TPM Management - tpm_clear

NAME¶

tpm_clear - return the TPM to the default state (unowned, disabled, inactive)

SYNOPSIS¶

tpm_clear [OPTION]

DESCRIPTION¶

tpm_clear requests that the system's TPM perform a clear (via the TPM_OwnerClear API) wiping out all ownership information, in effect invalidaing all keys and data tied to the TPM, as well as disabling and deactivating the TPM. This operation will prompt for the owner password. The --force option relies on Phyiscal Presence to authorize the command (via the TPM_ForceClear API) skipping the owner password prompt. The TPM OwnerClear API can be disabled until the current owner is cleared, requiring use of the --force with tpm_setclearable command. The TPM_ForceClear API can be disabled for the current boot cycle with the tpm_setclearable command. This command requires a reboot to complete the operation.

-h, --help

Display command usage info.

-v, --version

Display command version info.

-l, --log [none|error|info|debug]

Set logging level.

-u, --unicode

Use TSS UNICODE encoding for passwords to comply with applications using TSS popup boxes

-f, --force

Rely on Physical Presence for authorization; therefore, do not prompt for owner password.

-z, --well-known

Authenticate using 20 bytes of zeros as owner password (the default TSS Well Known Secret), instead of prompting for an owner password.

 

SEE ALSO¶

tpm_version(1), tpm_takeownership(8), tpm_setclearable(8), tpm_setactive(8), tpm_setenable(8), tcsd(8)

REPORTING BUGS¶

Report bugs to <trousers-users@lists.sourceforge.net>