Package tpm2-tools

A bunch of TPM testing toolS build upon tpm2-tss

https://github.com/tpm2-software/tpm2-tools

tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss.

Version: 5.6

General Commands

tpm2 A single small executable that combines the various tpm2-tools much like a BusyBox that provides a fairly complete environment for any small or embedded system.
tpm2_activatecredential Enables access to the credential qualifier to recover the credential secret.
tpm2_certify Prove that an object is loaded in the TPM.
tpm2_certifyX509certutil Generate partial X509 certificate.
tpm2_certifycreation Attest the association between a loaded public area and the provided hash of the creation data.
tpm2_changeauth Changes authorization values for TPM objects.
tpm2_changeeps Replaces the active endorsement primary seed with a new one generated off the TPM2 RNG.
tpm2_changepps Replaces the active platform primary seed with a new one generated off the TPM2 RNG.
tpm2_checkquote Validates a quote provided by a TPM.
tpm2_clear Clears lockout, endorsement and owner hierarchy authorization values and other TPM data.
tpm2_clearcontrol Set/ Clear TPMA_PERMANENT.disableClear attribute to effectively block/ unblock lockout authorization handle for issuing TPM clear.
tpm2_clockrateadjust Sets the clock rate period on the TPM.
tpm2_commit Performs the first part of an ECC anonymous signing operation.
tpm2_create Create a child object.
tpm2_createak Generate attestation key with given algorithm under the endorsement hierarchy.
tpm2_createek Generate TCG profile compliant endorsement key.
tpm2_createpolicy Creates simple assertion authorization policies based on multiple PCR indices values across multiple enabled banks.
tpm2_createprimary Create a primary key.
tpm2_dictionarylockout Setup or clear dictionary-attack-lockout parameters.
tpm2_duplicate Duplicates a loaded object so that it may be used in a different hierarchy.
tpm2_ecdhkeygen Creates an ephemeral key and uses it to generate the shared secret value using the parameters from a ECC public key.
tpm2_ecdhzgen Recovers the shared secret value (Z) from a public point and a specified private key.
tpm2_ecephemeral Creates an ephemeral key for use in a two-phase key exchange protocol.
tpm2_encodeobject Encode an object into a combined PEM format.
tpm2_encryptdecrypt Performs symmetric encryption or decryption.
tpm2_eventlog Display tpm2 event log.
tpm2_evictcontrol Make a transient object persistent or evict a persistent object.
tpm2_flushcontext Remove a specified handle, or all contexts associated with a transient object, loaded session or saved session from the TPM.
tpm2_getcap Display TPM capabilities in a human readable form.
tpm2_getcommandauditdigest Retrieve the command audit attestation data from the TPM.
tpm2_geteccparameters Retrieves the parameters of an ECC curve identified by its TCG-assigned curveID.
tpm2_getekcertificate Retrieve the Endorsement key Certificate.
tpm2_getpolicydigest Retrieves the policy digest from session.
tpm2_getrandom Retrieves random bytes from the TPM.
tpm2_getsessionauditdigest Retrieve the command audit attestation data from the TPM.
tpm2_gettestresult Get the result of tests performed by the TPM
tpm2_gettime Get the current time and clock from the TPM in a signed form.
tpm2_hash Performs a hash operation with the TPM.
tpm2_hierarchycontrol Enable and disable use of a hierarchy and its associated NV storage.
tpm2_hmac Performs an HMAC operation with the TPM.
tpm2_import Imports an external key into the tpm as a TPM managed key object.
tpm2_incrementalselftest Request testing of specified algorithm list
tpm2_load Load an object into the TPM.
tpm2_loadexternal Load an external object into the TPM.
tpm2_makecredential Generate the encrypted-user-chosen-data and the wrapped-secret-data-encryption-key for the privacy-sensitive credentialing process of a TPM object.
tpm2_nvcertify Provides attestation of the contents of an NV index.
tpm2_nvdefine Define a TPM Non-Volatile (NV) index.
tpm2_nvextend Extend an Non-Volatile (NV) index like it was a PCR.
tpm2_nvincrement Increment counter in a Non-Volatile (NV) index.
tpm2_nvread Read the data stored in a Non-Volatile (NV)s index.
tpm2_nvreadlock Lock the Non-Volatile (NV) index for further reads.
tpm2_nvreadpublic Display all defined Non-Volatile (NV)s indices.
tpm2_nvsetbits Bitwise OR bits into a Non-Volatile (NV).
tpm2_nvundefine Delete a Non-Volatile (NV) index.
tpm2_nvwrite Write data to a Non-Volatile (NV) index.
tpm2_nvwritelock Lock the Non-Volatile (NV) index for further writes.
