% tpm2_nvwrite(1) tpm2-tools | General Commands Manual


tpm2_nvwrite(1) - Write data to a Non-Volatile (NV) index.


tpm2_nvwrite [OPTIONS] [ARGUMENT]


tpm2_nvwrite(1) - Write data specified via FILE to a Non-Volatile (NV) index. If FILE is not specified, it defaults to stdin. The index is specified as an argument and can be a raw handle or an offset value to the nv handle range "TPM2_HR_NV_INDEX".



    Specify the NV index to write to as an offset to the starting NV index range or an absolute index value. Example: tpm2_nvwrite 1 is same as tpm2_nvwrite 0x01000001

  • -i, --input=FILE:

    This is a mandatory input to specify the input file with data to write to NV. The input can also be specified from stdin with -i- option.

  • -C, --hierarchy=OBJECT:

    Specifies the hierarchy used to authorize. Supported options are: * o for TPM_RH_OWNER * p for TPM_RH_PLATFORM * <num> where a hierarchy handle or nv-index may be used.

    When -C isn't explicitly passed the index handle will be used to authorize against the index. The index auth value is set via the -p option to tpm2_nvdefine(1).

  • -P, --auth=AUTH:

    Specifies the authorization value for the hierarchy.

  • --offset=NATURAL_NUMBER:

    The offset within the NV index to start writing at.

  • --cphash=FILE

    File path to record the hash of the command parameters. This is commonly termed as cpHash. NOTE: When this option is selected, The tool will not actually execute the command, it simply returns a cpHash unless rphash is also required.

  • --rphash=FILE

    File path to record the hash of the response parameters. This is commonly termed as rpHash.

  • -S, --session=FILE:

    The session created using tpm2_startauthsession. This can be used to specify an auxiliary session for auditing and or encryption/decryption of the parameters.

  • -n, --name=FILE:

    The name of the NV index that must be provided when only calculating the cpHash without actually dispatching the command to the TPM.


context object format details the methods for specifying OBJECT.

authorization formatting details the methods for specifying AUTH.

common options collection of common options that provide information many users may expect.

common tcti options collection of options used to configure the various known TCTI modules.


Write the file nv.data to index 0x01000001

tpm2_nvdefine -Q   1 -C o -s 32 -a "ownerread|policywrite|ownerwrite"

echo "please123abc" > nv.test_w

tpm2_nvwrite -Q   1 -C o -i nv.test_w