man/man8/swtpm_bios.pod

   1 =head1 NAME
   2
   3 swtpm_bios
   4
   5 =head1 SYNOPSIS
   6
   7 B<swtpm_bios [OPTIONS]>
   8
   9 =head1 DESCRIPTION
  10
  11 B<swtpm_bios> is a tool that can send the commands to the TPM (I<swtpm>
  12 program) that typically are used by the BIOS to initialize the TPM.
  13 The user can choose among several command line options to choose the
  14 state the TPM should be set to.
  15
  16 This command requires the environment variable I<TCSD_USE_TCP_DEVICE>
  17 to be set for communication via TCP. Otherwise it will use the device
  18 set in the environment variable I<TPM_DEVICE> or fall back to use
  19 I</dev/tpm0> to send the commands to. In TCP mode, the environment variable
  20 I<TCSD_TCP_DEVICE_HOSTNAME> is used to indicate the host to send the commands
  21 to. By default I<localhost> is assumed. The default TCP port is 6545 unless
  22 the environment variable I<TCSD_TCP_DEVICE_PORT> indicates another port.
  23
  24 In case of success 0 will be returned. In case a TPM error was
  25 encountered the return code will be 128. In case of communcation
  26 failure 255 is returned. In case the TPM needs to be reset to become
  27 activated, 129 will be returned.
  28
  29 This command will send the following sequence of commands to the TPM.
  30
  31 =over 4
  32
  33 =item B<TPM_Startup(chosen mode)> -- startup TPM
  34
  35 =item B<TSC_PhysicalPresence(0x20)> -- PhysicalPresenceCMDEnable
  36
  37 =item B<TSC_PhysicalPresence(0x08)> -- turn on physical presence
  38
  39 =item B<TPM_GetCapability> -- get permanent flags
  40
  41 =item B<TPM_PhysicalEnable> -- enable the TPM
  42
  43 =item B<TPM_PhysicalSetDeactivated(0x0)> -- activate TPM
  44
  45 =item B<TPM_ContinueSelfTest> -- continue self test
  46
  47 =item B<TSC_PhysicalPresence(0x20)> -- PhysicalPresenceCMDEnable
  48
  49 =item B<TSC_PhysicalPresence(0x14)> -- turn off physical presence & lock it
  50
  51 =back
  52
  53 The following options are supported:
  54
  55 =over 4
  56
  57 =item B<--tpm-device E<lt>deviceE<gt>>
  58
  59 Use the given device rather than the default /dev/tpm0. This option overrides
  60 the TPM_DEVICE environment variable.
  61
  62 =item B<--tcp E<lt>serverE<gt>:E<lt>portE<gt>>
  63
  64 Connect to the given server and port; if no server is given, 127.0.0.1 is used;
  65 if port is not given, the default port 6545 is used.
  66
  67 =item B<--unixio E<lt>pathE<gt>>
  68
  69 Connect to the given UnixIO path.
  70
  71 =item B<-tpm2>
  72
  73 The device is a TPM 2.
  74
  75 =item B<-c>
  76
  77 Send TPM_Startup(ST_CLEAR) (default). This instructs the TPM to start
  78 with clear state.
  79
  80 =item B<-s>
  81
  82 Send TPM_Startup(ST_STATE). This instructs the TPM to start by restoring
  83 previously saved state.
  84
  85 =item B<-d>
  86
  87 Send TPM_Startup(ST_DEACTIVATED). This instructs the TPM to start in
  88 deactivated mode. This option has no effect on a TPM 2.
  89
  90 =item B<-n>
  91
  92 Don't send a TPM_Startup command.
  93
  94 =item B<-o>
  95
  96 Only send the startup command and nothing else.
  97
  98 =item B<-ea>
  99
 100 Make sure that the TPM is activated; if the TPM requires a reset, the program
 101 will exist and return a return code of 129.
 102
 103 =item B<-cs>
 104
 105 Send a TPM_ContinueSelfTest command to a TPM 1.2 and a TPM2_IncrementalSelfTest
 106 command to a TPM 2.
 107
 108 =item B<-u>
 109
 110 Give up physical presence on a TPM 1.2. In case of a TPM 2 set the platform
 111 hierarchy to a random password.
 112
 113 =item B<-v>
 114
 115 Display version and exit.
 116
 117 =item B<-h>
 118
 119 Display the help screen and exit.
 120
 121 =back
 122
 123 =head1 SEE ALSO
 124
 125 =head1 REPORTING BUGS
 126
 127 Report bugs to Stefan Berger <stefanb@linux.vnet.ibm.com>