tpm_mkaik man page
tpm_mkaik — make a TPM Attestation Identity Key
tpm_mkaik [-zuhv] BLOB-FILE PUBKEY-FILE
The program generates a TPM Attestation Identity Key and stores it in the file BLOB-FILE. The public key is stored in the file PUBKEY-FILE. The public key is DER encoded.
Use the well known secret used as the owner secret.
Use TSS UNICODE encoding for passwords.
Display command usage info.
Display command version info.
Sometimes, when tpm_mkaik is invoked without the -z option, no password prompt appears. As a work around, use tpm_changeownerauth to set the secret to the well known one, generate the key, and then use tpm_changeownerauth to set the secret to its original value.
tpm_loadkey(8), tpm_quote_tools(8), tpm_updatepcrhash(8), tpm_verifyquote(8).