tss2_quote.1.md 2.2 KB
% tss2_quote(1) tpm2-tools | General Commands Manual % % APRIL 2019
tss2_quote(1) -
tss2_quote [OPTIONS]
tss2_quote(1) - This command performs an attestation using the TPM. The PCR bank for each provided PCR index and signing scheme are set in the cryptographic profile (cf., fapi-profile(5)).
These are the available options:
-x, --pcrList=STRING:
An array holding the PCR indices to quote against.
-Q, --qualifyingData=FILENAME or - (for stdin):
A nonce provided by the caller to ensure freshness of the signature. Optional parameter.
-l, --pcrLog=FILENAME or - (for stdout):
Returns the PCR log for the chosen PCR. Optional parameter.
PCR event logs are a list (arbitrary length JSON array) of log entries with the following content.
- recnum: Unique record number - pcr: PCR index - digest: The digests - type: The type of event. At the moment the only possible value is: "LINUX_IMA" (legacy IMA) - eventDigest: Digest of the event; e.g. the digest of the measured file - eventName: Name of the event; e.g. the name of the measured file.-f, --force:
Force overwriting the output file.
-p, --keyPath=STRING:
Identifies the signing key.
-q, --quoteInfo=FILENAME or - (for stdout):
Returns a JSON-encoded structure holding the inputs to the quote operation. This includes the digest value and PCR values.
-o, --signature=FILENAME or - (for stdout):
Returns the signature over the quoted material.
-c, --certificate=FILENAME or - (for stdout):
The certificate associated with keyPath in PEM format. Optional parameter.
tss2_quote --keyPath=HS/SRK/quotekey --pcrList="10,16" --qualifyingData=qualifyingData.file --signature=signature.file --pcrLog=pcrLog.file --certificate=certificate.file --quoteInfo=quoteInfo.info
0 on success or 1 on failure.