tpm_nvdefine(8)tpm_nvdefine(8)NAMEtpm_nvdefineSYNOPSIStpm_nvdefine [OPTIONS]
DESCRIPTIONtpm_nvdefine defines a new NVRAM area at the given index and of given
size. The user has to provide the permissions that control access to
the NVRAM area.
Owner authentication is necessary once the NVRAM area 0xFFFFFFFF has
been defined. The owner password may be provided on the command line
using the owner password option.
The following options are supported:
-h, --help
Display command usage info.
-v, --version
Display command version info.
-l, --log [none|error|info|debug]
Set logging level.
-u, --unicode
Use TSS UNICODE encoding for passwords to comply with applications
using TSS popup boxes
-y, --owner-well-known
Use a secret of all zeros (20 bytes of zeros) as the owner's
secret.
-z, --area-well-known
Use a secret of all zeros (20 bytes of zeros) as the NVRAM area's
secret.
-o, --pwdo (optional parameter)
The owner password.
A password may be directly provided for example by using
'--pwdo=password' or '-opassword'. If no password is provided with
this option then the program will prompt the user for the password.
-a, --pwda (optional parameter)
The NVRAM area password.
A password may be directly provided for example by using
'--pwda=password' or '-apassword'. If no password is provided with
this option then the program will prompt the user for the password.
-i, --index
The index of the NVRAM area. The parameter must either be a
decimal number or a hexadecimal number starting with '0x'.
To select the NVRAM area with index 0x100, the command line
parameter should be '-i 0x100' or '--index 0x100'.
-s, --size
The size of the NVRAM area. The parameter must either be a decimal
number or a hexadecimal number starting with '0x'.
-p, --permissions
The access permissions associated with the NVRAM area. The
parameter must either be a decimal number or a hexadecimal number
staring with '0x'. It is possible to logically 'or' numbers or
strings. The following strings are supported:
AUTHREAD
Reading requires NVRAM area authorization.
AUTHWRITE
Writing requires NVRAM area authorization.
PPREAD
Reading requires physical presence.
PPWRITE
Writing requires physical presence.
OWNERREAD
Reading requires owner authorization.
OWNERWRITE
Writing requires owner authorization.
GLOBALLOCK
A write to index 0 locks the NVRAM area until the next
TPM_Startup(ST_CLEAR)
READ_STCLEAR
A read with size 0 on the same index prevents further reading
until the next TPM_Startup(ST_CLEAR)
WRITE_STCLEAR
A write with size 0 to the same index prevents further writing
until the next TPM_Startup(ST_CLEAR)
WRITEDEFINE
A write with size 0 to the same index locks the NVRAM area
permanently
WRITEALL
The value must be written in a single operation
An example of a permission parameter is:
--permissions="OWNERREAD|OWNERWRITE"
SEE ALSOtpm_nvread(8), tpm_nvwrite(8), tpm_nvrelease(8), tpm_nvinfo(8)REPORTING BUGS
Report bugs to <trousers-users@lists.sourceforge.net>
TPM Management 2011-07-07 tpm_nvdefine(8)