- --context is now --credentialedkey-context.
- --key-context is now --credentialkey-context.
- --Password is now --credentialedkey-auth.
- --endorse-passwd is now --credentialkey-auth.
- --in-file is now --credential-secret.
- --out-file is now --certinfo-data.
- -f becomes -i.
- -k becomes -C.
- -e becomes -E.
- --halg is now --hash-algorithm.
- --obj-context is now --certifiedkey-context.
- --key-context is now --signingkey-context.
- --pwdo is now --certifiedkey-auth.
- --pwdk is now --signingkey-auth.
- -a becomes -o.
- -k becomes -p.
- -c becomes -C.
- -k becomes -K.
- New tool for changing the authorization values of:
- Hierarchies
- NV
- Objects
- Replaces tpm2_takeownership with more generic functionality.
- --halg is now --hash-algorithm.
- --pcr-input-file is now --pcr.
- --pubfile is now --public.
- --qualify-data is now --qualification.
- -f becomes -F.
- -F becomes -f.
- -G becomes -g.
- --lockout-passwd is now --auth-lockout.
- New tool for enabling or disabling tpm2_clear commands.
- --object-attributes is now --attributes.
- --pwdp is now --parent-auth.
- --pwdo is now --key-auth.
- --in-file is now --sealing-input.
- --policy-file is now --policy.
- --pubfile is now --public.
- --privfile is now --private.
- --out-context is now --key-context.
- --halg is now --hash-algorithm.
- --kalg is now --key-algorithm.
- -o becomes -c.
- -K becomes -p.
- -A becomes -b.
- -I becomes -i.
- -g becomes an optional option.
- -G becomes an optional option.
- Supports TPM command CreateLoaded via -c.
- Renamed from tpm2_getpubak
- renamed from tpm2_getpubek
- --out-policy-file is now --policy.
- --policy-digest-alg is now --policy-algorithm.
- --auth-policy-session is now --policy-session.
- -L becomes -l.
- -F becomes -f.
- -f becomes -o.
- Removed option --set-list with short option -L.
- Removed option --pcr-input-file with short option -F.
- Pcr policy options replaced with pcr password mini language.
- Removed short option a for specifying auth session. Use long option --policy-session.
- Removed short option -P for specifying pcr policy. Use long option --policy-pcr.
- --object-attributes is now --attributes.
- -o is now -c
- --pwdp is now --hierarchy-auth.
- --pwdk is now --key-auth.
- --halg is now --hash-algorithm.
- --kalg is now --key-algorithm.
- --context-object is now --key-context.
- --policy-file is now --policy.
- support for unique field when creating objects via -u
- saves a context file for the generated primary's handle to disk via -c.
- -A becomes -a.
- -K becomes -p.
- -H becomes -C.
- -g becomes optional.
- -G becomes optional.
- --lockout-passwd is now --auth.
- -P becomes -p.
- New tool for duplicating TPM objects.
- --pwdk is now --auth.
- --out-file is now --output.
- -D becomes -d.
- -I becomes an argument.
- -P becomes -p.
- Support IVs via -t or --iv.
- Support modes via -G.
- Support padding via -e or --pad.
- Supports input and output to stdin and stdout respectively.
- --auth is now --hierarchy.
- --context is now --object-context.
- --pwda is now --auth.
- --persistent with short option -S is now an argument.
- -A becomes -C.
- Added option --output -o to serialize handle to disk.
- Removed option --handle with short option -H.
- Raw object-handles and object-contexts are commonly handled with object handling logic.
- Removed option --input-session-handle with short option -i.
- Authorization session is now part of password mini language.
- -c becomes an argument.
- Most instances of value replaced with raw in YAML output.
- TPM2_PT_MANUFACTURER displays string value and raw value.
- Supports --pcr option for listing hash algorithms and bank numbers.
- Renamed from tpm2_getmanufec
- Renamed the tool to tpm2_getekcertificate.
- Removed ek key creation and management logic.
- Added option for getting ek cert for offline platform via -x.
