% tpm2_getcommandauditdigest(1) tpm2-tools | General Commands Manual

NAME

tpm2_getcommandauditdigest(1) - Retrieve the command audit attestation data from the TPM.

SYNOPSIS

tpm2_getcommandauditdigest [OPTIONS]

DESCRIPTION

tpm2_getcommandauditdigest(1) - Retrieve the command audit attestation data from the TPM. The attestation data includes the audit digest of the commands in the setlist setup using the command tpm2_setcommandauditstatus. Also the attestation data includes the digest of the list of commands setup for audit. The audit digest algorith is setup in the tpm2_setcommandauditstatus.

OPTIONS

  • -P, --hierarchy-auth=AUTH:

    Specifies the authorization value for the endorsement hierarchy.

  • -c, --key-context=OBJECT:

    Context object for the signing key that signs the attestation data.

  • -p, --auth=AUTH:

    Specifies the authorization value for key specified by option -c.

  • -q, --qualification=HEX_STRING_OR_PATH:

    Data given as a Hex string or binary file to qualify the quote, optional. This is typically used to add a nonce against replay attacks.

  • -s, --signature=FILE:

    Signature output file, records the signature in the format specified via the -f option.

  • -m, --message=FILE:

    Message output file, records the quote message that makes up the data that is signed by the TPM. This is the command audit digest attestation data.

  • -f, --format=FORMAT:

    Format selection for the signature output file.

  • -g, --hash-algorithm:

    Hash algorithm for signature. Defaults to sha256.

  • --scheme=ALGORITHM:

    The signing scheme used to sign the message. Optional. Signing schemes should follow the "formatting standards", see section "Algorithm Specifiers". Also, see section "Supported Signing Schemes" for a list of supported signature schemes. If specified, the signature scheme must match the key type. If left unspecified, a default signature scheme for the key type will be used.

References

context object format details the methods for specifying OBJECT.

authorization formatting details the methods for specifying AUTH.

signature format specifiers option used to configure signature FORMAT.

common options collection of common options that provide information many users may expect.

common tcti options collection of options used to configure the various known TCTI modules.

EXAMPLES

tpm2_getcommandauditdigest -P ekpass -c key.ctx -p keypass -m att.data -s att.sig

returns

footer