man/man8/swtpm_ioctl.8 - third_party/github.com/stefanberger/swtpm - Git at Google

 .\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.29)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Vb \" Begin verbatim text
 .ft CW
 .nf
 .ne \\$1
 ..
 .de Ve \" End verbatim text
 .ft R
 .fi
 ..
 .\" Set up some character translations and predefined strings.  \*(-- will
 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
 .\" double quote, and \*(R" will give a right double quote.  \*(C+ will
 .\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
 .\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
 .\" nothing in troff, for use with C<>.
 .tr \(*W-
 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
 .ie n \{\
 .    ds -- \(*W-
 .    ds PI pi
 .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
 .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
 .    ds L" ""
 .    ds R" ""
 .    ds C` ""
 .    ds C' ""
 'br\}
 .el\{\
 .    ds -- \|\(em\|
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
 .    ds C`
 .    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
 .ie \n(.g .ds Aq \(aq
 .el       .ds Aq '
 .\"
 .\" If the F register is turned on, we'll generate index entries on stderr for
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
 .\"
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
 .nr rF 0
 .if \n(.g .if rF .nr rF 1
 .if (\n(rF:(\n(.g==0)) \{
 .    if \nF \{
 .        de IX
 .        tm Index:\\$1\t\\n%\t"\\$2"
 ..
 .        if !\nF==2 \{
 .            nr % 0
 .            nr F 2
 .        \}
 .    \}
 .\}
 .rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
 .    \" fudge factors for nroff and troff
 .if n \{\
 .    ds #H 0
 .    ds #V .8m
 .    ds #F .3m
 .    ds #[ \f1
 .    ds #] \fP
 .\}
 .if t \{\
 .    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
 .    ds #V .6m
 .    ds #F 0
 .    ds #[ \&
 .    ds #] \&
 .\}
 .    \" simple accents for nroff and troff
 .if n \{\
 .    ds ' \&
 .    ds ` \&
 .    ds ^ \&
 .    ds , \&
 .    ds ~ ~
 .    ds /
 .\}
 .if t \{\
 .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
 .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
 .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
 .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
 .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
 .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
 .\}
 .    \" troff and (daisy-wheel) nroff accents
 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
 .ds ae a\h'-(\w'a'u*4/10)'e
 .ds Ae A\h'-(\w'A'u*4/10)'E
 .    \" corrections for vroff
 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
 .    \" for low resolution devices (crt and lpr)
 .if \n(.H>23 .if \n(.V>19 \
 \{\
 .    ds : e
 .    ds 8 ss
 .    ds o a
 .    ds d- d\h'-1'\(ga
 .    ds D- D\h'-1'\(hy
 .    ds th \o'bp'
 .    ds Th \o'LP'
 .    ds ae ae
 .    ds Ae AE
 .\}
 .rm #[ #] #H #V #F C
 .\" ========================================================================
 .\"
 .IX Title "swtpm_ioctl 8"
 .TH swtpm_ioctl 8 "2017-11-13" "swtpm" ""
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
 .nh
 .SH "NAME"
 swtpm_ioctl \- Utility for sending control commands to swtpm
 .SH "SYNOPSIS"
 .IX Header "SYNOPSIS"
 \&\fBswtpm_ioctl [\s-1COMMAND\s0] <device>\fR
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 \&\fBswtpm_ioctl\fR implements a client tool for controlling the
 \&\fIswtpm_cuse\fR \s-1TPM\s0 software emulator, such as for example its
 initialization and shutdown. Once the swtpm_cuse has been
 initialized, \s-1TPM\s0 commands can be sent to it.
 .PP
 The full path to the swtpm_cuse's character device must be provided such
 as for example /dev/vtpm\-200.
 .PP
 The environment variable \s-1SWTPM_IOCTL_BUFFERSIZE\s0 can be set to the size
 for the buffer for state blob transfer to use. If it is not set, the \fIioctl()\fR
 interface is used for transferring the state. This environment variable
 is primarily used for testing purposes.
 .PP
 The following commands are supported:
 .IP "\fB\-\-tpm\-device <device>\fR" 4
 .IX Item "--tpm-device <device>"
 Use the given device.
 .Sp
 This option can be used instead of providing the device as the last parameter.
 .IP "\fB\-\-tcp <server>:<port>\fR" 4
 .IX Item "--tcp <server>:<port>"
 Connect to the given server and port; if no server is given, 127.0.0.1 is used;
 if port is not given, the default port 6545 is used.
 .IP "\fB\-\-unixio <path>\fR" 4
 .IX Item "--unixio <path>"
 Connect to the given UnixIO path.
 .IP "\fB\-c\fR" 4
 .IX Item "-c"
 Get the swtpm_cuse's capability flags indicating which commands
 are supported.