- --ec-cert is now --ek-certificate,
- --untrusted is now --allow-unverified,
- --output is now --ek-public,
- -U is now -X.
- -O is now -x.
- -f becomes -o.
- Removed option -P or --endorse-passwd.
- Removed option -p or --ek-passwd.
- Removed option -w or --owner-passwd.
- Removed option -H or --persistent-handle.
- Removed option -G or --key-algorithm.
- Removed option -N or --non-persistent.
- Removed option -O or --offline.
- renamed to tpm2_createak.
- -f becomes -p and -f is used for format of public key output.
- --auth-endorse is now --eh-auth.
- --auth-ak is now --ak-auth.
- --halg is now --hash-algorithm.
- --kalg is now --key-algorithm.
- -e becomes -P.
- -P becomes -p.
- -D becomes -g.
- -p becomes -u.
- --context becomes --ak-context.
- --algorithm becomes --kalg.
- --digest-alg becomes --halg.
- --privfile becomes --private.
- remove -k persistant option. Use tpm2_evictcontrol.
- Fix -o option to -w.
- now saves a context file for the generated primary's handle to disk.
- -E becomes -e.
- -g changes to -G.
- support for non-persistent AK generation.
- renamed to tpm2_createek
- --endorse-passwd is now --eh-auth.
- --owner-passwd is now --owner-auth.
- --ek-passwd is now --ek-auth.
- --file is now --public.
- --context is now --ek-context.
- --algorithm is now --key-algorithm.
- -e is now -P.
- -P is now -p.
- -p is now -u.
- -o is now -w.
- -g is now -G.
- Support for saving a context file for the generated primary keys handle to disk.
- support for non-persistent EK generation.
- -f is now -p.
- -f support for format of public key output.
- change default output to binary.
- add --hex option for output to hex format.
- --out-file is now --output.
- bound input request on max hash size per spec, allow -f to override this.
- new tool for getting test results.
- add --hex for specifying hex output.
- default output of hash to stdout.
- default output of hash as binary.
- remove output of ticket to stdout.
- --halg is now --hash-algorithm.
- --out-file is now --output.
- -a is now -C.
- -H is now -a.
- add -t option for specifying ticket result.
- --out-file is now --output.
- --auth-key is now --auth. ---algorithm is now --hash-algorithm.
- --pwdk is now --auth-key.
- -C is now -c.
- -P is now -p.
- new tool added for enabling or disabling the use of a hierarchy and its associated NV storage.
- --object-attributes is now --attributes.
- --auth-parent is now --parent-auth.
- --auth-key is now --key-auth.
- --algorithm is now --key-algorithm.
- --in-file is now --input.
- --parent-key is now --parent-context.
- --privfile is now --private.
- --pubfile is now --public.
- --halg is now --hash-algorithm.
- --policy-file is now --policy.
- --sym-alg-file is now --encryption-key.
- -A is now -b.
- -k is now -i.
- support OSSL style -passin argument as --passin for PEM file passwords.
- support additional import key types:
- RSA1024/2048.
- AES128/192/256.
- -q changes to -u to align with tpm2_loads public/private output arguments.
- Supports setting object name algorithm via -g.
- support specifying parent key with a context file.
- --parent-key-handle/-H becomes --parent-key/-C
- Parent public data option is optional and changes from
. - Supports importing external RSA 2048 keys via pem files.
- Add tool to test support of specific algorithms.
- deleted as tpm2_getcap and tpm2_readpublic can be used instead.
- -o is now -c.
- --context-parent is now --parent-context.
- --auth-parent is now --auth.
- --pubfile is now --public.
- --privfile is now --private.
- --out-context is now --key-context.
- now saves a context file for the generated primary's handle to disk.
- Option
changes to--auth-parent
- --object-attributes is now --attributes.
- -o is now -c
- --key-alg is now --key-algorithm.
- --pubfile is now --public.
- --privfile is now --private.
- --auth-key is now --auth.
