From 1d93d0359c54c6cbed622a79ffcbdefa00063710 Mon Sep 17 00:00:00 2001 From: Juergen Repp Date: Mon, 25 Sep 2023 11:17:23 +0200 Subject: [PATCH] tpm_createek: Fix man page example. The last example does not work if a resource manager is used. Thus the option -Tdevice:/dev/tpm0 is added to the commands. Signed-off-by: Juergen Repp --- man/tpm2_createek.1.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/man/tpm2_createek.1.md b/man/tpm2_createek.1.md index 6e1c6d0c0..62ee2ea24 100644 --- a/man/tpm2_createek.1.md +++ b/man/tpm2_createek.1.md @@ -1,7 +1,7 @@ % tpm2_createek(1) tpm2-tools | General Commands Manual # NAME - +https://www.aka55plus.de/materialien/Programm_35.pdf **tpm2_createek**(1) - Generate TCG profile compliant endorsement key. # SYNOPSIS @@ -93,25 +93,30 @@ tpm2_createek -G ecc384 -c 0x81010002 ``` ### Create a transient Endorsement Key, flush it, and reload it. +Typically, when using the TPM, the interactions occur through a resource +manager, like tpm2-abrmd(8). However, when interacting with the TPM directly, +this scenario is possible. The below example assumes direct TPM access not +brokered by a resource manager. Specifically we will use /dev/tpm0. + ```bash -tpm2_createek -c ek.ctx -G rsa -u ek.pub +tpm2_createek -c ek.ctx -G rsa -u ek.pub -Tdevice:/dev/tpm0 # Check that it is loaded in transient memory -tpm2_getcap handles-transient +tpm2_getcap handles-transient -Tdevice:/dev/tpm0 - 0x80000000 # Flush the handle -tpm2_flushcontext 0x80000000 +tpm2_flushcontext 0x80000000 -Tdevice:/dev/tpm0 # Note that it is flushed -tpm2_getcap handles-transient +tpm2_getcap handles-transient -Tdevice:/dev/tpm0 # Reload it via loadexternal -tpm2_loadexternal -C o -u ek.pub -c ek.ctx +tpm2_loadexternal -C o -u ek.pub -c ek.ctx -Tdevice:/dev/tpm0 # Check that it is re-loaded in transient memory -tpm2_getcap handles-transient +tpm2_getcap handles-transient -Tdevice:/dev/tpm0 - 0x80000000 ```