Man page - tss2_quote(1)

Packages contains this manual

Package:  tpm2-tools
apt-get install tpm2-tools

Manuals in package:
• tpm2_policylocality(1)
• tss2_createnv(1)
• tpm2_policycommandcode(1)
• tpm2_createpolicy(1)
• tpm2_readclock(1)
• tpm2_policyauthvalue(1)
• tss2_nvsetbits(1)
• tpm2_activatecredential(1)
• tpm2_dictionarylockout(1)
• tss2_quote(1)
• tss2_setcertificate(1)
• tss2(1)
• tss2_exportkey(1)
• tss2_changeauth(1)
• tpm2_createak(1)
• tss2_createkey(1)
• tpm2_selftest(1)
• tpm2_policytemplate(1)
• tpm2_pcrreset(1)
• tpm2_tr_encode(1)
• tpm2_unseal(1)
• tpm2_policycphash(1)
• tpm2_hierarchycontrol(1)
• tpm2_makecredential(1)
• tpm2_policyauthorizenv(1)
• tss2_gettpm2object(1)
• tpm2_encryptdecrypt(1)
• tss2_provision(1)
• tpm2_createprimary(1)
• tpm2_testparms(1)
• tpm2_rc_decode(1)
• tpm2_policynv(1)
• tss2_createseal(1)
• tss2_import(1)
• tpm2_policyor(1)
• tpm2_commit(1)
• tpm2_print(1)
• tpm2_clearcontrol(1)
• tss2_nvwrite(1)
• tpm2_getrandom(1)
• tss2_list(1)
• tpm2_certifycreation(1)
• tpm2_nvincrement(1)
• tpm2_nvread(1)
• tpm2_getekcertificate(1)
• tpm2_policyauthorize(1)
• tpm2_policyrestart(1)
• tss2_nvincrement(1)
• tpm2_shutdown(1)
• tss2_sign(1)
• tpm2_nvundefine(1)
• tpm2_policyticket(1)
• tpm2_policyduplicationselect(1)
• tpm2_setcommandauditstatus(1)
• tpm2_createek(1)
• tpm2_policysigned(1)
• tpm2_ecdhzgen(1)
• tss2_getappdata(1)
• tpm2_readpublic(1)
• tpm2_clear(1)
• tpm2_changepps(1)
• tpm2_incrementalselftest(1)
• tpm2_policycountertimer(1)
• tss2_pcrread(1)
• tpm2_certify(1)
• tss2_decrypt(1)
• tpm2_gettime(1)
• tpm2_policynvwritten(1)
• tss2_authorizepolicy(1)
• tss2_setappdata(1)
• tpm2_hash(1)
• tss2_verifyquote(1)
• tpm2_gettestresult(1)
• tpm2_sessionconfig(1)
• tpm2_nvsetbits(1)
• tpm2_policypcr(1)
• tpm2_loadexternal(1)
• tpm2_clockrateadjust(1)
• tpm2_rsadecrypt(1)
• tpm2_getcommandauditdigest(1)
• tpm2_eventlog(1)
• tss2_getcertificate(1)
• tpm2_evictcontrol(1)
• tpm2_getpolicydigest(1)
• tpm2_startauthsession(1)
• tss2_exportpolicy(1)
• tpm2_nvextend(1)
• tss2_delete(1)
• tpm2_changeauth(1)
• tpm2_load(1)
• tpm2_policypassword(1)
• tpm2_pcrevent(1)
• tss2_pcrextend(1)
• tpm2_quote(1)
• tpm2_policysecret(1)
• tss2_unseal(1)
• tss2_nvextend(1)
• tpm2_checkquote(1)
• tpm2_nvwrite(1)
• tpm2_duplicate(1)
• tss2_getplatformcertificates(1)
• tpm2_setclock(1)
• tss2_gettpmblobs(1)
• tpm2(1)
• tss2_getinfo(1)
• tss2_getrandom(1)
• tpm2_policynamehash(1)
• tpm2_send(1)
• tss2_writeauthorizenv(1)
• tpm2_pcrextend(1)
• tpm2_verifysignature(1)
• tpm2_import(1)
• tpm2_create(1)
• tpm2_geteccparameters(1)
• tpm2_hmac(1)
• tpm2_pcrallocate(1)
• tpm2_nvwritelock(1)
• tpm2_setprimarypolicy(1)
• tpm2_flushcontext(1)
• tpm2_rsaencrypt(1)
• tpm2_pcrread(1)
• tpm2_encodeobject(1)
• tpm2_zgen2phase(1)
• tss2_getdescription(1)
• tss2_nvread(1)
• tpm2_startup(1)
• tss2_verifysignature(1)
• tss2_setdescription(1)
• tpm2_nvreadpublic(1)
• tpm2_sign(1)
• tpm2_ecephemeral(1)
• tpm2_changeeps(1)
• tpm2_stirrandom(1)
• tpm2_nvreadlock(1)
• tpm2_nvdefine(1)
• tss2_encrypt(1)
• tpm2_nvcertify(1)
• tpm2_getcap(1)
• tpm2_ecdhkeygen(1)
• tpm2_getsessionauditdigest(1)
Documentations in package:
• tpm2-tools

