TPM Management - tpm_createek
tpm_createek - create an Endorsement Key Pair on the TPM
tpm_createek creates and Endorsement Key Pair on the TPM
(via the TPM_CreateEndorsementKeyPair API). This should rarely be required
as the Endorsement Key is normally installed as part of manufacturing.
However, you might need to run this command once if commands such as
tpm_getpubek are returning error code 35 from the TPM layer.
- -h, --help
- Display command usage info.
- -v, --version
- Display command version info.
- -l, --log
[none|error|info|debug]
- Set logging level.
- -r,
--revocable
- Creates a revocable key pair instead of non-revocable one. Requires
secret data (either -g -o or -i - see below).
- -i, --infile [input
file]
- Specifies the file that contains the secret data used as revoke data do
the new revocable EK pair. Only the first 20 bytes of this file are used
and the remaining ones are ignored.
- -g,
--generate-secret
- Generates a random 20 bytes value that is used as the EK pair revocable
secret data. Requires -o (see below).
- -o, --outfile [output
file]
- Specifies the file to write the generated revocable secret data to, for
further use.
Report bugs to <trousers-users@lists.sourceforge.net>