Home Explore Help
Sign In
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
tpm2-tools-5.1
/
man
/
man1
/
tss2_createseal.1

tss2_createseal.1 4.4 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144 
  1. .\" Automatically generated by Pandoc 1.19.2.4
    2. 

  2. .\"
    3. 

  3. .TH "tss2_createseal" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual"
    4. 

  4. .hy
    5. 

  5. .SH NAME
    6. 

  6. .PP
    7. 

  7. \f[B]tss2_createseal\f[](1) \-
    8. 

  8. .SH SYNOPSIS
    9. 

  9. .PP
    10. 

  10. \f[B]tss2_createseal\f[] [\f[I]OPTIONS\f[]]
    11. 

  11. .SH SEE ALSO
    12. 

  12. .PP
    13. 

  13. \f[B]fapi\-config(5)\f[] to adjust Fapi parameters like the used
    14. 

  14. cryptographic profile and TCTI or directories for the Fapi metadata
    15. 

  15. storages.
    16. 

  16. .PP
    17. 

  17. \f[B]fapi\-profile(5)\f[] to determine the cryptographic algorithms and
    18. 

  18. parameters for all keys and operations of a specific TPM interaction
    19. 

  19. like the name hash algorithm, the asymmetric signature algorithm, scheme
    20. 

  20. and parameters and PCR bank selection.
    21. 

  21. .SH DESCRIPTION
    22. 

  22. .PP
    23. 

  23. \f[B]tss2_createseal\f[](1) \- This command creates a sealed object and
    24. 

  24. stores it in the FAPI metadata store.
    25. 

  25. If no data is provided (i.e.
    26. 

  26. a NULL\-pointer) then the TPM generates random data and fills the sealed
    27. 

  27. object.
    28. 

  28. TPM signing schemes are used as specified in the cryptographic profile
    29. 

  29. (cf., \f[B]fapi\-profile(5)\f[]).
    30. 

  30. .SH OPTIONS
    31. 

  31. .PP
    32. 

  32. These are the available options:
    33. 

  33. .IP \[bu] 2
    34. 

  34. \f[B]\-p\f[], \f[B]\-\-path\f[]=\f[I]STRING\f[]:
    35. 

  35. .RS 2
    36. 

  36. .PP
    37. 

  37. The path to the new key.
    38. 

  38. .RE
    39. 

  39. .IP \[bu] 2
    40. 

  40. \f[B]\-t\f[], \f[B]\-\-type\f[]=\f[I]STRING\f[]:
    41. 

  41. .RS 2
    42. 

  42. .PP
    43. 

  43. Identifies the intended usage.
    44. 

  44. Optional parameter.
    45. 

  45. Types may be any comma\-separated combination of:
    46. 

  46. .IP
    47. 

  47. .nf
    48. 

  48. \f[C]
    49. 

  49. \-\ "exportable":\ Clears\ the\ fixedTPM\ and\ fixedParent\ attributes\ of\ a\ key\ or
    50. 

  50. \ \ sealed\ object.
    51. 

  51. \-\ "noda":\ Sets\ the\ noda\ attribute\ of\ a\ key\ or\ NV\ index.
    52. 

  52. \-\ "system":\ Stores\ the\ data\ blobs\ and\ metadata\ for\ a\ created\ key\ or\ seal
    53. 

  53. \ \ in\ the\ system\-wide\ directory\ instead\ of\ user\[aq]s\ personal\ directory.
    54. 

  54. \-\ A\ hexadecimal\ number\ (e.g.\ "0x81000001"):\ Marks\ a\ key\ object\ to\ be
    55. 

  55. \ \ made\ persistent\ and\ sets\ the\ persistent\ object\ handle\ to\ this\ value.
    56. 

  56. \f[]
    57. 

  57. .fi
    58. 

  58. .RE
    59. 

  59. .IP \[bu] 2
    60. 

  60. \f[B]\-P\f[], \f[B]\-\-policyPath\f[]=\f[I]STRING\f[]:
    61. 

  61. .RS 2
    62. 

  62. .PP
    63. 

  63. Identifies the policy to be associated with the new key.
    64. 

  64. Optional parameter.
    65. 

  65. If omitted then no policy will be associated with the key.
    66. 

  66. .PP
    67. 

