sysfs-class-tpm (7786B)
1What: /sys/class/tpm/tpmX/device/ 2Date: April 2005 3KernelVersion: 2.6.12 4Contact: linux-integrity@vger.kernel.org 5Description: The device/ directory under a specific TPM instance exposes 6 the properties of that TPM chip 7 8 9What: /sys/class/tpm/tpmX/device/active 10Date: April 2006 11KernelVersion: 2.6.17 12Contact: linux-integrity@vger.kernel.org 13Description: The "active" property prints a '1' if the TPM chip is accepting 14 commands. An inactive TPM chip still contains all the state of 15 an active chip (Storage Root Key, NVRAM, etc), and can be 16 visible to the OS, but will only accept a restricted set of 17 commands. See the TPM Main Specification part 2, Structures, 18 section 17 for more information on which commands are 19 available. 20 21What: /sys/class/tpm/tpmX/device/cancel 22Date: June 2005 23KernelVersion: 2.6.13 24Contact: linux-integrity@vger.kernel.org 25Description: The "cancel" property allows you to cancel the currently 26 pending TPM command. Writing any value to cancel will call the 27 TPM vendor specific cancel operation. 28 29What: /sys/class/tpm/tpmX/device/caps 30Date: April 2005 31KernelVersion: 2.6.12 32Contact: linux-integrity@vger.kernel.org 33Description: The "caps" property contains TPM manufacturer and version info. 34 35 Example output:: 36 37 Manufacturer: 0x53544d20 38 TCG version: 1.2 39 Firmware version: 8.16 40 41 Manufacturer is a hex dump of the 4 byte manufacturer info 42 space in a TPM. TCG version shows the TCG TPM spec level that 43 the chip supports. Firmware version is that of the chip and 44 is manufacturer specific. 45 46What: /sys/class/tpm/tpmX/device/durations 47Date: March 2011 48KernelVersion: 3.1 49Contact: linux-integrity@vger.kernel.org 50Description: The "durations" property shows the 3 vendor-specific values 51 used to wait for a short, medium and long TPM command. All 52 TPM commands are categorized as short, medium or long in 53 execution time, so that the driver doesn't have to wait 54 any longer than necessary before starting to poll for a 55 result. 56 57 Example output:: 58 59 3015000 4508000 180995000 [original] 60 61 Here the short, medium and long durations are displayed in 62 usecs. "[original]" indicates that the values are displayed 63 unmodified from when they were queried from the chip. 64 Durations can be modified in the case where a buggy chip 65 reports them in msec instead of usec and they need to be 66 scaled to be displayed in usecs. In this case "[adjusted]" 67 will be displayed in place of "[original]". 68 69What: /sys/class/tpm/tpmX/device/enabled 70Date: April 2006 71KernelVersion: 2.6.17 72Contact: linux-integrity@vger.kernel.org 73Description: The "enabled" property prints a '1' if the TPM chip is enabled, 74 meaning that it should be visible to the OS. This property 75 may be visible but produce a '0' after some operation that 76 disables the TPM. 77 78What: /sys/class/tpm/tpmX/device/owned 79Date: April 2006 80KernelVersion: 2.6.17 81Contact: linux-integrity@vger.kernel.org 82Description: The "owned" property produces a '1' if the TPM_TakeOwnership 83 ordinal has been executed successfully in the chip. A '0' 84 indicates that ownership hasn't been taken. 85 86What: /sys/class/tpm/tpmX/device/pcrs 87Date: April 2005 88KernelVersion: 2.6.12 89Contact: linux-integrity@vger.kernel.org 90Description: The "pcrs" property will dump the current value of all Platform 91 Configuration Registers in the TPM. Note that since these 92 values may be constantly changing, the output is only valid 93 for a snapshot in time. 94 95 Example output:: 96 97 PCR-00: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 98 PCR-01: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 99 PCR-02: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 100 PCR-03: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 101 PCR-04: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 102 ... 