% tpm2_evictcontrol(1) tpm2-tools | General Commands Manual

NAME

tpm2_evictcontrol(1) - Make a transient object persistent or evict a persistent object.

SYNOPSIS

tpm2_evictcontrol [OPTIONS] [ARGUMENT]

DESCRIPTION

tpm2_evictcontrol(1) - Allows a transient object to be made persistent or a persistent object to be evicted. The HANDLE argument controls the index the handle will be assigned to. If the object specified via -c is transient, and a permanent HANDLE is specified, the object will be persisted at HANDLE. If HANDLE is a -, then the object will be persisted at the first available permanent handle location. If the object specified via -c is a permanent handle, then the object will be evicted from it's permenent handle location.

OPTIONS

  • -C, --hierarchy=OBJECT:

    The authorization hierarchy used to authorize the commands. Defaults to the "owner" hierarchy. Supported options are: * o for TPM_RH_OWNER * p for TPM_RH_PLATFORM * <num> where a raw number can be used.

  • -c, --object-context=OBJECT:

    A context object specifier of a transient or persistent object. If OBJECT is a transient object it will be persisted, either to the handle specified by the argument or to first available vacant persistent handle. If the OBJECT is for a persistent object, then the object will be evicted from non-volatile memory.

  • -P, --auth=AUTH:

    The authorization value for the hierarchy specified with -C.

  • -o, --output=FILE:

    Optionally output a serialized object representing the persistent handle. If untampered, these files are safer to use then raw persistent handles. A raw persistent handle should be verified that the object it points to is as expected.

  • --cphash=FILE

    File path to record the hash of the command parameters. This is commonly termed as cpHash. NOTE: When this option is selected, The tool will not actually execute the command, it simply returns a cpHash.

  • ARGUMENT the command line argument specifies the persistent handle to save the transient object to.

Output

The tool outputs a YAML compliant dictionary with the fields: persistent-handle: action: evicted|persisted

Where persistent-handle is the handle the action occurred to. Where action can either be one of evicted or persisted. If an object is evicted then the object is no longer resident at the persistent-handle address within the TPM. If an object is persisted then the object is resident at the persistent-handle address within the TPM.

References

context object format details the methods for specifying OBJECT.

authorization formatting details the methods for specifying AUTH.

common options collection of common options that provide information many users may expect.

common tcti options collection of options used to configure the various known TCTI modules.

EXAMPLES

To make a transient handle persistent at address 0x81010002

tpm2_changeauth -c o ownerauth
tpm2_createprimary -c primary.ctx -P ownerauth
tpm2_evictcontrol -C o -c primary.ctx 0x81010002 -P ownerauth

To evict a persistent handle

tpm2_evictcontrol -C o -c 0x81010002 -P ownerauth

To make a transient handle persistent and output a serialized persistent handle.

tpm2_evictcontrol -C o -c primary.ctx -o primary.handle -P ownerauth

returns

footer