TPMADM(8) | Maintenance Commands and Procedures | TPMADM(8) |
tpmadm - administer Trusted Platform Module
tpmadm status
tpmadm init
tpmadm clear [owner | lock]
tpmadm auth
tpmadm keyinfo [uuid]
tpmadm deletekey uuid
A Trusted Platform Module (TPM) is a hardware component that provides for protected key storage and reliable measurements of software used to boot the operating system. The tpmadm utility is used to initialize and administer the TPM so that it can be used by the operating system and other programs.
The TPM subsystem can store and manage an unlimited number of keys for use by the operating system and by users. Each key is identified by a Universally Unique Identifier, or UUID.
Although the TPM can hold only a limited number of keys at any given time, the supporting software automatically loads and unloads keys as needed. When a key is stored outside the TPM, it is always encrypted or "wrapped" by its parent key so that the key is never exposed in readable form outside the TPM.
Before the TPM can be used, it must be initialized by the platform owner. This process involves setting an owner password which is used to authorize privileged operations.
Although the TPM owner is similar to a traditional superuser, there are two important differences. First, process privilege is irrelevant for access to TPM functions. All privileged operations require knowledge of the owner password, regardless of the privilege level of the calling process. Second, the TPM owner is not able to override access controls for data protected by TPM keys. The owner can effectively destroy data by re-initializing the TPM, but he cannot access data that has been encrypted using TPM keys owned by other users.
The following subcommands are used in the form:
# tpmadm <subcommand> [operand]
status
init
auth
clear lock
clear owner
keyinfo [uuid]
deletekey uuid
After completing the requested operation, tpmadm exits with one of the following status values.
0
1
2
See attributes(7) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Interface Stability | Committed |
TCG Software Stack (TSS) Specifications: https://www.trustedcomputinggroup.org/specs/TSS (as of the date of publication)
April 9, 2016 | OmniOS |