 .IP "\fB\-i\fR" 4
 .IX Item "-i"
 Send a hardware initialization signal to the swtpm_cuse. Volatile
 state previously written by the \s-1TPM\s0 will be read and the file automatically
 delete.
 .IP "\fB\-s\fR" 4
 .IX Item "-s"
 Gracefully shut the swtpm_cuse down.
 .IP "\fB\-\-stop\fR" 4
 .IX Item "--stop"
 Stop the swtpm_cuse. This does not shut it down. The \fI\-i\fR command can again
 be sent to it. After a stop it is also possible to load \s-1TPM\s0 stateblobs into the
 \&\s-1TPM\s0 using the \fI\-\-load\fR command.
 .IP "\fB\-e\fR" 4
 .IX Item "-e"
 Get the tpmEstablished bit.
 .IP "\fB\-r locality\fR" 4
 .IX Item "-r locality"
 Reset the tpmEstablished bit using the given locality. Only localities 3 and 4 work.
 This operation will not permanently change the localty that was previously set
 using the \fI\-l\fR option.
 .IP "\fB\-l locality\fR" 4
 .IX Item "-l locality"
 Set the locality for the subsequent \s-1TPM\s0 commands.
 .IP "\fB\-v\fR" 4
 .IX Item "-v"
 Have the \s-1TPM\s0 write the volatile state to a file. Upon a TPM_Init (\-i) the
 \&\s-1TPM\s0 state will be read and the \s-1TPM\s0 can then resume operation without further
 intialization.
 .IP "\fB\-C\fR" 4
 .IX Item "-C"
 Cancel an ongoing \s-1TPM\s0 command.
 .IP "\fB\-h data\fR" 4
 .IX Item "-h data"
 Reset and extend \s-1PCR 17\s0 with the hash of the given data. If data is the single
 character '\-', then all data are read from stdin.
 .IP "\fB\-\-save <\s-1TPM\s0 state blob name> <filename> \fR" 4
 .IX Item "--save <TPM state blob name> <filename> "
 Save the \s-1TPM\s0 state blob into the given file. Valid \s-1TPM\s0 state blob
 names are permanent, volatile, and savestate.
 .Sp
 Note that this command can be executed at any time. However, to retrieve
 the latest volatile state, the \fI\-v\fR command should have been run
 immediately before running this command. The savestate blob will only be
 returned if a TPM_SaveState command was executed in the \s-1TPM.\s0
 .IP "\fB\-\-load <\s-1TPM\s0 state blob name> <filename>\fR" 4
 .IX Item "--load <TPM state blob name> <filename>"
 Load the given \s-1TPM\s0 state blob from the given file. Valid \s-1TPM\s0 state blob
 names are permanent, volatile, and savestate.
 .Sp
 Note that this command can only be executed on a \s-1TPM\s0 that is shut down.
 To then start the \s-1TPM\s0 with the uploaded state, the \fI\-i\fR command must
 be issued.
 .IP "\fB\-g\fR" 4
 .IX Item "-g"
 Get configuration flags that for example indicate which keys (file encryption
 or migration key) are in use by the \s-1TPM.\s0
 .IP "\fB\-\-info <flag>\fR" 4
 .IX Item "--info <flag>"
 Get information about the \s-1TPM\s0 implementation in \s-1JSON\s0 format. The flag
 <\s-1TPMLIB_INFO_TPMSPECIFICATION\s0>, which has the value 1, returns information
 about the specification the \s-1TPM\s0 implementation followed.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fBswtpm_cuse\fR
	.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.29)
	.\"
	.\" Standard preamble:
	.\" ========================================================================
	.de Sp \" Vertical space (when we can't use .PP)
	.if t .sp .5v
	.if n .sp
	..
	.de Vb \" Begin verbatim text
	.ft CW
	.nf
	.ne \\$1
	..
	.de Ve \" End verbatim text
	.ft R
	.fi
	..
	.\" Set up some character translations and predefined strings. \*(-- will
	.\" give an unbreakable dash, \(PI will give pi, \(L" will give a left
	.\" double quote, and \(R" will give a right double quote. \(C+ will
	.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
	.\" therefore won't be available. \(C` and \(C' expand to `' in nroff,
	.\" nothing in troff, for use with C<>.
	.tr \(*W-
	.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
	.ie n \{\
	. ds -- \(*W-
	. ds PI pi
	. if (\n(.H=4u)&(1m=24u) .ds -- \(W\h'-12u'\(W\h'-12u'-\" diablo 10 pitch
	. if (\n(.H=4u)&(1m=20u) .ds -- \(W\h'-12u'\(W\h'-8u'-\" diablo 12 pitch
	. ds L" ""
	. ds R" ""
	. ds C` ""
	. ds C' ""
	'br\}
	.el\{\
	. ds -- \\|\(em\\|
	. ds PI \(*p
	. ds L" ``
	. ds R" ''
	. ds C`
	. ds C'
	'br\}
	.\"
	.\" Escape single quotes in literal strings from groff's Unicode transform.
