Provided by: tpm2-tools_5.7-1_amd64 bug

NAME
       tss2_provision(1) -


SYNOPSIS
       tss2_provision [OPTIONS]


SEE ALSO
       fapi-config(5)  to adjust Fapi parameters like the used cryptographic profile and TCTI or directories for
       the Fapi metadata storages.

       fapi-profile(5) to determine the cryptographic algorithms and parameters for all keys and operations of a
       specific  TPM  interaction  like  the name hash algorithm, the asymmetric signature algorithm, scheme and
       parameters and PCR bank selection.


DESCRIPTION
       tss2_provision(1) - This command provisions a FAPI instance and its associated TPM.  The steps taken are:

       • Retrieve the EK template, nonce and certificate, verify that they match the TPM’s EK and store them  in
         the key store.

       • Set  the  authValues  and  policies  for  the  Owner  (Storage  Hierarchy),  the  Privacy Administrator
         (Endorsement Hierarchy) and the lockout authority.

       • Scan the TPM’s nv indices and create entries in the FAPI metadata store.   This  operation  MAY  use  a
         heuristic to guess the originating programs for nv indices found and name the entries accordingly.

       • Create  the  SRK  (storage  primary  key)  inside  the  TPM  and  make it persistent if required by the
         cryptographic profile (cf., fapi-profile(5)) and store its metadata in the  system-wide  FAPI  metadata
         store.  Note that the SRK will not have an authorization value associated.

       If an authorization value is associated with the storage hierarchy, it is highly recommended that the SRK
       without authorization value is made persistent.

       The paths of the different metadata storages  for  keys  and  nv  indices  are  configured  in  the  FAPI
       configuration file (cf., fapi-config(5)).


OPTIONS
       These are the available options:

       • -E,  --authValueEh=STRING:  The  authorization  value  for  the  privacy  admin,  i.e. the  endorsement
         hierarchy.  Optional parameter.

       • -S, --authValueSh=STRING: The authorization value for the owner, i.e. the storage hierarchy.   Optional
         parameter.

       • -L,  --authValueLockout=STRING:  The  authorization  value  for  the  lockout  authorization.  Optional
         parameter.


COMMON OPTIONS
       This collection of options are common to all tss2 programs and provide information that  many  users  may
       expect.

       • -h, --help [man|no-man]: Display the tools manpage.  By default, it attempts to invoke the manpager for
         the tool, however, on failure will output a short tool summary.  This is the same behavior if the “man”
         option argument is specified, however if explicit “man” is requested, the tool will provide errors from
         man on stderr.  If the “no-man” option if specified, or the manpager fails, the short options  will  be
         output to stdout.

         To  successfully  use  the  manpages  feature  requires the manpages to be installed or on MANPATH, See
         man(1) for more details.

       • -v, --version: Display version information for this tool, supported tctis and exit.


EXAMPLE
              tss2_provision


RETURNS
       0 on success or 1 on failure.


BUGS
       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)


HELP
       See the Mailing List (https://lists.linuxfoundation.org/mailman/listinfo/tpm2)