tpm_nvdefine (8)

Tpm_nvdefine

  1. Carta.tech
  2. Man Pages
  3. System administration commands
  4. tpm_nvdefine: Tpm_nvdefine
  1. Carta.tech
  2. Packages
  3. tpm-tools
  4. tpm_nvdefine: Tpm_nvdefine

SYNOPSIS

tpm_nvdefine [\s-1OPTIONS\s0]

DESCRIPTION

tpm_nvdefine defines a new \s-1NVRAM\s0 area at the given index and of given size. The user has to provide the permissions that control access to the \s-1NVRAM\s0 area.

Owner authentication is necessary once the \s-1NVRAM\s0 area 0xFFFFFFFF has been defined. The owner password may be provided on the command line using the owner password option.

The following options are supported:

-h, --help

Display command usage info.

-v, --version

Display command version info.

-l, --log [none|error|info|debug]

Set logging level.

-u, --unicode

Use \s-1TSS\s0 \s-1UNICODE\s0 encoding for passwords to comply with applications using \s-1TSS\s0 popup boxes

-y, --owner-well-known

Use a secret of all zeros (20 bytes of zeros) as the owner's secret.

-z, --area-well-known

Use a secret of all zeros (20 bytes of zeros) as the \s-1NVRAM\s0 area's secret.

-o, --pwdo (optional parameter)

The owner password. A password may be directly provided for example by using '--pwdo=password' or '-opassword'. If no password is provided with this option then the program will prompt the user for the password.

-a, --pwda (optional parameter)

The \s-1NVRAM\s0 area password. A password may be directly provided for example by using '--pwda=password' or '-apassword'. If no password is provided with this option then the program will prompt the user for the password.

-i, --index

The index of the \s-1NVRAM\s0 area. The parameter must either be a decimal number or a hexadecimal number starting with '0x'. To select the \s-1NVRAM\s0 area with index 0x100, the command line parameter should be '-i 0x100' or '--index 0x100'.

-s, --size

The size of the \s-1NVRAM\s0 area. The parameter must either be a decimal number or a hexadecimal number starting with '0x'.

-p, --permissions

The access permissions associated with the \s-1NVRAM\s0 area. The parameter must either be a decimal number or a hexadecimal number staring with '0x'. It is possible to logically 'or' numbers or strings. The following strings are supported:

\s-1AUTHREAD\s0

Reading requires \s-1NVRAM\s0 area authorization.

\s-1AUTHWRITE\s0

Writing requires \s-1NVRAM\s0 area authorization.

\s-1PPREAD\s0

Reading requires physical presence.

\s-1PPWRITE\s0

Writing requires physical presence.

\s-1OWNERREAD\s0

Reading requires owner authorization.

\s-1OWNERWRITE\s0

Writing requires owner authorization.

\s-1GLOBALLOCK\s0

A write to index 0 locks the \s-1NVRAM\s0 area until the next TPM_Startup(\s-1ST_CLEAR\s0)

\s-1READ_STCLEAR\s0

A read with size 0 on the same index prevents further reading until the next TPM_Startup(\s-1ST_CLEAR\s0)

\s-1WRITE_STCLEAR\s0

A write with size 0 to the same index prevents further writing until the next TPM_Startup(\s-1ST_CLEAR\s0)

\s-1WRITEDEFINE\s0

A write with size 0 to the same index locks the \s-1NVRAM\s0 area permanently

\s-1WRITEALL\s0

The value must be written in a single operation

An example of a permission parameter is: --permissions=\*(L"OWNERREAD|OWNERWRITE\*(R"

RELATED TO tpm_nvdefine…

tpm_nvread(8), tpm_nvwrite(8), tpm_nvrelease(8), tpm_nvinfo(8)

REPORTING BUGS

Report bugs to <[email protected]>