tpm_ownable Command
Purpose
Verifies whether the Trusted Platform Module (TPM) allows the tpm_takeownership command to run.
Syntax
tpm_ownable [ -a ] [ -h ] [ -l [ none | error | info | debug ] ] [ -p ] [ -s ] [ -u ] [ -v ] [ -z ]
Description
The tpm_ownable command reports the status of the TPM flags regarding whether the TPM can be owned. This is the default behavior, and it is also accessible through the -s (or --status) option. Requesting a report of this status prompts for the owner password. The -a (or --allow) option sets the system TPM to allow tpm_takeownership operations (through the TPM_SetOwnerInstall API). This operation requires physical presence.
The -p (or --prevent) option (through the TPM_SetOwnerInstall API) prevents the TPM from accepting the tpm_takeownership command. This operation requires physical presence. These operations are persistent, and the tpm_takeownership command requires the TPM be enabled.
Flags
| Item | Description |
|---|---|
| -a (or --allow) | Allows the tpm_takeownership command to run. |
| -h (or --help) | Displays the command usage information. |
| -l (or --log) [ none | error | info | debug ] | Sets the logging level to none, error, info, or debug as specified. |
| -p (or --prevent) | Prevents the tpm_takeownership command to run. |
| -s (or --status) | Reports the status of flags regarding whether the TPM can be owned. |
| -u (or --unicode) | Uses the Trusted Computing Group Software Stack (TSS) UNICODE encoding for the passwords to comply with the applications that are using the TSS popup boxes. |
| -v (or --version) | Displays the command version information. |
| -z (or --well-known) | Changes the password to a new one when the current owner password is a secret of all zeros (20 bytes of zeros). It must be specified which password (owner, storage root key, or both) needs to be changed. |