| Gaurav Shah | bf6c4a7 | 2010-03-05 10:58:48 -0800 | [diff] [blame] | 1 | "tpm-nvtool\n" |
| 2 | "Copyright (c) 2009,2010 The Chromium OS Authors. All rights reserved.\n" |
| 3 | "\n" |
| 4 | "tpm-nvtool is a command-line program for managing Trusted Platform Module \n" |
| 5 | "(TPM) Non-Volatile (NV) memory. It allows you to \"define\" (create) and\n" |
| 6 | "\"release\" (destroy) stores in a TPM's NV memory component. It requires a\n" |
| 7 | "TPM that complies with TPM Specification version 1.2.\n" |
| 8 | "\n" |
| 9 | "Usage:\n" |
| 10 | "\n" |
| 11 | "* Creating an NV store\n" |
| 12 | "\n" |
| 13 | " --define --index INDEX --owner_password OWNER_PASSWORD --size SIZE \\\n" |
| 14 | " [--pcr PCR] [--permissions PERMISSIONS] [--index_password INDEX_PASSWORD]\n" |
| 15 | "\n" |
| 16 | " The parameters mean the following:\n" |
| 17 | "\n" |
| 18 | " INDEX A valid NV index\n" |
| 19 | " OWNER_PASSWORD TPM owner password\n" |
| 20 | " SIZE Requested NV store's size in bytes\n" |
| 21 | " PCR A PCR whose value will be required to read or write to the\n" |
| 22 | " NV store; multiple PCRs can be specified through multiple\n" |
| 23 | " instances of this argument\n" |
| 24 | " PERMISSIONS A comma-separated string consisting of zero or more of the\n" |
| 25 | " following keywords:\n" |
| 26 | "\n" |
| 27 | " AUTHREAD Reads authorized by INDEX_PASSWORD\n" |
| 28 | " AUTHWRITE Writes authorized by INDEX_PASSWORD\n" |
| 29 | " OWNERREAD Reads authorized by OWNER_PASSWORD\n" |
| 30 | " OWNERWRITE Writes authorized by OWNER_PASSWORD\n" |
| 31 | " PPREAD Reads authorized by Physical Presence\n" |
| 32 | " PPWRITE Writes authorized by Physical Presence\n" |
| 33 | " READ_STCLEAR Cannot be read after a zero-sized write;\n" |
| 34 | " will need a full TPM clear to unlock\n" |
| 35 | " WRITE_STCLEAR Cannot be written after a zero-sized write\n" |
| 36 | " will need a full TPM clear to unlock\n" |
| 37 | " WRITEALL Data must be written all at once\n" |
| 38 | " \n" |
| 39 | " INDEX_PASSWORD Password for reading and/or writing to the NV store; required\n" |
| 40 | " if PERMISSIONS has AUTHREAD or AUTHWRITE\n" |
| 41 | "\n" |
| 42 | "* Destroying an NV store\n" |
| 43 | "\n" |
| 44 | " --release --index INDEX --owner_password OWNER_PASSWORD\n" |
| 45 | "\n" |
| 46 | "* Listing NV stores\n" |
| 47 | "\n" |
| 48 | " --list [--index INDEX]\n" |
| 49 | "\n" |
| 50 | " By default, all NV stores will be listed. If INDEX is specified, only that\n" |
| 51 | " index, if it exists, will be listed.\n" |
| 52 | "\n" |
| 53 | "* Reading from an NV store\n" |
| 54 | "\n" |
| 55 | " --read --index INDEX [--size SIZE] [--offset OFFSET] [--hexdump] \\\n" |
| 56 | " [--password PASSWORD]\n" |
| 57 | "\n" |
| 58 | " The parameters mean the following:\n" |
| 59 | "\n" |
| 60 | " INDEX A valid, existing NV index\n" |
| 61 | " SIZE Number of bytes to read; if specified, must be greater than\n" |
| 62 | " zero and no larger than the NV store's size; if not specified,\n" |
| 63 | " the entire NV store will be read\n" |
| 64 | " OFFSET Offset in bytes to read from; if specified, it must be such\n" |
| 65 | " that the requested data specified through OFFSET and SIZE\n" |
| 66 | " lies within the NV store; if not specified, an offset of 0\n" |
| 67 | " is implied\n" |
| 68 | " PASSWORD The appropriate password needed for reading\n" |
| 69 | "\n" |
| 70 | " By default, data read from the NV store will be dumped as is (raw) to the\n" |
| 71 | " standard output, which in turn can be redirected to a file. If --hexdump is\n" |
| 72 | " specified, data bytes will be printed in hexadecimal format instead.o\n" |
| 73 | "\n" |
| 74 | "* Writing to an NV store\n" |
| 75 | "\n" |
| 76 | " --write --index INDEX --string STRING [--size SIZE] [--offset OFFSET] \\\n" |
| 77 | " [--password PASSWORD]\n" |
| 78 | "\n" |
| 79 | " The parameters mean the following:\n" |
| 80 | " \n" |
| 81 | " STRING A null-terminated string that will be written to the NV store\n" |
| 82 | " SIZE Number of bytes to write; if SIZE is not specified, the entire\n" |
| 83 | " length of the string (not including the terminating null) is\n" |
| 84 | " written, provided it fits in the NV store\n" |
| 85 | " OFFSET Offset in the NV store to write to; if not specified, an\n" |
| 86 | " offset of 0 is implied\n" |
| 87 | " PASSWORD The appropriate password needed for reading\n" |
| 88 | "\n" |
| 89 | " You can also specify a file instead of an inline string as the source of\n" |
| 90 | " data to write to the NV store:\n" |
| 91 | "\n" |
| 92 | " --write --index INDEX --file PATH [--size SIZE] [--offset OFFSET] \\\n" |
| 93 | " [--password PASSWORD]\n" |
| 94 | "\n" |
| 95 | "* Locking an NV store\n" |
| 96 | "\n" |
| 97 | " --writezero --index INDEX [--password PASSWORD]\n" |
| 98 | "\n" |
| 99 | " If the NV store's permission attributes contain READ_STCLEAR or WRITE_STCLEAR,\n" |
| 100 | " using --writezero will lock that store for reading or writing, respectively.\n" |
| 101 | "\n" |