Package tpm2-tools
A bunch of TPM testing toolS build upon tpm2-tss
https://github.com/tpm2-software/tpm2-tools
tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss.
Version: 5.7
General Commands | |
| tpm2 | A single small executable that combines the various tpm2-tools much like a BusyBox that provides a fairly complete environment for any small or embedded system. |
| tpm2_activatecredential | Enables access to the credential qualifier to recover the credential secret. |
| tpm2_certify | Prove that an object is loaded in the TPM. |
| tpm2_certifyX509certutil | Generate partial X509 certificate. |
| tpm2_certifycreation | Attest the association between a loaded public area and the provided hash of the creation data. |
| tpm2_changeauth | Changes authorization values for TPM objects. |
| tpm2_changeeps | Replaces the active endorsement primary seed with a new one generated off the TPM2 RNG. |
| tpm2_changepps | Replaces the active platform primary seed with a new one generated off the TPM2 RNG. |
| tpm2_checkquote | Validates a quote provided by a TPM. |
| tpm2_clear | Clears lockout, endorsement and owner hierarchy authorization values and other TPM data. |
| tpm2_clearcontrol | Set/ Clear TPMA_PERMANENT.disableClear attribute to effectively block/ unblock lockout authorization handle for issuing TPM clear. |
| tpm2_clockrateadjust | Sets the clock rate period on the TPM. |
| tpm2_commit | Performs the first part of an ECC anonymous signing operation. |
| tpm2_create | Create a child object. |
| tpm2_createak | Generate attestation key with given algorithm under the endorsement hierarchy. |
| tpm2_createek | Generate TCG profile compliant endorsement key. |
| tpm2_createpolicy | Creates simple assertion authorization policies based on multiple PCR indices values across multiple enabled banks. |
| tpm2_createprimary | Create a primary key. |
| tpm2_dictionarylockout | Setup or clear dictionary-attack-lockout parameters. |
| tpm2_duplicate | Duplicates a loaded object so that it may be used in a different hierarchy. |
| tpm2_ecdhkeygen | Creates an ephemeral key and uses it to generate the shared secret value using the parameters from a ECC public key. |
| tpm2_ecdhzgen | Recovers the shared secret value (Z) from a public point and a specified private key. |
| tpm2_ecephemeral | Creates an ephemeral key for use in a two-phase key exchange protocol. |
| tpm2_encodeobject | Encode an object into a combined PEM format. |
| tpm2_encryptdecrypt | Performs symmetric encryption or decryption. |
| tpm2_eventlog | Display tpm2 event log. |
| tpm2_evictcontrol | Make a transient object persistent or evict a persistent object. |
| tpm2_flushcontext | Remove a specified handle, or all contexts associated with a transient object, loaded session or saved session from the TPM. |
| tpm2_getcap | Display TPM capabilities in a human readable form. |
| tpm2_getcommandauditdigest | Retrieve the command audit attestation data from the TPM. |
| tpm2_geteccparameters | Retrieves the parameters of an ECC curve identified by its TCG-assigned curveID. |
| tpm2_getekcertificate | Retrieve the Endorsement key Certificate. |
| tpm2_getpolicydigest | Retrieves the policy digest from session. |
| tpm2_getrandom | Retrieves random bytes from the TPM. |
| tpm2_getsessionauditdigest | Retrieve the command audit attestation data from the TPM. |
| tpm2_gettestresult | Get the result of tests performed by the TPM |
| tpm2_gettime | Get the current time and clock from the TPM in a signed form. |
| tpm2_hash | Performs a hash operation with the TPM. |
| tpm2_hierarchycontrol | Enable and disable use of a hierarchy and its associated NV storage. |
| tpm2_hmac | Performs an HMAC operation with the TPM. |
| tpm2_import | Imports an external key into the tpm as a TPM managed key object. |
| tpm2_incrementalselftest | Request testing of specified algorithm list |
| tpm2_load | Load an object into the TPM. |
| tpm2_loadexternal | Load an external object into the TPM. |
| tpm2_makecredential | Generate the encrypted-user-chosen-data and the wrapped-secret-data-encryption-key for the privacy-sensitive credentialing process of a TPM object. |
| tpm2_nvcertify | Provides attestation of the contents of an NV index. |
| tpm2_nvdefine | Define a TPM Non-Volatile (NV) index. |
| tpm2_nvextend | Extend an Non-Volatile (NV) index like it was a PCR. |
| tpm2_nvincrement | Increment counter in a Non-Volatile (NV) index. |
| tpm2_nvread | Read the data stored in a Non-Volatile (NV)s index. |
| tpm2_nvreadlock | Lock the Non-Volatile (NV) index for further reads. |
| tpm2_nvreadpublic | Display all defined Non-Volatile (NV)s indices. |
| tpm2_nvsetbits | Bitwise OR bits into a Non-Volatile (NV). |
| tpm2_nvundefine | Delete a Non-Volatile (NV) index. |
| tpm2_nvwrite | Write data to a Non-Volatile (NV) index. |
| tpm2_nvwritelock | Lock the Non-Volatile (NV) index for further writes. |
| tpm2_pcrallocate | Configure PCRs and bank algorithms. |
