Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2025-08-22 19:04:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
stable-0.7-next
swtpm/man/man8/swtpm_bios.pod
Lili Zhu b199d8084e Update the doc of the flag to connect to TPM via UnixIO socket 
Modify the flag from "--unixio" to "--unix"

Signed-off-by: Lili Zhu <lizhu@redhat.com>
2021-01-13 07:02:18 -05:00

128 lines
3.2 KiB
Plaintext
Raw Permalink Blame History

=head1 NAME
swtpm_bios - BIOS simulation tool for swtpm
=head1 SYNOPSIS
B<swtpm_bios [OPTIONS]>
=head1 DESCRIPTION
B<swtpm_bios> is a tool that can send the commands to the TPM (I<swtpm>
program) that typically are used by the BIOS to initialize the TPM.
The user can choose among several command line options to choose the
state the TPM should be set to.
This command requires the environment variable I<TCSD_USE_TCP_DEVICE>
to be set for communication via TCP. Otherwise it will use the device
set in the environment variable I<TPM_DEVICE> or fall back to use
I</dev/tpm0> to send the commands to. In TCP mode, the environment variable
I<TCSD_TCP_DEVICE_HOSTNAME> is used to indicate the host to send the commands
to. By default I<localhost> is assumed. The default TCP port is 6545 unless
the environment variable I<TCSD_TCP_DEVICE_PORT> indicates another port.
In case of success 0 will be returned. In case a TPM error was
encountered the return code will be 128. In case of communcation
failure 255 is returned. In case the TPM needs to be reset to become
activated, 129 will be returned.
This command will send the following sequence of commands to the TPM.
=over 4
=item B<TPM_Startup(chosen mode)> -- startup TPM
=item B<TSC_PhysicalPresence(0x20)> -- PhysicalPresenceCMDEnable
=item B<TSC_PhysicalPresence(0x08)> -- turn on physical presence
=item B<TPM_GetCapability> -- get permanent flags
=item B<TPM_PhysicalEnable> -- enable the TPM
=item B<TPM_PhysicalSetDeactivated(0x0)> -- activate TPM
=item B<TPM_ContinueSelfTest> -- continue self test
=item B<TSC_PhysicalPresence(0x20)> -- PhysicalPresenceCMDEnable
=item B<TSC_PhysicalPresence(0x14)> -- turn off physical presence & lock it
=back
The following options are supported:
=over 4
=item B<--tpm-device E<lt>deviceE<gt>>
Use the given device rather than the default /dev/tpm0. This option overrides
the TPM_DEVICE environment variable.
=item B<--tcp E<lt>serverE<gt>:E<lt>portE<gt>>
Connect to the given server and port; if no server is given, 127.0.0.1 is used;
if port is not given, the default port 6545 is used.
=item B<--unix E<lt>pathE<gt>>
Connect to the given UnixIO path.
=item B<-tpm2>
The device is a TPM 2.
=item B<-c>
Send TPM_Startup(ST_CLEAR) (default). This instructs the TPM to start
with clear state.
=item B<-s>
Send TPM_Startup(ST_STATE). This instructs the TPM to start by restoring
previously saved state.
=item B<-d>
Send TPM_Startup(ST_DEACTIVATED). This instructs the TPM to start in
deactivated mode. This option has no effect on a TPM 2.
=item B<-n>
Don't send a TPM_Startup command.
=item B<-o>
Only send the startup command and nothing else.
=item B<-ea>
Make sure that the TPM is activated; if the TPM requires a reset, the program
will exist and return a return code of 129.
=item B<-cs>
Send a TPM_ContinueSelfTest command to a TPM 1.2 and a TPM2_IncrementalSelfTest
command to a TPM 2.
=item B<-u>
Give up physical presence on a TPM 1.2. In case of a TPM 2 set the platform
hierarchy to a random password.
=item B<-v>
Display version and exit.
=item B<-h>
Display the help screen and exit.
=back
=head1 SEE ALSO
=head1 REPORTING BUGS
Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>
Reference in New Issue View Git Blame Copy Permalink