.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "swtpm_bios 8" .TH swtpm_bios 8 2024-04-20 swtpm "" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME swtpm_bios \- BIOS simulation tool for swtpm .SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBswtpm_bios [OPTIONS]\fR .SH DESCRIPTION .IX Header "DESCRIPTION" \&\fBswtpm_bios\fR is a tool that can send the commands to the TPM (\fIswtpm\fR program) that typically are used by the BIOS to initialize the TPM. The user can choose among several command line options to choose the state the TPM should be set to. .PP This command requires the environment variable \fITCSD_USE_TCP_DEVICE\fR to be set for communication via TCP. Otherwise it will use the device set in the environment variable \fITPM_DEVICE\fR or fall back to use \&\fI/dev/tpm0\fR to send the commands to. In TCP mode, the environment variable \&\fITCSD_TCP_DEVICE_HOSTNAME\fR is used to indicate the host to send the commands to. By default \fIlocalhost\fR is assumed. The default TCP port is 6545 unless the environment variable \fITCSD_TCP_DEVICE_PORT\fR indicates another port. .PP In case of success 0 will be returned. In case a TPM error was encountered the return code will be 128. In case of communication failure 255 is returned. In case the TPM needs to be reset to become activated, 129 will be returned. .PP This command will send the following sequence of commands to the TPM. .IP "\fBTPM_Startup(chosen mode)\fR \-\- startup TPM" 4 .IX Item "TPM_Startup(chosen mode) -- startup TPM" .PD 0 .IP "\fBTSC_PhysicalPresence(0x20)\fR \-\- PhysicalPresenceCMDEnable" 4 .IX Item "TSC_PhysicalPresence(0x20) -- PhysicalPresenceCMDEnable" .IP "\fBTSC_PhysicalPresence(0x08)\fR \-\- turn on physical presence" 4 .IX Item "TSC_PhysicalPresence(0x08) -- turn on physical presence" .IP "\fBTPM_GetCapability\fR \-\- get permanent flags" 4 .IX Item "TPM_GetCapability -- get permanent flags" .IP "\fBTPM_PhysicalEnable\fR \-\- enable the TPM" 4 .IX Item "TPM_PhysicalEnable -- enable the TPM" .IP "\fBTPM_PhysicalSetDeactivated(0x0)\fR \-\- activate TPM" 4 .IX Item "TPM_PhysicalSetDeactivated(0x0) -- activate TPM" .IP "\fBTPM_ContinueSelfTest\fR \-\- continue self test" 4 .IX Item "TPM_ContinueSelfTest -- continue self test" .IP "\fBTSC_PhysicalPresence(0x20)\fR \-\- PhysicalPresenceCMDEnable" 4 .IX Item "TSC_PhysicalPresence(0x20) -- PhysicalPresenceCMDEnable" .IP "\fBTSC_PhysicalPresence(0x14)\fR \-\- turn off physical presence & lock it" 4 .IX Item "TSC_PhysicalPresence(0x14) -- turn off physical presence & lock it" .PD .PP The following options are supported: .IP "\fB\-\-tpm\-device \fR" 4 .IX Item "--tpm-device " Use the given device rather than the default /dev/tpm0. This option overrides the TPM_DEVICE environment variable. .IP "\fB\-\-tcp :\fR" 4 .IX Item "--tcp :" Connect to the given server and port; if no server is given, 127.0.0.1 is used; if port is not given, the default port 6545 is used. .IP "\fB\-\-unix \fR" 4 .IX Item "--unix " Connect to the given UnixIO path. .IP \fB\-tpm2\fR 4 .IX Item "-tpm2" The device is a TPM 2. .IP \fB\-c\fR 4 .IX Item "-c" Send TPM_Startup(ST_CLEAR) (default). This instructs the TPM to start with clear state. .IP \fB\-s\fR 4 .IX Item "-s" Send TPM_Startup(ST_STATE). This instructs the TPM to start by restoring previously saved state. .IP \fB\-d\fR 4 .IX Item "-d" Send TPM_Startup(ST_DEACTIVATED). This instructs the TPM to start in deactivated mode. This option has no effect on a TPM 2. .IP \fB\-n\fR 4 .IX Item "-n" Don't send a TPM_Startup command. .IP \fB\-o\fR 4 .IX Item "-o" Only send the startup command and nothing else. .IP \fB\-ea\fR 4 .IX Item "-ea" Make sure that the TPM is activated; if the TPM requires a reset, the program will exist and return a return code of 129. .IP \fB\-cs\fR 4 .IX Item "-cs" Send a TPM_ContinueSelfTest command to a TPM 1.2 and a TPM2_IncrementalSelfTest command to a TPM 2. .IP \fB\-u\fR 4 .IX Item "-u" Give up physical presence on a TPM 1.2. In case of a TPM 2 set the platform hierarchy to a random password. .IP \fB\-v\fR 4 .IX Item "-v" Display version and exit. .IP \fB\-h\fR 4 .IX Item "-h" Display the help screen and exit. .SH "SEE ALSO" .IX Header "SEE ALSO" .SH "REPORTING BUGS" .IX Header "REPORTING BUGS" Report bugs to Stefan Berger