% tpm2_changeeps(1) tpm2-tools | General Commands Manual
NAME
tpm2_changeeps(1) - Replaces the active endorsement primary seed with a new one generated off the TPM2 RNG.
SYNOPSIS
tpm2_changeeps [OPTIONS]
DESCRIPTION
tpm2_changeeps(1) - Replaces the active endorsement primary seed with a new one generated off the TPM2 RNG. The Transient and Persistent objects under the endorsement hierarchy are lost. This command requires platform auth.
OPTIONS
-
-p, --auth=AUTH
Specifies the AUTH for the platform. hierarchy.
-
--cphash=FILE
File path to record the hash of the command parameters. This is commonly termed as cpHash. NOTE: When this option is selected, The tool will not actually execute the command, it simply returns a cpHash, unless rphash is also required.
-
--rphash=FILE
File path to record the hash of the response parameters. This is commonly termed as rpHash.
-
-S, --session=FILE:
The session created using tpm2_startauthsession. This can be used to specify an auxiliary session for auditing and or encryption/decryption of the parameters.
References
authorization formatting details the methods for specifying AUTH.
common tcti options collection of options used to configure the various known TCTI modules.
EXAMPLES
Change the endorsement primary seed where the platform auth is NULL.
tpm2_changeeps