	.ie \n(.g .ds Aq \(aq
	.el .ds Aq '
	.\"
	.\" If the F register is turned on, we'll generate index entries on stderr for
	.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
	.\" entries marked with X<> in POD. Of course, you'll have to process the
	.\" output yourself in some meaningful fashion.
	.\"
	.\" Avoid warning from groff about undefined register 'F'.
	.de IX
	..
	.nr rF 0
	.if \n(.g .if rF .nr rF 1
	.if (\n(rF:(\n(.g==0)) \{
	. if \nF \{
	. de IX
	. tm Index:\\$1\t\\n%\t"\\$2"
	..
	. if !\nF==2 \{
	. nr % 0
	. nr F 2
	. \}
	. \}
	.\}
	.rr rF
	.\"
	.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
	.\" Fear. Run. Save yourself. No user-serviceable parts.
	. \" fudge factors for nroff and troff
	.if n \{\
	. ds #H 0
	. ds #V .8m
	. ds #F .3m
	. ds #[ \f1
	. ds #] \fP
	.\}
	.if t \{\
	. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
	. ds #V .6m
	. ds #F 0
	. ds #[ \&
	. ds #] \&
	.\}
	. \" simple accents for nroff and troff
	.if n \{\
	. ds ' \&
	. ds ` \&
	. ds ^ \&
	. ds , \&
	. ds ~ ~
	. ds /
	.\}
	.if t \{\
	. ds ' \\k:\h'-(\\n(.wu8/10-\(#H)'\'\h"\|\\n:u"
	. ds ` \\k:\h'-(\\n(.wu8/10-\(#H)'\`\h'\|\\n:u'
	. ds ^ \\k:\h'-(\\n(.wu10/11-\(#H)'^\h'\|\\n:u'
	. ds , \\k:\h'-(\\n(.wu*8/10)',\h'\|\\n:u'
	. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'\|\\n:u'
	. ds / \\k:\h'-(\\n(.wu8/10-\(#H)'\z\(sl\h'\|\\n:u'
	.\}
	. \" troff and (daisy-wheel) nroff accents
	.ds : \\k:\h'-(\\n(.wu8/10-\(#H+.1m+\(#F)'\v'-\(#V'\z.\h'.2m+\(#F'.\h'\|\\n:u'\v'\(#V'
	.ds 8 \h'\(#H'\(b\h'-\*(#H'
	.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\(#H)/2u'\v'-.3n'\(#[\z\(de\v'.3n'\h'\|\\n:u'\*(#]
	.ds d- \h'\(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\(#H'
	.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'\|\\n:u'
	.ds th \(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u2/3)'\s-1o\s+1\*(#]
	.ds Th \(#[\s+2I\s-2\h'-\w'I'u3/5'\v'-.3m'o\v'.3m'\*(#]
	.ds ae a\h'-(\w'a'u*4/10)'e
	.ds Ae A\h'-(\w'A'u*4/10)'E
	. \" corrections for vroff
	.if v .ds ~ \\k:\h'-(\\n(.wu9/10-\(#H)'\s-2\u~\d\s+2\h'\|\\n:u'
	.if v .ds ^ \\k:\h'-(\\n(.wu10/11-\(#H)'\v'-.4m'^\v'.4m'\h'\|\\n:u'
	. \" for low resolution devices (crt and lpr)
	.if \n(.H>23 .if \n(.V>19 \
	\{\
	. ds : e
	. ds 8 ss
	. ds o a
	. ds d- d\h'-1'\(ga
	. ds D- D\h'-1'\(hy
	. ds th \o'bp'
	. ds Th \o'LP'
	. ds ae ae
	. ds Ae AE
	.\}
	.rm #[ #] #H #V #F C
	.\" ========================================================================
	.\"
	.IX Title "swtpm_ioctl 8"
	.TH swtpm_ioctl 8 "2017-11-13" "swtpm" ""
	.\" For nroff, turn off justification. Always turn off hyphenation; it makes
	.\" way too many mistakes in technical documents.
	.if n .ad l
	.nh
	.SH "NAME"
	swtpm_ioctl \- Utility for sending control commands to swtpm
	.SH "SYNOPSIS"
	.IX Header "SYNOPSIS"
	\&\fBswtpm_ioctl [\s-1COMMAND\s0] <device>\fR
	.SH "DESCRIPTION"
	.IX Header "DESCRIPTION"
	\&\fBswtpm_ioctl\fR implements a client tool for controlling the
	\&\fIswtpm_cuse\fR \s-1TPM\s0 software emulator, such as for example its
	initialization and shutdown. Once the swtpm_cuse has been
	initialized, \s-1TPM\s0 commands can be sent to it.
