% tpm2_setprimarypolicy(1) tpm2-tools | General Commands Manual

NAME

tpm2_setprimarypolicy(1) - Sets the authorization policy for the lockout (lockoutPolicy), the platform hierarchy (platformPolicy), the storage hierarchy (ownerPolicy), and the endorsement hierarchy (endorsementPolicy).

SYNOPSIS

tpm2_setprimarypolicy [OPTIONS]

DESCRIPTION

tpm2_setprimarypolicy(1) - Sets the authorization policy for the lockout (lockoutPolicy), the platform hierarchy (platformPolicy), the storage hierarchy (ownerPolicy), and the endorsement hierarchy (endorsementPolicy).

OPTIONS

These options control creating the policy authorization session:

  • -C, --hierarchy=OBJECT:

    Specifies the hierarchy whose authorization policy is to be setup. It can be specified as o|p|e|l

  • -P, --auth=AUTH:

    Specifies the authorization value for the hierarchy.

  • -L, --policy=FILE:

    The file path of the authorization policy data.

  • -g, --hash-algorithm=ALGORITHM:

    The hash algorithm used in computation of the policy digest.

  • --cphash=FILE

    File path to record the hash of the command parameters. This is commonly termed as cpHash. NOTE: When this option is selected, The tool will not actually execute the command, it simply returns a cpHash.

References

context object format details the methods for specifying OBJECT.

authorization formatting details the methods for specifying AUTH.

algorithm specifiers details the options for specifying cryptographic algorithms ALGORITHM.

common options collection of common options that provide information many users may expect.

common tcti options collection of options used to configure the various known TCTI modules.

EXAMPLES

Set a blank authorization policy for endorsement hierarchy

tpm2_setprimarypolicy -C e

returns

footer