Manual

tss2_quote

NAME
SYNOPSIS
SEE ALSO
DESCRIPTION
OPTIONS
COMMON OPTIONS
EXAMPLE
RETURNS
BUGS
HELP

---

NAME

tss2_quote (1) -

SYNOPSIS

tss2_quote [ OPTIONS ]

SEE ALSO

fapi-config(5) to adjust Fapi parameters like the used cryptographic profile and TCTI or directories for the Fapi metadata storages.

fapi-profile(5) to determine the cryptographic algorithms and parameters for all keys and operations of a specific TPM interaction like the name hash algorithm, the asymmetric signature algorithm, scheme and parameters and PCR bank selection.

DESCRIPTION

tss2_quote (1) - This command performs an attestation using the TPM. The PCR bank for each provided PCR index and signing scheme are set in the cryptographic profile (cf., fapi-profile(5) ).

OPTIONS

These are the available options:

•

-x , --pcrList = STRING :

An array holding the PCR indices to quote against.

•

-Q , --qualifyingData = FILENAME or - (for stdin):

A nonce provided by the caller to ensure freshness of the signature. Optional parameter.

•

-l , --pcrLog = FILENAME or - (for stdout):

Returns the PCR log for the chosen PCR. Optional parameter.

PCR event logs are a list (arbitrary length JSON array) of log entries with the following content.

- recnum: Unique record number
- pcr: PCR index
- digest: The digests
- type: The type of event. At the moment the only possible value is: "LINUX_IMA" (legacy IMA)
- eventDigest: Digest of the event; e.g. the digest of the measured file
- eventName: Name of the event; e.g. the name of the measured file.

•

-f , --force :

Force overwriting the output file.

•

-p , --keyPath = STRING :

Identifies the signing key.

•

-q , --quoteInfo = FILENAME or - (for stdout):

Returns a JSON-encoded structure holding the inputs to the quote operation. This includes the digest value and PCR values.

•

-o , --signature = FILENAME or - (for stdout):

Returns the signature over the quoted material.

•

-c , --certificate = FILENAME or - (for stdout):

The certificate associated with keyPath in PEM format. Optional parameter.

COMMON OPTIONS

This collection of options are common to all tss2 programs and provide information that many users may expect.

•

-h , --help [man|no-man] : Display the tools manpage. By default, it attempts to invoke the manpager for the tool, however, on failure will output a short tool summary. This is the same behavior if the “man” option argument is specified, however if explicit “man” is requested, the tool will provide errors from man on stderr. If the “no-man” option if specified, or the manpager fails, the short options will be output to stdout.

To successfully use the manpages feature requires the manpages to be installed or on MANPATH , See man (1) for more details.

•

-v , --version : Display version information for this tool, supported tctis and exit.

EXAMPLE

tss2_quote --keyPath=HS/SRK/quotekey --pcrList="10,16" --qualifyingData=qualifyingData.file --signature=signature.file --pcrLog=pcrLog.file --certificate=certificate.file --quoteInfo=quoteInfo.info

RETURNS

0 on success or 1 on failure.

BUGS

Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)

HELP

See the Mailing List (https://lists.linuxfoundation.org/mailman/listinfo/tpm2)

---