tpm_clear man page
TPM Management - tpm_clear
tpm_clear — return the TPM to the default state (unowned, disabled, inactive)
tpm_clear requests that the system's TPM perform a clear (via the TPM_OwnerClear API) wiping out all ownership information, in effect invalidaing all keys and data tied to the TPM, as well as disabling and deactivating the TPM. This operation will prompt for the owner password. The --force option relies on Phyiscal Presence to authorize the command (via the TPM_ForceClear API) skipping the owner password prompt. The TPM OwnerClear API can be disabled until the current owner is cleared, requiring use of the --force with tpm_setclearable command. The TPM_ForceClear API can be disabled for the current boot cycle with the tpm_setclearable command. This command requires a reboot to complete the operation.
- -h, --help
Display command usage info.
- -v, --version
Display command version info.
- -l, --log [none|error|info|debug]
Set logging level.
- -u, --unicode
Use TSS UNICODE encoding for passwords to comply with applications using TSS popup boxes
- -f, --force
Rely on Physical Presence for authorization; therefore, do not prompt for owner password.
- -z, --well-known
Authenticate using 20 bytes of zeros as owner password (the default TSS Well Known Secret), instead of prompting for an owner password.
tpm_version(1), tpm_takeownership(8), tpm_setclearable(8), tpm_setactive(8), tpm_setenable(8), tcsd(8)
Report bugs to <firstname.lastname@example.org>