
* **-f**, **--file**=_FILE_:
specifies the file used to save the public portion of EK.

* `-N`, `--NonPersistent`:
* **-N**, **--NonPersistent**:
specifies to readout the EK public without making it persistent.

* `-O`, `--OfflineProv`:
specifies that the file specifier from `-f` is an EK retrieved from offline
* **-O**, **--OfflineProv**:
specifies that the file specifier from **-f** is an EK retrieved from offline
platform that needs to be provisioned.

* `-E`, `--ECertFile`=_EC\_CERT\_FILE_:
* **-E**, **--ECertFile**=_EC\_CERT\_FILE_:
Specifies the file used to save the Endorsement Credentials retrieved from
the TPM manufacturer provisioning server. Defaults to stdout if not
specified.

* `-S`, `--EKserverAddr`=_SERVER\_ADDRESS_:
* **-S**, **--EKserverAddr**=_SERVER\_ADDRESS_:
specifies to attempt retrieving the Endorsement Credentials from the
specified TPM manufacturer provisioning server.

* `-U`, `--SSL_NO_VERIFY`:
* **-U**, **--SSL_NO_VERIFY**:
specifies to attempt connecting with the TPM manufacturer provisioning server
with SSL_NO_VERIFY option.

* `-i`, `--input-session-handle`=_SESSION\_HANDLE_:
* **-i**, **--input-session-handle**=_SESSION\_HANDLE_:
Optional Input session handle from a policy session for authorization.


Expand All @@ -81,29 +78,28 @@ OPTIONS

[algorithm specifiers](common/alg.md)

NOTES
-----
# NOTES

When the verbose option is specified, additional curl debugging information is
provided by setting the curl mode verbose, see:
<https://curl.haxx.se/libcurl/c/CURLOPT_VERBOSE.html> for more information.

