tpm2_certify − program to certify an object
tpm2_certify [{−H | −−objHandle} hexHandle] [{−C | −−objContext} filename] [{−k | −−keyHandle} hexHandle] [{−c | −−keyContext} filename] [{−P | −−pwdo} string] [{−K | −−pwdk} string] [{−g | −−halg} hexAlg] [{−a | −−attestFile} fileName] [{−s | −−sigFile} fileName] [{−X | −−passwdInHex}] [{−p | −−port} portNumber] [{−d | −−debugLevel} {0 | 1 | 2 | 3}] |
|
tpm2_certify [{−h | −−help} | {−v | −−version}] |
This manual page documents briefly the tpm2_certify command.
This manual page was written for the Debian distribution because the original program does not have a manual page.
tpm2_certify is a program to certify an object
The program follows the usual GNU command line syntax, with long options starting with two dashes (‘−'). A summary of options is included below.
−H hexHandle, −−objHandle=hexHandle
handle of the object to be certified.
−C filename, −−objContext=filename
filename of the object context to be certified.
−k hexHandle, −−keyHandle=hexHandle
handle of the key used to sign the attestation structure.
−c filename, −−keyContext=filename
filename of the key context used to sign the attestation structure.
−P string, −−pwdo=string
the object handle's password, optional.
−K string, −−pwdk=string
the keyHandle's password, optional.
−g hexAlg, −−halg=hexAlg
the hash algorithm used to digest the message
• 0x0004 − TPM_ALG_SHA1
• 0x000B − TPM_ALG_SHA256
• 0x000C − TPM_ALG_SHA384
• 0x000D − TPM_ALG_SHA512
• 0x0012 − TPM_ALG_SM3_256
−a fileName, −−attestFile=fileName
output file name, record the attestation structure.
−s fileNath, −−sigFile=fileNath
output file name, record the signature structure.
−X, −−passwdInHex
passwords given by any options are hex format.
−p portNumber, −−port=portNumber
The Port number, default is 2323, optional.
−d {0 | 1 | 2 | 3}, −−debugLevel= {0 | 1 | 2 | 3}
The level of debug message, default is 0, optional
• 0 − (high level test results)
• 1 − (test app send/receive byte streams)
• 2 − (resource manager send/receive byte streams)
• 3 − (resource manager tables)
−h, −−help
Show summary of options.
−v, −−version
Show version of program.
tpm2_certify provides some return codes, that can be used in scripts:
The upstreams BTS can be found at https://github.com/01org/tpm2.0-tools/issues.
tpm2_activatecredential(8), tpm2_akparse(8), tpm2_create(8), tpm2_createprimary(8), tpm2_encryptdecrypt(8), tpm2_evictcontrol(8), tpm2_getmanufec(8), tpm2_getpubak(8), tpm2_getpubek(8), tpm2_getrandom(8), tpm2_hash(8), tpm2_hmac(8), tpm2_listpcrs(8), tpm2_listpersistent(8), tpm2_load(8), tpm2_loadexternal(8), tpm2_makecredential(8), tpm2_nvdefine(8), tpm2_nvlist(8), tpm2_nvread(8), tpm2_nvreadlock(8), tpm2_nvrelease(8), tpm2_nvwrite(8), tpm2_quote(8), tpm2_rc_decode(8), tpm2_readpublic(8), tpm2_rsadecrypt(8), tpm2_rsaencrypt(8), tpm2_sign(8), tpm2_takeownership(8), tpm2_unseal(8), tpm2_verifysignature(8)
Ying−Chun Liu <paulliu@debian.org>
Wrote this manpage for the Debian system.
Copyright © 2017 Ying-Chun Liu (PaulLiu)
This manual page was written for the Debian system (and may be used by others).
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 3 or (at your option) any later version published by the Free Software Foundation.
On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common−licenses/GPL−3.