- --policy-file is now --policy.
- --halg is now --hash-algorithm.
- --out-context is now --key-context.
- Remove unused -P option.
- -H is now -a.
- Fix -A option to -b for attributes.
- now saves a context file for the generated primary's handle to disk.
- support OSSL style -passin argument as --passin for PEM file passwords.
- name output to file and stdout. Changes YAML stdout output.
- ECC Public and Private PEM support.
- AES Public and Private "raw file" support.
- RSA Public and Private PEM support.
- Object Attribute support.
- Object authorization support.
- Default hierarchy changes to the null hierarchy.
- --out-file is now --credential-blob
- --enckey is now --encryption-key.
- Option
changes to--secret
- --handle-passwd is now --hierarchy-auth.
- --index-passwd is now --index-auth.
- --policy-file is now --policy.
- --auth-handle is now --hierarchy.
- -a becomes -C.
- -t becomes -a.
- -I becomes -p.
- Removed option --index with short option -x. It is now an argument.
- Removed option --input-session-handle with short option -S.
- Authorization session is now part of password mini language.
- New tool to increment value of a Non-Volatile (NV) index setup as a counter.
- tpm2_nvlist is now tpm2_nvreadpublic.
- --handle-passwd is now --auth.
- --auth-handle is now --hierarchy.
- -a becomes -C.
- Removed option --index with short option -x. It is now an argument.
- Removed short option -o for specifying offset. Use long option --offset.
- Removed option --input-session-handle with short option -S.
- Authorization session is now part of password mini language.
- Removed option --set-list with short option -L.
- Removed option --pcr-input-file with short option -F.
- Pcr policy options replaced with pcr password mini language.
- fix a buffer overflow.
- --handle-passwd is now --auth.
- --auth-handle is now --hierarchy.
- -a becomes -C.
- Removed option --index with short option -x. It is now an argument.
- Removed option --input-session-handle with short option -S.
- Authorization session is now part of password mini language.
- --handle-passwd is now --auth.
- --auth-handle is now --hierarchy.
- -a becomes -C.
- Removed option --index with short option -x. It is now an argument.
- Removed short option -o for specifying offset. Use long option --offset.
- Removed option --input-session-handle with short option -S.
- Authorization session is now part of password mini language.
- Removed option --set-list with short option -L.
- Removed option --pcr-input-file with short option -F.
- Pcr policy options replaced with pcr password mini language.
- --handle-passwd is now --auth.
- --auth-handle is now --hierarchy.
- -a becomes -C.
- Removed option --index with short option -x. It is now an argument.
- Removed option --input-session-handle with short option -S.
- Authorization session is now part of password mini language.
- Renamed from tpm2_nvrelease.
- New tool for changing the allocated PCRs of a TPM.
- --password is now --auth.
- Removed option --pcr-index with short option -i.
- PCR index is now specified as an argument.
- Removed option --input-session-handle with short option -S.
- Authorization session is now part of password mini language.
- -gls options go away with -g and -l becoming a single argument.
- Renamed from tpm2_pcrlist.
- New tool that decodes a TPM data structure and prints enclosed elements to stdout as YAML.
- New tool that allows for policies to change by associating the policy to a signing authority essentially allowing the auth policy to change.
- New tool to restricts TPM object authorization to specific TPM commands.
- New tool for creating a policy to restrict duplication to a new parent and or duplicable object.
- New tool for creating a policy restricted to a locality.
- New tool to generate a pcr policy event that bounds auth to specific PCR values in user defined pcr banks and indices.
- New tool to compound multiple policies in a logical OR fashion to allow multiple auth methods using a policy session.
- New tool to mandate specifying of the object password in clear using a policy session.
- New tool to associate auth of a reference object as the auth of the new object using a policy session.
- --ak-context is now --key-context.
- --ak-password is now --auth.
- --sel-list is now --pcr-list.
- --qualify-data is now --qualification-data.
- --pcrs is now --pcr.
- --sig-hash-algorithm is now --hash-algorithm.