EXAMPLES
--------
# EXAMPLES

```
tpm2_getmanufec -e abc123 -o abc123 -P passwd -H 0x81010001-g 0x01 -O -N -U -E ECcert.bin -f ek.bin -S https://tpm.manufacturer.com/ekcertserver/
tpm2_getmanufec -e 1a1b1c -o 1a1b1c -P 123abc -H 0x81010001-g 0x01 -O -N -U -E ECcert.bin -f ek.bin -S https://tpm.manufacturer.com/ekcertserver/
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

57 changes: 27 additions & 30 deletions man/tpm2_getpubak.1.md
View file
@@ -1,62 +1,59 @@
tpm2_getpubak 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_getpubak(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_getpubak(1) - Generate attestation key with given algorithm under the
**tpm2_getpubak**(1) - Generate attestation key with given algorithm under the
endorsement hierarchy.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_getpubak` [OPTIONS]
**tpm2_getpubak** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_getpubak(1) - Generate attestation key with given algorithm under
**tpm2_getpubak**(1) - Generate attestation key with given algorithm under
endorsement hierarchy, make it persistent with given ak handle, and
return pub AK and AK name. If any passwd option is missing, assume NULL.

OPTIONS
-------
# OPTIONS

* `-e`, `--endorsePasswd`=_ENDORSE\_PASSWORD_:
* **-e**, **--endorsePasswd**=_ENDORSE\_PASSWORD_:
Specifies current endorsement password, defaults to NULL.
Passwords should follow the "password formatting standards, see section
"Password Formatting".

* `-P`, `--akPasswd`=_AK\_PASSWORD_
* **-P**, **--akPasswd**=_AK\_PASSWORD_
Specifies the AK password when created, defaults to NULL.
Same formatting as the endorse password value or -e option.

* `-o`, `--ownerPasswd`=_OWNER\_PASSWORD_
* **-o**, **--ownerPasswd**=_OWNER\_PASSWORD_
Specifies the current owner password, defaults to NULL.
Same formatting as the endorse password value or -e option.

* `-E`, `--ekHandle`=_EK\_HANDLE_:
* **-E**, **--ekHandle**=_EK\_HANDLE_:
Specifies the handle used to make EK persistent.

* `-k`, `--akHandle`=_AK\_HANDLE_:
* **-k**, **--akHandle**=_AK\_HANDLE_:
Specifies the handle used to make AK persistent.

* `-g`, `--alg`=_ALGORITHM_:
* **-g**, **--alg**=_ALGORITHM_:
Specifies the algorithm type of AK. Algorithms should follow the
" formatting standards, see section "Algorithm Specifiers".
See section "Supported Public Object Algorithms" for a list of supported
object algorithms.

* `-g`, `--alg`=_ALGORITHM_:
* **-g**, **--alg**=_ALGORITHM_:
Like -g, but specifies the algorithm of sign.
See section "Supported Signing Algorithms" for details.

* `-f`, `--file`=_FILE_:
* **-f**, **--file**=_FILE_:
Specifies the file used to save the public portion of AK. This will be a
binary data structure corresponding to the TPM2B_PUBLIC struct in the
specification.

* `-n`, `--akName`=_NAME_:
* **-n**, **--akName**=_NAME_:
Specifies the file used to save the ak name.

[common options](common/options.md)
Expand All @@ -71,22 +68,22 @@ OPTIONS

[algorithm specifiers](common/alg.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_getpubak -e abc123 -P abc123 -o passwd -E 0x81010001 -k 0x81010002 -f ./ak.pub -n ./ak.name
tpm2_getpubak -e 1a1b1c -P 123abc -o 1a1b1c -X -E 0x81010001 -k 0x81010002 -f ./ak.pub -n ./ak.name
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

53 changes: 25 additions & 28 deletions man/tpm2_getpubek.1.md
View file
@@ -1,57 +1,54 @@
tpm2_getpubek 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_getpubek(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_getpubek(1) - Generate TCG profile compliant endorsement key.
**tpm2_getpubek**(1) - Generate TCG profile compliant endorsement key.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_getpubek` [OPTIONS]
**tpm2_getpubek** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_getpubek(1) - Generate TCG profile compliant endorsement key(endorsement
**tpm2_getpubek**(1) - Generate TCG profile compliant endorsement key(endorsement
hierarchy primary object), make it persistent with give ek handle, and return
public EK, if any passwd option is missing, assume NULL.

Refer to:
<http://www.trustedcomputinggroup.org/files/static_page_files/7CAA5687-1A4B-B294-D04080D058E86C5F>

OPTIONS
-------
# OPTIONS

* `-e`, `--endorsePasswd`=_ENDORSE\_PASSWORD_:
* **-e**, **--endorsePasswd**=_ENDORSE\_PASSWORD_:
Specifies current endorsement password, defaults to NULL.
Passwords should follow the "password formatting standards, see section
"Password Formatting".

* `-o`, `--ownerPasswd`=_OWNER\_PASSWORD_
* **-o**, **--ownerPasswd**=_OWNER\_PASSWORD_
Specifies the current owner password, defaults to NULL.
Same formatting as the endorse password value or -e option.

* `-P`, `--eKPasswd`=_EK\_PASSWORD_
* **-P**, **--eKPasswd**=_EK\_PASSWORD_
Specifies the EK password when created, defaults to NULL.
Same formatting as the endorse password value or -e option.

* `-H`, `--handle`=_HANDLE_:
* **-H**, **--handle**=_HANDLE_:
specifies the handle used to make EK persistent (hex).

* `-g`, `--alg`=_ALGORITHM_:
* **-g**, **--alg**=_ALGORITHM_:
specifies the algorithm type of EK.
See section "Supported Public Object Algorithms" for a list of supported
object algorithms. See section "Algorithm Specifiers" on how to specify
an algorithm argument.

* `-f`, `--file`=_FILE_:
* **-f**, **--file**=_FILE_:
specifies the file used to save the public portion of EK. This will be a
binary data structure corresponding to the TPM2B_PUBLIC struct in the
specification.

* `-S`, `--input-session-handle`=_SESSION_:
* **-S**, **--input-session-handle**=_SESSION_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)
Expand All @@ -62,21 +59,21 @@ OPTIONS

[algorithm specifiers](common/alg.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_getpubek -e abc123 -o abc123 -P passwd -H 0x81010001 -g rsa -f ek.pub
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

40 changes: 18 additions & 22 deletions man/tpm2_getrandom.1.md
View file
@@ -1,35 +1,31 @@
tpm2_getrandom 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_getrandom(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_getrandom(1) - Retrieves random bytes from the TPM.
**tpm2_getrandom**(1) - Retrieves random bytes from the TPM.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_getrandom` [OPTIONS] _SIZE_
**tpm2_getrandom** [*OPTIONS*] _SIZE_

DESCRIPTION
-----------
# DESCRIPTION

tpm2_getrandom(1) - Returns the next _SIZE_ octets from the random number
**tpm2_getrandom**(1) - Returns the next _SIZE_ octets from the random number
generator. The _SIZE_ parameter is expected as the only argument to the tool.

OPTIONS
-------
# OPTIONS

* `-o`, `--output`=_FILE_
* **-o**, **--output**=_FILE_
specifies the filename to output the raw bytes to. Defaults to stdout as a hex
string.

[common options](common/options.md)

[common tcti options](common/tcti.md)

EXAMPLES
--------
# EXAMPLES

Generate a random 20 bytes and output the binary data to a file:

Expand All @@ -43,15 +39,15 @@ Generate a random 8 bytes and output the hex formated data to stdout:
tpm2_getrandom 8
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

54 changes: 25 additions & 29 deletions man/tpm2_hash.1.md
View file
@@ -1,47 +1,44 @@
tpm2_hash 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_hash(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_hash(1) - Performs a hash operation with the TPM.
**tpm2_hash**(1) - Performs a hash operation with the TPM.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_hash` [OPTIONS] _FILE_
**tpm2_hash** [*OPTIONS*] _FILE_

DESCRIPTION
-----------
# DESCRIPTION

tpm2_hash(1) - performs a hash operation on _FILE_ and returns the results. If
**tpm2_hash**(1) - performs a hash operation on _FILE_ and returns the results. If
_FILE_ is not specified, then data is read from stdin. If the results of the
hash will be used in a signing operation that uses a restricted signing key,
then the ticket returned by this command can indicate that the hash is safe to
sign.

OPTIONS
-------
# OPTIONS

* `-H`, `--hierarchy`=_HIERARCHY_:
* **-H**, **--hierarchy**=_HIERARCHY_:
hierarchy to use for the ticket.
Supported options are:
* `o` for `TPM_RH_OWNER`
* `p` for `TPM_RH_PLATFORM`
* `e` for `TPM_RH_ENDORSEMENT`
* `n` for `TPM_RH_NULL`
* **o** for **TPM_RH_OWNER**
* **p** for **TPM_RH_PLATFORM**
* **e** for **TPM_RH_ENDORSEMENT**
* **n** for **TPM_RH_NULL**

* `-g`, `--halg`=_HASH\_ALGORITHM_:
* **-g**, **--halg**=_HASH\_ALGORITHM_:
The hash algorithm to use.
Algorithms should follow the "formatting standards, see section
"Algorithm Specifiers".
Also, see section "Supported Hash Algorithms" for a list of supported hash
algorithms.

* `-o`, `--outfile`=_OUT\_FILE_
* **-o**, **--outfile**=_OUT\_FILE_
Optional file record of the hash result. Defaults to stdout in hex form.

* `-t`, `--ticket`=_TICKET\_FILE_
* **-t**, **--ticket**=_TICKET\_FILE_
Optional file record of the ticket result. Defaults to stdout in hex form.

[common options](common/options.md)
Expand All @@ -52,24 +49,23 @@ OPTIONS

[algorithm specifiers](common/alg.md)

EXAMPLES
--------
# EXAMPLES

Hash a file with sha1 hash algorithm and save the hash and ticket to a file:

```
tpm2_hash -H e -g sha1 -o hash.bin -t ticket.bin data.txt
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

51 changes: 24 additions & 27 deletions man/tpm2_hmac.1.md
View file
@@ -1,46 +1,43 @@
tpm2_hmac 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_hmac(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_hmac(1) - Performs an HMAC operation with the TPM.
**tpm2_hmac**(1) - Performs an HMAC operation with the TPM.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_hmac` [OPTIONS] _FILE_
**tpm2_hmac** [*OPTIONS*] _FILE_

DESCRIPTION
-----------
# DESCRIPTION

tpm2_hmac(1) - performs an HMAC operation on _FILE_ and returns the results. If
**tpm2_hmac**(1) - performs an HMAC operation on _FILE_ and returns the results. If
_FILE_ is not specified, then data is read from stdin.

