TPM Management - tpm_setpresence
NAME
tpm_setpresence- change TPM physical presence states or settings
SYNOPSIS
tpm_setpresence [OPTION]
DESCRIPTION
tpm_setpresence
reports the status of the TPM’s flags regarding
physical presence. This is the default behavior and also
accessible via the --status option. Requesting a
report of this status prompts for the owner password. The
--assert option changes the TPM to the physically
present state. The --clear option changes the TPM to
the not present state. The --lock option locks the
TPM to the current physical presence state for the current
boot cycle. The --enable-cmd option allows the TPM to
accept local commands to toggle physical presence states.
The --disable-cmd option prevents the TPM from
accepting local commands to toggle physical presence states.
The --enable-hw option allows the TPM to accept
hardware signals to toggle physical presence states. The
--disable-hw option prevents the TPM from accepting
hardware signals to toggle physical presence states. The
--set-lifetime-lock option locks the Command and
Hardware enablement flags in their current state
permenantly. This option can never be undone. The system
will attempt to use the owner password to display the
current states before preceding unless the --yes
option is given to answer yes to all questions. All changes
are made with the TSC_Physical Presence API.
-h, --help
Display command usage info.
-v, --version
Display command version info.
-l, --log [none|error|info|debug]
Set logging level.
-u, --unicode
Use TSS UNICODE encoding for passwords to comply with applications using TSS popup boxes
-s, --status
Report current physical presence states.
-a, --assert
Assert that an admin is physically present at the machine.
-c, --clear
Remove the assertion that an admin is physically present at the machine.
--lock |
Lock the assertions of physical presence in there current states until a reboot. |
--enable-cmd
Allow use of commands to signal an admin is physically present.
--disable-cmd
Disallow use of commands to signal an admin is physically present.
--enable-hw
Allow use of hardware signals to signal an admin is physically present.
--disable-hw
Disallow use of hardware signals to signal an admin is physically present.
--set-lifetime-lock
Allow no further changes to the flags controling how physical presence can be signaled. This is PERMANENT.
-y, --yes
Answer yes to all questions. Only applicable with --set-lifetime-lock.
-z, --well-known
Authenticate using 20 bytes of zeros as owner password (the default TSS Well Known Secret), instead of prompting for an owner password.
SEE ALSO
tpm_version(1), tpm_setenable(8), tpm_setactive(8), tpm_setownable(8), tcsd(8)
REPORTING BUGS
Report bugs to <trousers-users [AT] lists.net>