tpm2_nvlist man page
tpm2_nvlist(1) — display all defined Non-Volatile (NV)s indices.
tpm2_nvlist(1) — display all defined Non-Volatile (NV)s indices to stdout in a YAML format.
Display metadata for all defined NV indices. Metadata includes:
- The size of the defined region.
- The hash algorithm used to compute the name of the index.
- The auth policy.
- The NV attributes as defined in section “NV Attributes”.
0x1500015: hash algorithm: friendly: sha256 value: 0xB attributes: friendly: ownerwrite|ownerread value: 0x2000200 size: 32 authorization policy: 0x1500017: hash algorithm: friendly: sha256 value: 0xB attributes: friendly: ownerwrite|ownerread value: 0x2000200 size: 32 authorization policy:
This tool takes no tool specific options.
This collection of options are common to many programs and provide information that many users may expect.
- -h, –help: Display the tools manpage. This requires the manpages to be installed or on MANPATH, See man(1) for more details.
- -v, –version: Display version information for this tool, supported tctis and exit.
- -V, –verbose: Increase the information that the tool prints to the console during its execution. When using this option the file and line number are printed.
- -Q, –quiet: Silence normal tool output to stdout.
- -Z, –enable-errata: Enable the application of errata fixups. Useful if an errata fixup needs to be applied to commands sent to the TPM. # TCTI ENVIRONMENT
This collection of environment variables that may be used to configure the various TCTI modules available.
The values passed through these variables can be overridden on a per-command basis using the available command line options, see the TCTI_OPTIONS section.
The variables respected depend on how the software was configured.
TPM2TOOLS_TCTI_NAME: Select the TCTI used for communication with the next component down the TSS stack. In most configurations this will be the TPM but it could be a simulator or proxy. The current known TCTIs are:
- tabrmd - The new resource manager, called tabrmd (https://github.com/01org/tpm2-abrmd).
- socket - Typically used with the old resource manager, or talking directly to a simulator.
- device - Used when talking directly to a TPM device file.
- none - Do not initialize a connection with the TPM. Some tools allow for off-tpm options and thus support not using a TCTI. Tools that do not support it will error when attempted to be used without a TCTI connection. Does not support ANY options and MUST BE presented as the exact text of “none”.
TPM2TOOLS_DEVICE_FILE: When using the device TCTI, specify the TPM device file. The default is “/dev/tpm0”.
Note: Using the tpm directly requires the users to ensure that concurrent access does not occur and that they manage the tpm resources. These tasks are usually managed by a resource manager. Linux 4.12 and greater supports an in kernel resource manager at “/dev/tpmrm”, typically “/dev/tpmrm0”.
- TPM2TOOLS_SOCKET_ADDRESS: When using the socket TCTI, specify the domain name or IP address used. The default is 127.0.0.1.
- TPM2TOOLS_SOCKET_PORT: When using the socket TCTI, specify the port number used. The default is 2321.
This collection of options are used to configure the varous TCTI modules available. They override any environment variables.
-T, –tcti=TCTI_NAME[:TCTI_OPTIONS]: Select the TCTI used for communication with the next component down the TSS stack. In most configurations this will be the resource manager: tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific options can appended to TCTI_NAME by appending a : to TCTI_NAME.
- For the device TCTI, the TPM device file for use by the device TCTI can be specified. The default is /dev/tpm0. Example: -T device:/dev/tpm0
- For the socket TCTI, the domain name or IP address and port number used by the socket can be specified. The default are 127.0.0.1 and 2321. Example: -T socket:127.0.0.1:2321
- For the abrmd TCTI, it takes no options. Example: -T abrmd
NV Attributes are used to control various properties of the NV defined space. When specified as an option, either the raw bitfield mask or “nice-names” may be used. The values can be found in Table 204 Part 2 of the TPM2.0 specification, which can be found here:
Nice names are calculated by taking the name field of table 204 and removing the prefix TPMA_NV_ and lowercasing the result. Thus, TPMA_NV_PPWRITE becomes ppwrite. Nice names can be joined using the bitwise or “|” symbol.
Note that the TPM_NT field is 4 bits wide, and thus can be set via nt= format. For instance, to set The fields TPMA_NV_OWNERREAD, TPMA_NV_OWNERWRITE, TPMA_NV_POLICYWRITE, and TPMA_NT = 0x3, the argument would be:
ownerread|ownerwrite|policywrite|nt=0x3 # EXAMPLES
To list the defined NV indeces to stdout:
0 on success or 1 on failure.
Github Issues (https://github.com/01org/tpm2-tools/issues)
See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)