FreeBSD Manual Pages
tss2_provision(1) General Commands Manual tss2_provision(1) NAME tss2_provision(1) - SYNOPSIS tss2_provision [OPTIONS] SEE ALSO fapi-config(5) to adjust Fapi parameters like the used cryptographic profile and TCTI or directories for the Fapi metadata storages. fapi-profile(5) to determine the cryptographic algorithms and parame- ters for all keys and operations of a specific TPM interaction like the name hash algorithm, the asymmetric signature algorithm, scheme and pa- rameters and PCR bank selection. DESCRIPTION tss2_provision(1) - This command provisions a FAPI instance and its as- sociated TPM. The steps taken are: • Retrieve the EK template, nonce and certificate, verify that they match the TPM's EK and store them in the key store. • Set the authValues and policies for the Owner (Storage Hierarchy), the Privacy Administrator (Endorsement Hierarchy) and the lockout au- thority. • Scan the TPM's nv indices and create entries in the FAPI metadata store. This operation MAY use a heuristic to guess the originating programs for nv indices found and name the entries accordingly. • Create the SRK (storage primary key) inside the TPM and make it per- sistent if required by the cryptographic profile (cf., fapi-pro- file(5)) and store its metadata in the system-wide FAPI metadata store. Note that the SRK will not have an authorization value asso- ciated. If an authorization value is associated with the storage hierarchy, it is highly recommended that the SRK without authorization value is made persistent. The paths of the different metadata storages for keys and nv indices are configured in the FAPI configuration file (cf., fapi-config(5)). OPTIONS These are the available options: • -E, --authValueEh=STRING: The authorization value for the privacy ad- min, i.e. the endorsement hierarchy. Optional parameter. • -S, --authValueSh=STRING: The authorization value for the owner, i.e. the storage hierarchy. Optional parameter. • -L, --authValueLockout=STRING: The authorization value for the lock- out authorization. Optional parameter. COMMON OPTIONS This collection of options are common to all tss2 programs and provide information that many users may expect. • -h, --help [man|no-man]: Display the tools manpage. By default, it attempts to invoke the manpager for the tool, however, on failure will output a short tool summary. This is the same behavior if the "man" option argument is specified, however if explicit "man" is re- quested, the tool will provide errors from man on stderr. If the "no-man" option if specified, or the manpager fails, the short op- tions will be output to stdout. To successfully use the manpages feature requires the manpages to be installed or on MANPATH, See man(1) for more details. • -v, --version: Display version information for this tool, supported tctis and exit. EXAMPLE tss2_provision RETURNS 0 on success or 1 on failure. BUGS Github Issues (https://github.com/tpm2-software/tpm2-tools/issues) HELP See the Mailing List (https://lists.linuxfoundation.org/mailman/listin- fo/tpm2) tpm2-tools APRIL 2019 tss2_provision(1)
NAME | SYNOPSIS | SEE ALSO | DESCRIPTION | OPTIONS | COMMON OPTIONS | EXAMPLE | RETURNS | BUGS | HELP
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=tss2_provision&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>