1 What: /sys/class/tpm/tpmX/device/ 1 What: /sys/class/tpm/tpmX/device/ 2 Date: April 2005 2 Date: April 2005 3 KernelVersion: 2.6.12 3 KernelVersion: 2.6.12 4 Contact: linux-integrity@vger.kernel.or 4 Contact: linux-integrity@vger.kernel.org 5 Description: The device/ directory under a 5 Description: The device/ directory under a specific TPM instance exposes 6 the properties of that TPM chi 6 the properties of that TPM chip 7 7 8 8 9 What: /sys/class/tpm/tpmX/device/act 9 What: /sys/class/tpm/tpmX/device/active 10 Date: April 2006 10 Date: April 2006 11 KernelVersion: 2.6.17 11 KernelVersion: 2.6.17 12 Contact: linux-integrity@vger.kernel.or 12 Contact: linux-integrity@vger.kernel.org 13 Description: The "active" property prints a 13 Description: The "active" property prints a '1' if the TPM chip is accepting 14 commands. An inactive TPM chip 14 commands. An inactive TPM chip still contains all the state of 15 an active chip (Storage Root K 15 an active chip (Storage Root Key, NVRAM, etc), and can be 16 visible to the OS, but will on 16 visible to the OS, but will only accept a restricted set of 17 commands. See the TPM Main Spe 17 commands. See the TPM Main Specification part 2, Structures, 18 section 17 for more informatio 18 section 17 for more information on which commands are 19 available. 19 available. 20 20 21 What: /sys/class/tpm/tpmX/device/can 21 What: /sys/class/tpm/tpmX/device/cancel 22 Date: June 2005 22 Date: June 2005 23 KernelVersion: 2.6.13 23 KernelVersion: 2.6.13 24 Contact: linux-integrity@vger.kernel.or 24 Contact: linux-integrity@vger.kernel.org 25 Description: The "cancel" property allows y 25 Description: The "cancel" property allows you to cancel the currently 26 pending TPM command. Writing a 26 pending TPM command. Writing any value to cancel will call the 27 TPM vendor specific cancel ope 27 TPM vendor specific cancel operation. 28 28 29 What: /sys/class/tpm/tpmX/device/cap 29 What: /sys/class/tpm/tpmX/device/caps 30 Date: April 2005 30 Date: April 2005 31 KernelVersion: 2.6.12 31 KernelVersion: 2.6.12 32 Contact: linux-integrity@vger.kernel.or 32 Contact: linux-integrity@vger.kernel.org 33 Description: The "caps" property contains T 33 Description: The "caps" property contains TPM manufacturer and version info. 34 34 35 Example output:: 35 Example output:: 36 36 37 Manufacturer: 0x53544d20 37 Manufacturer: 0x53544d20 38 TCG version: 1.2 38 TCG version: 1.2 39 Firmware version: 8.16 39 Firmware version: 8.16 40 40 41 Manufacturer is a hex dump of 41 Manufacturer is a hex dump of the 4 byte manufacturer info 42 space in a TPM. TCG version sh 42 space in a TPM. TCG version shows the TCG TPM spec level that 43 the chip supports. Firmware ve 43 the chip supports. Firmware version is that of the chip and 44 is manufacturer specific. 44 is manufacturer specific. 45 45 46 What: /sys/class/tpm/tpmX/device/dur 46 What: /sys/class/tpm/tpmX/device/durations 47 Date: March 2011 47 Date: March 2011 48 KernelVersion: 3.1 48 KernelVersion: 3.1 49 Contact: linux-integrity@vger.kernel.or 49 Contact: linux-integrity@vger.kernel.org 50 Description: The "durations" property shows 50 Description: The "durations" property shows the 3 vendor-specific values 51 used to wait for a short, medi 51 used to wait for a short, medium and long TPM command. All 52 TPM commands are categorized a 52 TPM commands are categorized as short, medium or long in 53 execution time, so that the dr 53 execution time, so that the driver doesn't have to wait 54 any longer than necessary befo 54 any longer than necessary before starting to poll for a 55 result. 