TPM Management - tpm_restrictpubek
tpm_restrictpubek - restrict the ability to display the public portion of the
Endorsement Key to the owner
reports the status of who can display the public
portion of the Endorsement Key. This is the default behavior and also
available with the --status
option. This operation will be in effect
until the owner is cleared and prompts for the owner passord. With the
option, the ability to display the public portion of the
Endorsement Key is resticted to the owner (via the TPM_DisablePubekRead API).
The command prompts for the owner password to complete the operation. The
options are mutually exclusive and the
last one on the command line will be carried out.
- -h, --help
- Display command usage info.
- -v, --version
- Display command version info.
- -l, --log [none|error|info|debug]
- Set logging level.
- -u, --unicode
- Use TSS UNICODE encoding for passwords to comply with
applications using TSS popup boxes
- -s, --status
- Display the status of who can see the public portion of the
- -r, --restrict
- Restrict seeing the public portion of the Endorsement Key
to the owner
- -z, --well-known
- Authenticate using 20 bytes of zeros as owner password (the
default TSS Well Known Secret), instead of prompting for an owner
Report bugs to <firstname.lastname@example.org>