- -P becomes -p
- -L becomes -l.
- -p becomes -o.
- -G becomes -g.
- -g becomes optional.
- Removed option --id-list with short option -l.
- Removed option --ak-handle with short option -k.
- Raw object-handles and object-contexts are commonly handled with object handling logic.
- --opu is now --output.
- --context-object is now --object-context.
- Removed option --object with short option -H.
- Raw object-handles and object-contexts are commonly handled with object handling logic.
- Added --serialized-handle for saving serialized ESYS_TR handle to disk.
- Added --name with short option -n for saving the binary name.
- Supports ECC pem and der file generation.
- --pwdk is now --auth.
- --out-file is now --output.
- -P becomes -p.
- Added --label with short option -l for specifying label.
- Added --scheme with short option -s for specifying encryption scheme.
- Removed option -I or in-file input option and make argument.
- Removed option --key-handle with short option -k.
- Raw object-handles and object-contexts are commonly handled with object handling logic.
- Removed option --input-session-handle with short option -S.
- Authorization session is now part of password mini language.
- --out-file is now --output.
- Added --scheme with short option -s for specifying encryption scheme.
- Added --label with -l for specifying label.
- Removed option --key-handle with short option -k.
- Raw object-handles and object-contexts are commonly handled with object handling logic.
- make output binary either stdout or file based on -o.
- New tool for invoking tpm selftest.
- --out-file is now --output.
- --pwdk is now --auth.
- --halg is now --hash-algorithm.
- --sig is now --signature.
- -P becomes -p.
- -s becomes -o.
- Added --digest with short option -d.
- Added --scheme with short option -s.
- Supports rsapss.
- Removed option --key-handle with short option -k.
- Raw object-handles and object-contexts are commonly handled with object handling logic.
- Removed option --msg with short option -m.
- Make -d toggle if input is a digest.
- Removed option --input-session-handle with short option -S.
- Authorization session is now part of password mini language.
- Supports signing a pre-computed hash via -d.
- New tool to start/save a trial-policy-session (default) or policy- authorization-session with command line option --policy-session.
- new command for injecting entropy into the TPM.
- split into tpm2_clear and tpm2_changeauth
- new tool for querying tpm for supported algorithms.
- --pwdk is now --auth.
- --outfile is now --output.
- --item-context is now --object-context.
- -P becomes -p
- Removed option --item with short option -H.
- Raw object-handles and object-contexts are commonly handled with object handling logic.
- Removed option --input-session-handle with short option -S.
- Authorization session is now part of password mini language.
- Removed option --set-list with short option -L.
- Removed option --pcr-input-file with short option -F.
- Pcr policy options replaced with pcr password mini language.
- --halg is now --hash-algorithm.
- --msg is now --message.
- --sig is now --signature.
- -D becomes -d.
- -t becomes optional.
- Issue warning when ticket is specified for a NULL hierarchy.
- Added option --format with short option -f.
- Removed option --raw with short option -r.
- Removed option --key-handle with short option -k.
- Raw object-handles and object-contexts are commonly handled with object handling logic.
- Support routines for OpenSSL compatible format of public keys (PEM, DER) and plain signature data without TSS specific headers.
- cmac algorithm support.
- Add support for reading authorisation passwords from a file.
- Ported all tools from SAPI to ESAPI.
- Load TCTI's by SONAME, not raw .so file.
- system tests are now run with make check when --enable-unit is used in configure.
- Libre SSL builds fixed.
- Dynamic TCTIS. Support for pluggable TCTI modules via the -T or --tcti options.
- test: system testing scripts moved into subordinate test directory.
- configure: enable code coverage option.
- env: add TPM2TOOLS_ENABLE_ERRATA to control the -Z or errata option. affects all tools.
- Correct PCR logic to prevent memory corruption bug.
- errata handler fix.
- fix configure bug for linking against libmu.
- tpm2_changeauth: Support changing platform hierarchy auth.
- tpm2_flushcontext: Introduce new tool for flushing handles from the TPM.
