tpm_present Command
Purpose
Changes the physical presence states and settings of the Trusted Platform Module (TPM).
Syntax
tpm_present [ -a ] [ -c ] [ --disable-cmd ] [ --disable-hw ] [ --enable-cmd ] [ --enable-hw ] [ -h ] [ -l [ none | error | info | debug ] ] [ --lock ] [ --set-lifetime-lock ] [ -u ] [ -v ] [ -z ] [ -y ]
Description
The tpm_present command reports the status of the TPM flags regarding TPM physical presence. This behavior is the default behavior, and it is also accessible through the --status option. It prompts for the owner password when it reports the TPM status. All changes are made with the TSC_Physical Presence API.
Flags
| Item | Description |
|---|---|
| -a (or --assert) | Asserts that an administrator is physically present at the system. |
| -c (or --clear) | Removes the assertion that an administrator is physically present at the system. |
| --disable-cmd | Disallows the use of commands to signal that an administrator is physically present. |
| --disable-hw | Disallows the use of hardware signals to signal that an administrator is physically present. |
| --enable-cmd | Allows the use of commands to signal that an administrator is physically present. |
| --enable-hw | Allows the use of hardware signals to signal that an administrator is physically present. |
| -h (or --help) | Displays the command usage information. |
| -l (or --log) [ none | error | info | debug ] | Sets the logging level to none, error, info, or debug as specified. |
| --lock | Locks the assertions of physical presence in the current states until a system reboot operation. |
| --set-lifetime-lock | Allows no further changes to the flags controlling how physical presence can be signaled permanently. This option can never be undone. |
| -u (or --unicode) | Uses the Trusted Computing Group Software Stack (TSS) UNICODE encoding for the passwords to comply with the applications that are using the TSS popup boxes. |
| -v (or --version) | Displays the command version information. |
| -z (or --well-known) | Changes the password to a new one when the current owner password is a secret of all zeros (20 bytes of zeros). It must be specified which password (owner, storage root key, or both) needs to be changed. |
| -y (or --yes) | Answers yes to all questions. This flag is applicable only with the --set-lifetime-lock flag. |