OPTIONS
-------
# OPTIONS

* `-k`, `--keyHandle`=_KEY\_CONTEXT\_FILE_:
* **-k**, **--keyHandle**=_KEY\_CONTEXT\_FILE_:
The key handle for the symmetric signing key providing the HMAC key.

* `-c`, `--keyContext`=_KEY\_CONTEXT\_FILE_:
* **-c**, **--keyContext**=_KEY\_CONTEXT\_FILE_:
The filename of the key context used for the operation.

* `-P`, `--pwdk`=_KEY\_PASSWORD_:
* **-P**, **--pwdk**=_KEY\_PASSWORD_:
The password for key, optional. Passwords should follow the
"password formatting standards, see section "Password Formatting".

* `-g`, `--halg`=_HASH\_ALGORITHM_:
* **-g**, **--halg**=_HASH\_ALGORITHM_:
The hash algorithm to use.
Algorithms should follow the "formatting standards, see section
"Algorithm Specifiers".
Also, see section "Supported Hash Algorithms" for a list of supported hash
algorithms.

* `-o`, `--outfile`=_OUT\_FILE_
* **-o**, **--outfile**=_OUT\_FILE_
Optional file record of the HMAC result. Defaults to stdout.

* `-S`, `--input-session-handle`=_SESSION\_HANDLE_:
* **-S**, **--input-session-handle**=_SESSION\_HANDLE_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)
Expand All @@ -53,8 +50,8 @@ OPTIONS

[algorithm specifiers](common/alg.md)

EXAMPLES
--------
# EXAMPLES

Perform a SHA1 HMAC on data.in and send output and possibly ticket to stdout:

```
Expand All @@ -70,14 +67,14 @@ Perform a SHA256 HMAC on _stdin_ and send result and possibly ticket to stdout:
cat data.in | tpm2_hmac -k 0x81010002 -g sha256 -o hash.out
```
RETURNS
-------
# RETURNS
0 on success or 1 on failure.
BUGS
----
# BUGS
[Github Issues](https://github.com/01org/tpm2-tools/issues)
HELP
----
# HELP
See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
44 changes: 20 additions & 24 deletions man/tpm2_listpersistent.1.md
View file
@@ -1,35 +1,32 @@
tpm2_listpersistent 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_listpersistent(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_listpersistent(1) - Display all defined persistent objects.
**tpm2_listpersistent**(1) - Display all defined persistent objects.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_listpersistent` [OPTIONS] _FILE_
**tpm2_listpersistent** [*OPTIONS*] _FILE_

DESCRIPTION
-----------
# DESCRIPTION

tpm2_listpersistent(1) - display all defined persistent objects.
**tpm2_listpersistent**(1) - display all defined persistent objects.

# OPTIONS

OPTIONS
-----------
These options for listing the persistent objects:

* `-g`, `--halg`=_ALGORITHM_:
* **-g**, **--halg**=_ALGORITHM_:
Only display persistent objects using this hash algorithm. Algorithms should
follow the " formatting standards, see section "Algorithm Specifiers".
Also, see section "Supported Hash Algorithms" for a list of supported
hash algorithms.

* `-G`, `--kalg`=_KEY\_ALGORITHM_:
* **-G**, **--kalg**=_KEY\_ALGORITHM_:
Only display persistent objects using this key algorithm. It accepts friendly
names just like `-g` option. See section "Supported Public Object Algorithms"
names just like **-g** option. See section "Supported Public Object Algorithms"
for a list of supported object algorithms.

[common options](common/options.md)
Expand All @@ -42,23 +39,22 @@ These options for listing the persistent objects:

[algorithm specifiers](common/alg.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_listpersistent
tpm2_listpersistent -g sha256 -G ecc
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
56 changes: 26 additions & 30 deletions man/tpm2_load.1.md
View file
@@ -1,48 +1,45 @@
tpm2_load 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_load(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_load(1) - Load an object into the TPM.
**tpm2_load**(1) - Load an object into the TPM.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_load` [OPTIONS]
**tpm2_load** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_load(1) - Load both the private and public portions of an object
**tpm2_load**(1) - Load both the private and public portions of an object
into the TPM.

OPTIONS
-----------
# OPTIONS

* `-H`, `--parent`=_PARENT\_HANDLE_:
The handle of the parent object. Either this option or `-c` must be used.
* **-H**, **--parent**=_PARENT\_HANDLE_:
The handle of the parent object. Either this option or **-c** must be used.

* `-c`, `--contextParent`=_PARENT\_CONTEXT\_FILE_:
* **-c**, **--contextParent**=_PARENT\_CONTEXT\_FILE_:
The filename for parent context.

* `-P`, `--pwdp`=_PARENT\_KEY\_PASSWORD_:
* **-P**, **--pwdp**=_PARENT\_KEY\_PASSWORD_:
The password for parent key, optional. Passwords should follow the
"password formatting standards, see section "Password Formatting".

* `-u`, `--pubfile`=_PUBLIC\_OBJECT\_DATA\_FILE_:
* **-u**, **--pubfile**=_PUBLIC\_OBJECT\_DATA\_FILE_:
A file containing the public portion of the object.

* `-r`, `--privfile`=_PRIVATE\_OBJECT\_DATA\_FILE_:
* **-r**, **--privfile**=_PRIVATE\_OBJECT\_DATA\_FILE_:
A file containing the sensitive portion of the object.

* `-n`, `--name`=_NAME\_DATA\_FILE_:
* **-n**, **--name**=_NAME\_DATA\_FILE_:
An optional file to save the name structure of the object.