| tpm2_pcrevent | Hashes a file and optionally extends a pcr. |
| tpm2_pcrextend | Extends a PCR. |
| tpm2_pcrread | List PCR values. |
| tpm2_pcrreset | Reset one or more PCR banks |
| tpm2_policyauthorize | Allows for mutable policies by tethering to a signing authority. |
| tpm2_policyauthorizenv | Allows for mutable policies by referencing to a policy from an NV index. |
| tpm2_policyauthvalue | Enables binding a policy to the authorization value of the authorized TPM object. |
| tpm2_policycommandcode | Restrict TPM object authorization to specific TPM commands. |
| tpm2_policycountertimer | Enables policy authorization by evaluating the comparison operation on the TPM parameters time, clock, reset count, restart count and TPM clock safe flag. |
| tpm2_policycphash | Couples a policy with command parameters of the command. |
| tpm2_policyduplicationselect | Restricts duplication to a specific new parent. |
| tpm2_policylocality | Restrict TPM object authorization to specific localities. |
| tpm2_policynamehash | Couples a policy with names of specific objects. |
| tpm2_policynv | Evaluates policy authorization by comparing a specified value against the contents in the specified NV Index. |
| tpm2_policynvwritten | Restrict TPM object authorization to the written state of an NV index. |
| tpm2_policyor | logically OR’s two policies together. |
| tpm2_policypassword | Enables binding a policy to the authorization value of the authorized TPM object. |
| tpm2_policypcr | Create a policy that includes specific PCR values. |
| tpm2_policyrestart | Restart an existing session with the TPM. |
| tpm2_policysecret | Couples the authorization of an object to that of an existing object. |
| tpm2_policysigned | Enables policy authorization by verifying signature of optional TPM2 parameters. The signature is generated by a signing authority. |
| tpm2_policytemplate | Couples a policy with public template data digest of an object. |
| tpm2_policyticket | Enables policy authorization by verifying a ticket that represents a validated authorization that had an expiration time associated with it. |
| tpm2_print | Prints TPM data structures |
| tpm2_quote | Provide a quote and signature from the TPM. |
| tpm2_rc_decode | Decode TPM2 error codes to a human readable format. |
| tpm2_readclock | Retrieves the time information from the TPM. |
| tpm2_readpublic | Read the public area of a loaded object. |
| tpm2_rsadecrypt | Performs an RSA decryption operation using the TPM. |
| tpm2_rsaencrypt | Performs an RSA encryption operation using the TPM. |
| tpm2_selftest | Run TPM’s self-test internal routines |
| tpm2_send | Send a raw command buffer to the TPM. |
| tpm2_sessionconfig | Configure session attributes and print session info from a session file. |
| tpm2_setclock | Sets the time on the TPM. |
| tpm2_setcommandauditstatus | Add or remove TPM2 commands to the audited commands list. |
| tpm2_setprimarypolicy | Sets the authorization policy for the lockout (lockoutPolicy), the platform hierarchy (platformPolicy), the storage hierarchy (ownerPolicy), and the endorsement… |
| tpm2_shutdown | Send a shutdown command to the TPM. |
| tpm2_sign | Sign a hash or message using the TPM. |
| tpm2_startauthsession | Start a session with the TPM. |
| tpm2_startup | Send a startup command to the TPM. |
| tpm2_stirrandom | Add “additional information” into TPM RNG state. |
| tpm2_testparms | Verify that specified algorithm suite is supported by TPM |
| tpm2_tr_encode | Encodes a peristent handle and TPM2B_NAME as a serialized ESYS_TR as output. |
| tpm2_unseal | Returns a data blob in a loaded TPM object. The data blob is returned in clear. |
| tpm2_verifysignature | Validates a signature using the TPM. |
| tpm2_zgen2phase | Command to enable the TPM to combine data from the other party with the ephemeral key generated in the first phase of two-phase key exchange protocols. |
| tss2_authorizepolicy | |
| tss2_changeauth | This command changes the authorization data of an entity referred to by the path. |
| tss2_createkey | |
| tss2_createnv | |
| tss2_createseal | |
| tss2_decrypt | decrypts data |
| tss2_delete | |
| tss2_encrypt | encrypts data |
| tss2_exportkey | |
| tss2_exportpolicy | |
| tss2_getappdata | tss2_getappdata(1) |
| tss2_getcertificate | |
| tss2_getdescription | tss2_getdescription(1) |
| tss2_getinfo | |
| tss2_getplatformcertificates | |
| tss2_getrandom | tss2_getrandom(1) - This command uses the TPM to create an array of random bytes. |
| tss2_gettpm2object | tss2_gettpm2object(1) |
| tss2_gettpmblobs | |
| tss2_import | |
| tss2_list | |
| tss2_nvextend | |
| tss2_nvincrement | |
| tss2_nvread | |
| tss2_nvsetbits | |
| tss2_nvwrite | |
| tss2_pcrextend | |
| tss2_pcrread | |
| tss2_provision | |
| tss2_quote | |
| tss2_setappdata | tss2_setappdata(1) |
| tss2_setcertificate | |
| tss2_setdescription | tss2_setdescription(1) |
| tss2_sign | |
| tss2_unseal | |
| tss2_verifyquote | |
| tss2_verifysignature | |
| tss2_writeauthorizenv | |