% tpm2_clear(1) tpm2-tools | General Commands Manual


tpm2_clear(1) - Clears lockout, endorsement and owner hierarchy authorization values.


tpm2_clear [OPTIONS] [ARGUMENT]


tpm2_clear(1) - Send a clear command to the TPM to clear the 3 hierarchy authorization values. As an argument takes the auth value for either platform or lockout hierarchy

NOTE: All objects created under the respective hierarchies are lost.


  • -c, --auth-hierarchy=OBJECT:

    Specifies the hierarchy the tools should operate on. By default it operates on the lockout hierarchy.

    NOTE : Operating on platform hierarchy require platform authentication.

  • --cphash=FILE

    File path to record the hash of the command parameters. This is commonly termed as cpHash. NOTE: When this option is selected, The tool will not actually execute the command, it simply returns a cpHash.

  • ARGUMENT the command line argument specifies the AUTH to be set for the object specified with -c.


context object format details the methods for specifying OBJECT.

authorization formatting details the methods for specifying AUTH.

common options collection of common options that provide information many users may expect.

common tcti options collection of options used to configure the various known TCTI modules.


Set owner, endorsement and lockout authorizations to an empty value

tpm2_clear lockoutpasswd

Clear the authorization values on the platform hierarchy

tpm2_clear -c p