* `-C`, `--name`=_CONTEXT\_FILE_:
* **-C**, **--name**=_CONTEXT\_FILE_:
An optional file to save the object context to.

* `-S`, `--input-session-handle`=_SESSION\_HANDLE_:
* **-S**, **--input-session-handle**=_SESSION\_HANDLE_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)
Expand All @@ -52,8 +49,7 @@ OPTIONS
[password formatting](common/password.md)


EXAMPLES
--------
# EXAMPLES

```
tpm2_load -H 0x80000000 -P abc123 -u <pubKeyFileName> -r <privKeyFileName> -n <outPutFileName>
Expand All @@ -62,14 +58,14 @@ tpm2_load -H 0x80000000 -P "hex:123abc" -u <pubKeyFileName> -r <privKeyFileName
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
54 changes: 25 additions & 29 deletions man/tpm2_loadexternal.1.md
View file
@@ -1,50 +1,46 @@
tpm2_loadexternal 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_loadexternal(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_loadexternal(1) - load an object that is not a Protected Object into the
**tpm2_loadexternal**(1) - load an object that is not a Protected Object into the
TPM.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_loadexternal` [OPTIONS]
**tpm2_loadexternal** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_loadexternal(1) - load an object that is not a Protected Object into the
**tpm2_loadexternal**(1) - load an object that is not a Protected Object into the
TPM. The command allows loading of a public area or both a public and a
sensitive area.

OPTIONS
-------
# OPTIONS

* `-H`, `--hierarchy`=_HIERARCHY_:
* **-H**, **--hierarchy**=_HIERARCHY_:
hierarchy to use for the ticket.
Supported options are:
* `o` for `TPM_RH_OWNER`
* `p` for `TPM_RH_PLATFORM`
* `e` for `TPM_RH_ENDORSEMENT`
* `n` for `TPM_RH_NULL`
* **o** for **TPM_RH_OWNER**
* **p** for **TPM_RH_PLATFORM**
* **e** for **TPM_RH_ENDORSEMENT**
* **n** for **TPM_RH_NULL**

* `-u`, `--pubfile`=_PUBLIC\_FILE_:
* **-u**, **--pubfile**=_PUBLIC\_FILE_:
The public portion of the object.

* `-r`, `--privfile`=_PRIVATE\_FILE_:
* **-r**, **--privfile**=_PRIVATE\_FILE_:
The sensitive portion of the object, optional.

* `-C`, `--context`=_CONTEXT\_FILE_
* **-C**, **--context**=_CONTEXT\_FILE_
The file to save the object context, optional.

[common options](common/options.md)

[common tcti options](common/tcti.md)

EXAMPLES
--------
# EXAMPLES

Load a public area generated by tpm2_create, tpm2_readpublic or manually

Expand All @@ -59,14 +55,14 @@ be generated externally. *DON'T* use the areas generated by tpm2_create.
tpm2_loadexternal -H n -u <pubKeyFileName> -r <privKeyFileName> -C object.context
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
46 changes: 21 additions & 25 deletions man/tpm2_makecredential.1.md
View file
@@ -1,58 +1,54 @@
tpm2_makecredential 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_makecredential(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_makecredential(1) - load an object that is not a Protected Object into the
**tpm2_makecredential**(1) - load an object that is not a Protected Object into the
TPM.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_makecredential` [OPTIONS]
**tpm2_makecredential** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_makecredential(1) - Use a TPM public key to protect a secret that is used
**tpm2_makecredential**(1) - Use a TPM public key to protect a secret that is used
to encrypt the AK certififcate.

OPTIONS
-------
# OPTIONS

* `-e`, `--enckey`=_PUBLIC\_FILE_:
* **-e**, **--enckey**=_PUBLIC\_FILE_:
A tpm Public Key which was used to wrap the seed.

* `-s`, `--sec`=_SECRET\_DATA\_FILE_:
* **-s**, **--sec**=_SECRET\_DATA\_FILE_:
The secret which will be protected by the key derived from the random seed.

* `-n`, `--name`=_NAME_
* **-n**, **--name**=_NAME_
The name of the key for which certificate is to be created.

* `-o`, `--outFile`=_OUT\_FILE_
* **-o**, **--outFile**=_OUT\_FILE_
The output file path, recording the two structures output by
tpm2_makecredential function.

[common options](common/options.md)

[common tcti options](common/tcti.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_makecredential -e <keyFile> -s <secFile> -n <hexString> -o <outFile>
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
58 changes: 27 additions & 31 deletions man/tpm2_nvdefine.1.md
View file
@@ -1,52 +1,49 @@
tpm2_nvdefine 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_nvdefine(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_nvdefine(1) - define a TPM Non-Volatile (NV) index.
**tpm2_nvdefine**(1) - define a TPM Non-Volatile (NV) index.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_nvdefine` [OPTIONS]
**tpm2_nvdefine** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_nvdefine(1) - Define NV index with given auth value.
**tpm2_nvdefine**(1) - Define NV index with given auth value.

OPTIONS
-------
# OPTIONS

* `-x`, `--index`=_NV\_INDEX_:
* **-x**, **--index**=_NV\_INDEX_:
Specifies the index to define the space at.

* `-a`, `--authHandle`=_SECRET\_DATA\_FILE_:
* **-a**, **--authHandle**=_SECRET\_DATA\_FILE_:
specifies the handle used to authorize:
* `0x40000001` for `TPM_RH_OWNER`
* `0x4000000C` for `TPM_RH_PLATFORM`
* **0x40000001** for **TPM_RH_OWNER**
* **0x4000000C** for **TPM_RH_PLATFORM**

* `-s`, `--size`=_SIZE_:
* **-s**, **--size**=_SIZE_:
specifies the size of data area in bytes.

* `-t`, `--attributes`=_ATTRIBUTES_
* **-t**, **--attributes**=_ATTRIBUTES_
Specifies the attribute values for the nv region used when creating the
entitiy. Either the raw bitfield mask or "nice-names" may be used. See
section "NV Attributes" for more details.

* `-P`, `--handlePasswd`=_HANDLE\_PASSWORD_:
* **-P**, **--handlePasswd**=_HANDLE\_PASSWORD_:
specifies the password of authHandle. Passwords should follow the
"password formatting standards, see section "Password Formatting".

* `-I`, `--indexPasswd`=_INDEX\_PASSWORD_:
* **-I**, **--indexPasswd**=_INDEX\_PASSWORD_:
specifies the password of NV Index when created. Follows the same formatting
guidelines as the handle password or -P option.

* `-L`, `--policy-file`=_POLICY\_FILE_:
* **-L**, **--policy-file**=_POLICY\_FILE_:
Specifies the policy digest file for policy based authorizations.

* `-S`, `--input-session-handle`=_SIZE_:
* **-S**, **--input-session-handle**=_SIZE_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)
Expand All @@ -57,22 +54,21 @@ OPTIONS

[password formatting](common/password.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_nvdefine -x 0x1500016 -a 0x40000001 -s 32 -t 0x2000A
tpm2_nvdefine -x 0x1500016 -a 0x40000001 -s 32 -t ownerread|ownerwrite|policywrite -I 1a1b1c
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
33 changes: 16 additions & 17 deletions man/tpm2_nvlist.1.md
View file
@@ -1,20 +1,20 @@
tpm2_nvlist 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_nvlist(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_nvlist(1) - display all defined Non-Volatile (NV)s indices.
**tpm2_nvlist**(1) - display all defined Non-Volatile (NV)s indices.

SYNOPSIS
--------

`tpm2_nvlist` [OPTIONS]
**tpm2_nvlist** [*OPTIONS*]

DESCRIPTION
-----------

tpm2_nvlist(1) - display all defined Non-Volatile (NV)s indices to stdout.
**tpm2_nvlist**(1) - display all defined Non-Volatile (NV)s indices to stdout.

Display metadata for all defined NV indices. Metadata includes:

Expand All @@ -23,8 +23,8 @@ Display metadata for all defined NV indices. Metadata includes:
* The auth policy.
* The NV attributes as defined in section "NV Attributes".

OPTIONS
-------
# OPTIONS

This tool takes no tool specific options.

[common options](common/options.md)
Expand All @@ -33,23 +33,22 @@ This tool takes no tool specific options.

[nv attributes](common/nv-attrs.md)

EXAMPLES
--------
# EXAMPLES

To list the defined NV indeces to stdout:

