GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
swtpm_ioctl(8) swtpm_ioctl(8)

swtpm_ioctl - Utility for sending control commands to swtpm

swtpm_ioctl [COMMAND] [<device>]

swtpm_ioctl implements a client tool for controlling the swtpm_cuse and swtpm TPM software emulators, such as for example their initialization and shutdown. Once it has been initialized, TPM commands can be sent to it.

Note: The environment variable SWTPM_IOCTL_BUFFERSIZE can be set to the size for the buffer for state blob transfer to use. If it is not set, the ioctl() interface is used for transferring the state. This environment variable is primarily used for testing purposes.

The following commands are supported:

Use the given device. The full path to the character device must be provided, such as for example /dev/vtpm-200.

This option can be used instead of providing the device as the last parameter.

Connect to the given server and port; if no server is given, 127.0.0.1 is used; if port is not given, the default port 6545 is used.
Connect to the given UnixIO path.
Get the capability flags indicating which commands are supported.
Send a hardware initialization signal to the swtpm_cuse/swtpm. Volatile state previously written by the TPM will be read and the file automatically delete.
Initiate a graceful shut down.
Stop the swtpm_cuse/swtpm. This does not shut it down. The -i command can again be sent to it. After a stop it is also possible to load TPM stateblobs into the TPM using the --load command.
Get the tpmEstablished bit.
Reset the tpmEstablished bit using the given locality. Only localities 3 and 4 work. This operation will not permanently change the locality that was previously set using the -l option.
Set the locality for the subsequent TPM commands.
Have the TPM write the volatile state to a file. Upon a TPM_Init (-i) the TPM state will be read and the TPM can then resume operation without further initialization.
Cancel an ongoing TPM command.
Reset and extend PCR 17 with the hash of the given data. If data is the single character '-', then all data are read from stdin.
Save the TPM state blob into the given file. Valid TPM state blob names are 'permanent', 'volatile', and 'savestate'.

Note that this command can be executed at any time. However, to retrieve the latest volatile state, the -v command should have been run immediately before running this command. The savestate blob will only be returned if a TPM_SaveState command was executed in the TPM (TPM 1.2).

Load the given TPM state blob from the given file. Valid TPM state blob names are 'permanent', 'volatile', and 'savestate'.

Note that this command can only be executed on a TPM that is shut down. To then start the TPM with the uploaded state, the -i command must be issued.

Get configuration flags that for example indicate which keys (file encryption or migration key) are in use by the TPM.
Get information about the TPM implementation and its configuration in JSON format. The following values can be provided. All of the values can be or'ed (or added) together to get information about all of them in one query.
  • 0x1: information about the specification the TPM implementation followed
  • 0x2: information about the manufacturer, model and version of the TPM
  • 0x4: lists supported RSA and Camellia key sizes
  • 0x8: describes supported and enabled algorithms
  • 0x10: describes supported and enabled commands
  • 0x20: describes the active profile
  • 0x40: lists all built-in profiles
  • 0x80: describes supported attributes
Lock the storage and retry a given number of times with 10ms delay in between. Locking the storage may be necessary to do after the state of the TPM has been migrated out and the lock on the storage has been released when the 'savestate' blob was received and now the storage should be locked again.

Start swtpm on port 10000 for the control port and emulate a TPM 1.2:

   #> swtpm socket --tpmstate dir=/tmp/myvtpm1 --log level=4 --ctrl type=tcp,port=10000 --server type=tcp,port=10001 --flags not-need-init

Get information about the TPM implementation in JSON:

   #> swtpm_ioctl --tcp :10000 --info 1
   {"TPMSpecification":{"family":"1.2","level":2,"revision":116}}
   #> swtpm_ioctl --tcp :10000 --info 2
   {"TPMAttributes":{"manufacturer":"id:00001014","version":"id:00740001","model":"swtpm"}}

Shut down the swtpm

   #> swtpm_ioctl --tcp :10000 -s

swtpm_cuse

2025-04-30 swtpm
Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.