- tpm2_checkquote: Introduce new tool for checking validity of quotes.
- tpm2_quote: Add ability to output PCR values for quotes.
- tpm2_makecredential: add support for executing tool off-TPM.
- tpm2_pcrreset: introduce new tool for resetting PCRs.
- tpm2_quote: Fix AK auth password not being used.
- Fix various man pages
- tpm2_getmanufec: fix OSSL build warnings
- Fix broken -T option
- Various build compatibility fixes
- Fix some unit tests
- Update build for recent autoconf-archive versions
- Install m4 files
- Restore support for the TPM2TOOLS_* env vars for TCTI configuration, in addition to supporting the new unified TPM2TOOLS_ENV_TCTI
- Fix tpm2_getcap to print properties with the TPM_PT prefix, rather than TPM2_PT
- Make test_tpm2_activecredential Python 3 compatible
- Fix tpm2_takeownership to only attempt to change the specified hierarchies
- Revert the change to use user supplied object attributes exclusively. This is an inappropriate behavioural change for a MINOR version number increment.
- Fix inclusion of object attribute specifiers section in tpm2_create and tpm2_createprimary man pages.
- Use better object attribute defaults for authentication, preventing an empty password being used for authentication when a policy is set.
- Allow man page installation without pandoc being available
- Update to use TSS version 2.0
- When user supplies nv attributes use those exclusively, not in addition to the defaults
- When user supplies object attributes use those exclusively, not in addition to the defaults
- Load TCTI's by SONAME, not raw .so file
- Fix save and load for TPM2B_PRIVATE object.
- Use a default buffer size for tpm2_nv{read,write} if the TPM reports a 0 size.
- Fix --verbose and --version options crossover.
- Generate man pages from markdown and include them in the distribution tarball.
- Print usage summary if tools are executed with no options or man page can't be displayed.
- Tools that don't need a TPM to work no longer request a TPM connection. Namely, tpm2_rc_decode
- Fix undefined references in libmarshal port.
- configure: enable code coverage option.
- build: enable silent rules options.
- Add system tests to dist tarball.
- tpm2_nv(read|write): fix buffer overflows.
- Makefile: add missing LICENSE and markdown files.
- tpm2_getmanufec: -O as a flag for -f has changed. -O is for existing EK public structure and -f is only for generated EK public output.
- tpm2_nvlist: output in yaml format.
- tpm2_makecredential format changes to the -o output file.
- tpm2-quote: -o option removed.
- tpm2_rsaencrypt: -I is now an argument and input defaults to stdin. -o is optional and defaults to stdout.
- tpm2_listpersistent: output friendly object attributes.
- tpm2_createprimary: support friendly object attributes via -A. -H becomes auth hierarchy.
- tpm2_create: support friendly object attributes via -A.
- tpm2_nvwrite and tpm2_nvread have support for satisfying PCR policies.
- tpm2_encryptdecrypt: has support for EncryptDecrypt2 command.
- tpm2_nvwrite: -f option removed, support for stdin data supported. Support for starting index to write to.
- errata framework added for dealing with spec errata.
- tpm2_quote: -G option for signature hash algorithm specification.
- tpm2_dump_capability: renamed to tpm2_getcap.
- tpm2_send_command: renamed to tpm2_send and the input file is now an argument vs using -i.
- tpm2_dump_capability: outputs human readable command codes.
- camelCase options are now all lower case. For example, --camelCase becomes --camel-case.
- tpm2_quote,readpublic, and sign now have support for pem/der output/inputs. See the respective man pages for more details.
- tpm2_nvread: Has an output file option, -f.
- manpages: Are now in Markdown and converted to roff using pandoc.
- tpm2_create - options 'o' and 'O' changed to 'u' and 'r' respectively.
- tpm2_pcrlist: support yaml output for parsing.
- tpm2_pcrevent: new tool for hashing and extending pcrs.
- Make tpm2_{createprimary,create,load,pcrlist,hmac} tools to support the --quiet option.
