tpm_mkaik man page

tpm_mkaik [-zuhv] BLOB-FILE PUBKEY-FILE

The program generates a TPM Attestation Identity Key and stores it in the file BLOB-FILE. The public key is stored in the file PUBKEY-FILE. The public key is DER encoded.

-z

Use the well known secret used as the owner secret.

-u

Use TSS UNICODE encoding for passwords.

-h

Display command usage info.

-v

Display command version info.

Sometimes, when tpm_mkaik is invoked without the -z option, no password prompt appears.  As a work around, use tpm_changeownerauth to set the secret to the well known one, generate the key, and then use tpm_changeownerauth to set the secret to its original value.

tpm_quote_tools(8), tpm_changeownerauth(8)

tpm_loadkey(8), tpm_quote_tools(8), tpm_updatepcrhash(8), tpm_verifyquote(8).