55 result. 56 56 57 Example output:: 57 Example output:: 58 58 59 3015000 4508000 180995000 [o 59 3015000 4508000 180995000 [original] 60 60 61 Here the short, medium and lon 61 Here the short, medium and long durations are displayed in 62 usecs. "[original]" indicates 62 usecs. "[original]" indicates that the values are displayed 63 unmodified from when they were 63 unmodified from when they were queried from the chip. 64 Durations can be modified in t 64 Durations can be modified in the case where a buggy chip 65 reports them in msec instead o 65 reports them in msec instead of usec and they need to be 66 scaled to be displayed in usec 66 scaled to be displayed in usecs. In this case "[adjusted]" 67 will be displayed in place of 67 will be displayed in place of "[original]". 68 68 69 What: /sys/class/tpm/tpmX/device/ena 69 What: /sys/class/tpm/tpmX/device/enabled 70 Date: April 2006 70 Date: April 2006 71 KernelVersion: 2.6.17 71 KernelVersion: 2.6.17 72 Contact: linux-integrity@vger.kernel.or 72 Contact: linux-integrity@vger.kernel.org 73 Description: The "enabled" property prints 73 Description: The "enabled" property prints a '1' if the TPM chip is enabled, 74 meaning that it should be visi 74 meaning that it should be visible to the OS. This property 75 may be visible but produce a ' 75 may be visible but produce a '0' after some operation that 76 disables the TPM. 76 disables the TPM. 77 77 78 What: /sys/class/tpm/tpmX/device/own 78 What: /sys/class/tpm/tpmX/device/owned 79 Date: April 2006 79 Date: April 2006 80 KernelVersion: 2.6.17 80 KernelVersion: 2.6.17 81 Contact: linux-integrity@vger.kernel.or 81 Contact: linux-integrity@vger.kernel.org 82 Description: The "owned" property produces 82 Description: The "owned" property produces a '1' if the TPM_TakeOwnership 83 ordinal has been executed succ 83 ordinal has been executed successfully in the chip. A '0' 84 indicates that ownership hasn' 84 indicates that ownership hasn't been taken. 85 85 86 What: /sys/class/tpm/tpmX/device/pcr 86 What: /sys/class/tpm/tpmX/device/pcrs 87 Date: April 2005 87 Date: April 2005 88 KernelVersion: 2.6.12 88 KernelVersion: 2.6.12 89 Contact: linux-integrity@vger.kernel.or 89 Contact: linux-integrity@vger.kernel.org 90 Description: The "pcrs" property will dump 90 Description: The "pcrs" property will dump the current value of all Platform 91 Configuration Registers in the 91 Configuration Registers in the TPM. Note that since these 92 values may be constantly chang 92 values may be constantly changing, the output is only valid 93 for a snapshot in time. 93 for a snapshot in time. 94 94 95 Example output:: 95 Example output:: 96 96 97 PCR-00: 3A 3F 78 0F 11 A4 B4 97 PCR-00: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 98 PCR-01: 3A 3F 78 0F 11 A4 B4 98 PCR-01: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 99 PCR-02: 3A 3F 78 0F 11 A4 B4 99 PCR-02: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 100 PCR-03: 3A 3F 78 0F 11 A4 B4 100 PCR-03: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 101 PCR-04: 3A 3F 78 0F 11 A4 B4 101 PCR-04: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 102 ... 102 ... 