```
tpm2_nvlist
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
56 changes: 26 additions & 30 deletions man/tpm2_nvread.1.md
View file
@@ -1,48 +1,45 @@
tpm2_nvread 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_nvread(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_nvread(1) - Read the data stored in a Non-Volatile (NV)s index.
**tpm2_nvread**(1) - Read the data stored in a Non-Volatile (NV)s index.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_nvread` [OPTIONS]
**tpm2_nvread** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_nvread(1) - Read the data stored in a Non-Volatile (NV)s index.
**tpm2_nvread**(1) - Read the data stored in a Non-Volatile (NV)s index.

OPTIONS
-------
# OPTIONS

* `-x`, `--index`=_NV\_INDEX_:
* **-x**, **--index**=_NV\_INDEX_:
Specifies the index to define the space at.

* `-a`, `--authHandle`=_SECRET\_DATA\_FILE_:
* **-a**, **--authHandle**=_SECRET\_DATA\_FILE_:
specifies the handle used to authorize:
* `0x40000001` for `TPM_RH_OWNER`
* `0x4000000C` for `TPM_RH_PLATFORM`
* **0x40000001** for **TPM_RH_OWNER**
* **0x4000000C** for **TPM_RH_PLATFORM**

* `-f`, `--output`=_FILE\:
* **-f**, **--output**=_FILE_:
file to write data

* `-P`, `--handlePasswd`=_HANDLE\_PASSWORD_:
* **-P**, **--handlePasswd**=_HANDLE\_PASSWORD_:
specifies the password of authHandle. Passwords should follow the
"password formatting standards, see section "Password Formatting".

* `-s`, `--size`=_SIZE_:
* **-s**, **--size**=_SIZE_:
Specifies the size of data to be read in bytes, starting from 0 if
offset is not specified. If not specified, the size of the data
as reported by the public portion of the index will be used.

* `-o`, `--offset`=_OFFSET_:
* **-o**, **--offset**=_OFFSET_:
The offset within the NV index to start reading from.

* `-S`, `--input-session-handle`=_SIZE_:
* **-S**, **--input-session-handle**=_SIZE_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)
Expand All @@ -51,23 +48,22 @@ OPTIONS

[password formatting](common/password.md)

EXAMPLES
--------
# EXAMPLES

To read 32 bytes from an index starting at offset 0:

```
tpm2_nvread -x 0x1500016 -a 0x40000001 -s 32
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
50 changes: 23 additions & 27 deletions man/tpm2_nvreadlock.1.md
View file
@@ -1,38 +1,35 @@
tpm2_nvreadlock 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_nvreadlock(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_nvreadlock(1) - lock the Non-Volatile (NV) index for further reads.
**tpm2_nvreadlock**(1) - lock the Non-Volatile (NV) index for further reads.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_nvreadlock` [OPTIONS]
**tpm2_nvreadlock** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_nvreadlock(1) - lock the Non-Volatile (NV) index for further reads. The index
**tpm2_nvreadlock**(1) - lock the Non-Volatile (NV) index for further reads. The index
is released on subsequent restart of the machine.

OPTIONS
-------
# OPTIONS

* `-x`, `--index`=_NV\_INDEX_:
* **-x**, **--index**=_NV\_INDEX_:
Specifies the index to define the space at.

* `-a`, `--authHandle`=_SECRET\_DATA\_FILE_:
* **-a**, **--authHandle**=_SECRET\_DATA\_FILE_:
specifies the handle used to authorize:
* `0x40000001` for `TPM_RH_OWNER`
* `0x4000000C` for `TPM_RH_PLATFORM`
* **0x40000001** for **TPM_RH_OWNER**
* **0x4000000C** for **TPM_RH_PLATFORM**

* `-P`, `--handlePasswd`=_HANDLE\_PASSWORD_:
* **-P**, **--handlePasswd**=_HANDLE\_PASSWORD_:
specifies the password of authHandle. Passwords should follow the
"password formatting standards, see section "Password Formatting".

* `-S`, `--input-session-handle`=_SIZE_:
* **-S**, **--input-session-handle**=_SIZE_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)
Expand All @@ -41,23 +38,22 @@ OPTIONS

[password formatting](common/password.md)

EXAMPLES
--------
# EXAMPLES

To lock an index protected by a password:

```
tpm2_nvreadlock -x 0x1500016 -a 0x40000001 -P passwd
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
52 changes: 24 additions & 28 deletions man/tpm2_nvrelease.1.md
View file
@@ -1,41 +1,38 @@
tpm2_nvrelease 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_nvrelease(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_nvrelease(1) - Release a Non-Volatile (NV) index.
**tpm2_nvrelease**(1) - Release a Non-Volatile (NV) index.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_nvrelease` [OPTIONS]
**tpm2_nvrelease** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_nvrelease(1) - Release a Non-Volatile (NV) index that was previously
**tpm2_nvrelease**(1) - Release a Non-Volatile (NV) index that was previously
defined with tpm2_nvdefine(1).

OPTIONS
-------
# OPTIONS

* `-x`, `--index`=_NV\_INDEX_:
* **-x**, **--index**=_NV\_INDEX_:
Specifies the index to release.

* `-a`, `--authHandle`=_SECRET\_DATA\_FILE_:
* **-a**, **--authHandle**=_SECRET\_DATA\_FILE_:
specifies the handle used to authorize:
* `0x40000001` for `TPM_RH_OWNER`
* `0x4000000C` for `TPM_RH_PLATFORM`
* **0x40000001** for **TPM_RH_OWNER**
* **0x4000000C** for **TPM_RH_PLATFORM**

* `-s`, `--size`=_SIZE_:
* **-s**, **--size**=_SIZE_:
specifies the size of data area in bytes.

* `-P`, `--handlePasswd`=_HANDLE\_PASSWORD_:
* **-P**, **--handlePasswd**=_HANDLE\_PASSWORD_:
specifies the password of authHandle. Passwords should follow the
"password formatting standards, see section "Password Formatting".

* `-S`, `--input-session-handle`=_SIZE_:
* **-S**, **--input-session-handle**=_SIZE_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)
Expand All @@ -44,21 +41,20 @@ OPTIONS

[password formatting](common/password.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_nvrelease -x 0x1500016 -a 0x40000001 -P passwd
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
52 changes: 24 additions & 28 deletions man/tpm2_nvwrite.1.md
View file
@@ -1,40 +1,37 @@
tpm2_nvwrite 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_nvwrite(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_nvwrite(1) - Write data to a Non-Volatile (NV) index.
**tpm2_nvwrite**(1) - Write data to a Non-Volatile (NV) index.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_nvwrite` [OPTIONS]
**tpm2_nvwrite** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_nvwrite(1) - Write data to a Non-Volatile (NV) index.
**tpm2_nvwrite**(1) - Write data to a Non-Volatile (NV) index.

OPTIONS
-------
# OPTIONS

* `-x`, `--index`=_NV\_INDEX_:
* **-x**, **--index**=_NV\_INDEX_:
Specifies the index to define the space at.

* `-a`, `--authHandle`=_SECRET\_DATA\_FILE_:
* **-a**, **--authHandle**=_SECRET\_DATA\_FILE_:
specifies the handle used to authorize:
* `0x40000001` for `TPM_RH_OWNER`
* `0x4000000C` for `TPM_RH_PLATFORM`
* **0x40000001** for **TPM_RH_OWNER**
* **0x4000000C** for **TPM_RH_PLATFORM**

* `-P`, `--handlePasswd`=_HANDLE\_PASSWORD_:
* **-P**, **--handlePasswd**=_HANDLE\_PASSWORD_:
specifies the password of authHandle. Passwords should follow the
"password formatting standards, see section "Password Formatting".

* `-f`, `--file`=_FILE_:
* **-f**, **--file**=_FILE_:
The data to write.

* `-S`, `--input-session-handle`=_SIZE_:
* **-S**, **--input-session-handle**=_SIZE_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)
Expand All @@ -43,23 +40,22 @@ OPTIONS

[password formatting](common/password.md)