	.PP
	The full path to the swtpm_cuse's character device must be provided such
	as for example /dev/vtpm\-200.
	.PP
	The environment variable \s-1SWTPM_IOCTL_BUFFERSIZE\s0 can be set to the size
	for the buffer for state blob transfer to use. If it is not set, the \fIioctl()\fR
	interface is used for transferring the state. This environment variable
	is primarily used for testing purposes.
	.PP
	The following commands are supported:
	.IP "\fB\-\-tpm\-device <device>\fR" 4
	.IX Item "--tpm-device <device>"
	Use the given device.
	.Sp
	This option can be used instead of providing the device as the last parameter.
	.IP "\fB\-\-tcp <server>:<port>\fR" 4
	.IX Item "--tcp <server>:<port>"
	Connect to the given server and port; if no server is given, 127.0.0.1 is used;
	if port is not given, the default port 6545 is used.
	.IP "\fB\-\-unixio <path>\fR" 4
	.IX Item "--unixio <path>"
	Connect to the given UnixIO path.
	.IP "\fB\-c\fR" 4
	.IX Item "-c"
	Get the swtpm_cuse's capability flags indicating which commands
	are supported.
	.IP "\fB\-i\fR" 4
	.IX Item "-i"
	Send a hardware initialization signal to the swtpm_cuse. Volatile
	state previously written by the \s-1TPM\s0 will be read and the file automatically
	delete.
	.IP "\fB\-s\fR" 4
	.IX Item "-s"
	Gracefully shut the swtpm_cuse down.
	.IP "\fB\-\-stop\fR" 4
	.IX Item "--stop"
	Stop the swtpm_cuse. This does not shut it down. The \fI\-i\fR command can again
	be sent to it. After a stop it is also possible to load \s-1TPM\s0 stateblobs into the
	\&\s-1TPM\s0 using the \fI\-\-load\fR command.
	.IP "\fB\-e\fR" 4
	.IX Item "-e"
	Get the tpmEstablished bit.
	.IP "\fB\-r locality\fR" 4
	.IX Item "-r locality"
	Reset the tpmEstablished bit using the given locality. Only localities 3 and 4 work.
	This operation will not permanently change the localty that was previously set
	using the \fI\-l\fR option.
	.IP "\fB\-l locality\fR" 4
	.IX Item "-l locality"
	Set the locality for the subsequent \s-1TPM\s0 commands.
	.IP "\fB\-v\fR" 4
	.IX Item "-v"
	Have the \s-1TPM\s0 write the volatile state to a file. Upon a TPM_Init (\-i) the
	\&\s-1TPM\s0 state will be read and the \s-1TPM\s0 can then resume operation without further
	intialization.
	.IP "\fB\-C\fR" 4
	.IX Item "-C"
	Cancel an ongoing \s-1TPM\s0 command.
	.IP "\fB\-h data\fR" 4
	.IX Item "-h data"
	Reset and extend \s-1PCR 17\s0 with the hash of the given data. If data is the single
	character '\-', then all data are read from stdin.
	.IP "\fB\-\-save <\s-1TPM\s0 state blob name> <filename> \fR" 4
	.IX Item "--save <TPM state blob name> <filename> "
	Save the \s-1TPM\s0 state blob into the given file. Valid \s-1TPM\s0 state blob
	names are permanent, volatile, and savestate.
	.Sp
	Note that this command can be executed at any time. However, to retrieve
	the latest volatile state, the \fI\-v\fR command should have been run
	immediately before running this command. The savestate blob will only be
	returned if a TPM_SaveState command was executed in the \s-1TPM.\s0
	.IP "\fB\-\-load <\s-1TPM\s0 state blob name> <filename>\fR" 4
	.IX Item "--load <TPM state blob name> <filename>"
	Load the given \s-1TPM\s0 state blob from the given file. Valid \s-1TPM\s0 state blob
	names are permanent, volatile, and savestate.
	.Sp
	Note that this command can only be executed on a \s-1TPM\s0 that is shut down.
	To then start the \s-1TPM\s0 with the uploaded state, the \fI\-i\fR command must
	be issued.
	.IP "\fB\-g\fR" 4
	.IX Item "-g"
	Get configuration flags that for example indicate which keys (file encryption
	or migration key) are in use by the \s-1TPM.\s0
	.IP "\fB\-\-info <flag>\fR" 4
	.IX Item "--info <flag>"
	Get information about the \s-1TPM\s0 implementation in \s-1JSON\s0 format. The flag
	<\s-1TPMLIB_INFO_TPMSPECIFICATION\s0>, which has the value 1, returns information
	about the specification the \s-1TPM\s0 implementation followed.
	.SH "SEE ALSO"
	.IX Header "SEE ALSO"
	\&\fBswtpm_cuse\fR