103 104 The number of PCRs and hex bytes needed to represent a PCR 105 value will vary depending on TPM chip version. For TPM 1.1 and 106 1.2 chips, PCRs represent SHA-1 hashes, which are 20 bytes 107 long. Use the "caps" property to determine TPM version. 108 109What: /sys/class/tpm/tpmX/device/pubek 110Date: April 2005 111KernelVersion: 2.6.12 112Contact: linux-integrity@vger.kernel.org 113Description: The "pubek" property will return the TPM's public endorsement 114 key if possible. If the TPM has had ownership established and 115 is version 1.2, the pubek will not be available without the 116 owner's authorization. Since the TPM driver doesn't store any 117 secrets, it can't authorize its own request for the pubek, 118 making it unaccessible. The public endorsement key is gener- 119 ated at TPM manufacture time and exists for the life of the 120 chip. 121 122 Example output:: 123 124 Algorithm: 00 00 00 01 125 Encscheme: 00 03 126 Sigscheme: 00 01 127 Parameters: 00 00 08 00 00 00 00 02 00 00 00 00 128 Modulus length: 256 129 Modulus: 130 B4 76 41 82 C9 20 2C 10 18 40 BC 8B E5 44 4C 6C 131 3A B2 92 0C A4 9B 2A 83 EB 5C 12 85 04 48 A0 B6 132 1E E4 81 84 CE B2 F2 45 1C F0 85 99 61 02 4D EB 133 86 C4 F7 F3 29 60 52 93 6B B2 E5 AB 8B A9 09 E3 134 D7 0E 7D CA 41 BF 43 07 65 86 3C 8C 13 7A D0 8B 135 82 5E 96 0B F8 1F 5F 34 06 DA A2 52 C1 A9 D5 26 136 0F F4 04 4B D9 3F 2D F2 AC 2F 74 64 1F 8B CD 3E 137 1E 30 38 6C 70 63 69 AB E2 50 DF 49 05 2E E1 8D 138 6F 78 44 DA 57 43 69 EE 76 6C 38 8A E9 8E A3 F0 139 A7 1F 3C A8 D0 12 15 3E CA 0E BD FA 24 CD 33 C6 140 47 AE A4 18 83 8E 22 39 75 93 86 E6 FD 66 48 B6 141 10 AD 94 14 65 F9 6A 17 78 BD 16 53 84 30 BF 70 142 E0 DC 65 FD 3C C6 B0 1E BF B9 C1 B5 6C EF B1 3A 143 F8 28 05 83 62 26 11 DC B4 6B 5A 97 FF 32 26 B6 144 F7 02 71 CF 15 AE 16 DD D1 C1 8E A8 CF 9B 50 7B 145 C3 91 FF 44 1E CF 7C 39 FE 17 77 21 20 BD CE 9B 146 147 Possible values:: 148 149 Algorithm: TPM_ALG_RSA (1) 150 Encscheme: TPM_ES_RSAESPKCSv15 (2) 151 TPM_ES_RSAESOAEP_SHA1_MGF1 (3) 152 Sigscheme: TPM_SS_NONE (1) 153 Parameters, a byte string of 3 u32 values: 154 Key Length (bits): 00 00 08 00 (2048) 155 Num primes: 00 00 00 02 (2) 156 Exponent Size: 00 00 00 00 (0 means the 157 default exp) 158 Modulus Length: 256 (bytes) 159 Modulus: The 256 byte Endorsement Key modulus 160 161What: /sys/class/tpm/tpmX/device/temp_deactivated 162Date: April 2006 163KernelVersion: 2.6.17 164Contact: linux-integrity@vger.kernel.org 165Description: The "temp_deactivated" property returns a '1' if the chip has 166 been temporarily deactivated, usually until the next power 167 cycle. Whether a warm boot (reboot) will clear a TPM chip 168 from a temp_deactivated state is platform specific. 169 170What: /sys/class/tpm/tpmX/device/timeouts 171Date: March 2011 172KernelVersion: 3.1 173Contact: linux-integrity@vger.kernel.org 174Description: The "timeouts" property shows the 4 vendor-specific values 175 for the TPM's interface spec timeouts. The use of these 176 timeouts is defined by the TPM interface spec that the chip 177 conforms to. 178 179 Example output:: 180 181 750000 750000 750000 750000 [original] 182 183 The four timeout values are shown in usecs, with a trailing 184 "[original]" or "[adjusted]" depending on whether the values 185 were scaled by the driver to be reported in usec from msecs. 186 187What: /sys/class/tpm/tpmX/tpm_version_major 188Date: October 2019 189KernelVersion: 5.5 190Contact: linux-integrity@vger.kernel.org 191Description: The "tpm_version_major" property shows the TCG spec major version 192 implemented by the TPM device. 193 194 Example output:: 195 196 2 197 198What: /sys/class/tpm/tpmX/pcr-<H>/<N> 199Date: March 2021 200KernelVersion: 5.12 201Contact: linux-integrity@vger.kernel.org 202Description: produces output in compact hex representation for PCR 203 number N from hash bank H. N is the numeric value of 204 the PCR number and H is the crypto string 205 representation of the hash 206 207 Example output:: 208 209 cat /sys/class/tpm/tpm0/pcr-sha256/7 210 2ED93F199692DC6788EFA6A1FE74514AB9760B2A6CEEAEF6C808C13E4ABB0D42