EXAMPLES
--------
# EXAMPLES

To write the file nv.data to index 0x150016:

```
tpm2_nvwrite -x 0x1500016 -a 0x40000001 -f nv.data
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
48 changes: 22 additions & 26 deletions man/tpm2_pcrevent.1.md
View file
@@ -1,20 +1,18 @@
tpm2_pcrevent 1 "AUGUST 2017" tpm2-tools
==================================================
% tpm2_pcrevent(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_pcrevent(1) - hashes a file and optionally extends a pcr.
**tpm2_pcrevent**(1) - hashes a file and optionally extends a pcr.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_pcrevent` [OPTIONS] [_FILE_]
**tpm2_pcrevent** [*OPTIONS*] [_FILE_]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_pcrevent(1) hashes _FILE_ if specified or stdin. It uses all of the
**tpm2_pcrevent**(1) hashes _FILE_ if specified or stdin. It uses all of the
hashing algorithms that the tpm supports. Optionally, if a pcr index is
specified, it extends that pcr for all supported algorithms with the hash
digest. In either case, it outputs to stdout the hash algorithm used and the
Expand All @@ -27,31 +25,29 @@ resulting from the hash computation of _alg_ on the data.

See sections 23.1 and sections 17 of the [TPM2.0 Specification](https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-3-Commands-01.38.pdf)

OPTIONS
-------
# OPTIONS

These options control extending the pcr:

* `-i`, `--pcr-index`=_INDEX_:
* **-i**, **--pcr-index**=_INDEX_:
Not only compute the hash digests on _FILE_, also extend the pcr given by
_INDEX_ for all supported hash algorithms.

* `-S`, `--input-session-handle`=_SESSION_HANDLE_:
* **-S**, **--input-session-handle**=_SESSION_HANDLE_:
Use _SESSION_HANDLE_ for providing an authorization session for the pcr
specified by _INDEX_.
It is an error to specify `-S` without specifying a pcr index with `-i`.
It is an error to specify **-S** without specifying a pcr index with **-i**.

* `-P`, `--password`=_PASSWORD_:
* **-P**, **--password**=_PASSWORD_:
Use _PASSWORD_ for providing an authorization value for the pcr specified
in _INDEX_.
It is an error to specify `-P` without specifying a pcr index with `-i`.
It is an error to specify **-P** without specifying a pcr index with **-i**.

[common options](common/options.md)

[common tcti options](common/tcti.md)

EXAMPLES
--------
# EXAMPLES

Hash a file:

Expand All @@ -61,15 +57,15 @@ Hash a file and extend pcr 8:

tpm2_pcrevent -i 8 data

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)

38 changes: 17 additions & 21 deletions man/tpm2_pcrextend.1.md
View file
@@ -1,20 +1,18 @@
tpm2_pcrextend 1 "AUGUST 2017" tpm2-tools
==================================================
% tpm2_pcrextend(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_pcrextend(1) - Extends a PCR.
**tpm2_pcrextend**(1) - Extends a PCR.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_pcrextend` [OPTIONS] [_PCR\_DIGEST\_SPEC_]
**tpm2_pcrextend** [*OPTIONS*] [_PCR\_DIGEST\_SPEC_]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_pcrextend(1) Extends the pcrs with values indicated by _PCR\_DIGEST\_SPEC_.
**tpm2_pcrextend**(1) Extends the pcrs with values indicated by _PCR\_DIGEST\_SPEC_.

A _PCR\_DIGEST\_SPEC_ is defined as follows:

Expand All @@ -37,17 +35,15 @@ cause the PCR to be extended multiple times. Extension is done in order from
left to right as specified. At most 5 hash extensions per PCR entry are
supported. This is to keep the parser simple.

OPTIONS
-------
# OPTIONS

This tool accepts no tool specific options.

[common options](common/options.md)

[common tcti options](common/tcti.md)

EXAMPLES
--------
# EXAMPLES

Extend PCR 4's SHA1 bank with a hash:

Expand All @@ -67,14 +63,14 @@ Extend PCR 4's SHA1 and PCR 7's SHA256 bank with hashes:
tpm2_pcrextend 4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15 7:sha256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
44 changes: 20 additions & 24 deletions man/tpm2_pcrlist.1.md
View file
@@ -1,39 +1,36 @@
tpm2_pcrlist 1 "AUGUST 2017" tpm2-tools
==================================================
% tpm2_pcrlist(1) tpm2-tools | General Commands Manual
%
% AUGUST 2017

NAME
----
# NAME

tpm2_pcrlist(1) - List PCR values.
**tpm2_pcrlist**(1) - List PCR values.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_pcrlist` [OPTIONS]
**tpm2_pcrlist** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_pcrlist(1) Displays PCR values.
**tpm2_pcrlist**(1) Displays PCR values.

OPTIONS
-------
# OPTIONS

* `-g`, `--algorithm`=_HASH\_ALGORITHM_:
* **-g**, **--algorithm**=_HASH\_ALGORITHM_:
Only output PCR banks with the given algorithm.
Algorithms should follow the "formatting standards, see section
"Algorithm Specifiers".
Also, see section "Supported Hash Algorithms" for a list of supported hash
algorithms.

* `-L`, `--selList`=_PCR\_SELECTION\_LIST_:
* **-L**, **--selList**=_PCR\_SELECTION\_LIST_:

The list of pcr banks and selected PCRs' ids for each bank to display.
_PCR\_SELECTION\_LIST_ values should follow the
pcr bank specifiers standards, see section "PCR Bank Specfiers".


* `-s`, `--algs`:
* **-s**, **--algs**:
Output the list of supported algorithms.

[common options](common/options.md)
Expand All @@ -46,8 +43,7 @@ OPTIONS

[algorithm specifiers](common/alg.md)

EXAMPLES
--------
# EXAMPLES

display all PCR values:

Expand All @@ -73,14 +69,14 @@ Display the supported PCR bank algorithms and exit:
tpm2_pcrlist -s
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
54 changes: 25 additions & 29 deletions man/tpm2_quote.1.md
View file
@@ -1,57 +1,54 @@
tpm2_quote 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_quote(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_quote(1) - Provide a quote and signature from the TPM.
**tpm2_quote**(1) - Provide a quote and signature from the TPM.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_quote` [OPTIONS]
**tpm2_quote** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_quote(1) Provide quote and signature for given list of PCRs in given algorithm/banks.
**tpm2_quote**(1) Provide quote and signature for given list of PCRs in given algorithm/banks.

OPTIONS
-------
# OPTIONS

* `-k`, `--akHandle`=_AK\_HANDLE_:
* **-k**, **--akHandle**=_AK\_HANDLE_:

Handle of existing AK.

* `-c`, `--akContext`=_AK\_CONTEXT\_FILE_:
* **-c**, **--akContext**=_AK\_CONTEXT\_FILE_:

Filename for the existing AK's context.

* `-P`, `--akPassword`=_AK\_PASSWORD_:
* **-P**, **--akPassword**=_AK\_PASSWORD_:

specifies the password of _AK\_HANDLE_. Passwords should follow the
password formatting standards, see section "Password Formatting".

* `-l`, `--idList`=_PCR\_ID\_LIST_
* **-l**, **--idList**=_PCR\_ID\_LIST_

The comma separated list of selected PCRs' ids, 0~23 e.g. "4,5,6".

* `-L`, `--selList`=_PCR\_SELECTION\_LIST_:
* **-L**, **--selList**=_PCR\_SELECTION\_LIST_:

The list of pcr banks and selected PCRs' ids for each bank.
_PCR\_SELECTION\_LIST_ values should follow the
pcr bank specifiers standards, see section "PCR Bank Specfiers".

* `-o`, `--outFile`:
* **-o**, **--outFile**:

Output file path, recording the two structures output by tpm2_quote function.

* `-q`, `--qualifyData`:
* **-q**, **--qualifyData**:

Data given as a Hex string to qualify the quote, optional. This is typically
used to add a nonce against replay attacks.

* `-S`, `--input-session-handle`=_SESSION\_HANDLE_:
* **-S**, **--input-session-handle**=_SESSION\_HANDLE_:
Optional Input session handle from a policy session for authorization.

[common options](common/options.md)
Expand All @@ -62,8 +59,7 @@ OPTIONS

[pcr bank specifiers](common/password.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_quote -k 0x81010002 -P abc123 -g sha1 -l 16,17,18 -o outFile001
Expand All @@ -73,14 +69,14 @@ tpm2_quote -c ak.context -g sha1 -l 16,17,18 -o outFile001
tpm2_quote -k 0x81010002 -P "hex:123abc" -L sha1:16,17,18+sha256:16,17,18 -o outFile001 -q 11aa22bb
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
38 changes: 17 additions & 21 deletions man/tpm2_rc_decode.1.md
View file
@@ -1,46 +1,42 @@
tpm2_rc_decode 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_rc_decode(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_rc_decode(1) - Decode TPM2 error codes to human readable format.
**tpm2_rc_decode**(1) - Decode TPM2 error codes to human readable format.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_rc_decode` [OPTIONS] _RC\_CODE_
**tpm2_rc_decode** [*OPTIONS*] _RC\_CODE_

DESCRIPTION
-----------
# DESCRIPTION

tpm2_rc_decode(1) converts _RC\_CODE_ originating from the SAPI and TCTI into
**tpm2_rc_decode**(1) converts _RC\_CODE_ originating from the SAPI and TCTI into
human readable errors. Analogous to strerror(3), but for the tpm2 stack.

OPTIONS
-------
# OPTIONS

This tool takes no tool specific options.

[common options](common/options.md)

[common tcti options](common/tcti.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_rc_decode 0x100
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
44 changes: 20 additions & 24 deletions man/tpm2_readpublic.1.md
View file
@@ -1,55 +1,51 @@
tpm2_readpublic 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_readpublic(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_readpublic(1) - Read the public area of a loaded object.
**tpm2_readpublic**(1) - Read the public area of a loaded object.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_readpublic` [OPTIONS]
**tpm2_readpublic** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_readpublic(1) Reads the public area of a loaded object.
**tpm2_readpublic**(1) Reads the public area of a loaded object.

OPTIONS
-------
# OPTIONS

* `-H`, `--object`=_HANDLE_:
* **-H**, **--object**=_HANDLE_:

The loaded object handle to read the public data of.

* `-c`, `--akContext`=_OBJECT\_CONTEXT\_FILE_:
* **-c**, **--akContext**=_OBJECT\_CONTEXT\_FILE_:

Filename for object context.

* `-o`, `--opu`:
* **-o**, **--opu**:

The output file path, recording the public portion of the object.

[common options](common/options.md)

[common tcti options](common/tcti.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_readpublic -H 0x81010002 --opu output.dat
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)
52 changes: 24 additions & 28 deletions man/tpm2_rsadecrypt.1.md
View file
@@ -1,52 +1,49 @@
tpm2_rsadecrypt 1 "SEPTEMBER 2017" tpm2-tools
==================================================
% tpm2_rsadecrypt(1) tpm2-tools | General Commands Manual
%
% SEPTEMBER 2017

NAME
----
# NAME

tpm2_rsadecrypt(1) - Performs an RSA Decryption operation using the TPM.
**tpm2_rsadecrypt**(1) - Performs an RSA Decryption operation using the TPM.

SYNOPSIS
--------
# SYNOPSIS

`tpm2_tpm2_rsadecrypt` [OPTIONS]
**tpm2_tpm2_rsadecrypt** [*OPTIONS*]

DESCRIPTION
-----------
# DESCRIPTION

tpm2_rsadecrypt(1) performs RSA decryption using the indicated padding scheme according to
IETF RFC 3447 (PKCS#1). The scheme of keyHandle should not be `TPM_ALG_NULL`.
**tpm2_rsadecrypt**(1) performs RSA decryption using the indicated padding scheme according to
IETF RFC 3447 (PKCS#1). The scheme of keyHandle should not be **TPM_ALG_NULL**.

The key referenced by keyHandle is **required** to be:

1. an RSA key
2. Have the attribute *decrypt* **SET** in it's attributes.

OPTIONS
-------
# OPTIONS

* `-k`, `--keyHandle`=_KEY\_HANDLE_:
* **-k**, **--keyHandle**=_KEY\_HANDLE_:

the public portion of RSA key to use for decryption.

* `-c`, `--keyContext`=_KEY\_CONTEXT\_FILE_:
* **-c**, **--keyContext**=_KEY\_CONTEXT\_FILE_:

filename of the key context used for the operation.

* `-P`, `--pwdk`=_KEY\_PASSWORD_:
* **-P**, **--pwdk**=_KEY\_PASSWORD_:

specifies the password of _KEY\_HANDLE_. Passwords should follow the
password formatting standards, see section "Password Formatting".

* `-I`, `--inFile`=_INPUT\FILE_:
* **-I**, **--inFile**=_INPUT\FILE_:

Input file path, containing the data to be decrypted.

* `-o`, `--outFile`=_OUTPUT\_FILE_:
* **-o**, **--outFile**=_OUTPUT\_FILE_:

Output file path, record the decrypted data.

* `-S`, `--input-session-handle`=_SESSION\_HANDLE_:
* **-S**, **--input-session-handle**=_SESSION\_HANDLE_:

Optional Input session handle from a policy session for authorization.

Expand All @@ -56,21 +53,20 @@ OPTIONS

[password formatting](common/password.md)

EXAMPLES
--------
# EXAMPLES

```
tpm2_rsadecrypt -k 0x81010001 -I encrypted.in -o plain.out
```

RETURNS
-------
# RETURNS

0 on success or 1 on failure.

BUGS
----
# BUGS

[Github Issues](https://github.com/01org/tpm2-tools/issues)

HELP
----
# HELP

See the [Mailing List](https://lists.01.org/mailman/listinfo/tpm2)