.\" Copyright (C) 2019 International Business Machines Corporation .\" .de Sh \" Subsection .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. .TH "tpm_restrictsrk" 8 "2019-01-27" "TPM Management" .ce 1 TPM Management - tpm_restrictsrk .SH NAME tpm_restrictsrk \- restrict the ability to access the Storage Root Key .SH "SYNOPSIS" .ad l .hy 0 .B tpm_restrictsrk .RB [ OPTION ] .SH "DESCRIPTION" .PP \fBtpm_restrictsrk\fR reports the status of who can access the Storage Root Key. This is the default behavior and also available with the \fB\-\-status\fR option. This operation will be in effect until the owner is cleared and prompts for the owner passord. With the \fB\-\-restrict\fR option, the ability to access the Storage Root Key is resticted to the owner. The command prompts for the owner password to complete the operation. The \fB\-\-allow\fR and \fB\-\-restrict\fR options are mutually exclusive and the last one on the command line will be carried out. .TP \fB\-h\fR, \fB\-\-help\fR Display command usage info. .TP \fB-v\fR, \fB\-\-version\fR Display command version info. .TP \fB-l\fR, \fB\-\-log\fR [none|error|info|debug] Set logging level. .TP \fB-u\fR, \fB\-\-unicode\fR Use TSS UNICODE encoding for passwords to comply with applications using TSS popup boxes .TP \fB-a\fR, \fB\-\-allow\fR Allow SRK read access using SRK auth .TP \fB-s\fR, \fB\-\-status\fR Display the status of who can access the Storage Root Key .TP \fB-r\fR, \fB\-\-restrict\fR Restrict SRK read to owner only .TP \fB-z\fR, \fB\-\-well-known\fR Authenticate using 20 bytes of zeros as owner password (the default TSS Well Known Secret), instead of prompting for an owner password. .SH "SEE ALSO" .PP \fBtpm_version\fR(1), \fBtpm_takeownership\fR(8), \fBtcsd\fR(8) .SH "REPORTING BUGS" Report bugs to