libstb/tss2/ibmtpm20tss/utils/man/man1/tsscreateprimary.1 - skiboot - Git at Google

 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.6.
 .TH CREATEPRIMARY "1" "March 2020" "createprimary 1.3" "User Commands"
 .SH NAME
 createprimary \- Runs TPM2 createprimary
 .SH DESCRIPTION
 createprimary creates a primary storage key
 .PP
 Runs TPM2_CreatePrimary
 .TP
 [\-hi
 hierarchy (e, o, p, n) (default null)]
 .TP
 [\-pwdp
 password for hierarchy (default empty)]
 .TP
 [\-pwdpi
 password file name for hierarchy (default empty)]
 .TP
 [\-pwdk
 password for key (default empty)]
 .TP
 [\-iu
 inPublic unique field file (default none)]
 .TP
 [\-opu
 public key file name (default do not save)]
 .TP
 [\-opem
 public key PEM format file name (default do not save)]
 .TP
 [\-tk
 output ticket file name]
 .TP
 [\-ch
 output creation hash file name]
 .IP
 [Asymmetric Key Algorithm]
 .HP
 \fB\-rsa\fR keybits (default)
 .IP
 (2048 default)
 .HP
 \fB\-ecc\fR curve
 .IP
 bnp256
 nistp256
 nistp384
 .IP
 Key attributes
 .TP
 \fB\-bl\fR
 data blob for unseal (create only)
 requires \fB\-if\fR
 .TP
 \fB\-den\fR
 decryption, (unrestricted, RSA and EC NULL scheme)
 .TP
 \fB\-deo\fR
 decryption, (unrestricted, RSA OAEP, EC NULL scheme)
 .TP
 \fB\-dee\fR
 decryption, (unrestricted, RSA ES, EC NULL scheme)
 .TP
 \fB\-des\fR
 encryption/decryption, AES symmetric
 [\-116 for TPM rev 116 compatibility]
 .TP
 \fB\-st\fR
 storage (restricted)
 [default for primary keys]
 .TP
 \fB\-si\fR
 unrestricted signing (RSA and EC NULL scheme)
 .TP
 \fB\-sir\fR
 restricted signing (RSA RSASSA, EC ECDSA scheme)
 .TP
 \fB\-dau\fR
 unrestricted ECDAA signing key pair
 .TP
 \fB\-dar\fR
 restricted ECDAA signing key pair
 .TP
 \fB\-kh\fR
 keyed hash (unrestricted, hmac)
 .TP
 \fB\-khr\fR
 keyed hash (restricted, hmac)
 .TP
 \fB\-dp\fR
 derivation parent
 .TP
 \fB\-gp\fR
 general purpose, not storage
 .TP
 [\-kt
 (can be specified more than once)]
 f       fixedTPM (default for primary keys and derivation parents)
 p       fixedParent (default for primary keys and derivation parents)
 nf      no fixedTPM (default for non\-primary keys)
 np      no fixedParent (default for non\-primary keys)
 ed      encrypted duplication (default not set)
 .TP
 [\-da
 object subject to DA protection (default no)]
 .TP
 [\-pol
 policy file (default empty)]
 .TP
 [\-uwa
 userWithAuth attribute clear (default set)]
 .TP
 [\-if
 data (inSensitive) file name]
 .TP
 [\-nalg
 name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
 .TP
 [\-halg
 scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
 .HP
 \fB\-se[0\-2]\fR session handle / attributes (default PWAP)
 .TP
 01
 continue
 .TP
 20
 command decrypt
 .TP
 40
 response encrypt
	.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.6.
	.TH CREATEPRIMARY "1" "March 2020" "createprimary 1.3" "User Commands"
	.SH NAME
	createprimary \- Runs TPM2 createprimary
	.SH DESCRIPTION
	createprimary creates a primary storage key
	.PP
	Runs TPM2_CreatePrimary
	.TP
	[\-hi
	hierarchy (e, o, p, n) (default null)]
	.TP
	[\-pwdp
	password for hierarchy (default empty)]
	.TP
	[\-pwdpi
	password file name for hierarchy (default empty)]
	.TP
	[\-pwdk
	password for key (default empty)]
	.TP
	[\-iu
	inPublic unique field file (default none)]
	.TP
	[\-opu
	public key file name (default do not save)]
	.TP
	[\-opem
	public key PEM format file name (default do not save)]
	.TP
	[\-tk
	output ticket file name]
	.TP
	[\-ch
	output creation hash file name]
	.IP
	[Asymmetric Key Algorithm]
	.HP
	\fB\-rsa\fR keybits (default)
	.IP
	(2048 default)
	.HP
	\fB\-ecc\fR curve
	.IP
	bnp256
	nistp256
	nistp384
	.IP
	Key attributes
	.TP
	\fB\-bl\fR
	data blob for unseal (create only)
	requires \fB\-if\fR
	.TP
	\fB\-den\fR
	decryption, (unrestricted, RSA and EC NULL scheme)
	.TP
	\fB\-deo\fR
	decryption, (unrestricted, RSA OAEP, EC NULL scheme)
	.TP
	\fB\-dee\fR
	decryption, (unrestricted, RSA ES, EC NULL scheme)
	.TP
	\fB\-des\fR
	encryption/decryption, AES symmetric
	[\-116 for TPM rev 116 compatibility]
	.TP
	\fB\-st\fR
	storage (restricted)
	[default for primary keys]
	.TP
	\fB\-si\fR
	unrestricted signing (RSA and EC NULL scheme)
	.TP
	\fB\-sir\fR
	restricted signing (RSA RSASSA, EC ECDSA scheme)
	.TP
	\fB\-dau\fR
	unrestricted ECDAA signing key pair
	.TP
	\fB\-dar\fR
	restricted ECDAA signing key pair
	.TP
	\fB\-kh\fR
	keyed hash (unrestricted, hmac)
	.TP
	\fB\-khr\fR
	keyed hash (restricted, hmac)
	.TP
	\fB\-dp\fR
	derivation parent
	.TP
	\fB\-gp\fR
	general purpose, not storage
	.TP
	[\-kt
	(can be specified more than once)]
	f fixedTPM (default for primary keys and derivation parents)
	p fixedParent (default for primary keys and derivation parents)
	nf no fixedTPM (default for non\-primary keys)
	np no fixedParent (default for non\-primary keys)
	ed encrypted duplication (default not set)
	.TP
	[\-da
	object subject to DA protection (default no)]
	.TP
	[\-pol
	policy file (default empty)]
	.TP
	[\-uwa
	userWithAuth attribute clear (default set)]
	.TP
	[\-if
	data (inSensitive) file name]
	.TP
	[\-nalg
	name hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
	.TP
	[\-halg
	scheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]
	.HP
	\fB\-se[0\-2]\fR session handle / attributes (default PWAP)
	.TP
	01
	continue
	.TP
	20
	command decrypt
	.TP
	40
	response encrypt