tpm_nvdefine defines a new NVRAM area at the given index
and of given size. The user has to provide the permissions that control
access to the NVRAM area.
Owner authentication is necessary once the NVRAM area 0xFFFFFFFF
has been defined. The owner password may be provided on the command line
using the owner password option.
The following options are supported:
- -h, --help
- Display command usage info.
- -v, --version
- Display command version info.
- -l, --log
[none|error|info|debug]
- Set logging level.
- -u, --unicode
- Use TSS UNICODE encoding for passwords to comply with applications using
TSS popup boxes
- -y,
--owner-well-known
- Use a secret of all zeros (20 bytes of zeros) as the owner's secret.
- -z,
--data-well-known
- Use a secret of all zeros (20 bytes of zeros) as the NVRAM area's
secret.
- -o, --pwdo (optional
parameter)
- The owner password.
A password may be directly provided for example by using
'--pwdo=password' or '-opassword'. If no password is provided with this
option then the program will prompt the user for the password.
- -a, --pwda (optional
parameter)
- The NVRAM area password.
A password may be directly provided for example by using
'--pwda=password' or '-apassword'. If no password is provided with this
option then the program will prompt the user for the password.
- -i, --index
- The index of the NVRAM area. The parameter must either be a decimal number
or a hexadecimal number starting with '0x'.
To select the NVRAM area with index 0x100, the command line
parameter should be '-i 0x100' or '--index 0x100'.
- -s, --size
- The size of the NVRAM area. The parameter must either be a decimal number
or a hexadecimal number starting with '0x'.
- -r, --rpcsr
- PCRs to seal the NVRAM area to for reading (use multiple times)
- -w, --wpcrs
- PCRs to seal the NVRAM area to for writing (use multiple times)
- -f, --filename
- File containing PCR info for the NVRAM area.
- -p, --permissions
- The access permissions associated with the NVRAM area. The parameter must
either be a decimal number or a hexadecimal number staring with '0x'. It
is possible to logically 'or' numbers or strings. The following strings
are supported:
- AUTHREAD
- Reading requires NVRAM area authorization.
- AUTHWRITE
- Writing requires NVRAM area authorization.
- PPREAD
- Reading requires physical presence.
- PPWRITE
- Writing requires physical presence.
- OWNERREAD
- Reading requires owner authorization.
- OWNERWRITE
- Writing requires owner authorization.
- GLOBALLOCK
- A write to index 0 locks the NVRAM area until the next
TPM_Startup(ST_CLEAR)
- READ_STCLEAR
- A read with size 0 on the same index prevents further reading until the
next TPM_Startup(ST_CLEAR)
- WRITE_STCLEAR
- A write with size 0 to the same index prevents further writing until the
next TPM_Startup(ST_CLEAR)
- WRITEDEFINE
- A write with size 0 to the same index locks the NVRAM area
permanently
- WRITEALL
- The value must be written in a single operation
An example of a permission parameter is:
--permissions="OWNERREAD|OWNERWRITE"
Report bugs to <trousers-users@lists.sourceforge.net>