xref: /netbsd-src/crypto/external/cpl/tpm-tools/dist/man/man8/tpm_nvdefine.pod (revision 70f7362772ba52b749c976fb5e86e39a8b2c9afc)
1=head1 NAME
2
3tpm_nvdefine
4
5=head1 SYNOPSIS
6
7B<tpm_nvdefine [OPTIONS]>
8
9=head1 DESCRIPTION
10
11B<tpm_nvdefine> defines a new NVRAM area at the given index and of given
12size. The user has to provide the permissions that control access to
13the NVRAM area.
14
15Owner authentication is necessary once the NVRAM area 0xFFFFFFFF has been
16defined. The owner password may be provided on the command line using
17the owner password option.
18
19The following options are supported:
20
21=over 4
22
23=item B<-h, --help>
24
25Display command usage info.
26
27=item B<-v, --version>
28
29Display command version info.
30
31=item B<-l, --log [none|error|info|debug]>
32
33Set logging level.
34
35=item B<-u, --unicode>
36
37Use TSS UNICODE encoding for passwords to comply with applications
38using TSS popup boxes
39
40=item B<-y, --owner-well-known>
41
42Use a secret of all zeros (20 bytes of zeros) as the owner's secret.
43
44=item B<-z, --area-well-known>
45
46Use a secret of all zeros (20 bytes of zeros) as the NVRAM area's secret.
47
48=item B<-o, --pwdo> (optional parameter)
49
50The owner password.
51
52A password may be directly provided for example by using '--pwdo=password' or
53'-opassword'. If no password is provided with this option then the program will
54prompt the user for the password.
55
56=item B<-a, --pwda> (optional parameter)
57
58The NVRAM area password.
59
60A password may be directly provided for example by using '--pwda=password' or
61'-apassword'. If no password is provided with this option then the program will
62prompt the user for the password.
63
64=item B<-i, --index>
65
66The index of the NVRAM area.
67The parameter must either be a decimal number or a hexadecimal number starting with '0x'.
68
69To select the NVRAM area with index 0x100, the command line parameter should be '-i 0x100' or
70'--index 0x100'.
71
72=item B<-s, --size>
73
74The size of the NVRAM area.
75The parameter must either be a decimal number or a hexadecimal number starting with '0x'.
76
77=item B<-p, --permissions>
78
79The access permissions associated with the NVRAM area.
80The parameter must either be a decimal number or a hexadecimal number staring with '0x'. It is
81possible to logically 'or' numbers or strings. The following strings are supported:
82
83=over 4
84
85=item B<AUTHREAD>
86
87Reading requires NVRAM area authorization.
88
89=item B<AUTHWRITE>
90
91Writing requires NVRAM area authorization.
92
93=item B<PPREAD>
94
95Reading requires physical presence.
96
97=item B<PPWRITE>
98
99Writing requires physical presence.
100
101=item B<OWNERREAD>
102
103Reading requires owner authorization.
104
105=item B<OWNERWRITE>
106
107Writing requires owner authorization.
108
109=item B<GLOBALLOCK>
110
111A write to index 0 locks the NVRAM area until the next TPM_Startup(ST_CLEAR)
112
113=item B<READ_STCLEAR>
114
115A read with size 0 on the same index prevents further reading until the next TPM_Startup(ST_CLEAR)
116
117=item B<WRITE_STCLEAR>
118
119A write with size 0 to the same index prevents further writing until the next TPM_Startup(ST_CLEAR)
120
121=item B<WRITEDEFINE>
122
123A write with size 0 to the same index locks the NVRAM area permanently
124
125=item B<WRITEALL>
126
127The value must be written in a single operation
128
129=back
130
131An example of a permission parameter is:
132
133--permissions="OWNERREAD|OWNERWRITE"
134
135=item B<>
136
137=back
138
139=head1 SEE ALSO
140
141B<tpm_nvread>(8), B<tpm_nvwrite>(8), B<tpm_nvrelease>(8), B<tpm_nvinfo>(8)
142
143=head1 REPORTING BUGS
144
145Report bugs to <trousers-users@lists.sourceforge.net>
146