| =head1 NAME |
| |
| swtpm_bios - BIOS simulation tool for swtpm |
| |
| =head1 SYNOPSIS |
| |
| B<swtpm_bios [OPTIONS]> |
| |
| =head1 DESCRIPTION |
| |
| B<swtpm_bios> is a tool that can send the commands to the TPM (I<swtpm> |
| program) that typically are used by the BIOS to initialize the TPM. |
| The user can choose among several command line options to choose the |
| state the TPM should be set to. |
| |
| This command requires the environment variable I<TCSD_USE_TCP_DEVICE> |
| to be set for communication via TCP. Otherwise it will use the device |
| set in the environment variable I<TPM_DEVICE> or fall back to use |
| I</dev/tpm0> to send the commands to. In TCP mode, the environment variable |
| I<TCSD_TCP_DEVICE_HOSTNAME> is used to indicate the host to send the commands |
| to. By default I<localhost> is assumed. The default TCP port is 6545 unless |
| the environment variable I<TCSD_TCP_DEVICE_PORT> indicates another port. |
| |
| In case of success 0 will be returned. In case a TPM error was |
| encountered the return code will be 128. In case of communcation |
| failure 255 is returned. In case the TPM needs to be reset to become |
| activated, 129 will be returned. |
| |
| This command will send the following sequence of commands to the TPM. |
| |
| =over 4 |
| |
| =item B<TPM_Startup(chosen mode)> -- startup TPM |
| |
| =item B<TSC_PhysicalPresence(0x20)> -- PhysicalPresenceCMDEnable |
| |
| =item B<TSC_PhysicalPresence(0x08)> -- turn on physical presence |
| |
| =item B<TPM_GetCapability> -- get permanent flags |
| |
| =item B<TPM_PhysicalEnable> -- enable the TPM |
| |
| =item B<TPM_PhysicalSetDeactivated(0x0)> -- activate TPM |
| |
| =item B<TPM_ContinueSelfTest> -- continue self test |
| |
| =item B<TSC_PhysicalPresence(0x20)> -- PhysicalPresenceCMDEnable |
| |
| =item B<TSC_PhysicalPresence(0x14)> -- turn off physical presence & lock it |
| |
| =back |
| |
| The following options are supported: |
| |
| =over 4 |
| |
| =item B<--tpm-device E<lt>deviceE<gt>> |
| |
| Use the given device rather than the default /dev/tpm0. This option overrides |
| the TPM_DEVICE environment variable. |
| |
| =item B<--tcp E<lt>serverE<gt>:E<lt>portE<gt>> |
| |
| Connect to the given server and port; if no server is given, 127.0.0.1 is used; |
| if port is not given, the default port 6545 is used. |
| |
| =item B<--unix E<lt>pathE<gt>> |
| |
| Connect to the given UnixIO path. |
| |
| =item B<-tpm2> |
| |
| The device is a TPM 2. |
| |
| =item B<-c> |
| |
| Send TPM_Startup(ST_CLEAR) (default). This instructs the TPM to start |
| with clear state. |
| |
| =item B<-s> |
| |
| Send TPM_Startup(ST_STATE). This instructs the TPM to start by restoring |
| previously saved state. |
| |
| =item B<-d> |
| |
| Send TPM_Startup(ST_DEACTIVATED). This instructs the TPM to start in |
| deactivated mode. This option has no effect on a TPM 2. |
| |
| =item B<-n> |
| |
| Don't send a TPM_Startup command. |
| |
| =item B<-o> |
| |
| Only send the startup command and nothing else. |
| |
| =item B<-ea> |
| |
| Make sure that the TPM is activated; if the TPM requires a reset, the program |
| will exist and return a return code of 129. |
| |
| =item B<-cs> |
| |
| Send a TPM_ContinueSelfTest command to a TPM 1.2 and a TPM2_IncrementalSelfTest |
| command to a TPM 2. |
| |
| =item B<-u> |
| |
| Give up physical presence on a TPM 1.2. In case of a TPM 2 set the platform |
| hierarchy to a random password. |
| |
| =item B<-v> |
| |
| Display version and exit. |
| |
| =item B<-h> |
| |
| Display the help screen and exit. |
| |
| =back |
| |
| =head1 SEE ALSO |
| |
| =head1 REPORTING BUGS |
| |
| Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com> |