- Support for a --quiet option to suppress messages printed by tools to standard output.
- tpm2_hmac: support for files greater than 1024 bytes, changes in options and arguments.
- tpm2_hash: support for files greater than 1024 bytes, changes in options and arguments.
- Install is now to bin vs sbin. Ensure that sbin tools get removed!
- make dist and distcheck are now working.
- installation into customized locations are now working, see issue #402 for details.
- tpm2_pcrlist: renamed from tpm2_listpcrs.
- tpm2_pcrextend: new tool for extending PCRs.
- tpm2_getmanufec: -E option no longer required, defaults to stdout.
- tpm2_nvlist: Support for friendly nv attributes in output.
- Support for friendly algorithm names for algorithm identifiers.
- tpm2_nvread: The option, -s, or size option is no longer required.
- tpm2_nvwrite: fixed to write files larger than 1024 in size.
- tpm2_nvread: fixed to read files larger than 1024 in size.
- tpm2_nvdefine supports "nice-names" for nv space attributes.
- Support using PCR Policy directly with tpm2_unseal tool.
- Support PCR policy creation in tpm2_createpolicy
- Support using a policy session as input to tools that may need to satisfy complex policies other than password.
- tpm2_unseal: supports output to stdoud.
- tpm2_create: enforce policy based authorization.
- tpm2_createprimary: add ability to create objects with policy based authorization.
- tpm2_nvdefine: add ability to create nv indexes with policy based authorization.
- Support Clang Build.
- tpm2_unseal test uses endorsement hierarchy as platform hierarchy is unavailable on a real tpm.
- Numerous cleanups and minor bug fixes.
- Tracked on the milestone: https://github.com/tpm2-software/tpm2-tools/milestone/2
- Reworked all the tools to support configurable TCTIs, based on build time configuration, one can specify the tcti via the --tcti (-T) option to all tools.
- tpm2_getrandom interface made -s a positional argument.
- Numerous bug fixes.
- travis ci support.
- Allow for unit tests to be enabled selectively.
- tpm2_rc_decode tool: Decode TPM_RC error codes.
- Android Make file
- tpm2_listpersistent: list all persistent objects
- test scripts for tpm2-tools
- tpm2_nvreadlock
- tpm2_getmanufec: retrieve EC from tpm manufacturer server.
- Copy 'common' and 'sample' code from the TPM2.0-TSS repo.
- tpm2_takeownership: update option -c to use lockout password to clear.
- tpm2_listpcrs: add options -L and -s, rewrite to increase performance.
- tpm2_quote: added -L option to support selection of multiple banks.
- tpm2_quote: add -q option to get qualifying data.
- configure: Use pkg-config to get info about libcurl and libcrypto.
- configure: Use pkg-config to locate SAPI and TCTI headers / libraries.
- tpm2_x: Add -X option to enable password input in Hex format.
- tpm2_nvdefine: Change -X option to -I.
- tpm2-nvwrite: fix for unable to write 1024B+ data.
- tpm2_getmanufec: Fix base64 encoding.
- tpm2_x: fixed a lot of TPM2B failures caused by wrong initialization.
- tpm2_getmanufec: let configure handle libs.
- tpm2_getmanufec: Convert from dos to unix format.
- build: Check for TSS2 library @ configure time.
- build: Detect required TSS2 and TCTI headers.
- build: Use libtool to build the common library
- build: Install all binaries into sbin.
- build: Build common sources into library.
- build: Move all source files to 'src'.
- Makefile.am: Move all build rules into single Makefile.am.
- everything: Use new TCTI headers and fixup API calls.
- everything: Update source to cope with sapi header cleanup.
- tpm2_activatecredential: Updated to support TCG compatible EK
- tpm2_getpubak: Updated to use TCG compatible EK
- tpm2_getpubek: fix ek creation to follow TCG EK profile spec.
- Windows related code
- dependency on the TPM2.0-TSS repo source code
- 1.0 release
- 29 tools included