Provided by: tpm2-tools_2.1.0-1build1_amd64 
NAME
tpm2_getmanufec - Retrieve the Endorsement Credential Certificate for the TPM endorsement key from the
TPM manufacturer's endorsement certificate hosting server
SYNOPSIS
tpm2_getmanufec[ COMMON OPTIONS ] [ TCTI OPTIONS ] [
--endorsePasswd|--ownerPasswd|--ekPasswd|--handle|--alg|--file|--NonPersistent|--OfflineProv|--ECcertFile|--EKserverAddr|--SSL_NO_VERIFY|--passwdInHex|
]
Retrieve the Endorsement Credential Certificate for the TPM endorsement key from the TPM manufacturer's
endorsement certificate hosting server
DESCRIPTION
tpm2_getmanufec Retrieve the Endorsement Credential Certificate for the TPM endorsement key from the TPM
manufacturer's endorsement certificate hosting server
OPTIONS
-e ,--endorsePasswd
specifies current endorse password (string, optional,default:NULL).
-o ,--ownerPasswd
specifies current owner password (string, optional,default:NULL).
-P ,--ekPasswd
specifies the EK password when created (string,optional,default:NULL).
-H ,--handle
specifies the handle used to make EK persistent (hex).
-g ,--alg
specifies the algorithm type of EK (default:0x01/TPM_ALG_RSA).
-f ,--file
specifies the file used to save the public portion of EK.
-N ,--NonPersistent
specifies to readout the EK public without making it persistent
-O ,--OfflineProv
specifies that the file specifier from '-f' is an EK retrieved from offline platform that needs
to be provisioned
-E ,--ECcertFile
specifies the file used to save the Endorsement Credentials retrieved from the TPM manufacturer
provisioning server
-S ,--EKserverAddr
specifies to attempt retrieving the Endorsement Credentials from the specified TPM manufacturer
provisioning server
-U ,--SSL_NO_VERIFY
specifies to attempt connecting with the TPM manufacturer provisioning server with
SSL_NO_VERIFY option
-X ,--passwdInHex
passwords given by any options are hex format
[COMMON OPTIONS ]
This collection of options are common to many programs and provide information that many users may
expect.
-h, --help
Display a manual describing the tool and its usage.
-v, --version
Display version information for this tool.
-V, --verbose
Increase the information that the tool prints to the console during its execution.
[TCTI OPTIONS ]
This collection of options are used to configure the varous TCTI modules available.
-T, --tcti
Select the TCTI used for communication with the next component down the TSS stack. In most
configurations this will be the TPM but it could be a simulator or proxy. Supported TCTIs are or
“device” or “socket” .
-d, --device-file
Specify the TPM device file for use by the device TCTI. The default is /dev/tpm0.
-R, --socket-address
Specify the domain name or IP address used by the socket TCTI. The default is 127.0.0.1.
-p, --socket-port
Specify the port number used by the socket TCTI. The default is 2321.
ENVIRONMENT: TCTI
This collection of environment variables that may be used to configure the varous TCTI modules
available. The values passed through these variables can be overridden on a per-command basis
using the available command line options.
TPM2TOOLS_TCTI_NAME
Select the TCTI used for communication with the next component down the TSS stack. In most
configurations this will be the TPM but it could be a simulator or proxy. See 'OPTIONS' section
for the names of supported TCTIs.
TPM2TOOLS_DEVICE_FILE
Specify the TPM device file for use by the device TCTI.
TPM2TOOLS_SOCKET_ADDRESS
Specify the domain name or IP address used by the socket TCTI.
TPM2TOOLS_SOCKET_PORT
Specify the port number used by the socket TCTI.
EXAMPLES
tpm2_getmanufec
tpm2_getmanufec -e abc123 -o abc123 -P passwd -H 0x81010001-g 0x01 -O -N -U -E ECcert.bin -f ek.bin -S https://tpm.manufacturer.com/ekcertserver/
tpm2_getmanufec -e 1a1b1c -o 1a1b1c -P 123abc -X -H 0x81010001-g 0x01 -O -N -U -E ECcert.bin -f ek.bin -S https://tpm.manufacturer.com/ekcertserver/