tpm_clearable Command
Purpose
Disables the Trusted Platform Module (TPM) clear operations.
Syntax
tpm_clearable [ -f ] [ -h ] [ -l [ none | error | info | debug ] ] [ -o ] [ -s ] [ -u ] [ -v ] [ -z ]
Description
The tpm_clearable command reports the status of TPM flags regarding how the TPM can be cleared. This behavior is the default behavior, and it is also accessible through the -s (or --status) option. For requesting the TPM status report, it prompts for the owner password.
The -o (or --owner) option requests the TPM to disable the clear operations (through the TPM_DisableOwnerClear API) thus, disabling the owner from clearing out the ownership information. This operation prompts for the owner password. This operation remains in effect until the current owner is cleared.
The -f (or --force) option (through the TPM_DisableForceClear API) disables TPM clear operations by using physical presence to authorize a clear operation. This operation does not require authorization and skips the owner password prompt. This operation remains in effect only until a system reboot operation.
Flags
| Item | Description |
|---|---|
| -f (or --force) | Disables the use of physical presence for authorizing a clear operation until a system reboot operation occurs. |
| -h (or --help) | Displays the command usage information. |
| -l (or --log) [ none | error | info | debug ] | Sets the logging level to none, error, info, or debug as specified. |
| -o (or --owner) | Disables the use of owner authorization for authorizing a clear operation until a new owner exists. |
| -s (or --status) | Report the status of flags regarding how the TPM can be cleared. |
| -u (or --unicode) | Uses the Trusted Computing Group Software Stack (TSS) UNICODE encoding for the passwords to comply with the applications that are using the TSS popup boxes. |
| -v (or --version) | Displays the command version information. |
| -z (or --well-known) | Changes the password to a new one when the current owner password is a secret of all zeros (20 bytes of zeros). It must be specified which password (owner, storage root key, or both) needs to be changed. |