103 103 104 The number of PCRs and hex byt 104 The number of PCRs and hex bytes needed to represent a PCR 105 value will vary depending on T 105 value will vary depending on TPM chip version. For TPM 1.1 and 106 1.2 chips, PCRs represent SHA- 106 1.2 chips, PCRs represent SHA-1 hashes, which are 20 bytes 107 long. Use the "caps" property 107 long. Use the "caps" property to determine TPM version. 108 108 109 What: /sys/class/tpm/tpmX/device/pub 109 What: /sys/class/tpm/tpmX/device/pubek 110 Date: April 2005 110 Date: April 2005 111 KernelVersion: 2.6.12 111 KernelVersion: 2.6.12 112 Contact: linux-integrity@vger.kernel.or 112 Contact: linux-integrity@vger.kernel.org 113 Description: The "pubek" property will retu 113 Description: The "pubek" property will return the TPM's public endorsement 114 key if possible. If the TPM ha 114 key if possible. If the TPM has had ownership established and 115 is version 1.2, the pubek will 115 is version 1.2, the pubek will not be available without the 116 owner's authorization. Since t 116 owner's authorization. Since the TPM driver doesn't store any 117 secrets, it can't authorize it 117 secrets, it can't authorize its own request for the pubek, 118 making it unaccessible. The pu 118 making it unaccessible. The public endorsement key is gener- 119 ated at TPM manufacture time a 119 ated at TPM manufacture time and exists for the life of the 120 chip. 120 chip. 121 121 122 Example output:: 122 Example output:: 123 123 124 Algorithm: 00 00 00 01 124 Algorithm: 00 00 00 01 125 Encscheme: 00 03 125 Encscheme: 00 03 126 Sigscheme: 00 01 126 Sigscheme: 00 01 127 Parameters: 00 00 08 00 00 0 127 Parameters: 00 00 08 00 00 00 00 02 00 00 00 00 128 Modulus length: 256 128 Modulus length: 256 129 Modulus: 129 Modulus: 130 B4 76 41 82 C9 20 2C 10 18 4 130 B4 76 41 82 C9 20 2C 10 18 40 BC 8B E5 44 4C 6C 131 3A B2 92 0C A4 9B 2A 83 EB 5 131 3A B2 92 0C A4 9B 2A 83 EB 5C 12 85 04 48 A0 B6 132 1E E4 81 84 CE B2 F2 45 1C F 132 1E E4 81 84 CE B2 F2 45 1C F0 85 99 61 02 4D EB 133 86 C4 F7 F3 29 60 52 93 6B B 133 86 C4 F7 F3 29 60 52 93 6B B2 E5 AB 8B A9 09 E3 134 D7 0E 7D CA 41 BF 43 07 65 8 134 D7 0E 7D CA 41 BF 43 07 65 86 3C 8C 13 7A D0 8B 135 82 5E 96 0B F8 1F 5F 34 06 D 135 82 5E 96 0B F8 1F 5F 34 06 DA A2 52 C1 A9 D5 26 136 0F F4 04 4B D9 3F 2D F2 AC 2 136 0F F4 04 4B D9 3F 2D F2 AC 2F 74 64 1F 8B CD 3E 137 1E 30 38 6C 70 63 69 AB E2 5 137 1E 30 38 6C 70 63 69 AB E2 50 DF 49 05 2E E1 8D 138 6F 78 44 DA 57 43 69 EE 76 6 138 6F 78 44 DA 57 43 69 EE 76 6C 38 8A E9 8E A3 F0 139 A7 1F 3C A8 D0 12 15 3E CA 0 139 A7 1F 3C A8 D0 12 15 3E CA 0E BD FA 24 CD 33 C6 140 47 AE A4 18 83 8E 22 39 75 9 140 47 AE A4 18 83 8E 22 39 75 93 86 E6 FD 66 48 B6 141 10 AD 94 14 65 F9 6A 17 78 B 141 10 AD 94 14 65 F9 6A 17 78 BD 16 53 84 30 BF 70 142 E0 DC 65 FD 3C C6 B0 1E BF B 142 E0 DC 65 FD 3C C6 B0 1E BF B9 C1 B5 6C EF B1 3A 143 F8 28 05 83 62 26 11 DC B4 6 143 F8 28 05 83 62 26 11 DC B4 6B 5A 97 FF 32 26 B6 144 F7 02 71 CF 15 AE 16 DD D1 C 144 F7 02 71 CF 15 AE 16 DD D1 C1 8E A8 CF 9B 50 7B 145 C3 91 FF 44 1E CF 7C 39 FE 1 145 C3 91 FF 44 1E CF 7C 39 FE 17 77 21 20 BD CE 9B 146 146 147 Possible values:: 147 Possible values:: 148 148 149 Algorithm: TPM_ALG_RSA 149 Algorithm: TPM_ALG_RSA (1) 150 Encscheme: TPM_ES_RSAESPK 150 Encscheme: TPM_ES_RSAESPKCSv15 (2) 151 TPM_ES_RSAESOA 151 TPM_ES_RSAESOAEP_SHA1_MGF1 (3) 152 Sigscheme: TPM_SS_NONE 152 Sigscheme: TPM_SS_NONE (1) 153 Parameters, a byte string of 153 Parameters, a byte string of 3 u32 values: 154 Key Length (bits): 154 Key Length (bits): 00 00 08 00 (2048) 155 Num primes: 155 Num primes: 