^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) What: /sys/class/tpm/tpmX/device/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) Date: April 2005
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) KernelVersion: 2.6.12
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) Contact: linux-integrity@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) Description: The device/ directory under a specific TPM instance exposes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) the properties of that TPM chip
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) What: /sys/class/tpm/tpmX/device/active
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) Date: April 2006
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) KernelVersion: 2.6.17
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) Contact: linux-integrity@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) Description: The "active" property prints a '1' if the TPM chip is accepting
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) commands. An inactive TPM chip still contains all the state of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) an active chip (Storage Root Key, NVRAM, etc), and can be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) visible to the OS, but will only accept a restricted set of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) commands. See the TPM Main Specification part 2, Structures,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) section 17 for more information on which commands are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) available.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) What: /sys/class/tpm/tpmX/device/cancel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) Date: June 2005
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) KernelVersion: 2.6.13
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) Contact: linux-integrity@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) Description: The "cancel" property allows you to cancel the currently
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) pending TPM command. Writing any value to cancel will call the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) TPM vendor specific cancel operation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) What: /sys/class/tpm/tpmX/device/caps
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) Date: April 2005
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) KernelVersion: 2.6.12
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) Contact: linux-integrity@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) Description: The "caps" property contains TPM manufacturer and version info.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) Example output::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) Manufacturer: 0x53544d20
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) TCG version: 1.2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) Firmware version: 8.16
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) Manufacturer is a hex dump of the 4 byte manufacturer info
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) space in a TPM. TCG version shows the TCG TPM spec level that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) the chip supports. Firmware version is that of the chip and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) is manufacturer specific.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) What: /sys/class/tpm/tpmX/device/durations
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) Date: March 2011
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) KernelVersion: 3.1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) Contact: linux-integrity@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) Description: The "durations" property shows the 3 vendor-specific values
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) used to wait for a short, medium and long TPM command. All
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) TPM commands are categorized as short, medium or long in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) execution time, so that the driver doesn't have to wait
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) any longer than necessary before starting to poll for a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) result.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) Example output::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) 3015000 4508000 180995000 [original]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) Here the short, medium and long durations are displayed in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) usecs. "[original]" indicates that the values are displayed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) unmodified from when they were queried from the chip.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) Durations can be modified in the case where a buggy chip
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) reports them in msec instead of usec and they need to be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) scaled to be displayed in usecs. In this case "[adjusted]"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) will be displayed in place of "[original]".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) What: /sys/class/tpm/tpmX/device/enabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) Date: April 2006
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) KernelVersion: 2.6.17
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) Contact: linux-integrity@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) Description: The "enabled" property prints a '1' if the TPM chip is enabled,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) meaning that it should be visible to the OS. This property
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) may be visible but produce a '0' after some operation that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) disables the TPM.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) What: /sys/class/tpm/tpmX/device/owned
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) Date: April 2006
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) KernelVersion: 2.6.17
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) Contact: linux-integrity@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) Description: The "owned" property produces a '1' if the TPM_TakeOwnership
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) ordinal has been executed successfully in the chip. A '0'
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) indicates that ownership hasn't been taken.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) What: /sys/class/tpm/tpmX/device/pcrs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) Date: April 2005
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) KernelVersion: 2.6.12
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) Contact: linux-integrity@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) Description: The "pcrs" property will dump the current value of all Platform
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) Configuration Registers in the TPM. Note that since these
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) values may be constantly changing, the output is only valid
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) for a snapshot in time.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) Example output::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) PCR-00: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) PCR-01: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) PCR-02: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) PCR-03: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) PCR-04: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) ...