tpm2_pcrallocate Configure PCRs and bank algorithms.
tpm2_pcrevent Hashes a file and optionally extends a pcr.
tpm2_pcrextend Extends a PCR.
tpm2_pcrread List PCR values.
tpm2_pcrreset Reset one or more PCR banks
tpm2_policyauthorize Allows for mutable policies by tethering to a signing authority.
tpm2_policyauthorizenv Allows for mutable policies by referencing to a policy from an NV index.
tpm2_policyauthvalue Enables binding a policy to the authorization value of the authorized TPM object.
tpm2_policycommandcode Restrict TPM object authorization to specific TPM commands.
tpm2_policycountertimer Enables policy authorization by evaluating the comparison operation on the TPM parameters time, clock, reset count, restart count and TPM clock safe flag.
tpm2_policycphash Couples a policy with command parameters of the command.
tpm2_policyduplicationselect Restricts duplication to a specific new parent.
tpm2_policylocality Restrict TPM object authorization to specific localities.
tpm2_policynamehash Couples a policy with names of specific objects.
tpm2_policynv Evaluates policy authorization by comparing a specified value against the contents in the specified NV Index.
tpm2_policynvwritten Restrict TPM object authorization to the written state of an NV index.
tpm2_policyor logically OR’s two policies together.
tpm2_policypassword Enables binding a policy to the authorization value of the authorized TPM object.
tpm2_policypcr Create a policy that includes specific PCR values.
tpm2_policyrestart Restart an existing session with the TPM.
tpm2_policysecret Couples the authorization of an object to that of an existing object.
tpm2_policysigned Enables policy authorization by verifying signature of optional TPM2 parameters. The signature is generated by a signing authority.
tpm2_policytemplate Couples a policy with public template data digest of an object.
tpm2_policyticket Enables policy authorization by verifying a ticket that represents a validated authorization that had an expiration time associated with it.
tpm2_print Prints TPM data structures
tpm2_quote Provide a quote and signature from the TPM.
tpm2_rc_decode Decode TPM2 error codes to a human readable format.
tpm2_readclock Retrieves the time information from the TPM.
tpm2_readpublic Read the public area of a loaded object.
tpm2_rsadecrypt Performs an RSA decryption operation using the TPM.
tpm2_rsaencrypt Performs an RSA encryption operation using the TPM.
tpm2_selftest Run TPM’s self-test internal routines
tpm2_send Send a raw command buffer to the TPM.
tpm2_sessionconfig Configure session attributes and print session info from a session file.
tpm2_setclock Sets the time on the TPM.
tpm2_setcommandauditstatus Add or remove TPM2 commands to the audited commands list.
tpm2_setprimarypolicy Sets the authorization policy for the lockout (lockoutPolicy), the platform hierarchy (platformPolicy), the storage hierarchy (ownerPolicy), and the endorsement…
tpm2_shutdown Send a shutdown command to the TPM.
tpm2_sign Sign a hash or message using the TPM.
tpm2_startauthsession Start a session with the TPM.
tpm2_startup Send a startup command to the TPM.
tpm2_stirrandom Add “additional information” into TPM RNG state.
tpm2_testparms Verify that specified algorithm suite is supported by TPM
tpm2_tr_encode Encodes a peristent handle and TPM2B_NAME as a serialized ESYS_TR as output.
tpm2_unseal Returns a data blob in a loaded TPM object. The data blob is returned in clear.
tpm2_verifysignature Validates a signature using the TPM.
tpm2_zgen2phase Command to enable the TPM to combine data from the other party with the ephemeral key generated in the first phase of two-phase key exchange protocols.
tss2_authorizepolicy
tss2_changeauth This command changes the authorization data of an entity referred to by the path.
tss2_createkey
tss2_createnv
tss2_createseal
tss2_decrypt decrypts data
tss2_delete
tss2_encrypt encrypts data
tss2_exportkey
tss2_exportpolicy
tss2_getappdata tss2_getappdata(1)
tss2_getcertificate
tss2_getdescription tss2_getdescription(1)
tss2_getinfo
tss2_getplatformcertificates
tss2_getrandom tss2_getrandom(1) - This command uses the TPM to create an array of random bytes.
tss2_gettpm2object tss2_gettpm2object(1)
tss2_gettpmblobs
tss2_import
tss2_list
tss2_nvextend
tss2_nvincrement
tss2_nvread
tss2_nvsetbits
tss2_nvwrite
tss2_pcrextend
tss2_pcrread
tss2_provision
tss2_quote
tss2_setappdata tss2_setappdata(1)
tss2_setcertificate
tss2_setdescription tss2_setdescription(1)
tss2_sign
tss2_unseal
tss2_verifyquote
tss2_verifysignature
tss2_writeauthorizenv