  67. A policyPath is composed of two elements, separated by "/".
    68. 

  68. A policyPath starts with "/policy".
    69. 

  69. The second path element identifies the policy or policy template using a
    70. 

  70. meaningful name.
    71. 

  71. .RE
    72. 

  72. .IP \[bu] 2
    73. 

  73. \f[B]\-a\f[], \f[B]\-\-authValue\f[]=\f[I]STRING\f[]:
    74. 

  74. .RS 2
    75. 

  75. .PP
    76. 

  76. The new UTF\-8 password.
    77. 

  77. Optional parameter.
    78. 

  78. If it is neglected then the user is queried interactively for a
    79. 

  79. password.
    80. 

  80. To set no password, this option should be used with the empty string
    81. 

  81. ("").
    82. 

  82. The maximum password size is determined by the digest size of the chosen
    83. 

  83. name hash algorithm in the cryptographic profile (cf.,
    84. 

  84. \f[B]fapi\-profile(5)\f[]).
    85. 

  85. For example, choosing SHA256 as hash algorithm, allows passwords of a
    86. 

  86. maximum size of 32 characters.
    87. 

  87. .RE
    88. 

  88. .IP \[bu] 2
    89. 

  89. \f[B]\-i\f[], \f[B]\-\-data\f[]=\f[I]FILENAME\f[] or \f[I]\-\f[] (for
    90. 

  90. stdin):
    91. 

  91. .RS 2
    92. 

  92. .PP
    93. 

  93. The data to be sealed by the TPM.
    94. 

  94. Optional parameter.
    95. 

  95. Must not be used together with \-\-size.
    96. 

  96. .RE
    97. 

  97. .IP \[bu] 2
    98. 

  98. \f[B]\-s\f[], \f[B]\-\-size\f[]=\f[I]INTEGER\f[]:
    99. 

  99. .RS 2
    100. 

  100. .PP
    101. 

  101. Determines the number of random bytes the TPM should generate and seal.
    102. 

  102. Optional parameter.
    103. 

  103. Must not be "0".
    104. 

  104. Must no be used together with \-\-data.
    105. 

  105. .RE
    106. 

  106. .SH COMMON OPTIONS
    107. 

  107. .PP
    108. 

  108. This collection of options are common to all tss2 programs and provide
    109. 

  109. information that many users may expect.
    110. 

  110. .IP \[bu] 2
    111. 

  111. \f[B]\-h\f[], \f[B]\-\-help [man|no\-man]\f[]: Display the tools
    112. 

  112. manpage.
    113. 

  113. By default, it attempts to invoke the manpager for the tool, however, on
    114. 

  114. failure will output a short tool summary.
    115. 

  115. This is the same behavior if the "man" option argument is specified,
    116. 

  116. however if explicit "man" is requested, the tool will provide errors
    117. 

  117. from man on stderr.
    118. 

  118. If the "no\-man" option if specified, or the manpager fails, the short
    119. 

  119. options will be output to stdout.
    120. 

  120. .RS 2
    121. 

  121. .PP
    122. 

  122. To successfully use the manpages feature requires the manpages to be
    123. 

  123. installed or on \f[I]MANPATH\f[], See \f[B]man\f[](1) for more details.
    124. 

  124. .RE
    125. 

  125. .IP \[bu] 2
    126. 

  126. \f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this
    127. 

  127. tool, supported tctis and exit.
    128. 

  128. .SH EXAMPLE
    129. 

  129. .SS Create a key with password "abc" and read sealing data from file.
    130. 

  130. .IP
    131. 

  131. .nf
    132. 

  132. \f[C]
    133. 

  133. tss2_createseal\ \-\-path=HS/SRK/mySealKey\ \-\-type="noDa"\ \-\-authValue=abc\ \-\-data=data.file
    134. 

  134. \f[]
    135. 

  135. .fi
    136. 

  136. .SH RETURNS
    137. 

  137. .PP
    138. 

  138. 0 on success or 1 on failure.
    139. 

  139. .SH BUGS
    140. 

  140. .PP
    141. 

  141. Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
    142. 

  142. .SH HELP
    143. 

  143. .PP
    144. 

  144. See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
    145.