00 00 00 02 (2) 156 Exponent Size: 156 Exponent Size: 00 00 00 00 (0 means the 157 157 default exp) 158 Modulus Length: 256 (bytes) 158 Modulus Length: 256 (bytes) 159 Modulus: The 256 byte E 159 Modulus: The 256 byte Endorsement Key modulus 160 160 161 What: /sys/class/tpm/tpmX/device/tem 161 What: /sys/class/tpm/tpmX/device/temp_deactivated 162 Date: April 2006 162 Date: April 2006 163 KernelVersion: 2.6.17 163 KernelVersion: 2.6.17 164 Contact: linux-integrity@vger.kernel.or 164 Contact: linux-integrity@vger.kernel.org 165 Description: The "temp_deactivated" propert 165 Description: The "temp_deactivated" property returns a '1' if the chip has 166 been temporarily deactivated, 166 been temporarily deactivated, usually until the next power 167 cycle. Whether a warm boot (re 167 cycle. Whether a warm boot (reboot) will clear a TPM chip 168 from a temp_deactivated state 168 from a temp_deactivated state is platform specific. 169 169 170 What: /sys/class/tpm/tpmX/device/tim 170 What: /sys/class/tpm/tpmX/device/timeouts 171 Date: March 2011 171 Date: March 2011 172 KernelVersion: 3.1 172 KernelVersion: 3.1 173 Contact: linux-integrity@vger.kernel.or 173 Contact: linux-integrity@vger.kernel.org 174 Description: The "timeouts" property shows 174 Description: The "timeouts" property shows the 4 vendor-specific values 175 for the TPM's interface spec t 175 for the TPM's interface spec timeouts. The use of these 176 timeouts is defined by the TPM 176 timeouts is defined by the TPM interface spec that the chip 177 conforms to. 177 conforms to. 178 178 179 Example output:: 179 Example output:: 180 180 181 750000 750000 750000 750000 181 750000 750000 750000 750000 [original] 182 182 183 The four timeout values are sh 183 The four timeout values are shown in usecs, with a trailing 184 "[original]" or "[adjusted]" d 184 "[original]" or "[adjusted]" depending on whether the values 185 were scaled by the driver to b 185 were scaled by the driver to be reported in usec from msecs. 186 186 187 What: /sys/class/tpm/tpmX/tpm_versio 187 What: /sys/class/tpm/tpmX/tpm_version_major 188 Date: October 2019 188 Date: October 2019 189 KernelVersion: 5.5 189 KernelVersion: 5.5 190 Contact: linux-integrity@vger.kernel.or 190 Contact: linux-integrity@vger.kernel.org 191 Description: The "tpm_version_major" proper 191 Description: The "tpm_version_major" property shows the TCG spec major version 192 implemented by the TPM device. 192 implemented by the TPM device. 193 193 194 Example output:: 194 Example output:: 195 195 196 2 196 2 197 197 198 What: /sys/class/tpm/tpmX/pcr-<H>/<N !! 198 What: /sys/class/tpm/tpmX/pcr-H/N 199 Date: March 2021 199 Date: March 2021 200 KernelVersion: 5.12 200 KernelVersion: 5.12 201 Contact: linux-integrity@vger.kernel.or 201 Contact: linux-integrity@vger.kernel.org 202 Description: produces output in compact hex 202 Description: produces output in compact hex representation for PCR 203 number N from hash bank H. N 203 number N from hash bank H. N is the numeric value of 204 the PCR number and H is the cr 204 the PCR number and H is the crypto string 205 representation of the hash 205 representation of the hash 206 206 207 Example output:: 207 Example output:: 208 208 209 cat /sys/class/tpm/tpm0/pcr- 209 cat /sys/class/tpm/tpm0/pcr-sha256/7 210 2ED93F199692DC6788EFA6A1FE74 210 2ED93F199692DC6788EFA6A1FE74514AB9760B2A6CEEAEF6C808C13E4ABB0D42
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.