NAME¶

attest-tool - Perform attestation-related TPM operations

DESCRIPTION¶

Usage of attest-tool:¶

-key string

: Path to the key file (default "ak.json")

-nonce string

: Hex string to use as nonce when quoting

-random-nonce

: Generate a random nonce instead of using one provided

-sha256

: Use SHA256 for quote operatons

COMMANDS¶

`attest-tool` is a simple utility to exercise attestation-related operations on your system.

attest-tool info

attest-tool make-ak

attest-tool quote

attest-tool list-eks

attest-tool list-pcrs

attest-tool measurement-log

attest-tool dump

attest-tool self-test

TEST¶

The main use-case of `attest-tool` is testing whether attestation works on the local system.

Once `attest-tool` has been built, you can run it in self-test mode like this:

attest-tool self-test

After a few seconds, it should print out a 'PASS' message, or a 'FAIL' message with a description of what went wrong.

On Linux, `attest-tool` either needs to be run as root, or granted access to the TPM (`/dev/tpmrm0`) device & event log (`/sys/kernel/security/tpm0/binary_bios_measurements`)

December 2025

attest-tool 0.5.1-2+b1

Source file:	attest-tool.1.en.gz (from attest-tool 0.5.1-2+b1)
Source last updated:	2025-12-01T03:08:29Z
Converted to HTML:	2025-12-01T09:29:58Z