tpm2_takeownership(1) - Insert authorization values for the owner, endorsement and lockout authorizations.
tpm2_takeownership(1) - performs a hash operation on FILE and returns the results. If FILE is not specified, then data is read from stdin. If the results of the hash will be used in a signing operation that uses a restricted signing key, then the ticket returned by this command can indicate that the hash is safe to sign.
Passwords should follow the password formatting standards, see section "Password Formatting".
The new endorse authorization value. Passwords should follow the same formatting requirements as the -o option.
The new lockout authorization value.
The new endorse authorization value. Passwords should follow the same formatting requirements as the -o option.
The old owner authorization value. Passwords should follow the same formatting requirements as the -o option.
The old endorse authorization value. Passwords should follow the same formatting requirements as the -o option.
The old lockout authorization value. Passwords should follow the same formatting requirements as the -o option.
Clears the 3 authorizations values with lockout auth, thus one must specify -L.
This collection of options are common to many programs and provide information that many users may expect.
This collection of environment variables that may be used to configure the various TCTI modules available.
The values passed through these variables can be overridden on a per-command basis using the available command line options, see the TCTI_OPTIONS section.
The variables respected depend on how the software was configured.
Note: Using the tpm directly requires the users to ensure that concurrent access does not occur and that they manage the tpm resources. These tasks are usually managed by a resource manager. Linux 4.12 and greater supports an in kernel resource manager at "/dev/tpmrm", typically "/dev/tpmrm0".
This collection of options are used to configure the varous TCTI modules available. They override any environment variables.
Passwords are interpreted in two forms, string and hex-string. A string password is not interpreted, and is directly used for authorization. A hex-string, is converted from a hexidecimal form into a byte array form, thus allowing passwords with non-printable and/or terminal un-friendly characters.
By default passwords are assumed to be in the string form. Password form is specified with special prefix values, they are:
Set owner, endorsement and lockout authorizations to an empty auth value:
tpm2_takeownership -c -L oldlockoutpasswd
Set owner, endorsement and lockout authorizations to a new value:
tpm2_takeownership -o newo -e newe -l newl -O oldo -E olde -L oldl
Github Issues (https://github.com/01org/tpm2-tools/issues)
See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)