Provided by: tpm2-tools_5.6-1build4_amd64 bug

NAME
       tss2_provision(1) -


SYNOPSIS
       tss2_provision [OPTIONS]


SEE ALSO
       fapi-config(5)  to adjust Fapi parameters like the used cryptographic profile and TCTI or directories for
       the Fapi metadata storages.

       fapi-profile(5) to determine the cryptographic algorithms and parameters for all keys and operations of a
       specific TPM interaction like the name hash algorithm, the asymmetric signature algorithm, scheme and pa‐
       rameters and PCR bank selection.


DESCRIPTION
       tss2_provision(1) - This command provisions a FAPI instance and its associated TPM.  The steps taken are:

       • Retrieve the EK template, nonce and certificate, verify that they match the TPM’s EK and store them  in
         the key store.

       • Set  the authValues and policies for the Owner (Storage Hierarchy), the Privacy Administrator (Endorse‐
         ment Hierarchy) and the lockout authority.

       • Scan the TPM’s nv indices and create entries in the FAPI metadata store.   This  operation  MAY  use  a
         heuristic to guess the originating programs for nv indices found and name the entries accordingly.

       • Create  the  SRK (storage primary key) inside the TPM and make it persistent if required by the crypto‐
         graphic profile (cf., fapi-profile(5)) and store its metadata in the system-wide FAPI  metadata  store.
         Note that the SRK will not have an authorization value associated.

       If an authorization value is associated with the storage hierarchy, it is highly recommended that the SRK
       without authorization value is made persistent.

       The  paths of the different metadata storages for keys and nv indices are configured in the FAPI configu‐
       ration file (cf., fapi-config(5)).


OPTIONS
       These are the available options:

       • -E, --authValueEh=STRING: The authorization value for the privacy admin, i.e. the  endorsement  hierar‐
         chy.  Optional parameter.

       • -S,  --authValueSh=STRING: The authorization value for the owner, i.e. the storage hierarchy.  Optional
         parameter.

       • -L, --authValueLockout=STRING: The authorization value for the lockout authorization.  Optional parame‐
         ter.


COMMON OPTIONS
       This collection of options are common to all tss2 programs and provide information that  many  users  may
       expect.

       • -h, --help [man|no-man]: Display the tools manpage.  By default, it attempts to invoke the manpager for
         the tool, however, on failure will output a short tool summary.  This is the same behavior if the “man”
         option argument is specified, however if explicit “man” is requested, the tool will provide errors from
         man  on  stderr.  If the “no-man” option if specified, or the manpager fails, the short options will be
         output to stdout.

         To successfully use the manpages feature requires the manpages to  be  installed  or  on  MANPATH,  See
         man(1) for more details.

       • -v, --version: Display version information for this tool, supported tctis and exit.


EXAMPLE
              tss2_provision


RETURNS
       0 on success or 1 on failure.


BUGS
       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)


HELP
       See the Mailing List (https://lists.linuxfoundation.org/mailman/listinfo/tpm2)

tpm2-tools                                         APRIL 2019                                  tss2_provision(1)