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) The number of PCRs and hex bytes needed to represent a PCR
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) value will vary depending on TPM chip version. For TPM 1.1 and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 1.2 chips, PCRs represent SHA-1 hashes, which are 20 bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) long. Use the "caps" property to determine TPM version.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) What: /sys/class/tpm/tpmX/device/pubek
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) Date: April 2005
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) KernelVersion: 2.6.12
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) Contact: linux-integrity@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) Description: The "pubek" property will return the TPM's public endorsement
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) key if possible. If the TPM has had ownership established and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) is version 1.2, the pubek will not be available without the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) owner's authorization. Since the TPM driver doesn't store any
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) secrets, it can't authorize its own request for the pubek,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) making it unaccessible. The public endorsement key is gener-
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) ated at TPM manufacture time and exists for the life of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) chip.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) Example output::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) Algorithm: 00 00 00 01
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) Encscheme: 00 03
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) Sigscheme: 00 01
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) Parameters: 00 00 08 00 00 00 00 02 00 00 00 00
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) Modulus length: 256
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) Modulus:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) B4 76 41 82 C9 20 2C 10 18 40 BC 8B E5 44 4C 6C
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 3A B2 92 0C A4 9B 2A 83 EB 5C 12 85 04 48 A0 B6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 1E E4 81 84 CE B2 F2 45 1C F0 85 99 61 02 4D EB
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 86 C4 F7 F3 29 60 52 93 6B B2 E5 AB 8B A9 09 E3
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) D7 0E 7D CA 41 BF 43 07 65 86 3C 8C 13 7A D0 8B
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 82 5E 96 0B F8 1F 5F 34 06 DA A2 52 C1 A9 D5 26
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 0F F4 04 4B D9 3F 2D F2 AC 2F 74 64 1F 8B CD 3E
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 1E 30 38 6C 70 63 69 AB E2 50 DF 49 05 2E E1 8D
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 6F 78 44 DA 57 43 69 EE 76 6C 38 8A E9 8E A3 F0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) A7 1F 3C A8 D0 12 15 3E CA 0E BD FA 24 CD 33 C6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 47 AE A4 18 83 8E 22 39 75 93 86 E6 FD 66 48 B6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 10 AD 94 14 65 F9 6A 17 78 BD 16 53 84 30 BF 70
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) E0 DC 65 FD 3C C6 B0 1E BF B9 C1 B5 6C EF B1 3A
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) F8 28 05 83 62 26 11 DC B4 6B 5A 97 FF 32 26 B6
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) F7 02 71 CF 15 AE 16 DD D1 C1 8E A8 CF 9B 50 7B
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) C3 91 FF 44 1E CF 7C 39 FE 17 77 21 20 BD CE 9B
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) Possible values::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) Algorithm: TPM_ALG_RSA (1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) Encscheme: TPM_ES_RSAESPKCSv15 (2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) TPM_ES_RSAESOAEP_SHA1_MGF1 (3)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) Sigscheme: TPM_SS_NONE (1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) Parameters, a byte string of 3 u32 values:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) Key Length (bits): 00 00 08 00 (2048)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) Num primes: 00 00 00 02 (2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) Exponent Size: 00 00 00 00 (0 means the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) default exp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) Modulus Length: 256 (bytes)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) Modulus: The 256 byte Endorsement Key modulus
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) What: /sys/class/tpm/tpmX/device/temp_deactivated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) Date: April 2006
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) KernelVersion: 2.6.17
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) Contact: linux-integrity@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) Description: The "temp_deactivated" property returns a '1' if the chip has
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) been temporarily deactivated, usually until the next power
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) cycle. Whether a warm boot (reboot) will clear a TPM chip
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) from a temp_deactivated state is platform specific.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) What: /sys/class/tpm/tpmX/device/timeouts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) Date: March 2011
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) KernelVersion: 3.1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) Contact: linux-integrity@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) Description: The "timeouts" property shows the 4 vendor-specific values
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) for the TPM's interface spec timeouts. The use of these
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) timeouts is defined by the TPM interface spec that the chip
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) conforms to.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) Example output::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 750000 750000 750000 750000 [original]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) The four timeout values are shown in usecs, with a trailing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) "[original]" or "[adjusted]" depending on whether the values
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) were scaled by the driver to be reported in usec from msecs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) What: /sys/class/tpm/tpmX/tpm_version_major
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) Date: October 2019
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) KernelVersion: 5.5
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) Contact: linux-integrity@vger.kernel.org
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) Description: The "tpm_version_major" property shows the TCG spec major version
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) implemented by the TPM device.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) Example output::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 2
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags