18c2ecf20Sopenharmony_ciWhat: /sys/class/tpm/tpmX/device/ 28c2ecf20Sopenharmony_ciDate: April 2005 38c2ecf20Sopenharmony_ciKernelVersion: 2.6.12 48c2ecf20Sopenharmony_ciContact: linux-integrity@vger.kernel.org 58c2ecf20Sopenharmony_ciDescription: The device/ directory under a specific TPM instance exposes 68c2ecf20Sopenharmony_ci the properties of that TPM chip 78c2ecf20Sopenharmony_ci 88c2ecf20Sopenharmony_ci 98c2ecf20Sopenharmony_ciWhat: /sys/class/tpm/tpmX/device/active 108c2ecf20Sopenharmony_ciDate: April 2006 118c2ecf20Sopenharmony_ciKernelVersion: 2.6.17 128c2ecf20Sopenharmony_ciContact: linux-integrity@vger.kernel.org 138c2ecf20Sopenharmony_ciDescription: The "active" property prints a '1' if the TPM chip is accepting 148c2ecf20Sopenharmony_ci commands. An inactive TPM chip still contains all the state of 158c2ecf20Sopenharmony_ci an active chip (Storage Root Key, NVRAM, etc), and can be 168c2ecf20Sopenharmony_ci visible to the OS, but will only accept a restricted set of 178c2ecf20Sopenharmony_ci commands. See the TPM Main Specification part 2, Structures, 188c2ecf20Sopenharmony_ci section 17 for more information on which commands are 198c2ecf20Sopenharmony_ci available. 208c2ecf20Sopenharmony_ci 218c2ecf20Sopenharmony_ciWhat: /sys/class/tpm/tpmX/device/cancel 228c2ecf20Sopenharmony_ciDate: June 2005 238c2ecf20Sopenharmony_ciKernelVersion: 2.6.13 248c2ecf20Sopenharmony_ciContact: linux-integrity@vger.kernel.org 258c2ecf20Sopenharmony_ciDescription: The "cancel" property allows you to cancel the currently 268c2ecf20Sopenharmony_ci pending TPM command. Writing any value to cancel will call the 278c2ecf20Sopenharmony_ci TPM vendor specific cancel operation. 288c2ecf20Sopenharmony_ci 298c2ecf20Sopenharmony_ciWhat: /sys/class/tpm/tpmX/device/caps 308c2ecf20Sopenharmony_ciDate: April 2005 318c2ecf20Sopenharmony_ciKernelVersion: 2.6.12 328c2ecf20Sopenharmony_ciContact: linux-integrity@vger.kernel.org 338c2ecf20Sopenharmony_ciDescription: The "caps" property contains TPM manufacturer and version info. 348c2ecf20Sopenharmony_ci 358c2ecf20Sopenharmony_ci Example output:: 368c2ecf20Sopenharmony_ci 378c2ecf20Sopenharmony_ci Manufacturer: 0x53544d20 388c2ecf20Sopenharmony_ci TCG version: 1.2 398c2ecf20Sopenharmony_ci Firmware version: 8.16 408c2ecf20Sopenharmony_ci 418c2ecf20Sopenharmony_ci Manufacturer is a hex dump of the 4 byte manufacturer info 428c2ecf20Sopenharmony_ci space in a TPM. TCG version shows the TCG TPM spec level that 438c2ecf20Sopenharmony_ci the chip supports. Firmware version is that of the chip and 448c2ecf20Sopenharmony_ci is manufacturer specific. 458c2ecf20Sopenharmony_ci 468c2ecf20Sopenharmony_ciWhat: /sys/class/tpm/tpmX/device/durations 478c2ecf20Sopenharmony_ciDate: March 2011 488c2ecf20Sopenharmony_ciKernelVersion: 3.1 498c2ecf20Sopenharmony_ciContact: linux-integrity@vger.kernel.org 508c2ecf20Sopenharmony_ciDescription: The "durations" property shows the 3 vendor-specific values 518c2ecf20Sopenharmony_ci used to wait for a short, medium and long TPM command. All 528c2ecf20Sopenharmony_ci TPM commands are categorized as short, medium or long in 538c2ecf20Sopenharmony_ci execution time, so that the driver doesn't have to wait 548c2ecf20Sopenharmony_ci any longer than necessary before starting to poll for a 558c2ecf20Sopenharmony_ci result. 568c2ecf20Sopenharmony_ci 578c2ecf20Sopenharmony_ci Example output:: 588c2ecf20Sopenharmony_ci 598c2ecf20Sopenharmony_ci 3015000 4508000 180995000 [original] 608c2ecf20Sopenharmony_ci 618c2ecf20Sopenharmony_ci Here the short, medium and long durations are displayed in 628c2ecf20Sopenharmony_ci usecs. "[original]" indicates that the values are displayed 638c2ecf20Sopenharmony_ci unmodified from when they were queried from the chip. 648c2ecf20Sopenharmony_ci Durations can be modified in the case where a buggy chip 658c2ecf20Sopenharmony_ci reports them in msec instead of usec and they need to be 668c2ecf20Sopenharmony_ci scaled to be displayed in usecs. In this case "[adjusted]" 678c2ecf20Sopenharmony_ci will be displayed in place of "[original]". 688c2ecf20Sopenharmony_ci 698c2ecf20Sopenharmony_ciWhat: /sys/class/tpm/tpmX/device/enabled 708c2ecf20Sopenharmony_ciDate: April 2006 718c2ecf20Sopenharmony_ciKernelVersion: 2.6.17 728c2ecf20Sopenharmony_ciContact: linux-integrity@vger.kernel.org 738c2ecf20Sopenharmony_ciDescription: The "enabled" property prints a '1' if the TPM chip is enabled, 748c2ecf20Sopenharmony_ci meaning that it should be visible to the OS. This property 758c2ecf20Sopenharmony_ci may be visible but produce a '0' after some operation that 768c2ecf20Sopenharmony_ci disables the TPM. 778c2ecf20Sopenharmony_ci 788c2ecf20Sopenharmony_ciWhat: /sys/class/tpm/tpmX/device/owned 798c2ecf20Sopenharmony_ciDate: April 2006 808c2ecf20Sopenharmony_ciKernelVersion: 2.6.17 818c2ecf20Sopenharmony_ciContact: linux-integrity@vger.kernel.org 828c2ecf20Sopenharmony_ciDescription: The "owned" property produces a '1' if the TPM_TakeOwnership 838c2ecf20Sopenharmony_ci ordinal has been executed successfully in the chip. A '0' 848c2ecf20Sopenharmony_ci indicates that ownership hasn't been taken. 858c2ecf20Sopenharmony_ci 868c2ecf20Sopenharmony_ciWhat: /sys/class/tpm/tpmX/device/pcrs 878c2ecf20Sopenharmony_ciDate: April 2005 888c2ecf20Sopenharmony_ciKernelVersion: 2.6.12 898c2ecf20Sopenharmony_ciContact: linux-integrity@vger.kernel.org 908c2ecf20Sopenharmony_ciDescription: The "pcrs" property will dump the current value of all Platform 918c2ecf20Sopenharmony_ci Configuration Registers in the TPM. Note that since these 928c2ecf20Sopenharmony_ci values may be constantly changing, the output is only valid 938c2ecf20Sopenharmony_ci for a snapshot in time. 948c2ecf20Sopenharmony_ci 958c2ecf20Sopenharmony_ci Example output:: 968c2ecf20Sopenharmony_ci 978c2ecf20Sopenharmony_ci PCR-00: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 988c2ecf20Sopenharmony_ci PCR-01: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 998c2ecf20Sopenharmony_ci PCR-02: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 1008c2ecf20Sopenharmony_ci PCR-03: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 1018c2ecf20Sopenharmony_ci PCR-04: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75 1028c2ecf20Sopenharmony_ci ... 1038c2ecf20Sopenharmony_ci 1048c2ecf20Sopenharmony_ci The number of PCRs and hex bytes needed to represent a PCR 1058c2ecf20Sopenharmony_ci value will vary depending on TPM chip version. For TPM 1.1 and 1068c2ecf20Sopenharmony_ci 1.2 chips, PCRs represent SHA-1 hashes, which are 20 bytes 1078c2ecf20Sopenharmony_ci long. Use the "caps" property to determine TPM version. 1088c2ecf20Sopenharmony_ci 1098c2ecf20Sopenharmony_ciWhat: /sys/class/tpm/tpmX/device/pubek 1108c2ecf20Sopenharmony_ciDate: April 2005 1118c2ecf20Sopenharmony_ciKernelVersion: 2.6.12 1128c2ecf20Sopenharmony_ciContact: linux-integrity@vger.kernel.org 1138c2ecf20Sopenharmony_ciDescription: The "pubek" property will return the TPM's public endorsement 1148c2ecf20Sopenharmony_ci key if possible. If the TPM has had ownership established and 1158c2ecf20Sopenharmony_ci is version 1.2, the pubek will not be available without the 1168c2ecf20Sopenharmony_ci owner's authorization. Since the TPM driver doesn't store any 1178c2ecf20Sopenharmony_ci secrets, it can't authorize its own request for the pubek, 1188c2ecf20Sopenharmony_ci making it unaccessible. The public endorsement key is gener- 1198c2ecf20Sopenharmony_ci ated at TPM manufacture time and exists for the life of the 1208c2ecf20Sopenharmony_ci chip. 1218c2ecf20Sopenharmony_ci 1228c2ecf20Sopenharmony_ci Example output:: 1238c2ecf20Sopenharmony_ci 1248c2ecf20Sopenharmony_ci Algorithm: 00 00 00 01 1258c2ecf20Sopenharmony_ci Encscheme: 00 03 1268c2ecf20Sopenharmony_ci Sigscheme: 00 01 1278c2ecf20Sopenharmony_ci Parameters: 00 00 08 00 00 00 00 02 00 00 00 00 1288c2ecf20Sopenharmony_ci Modulus length: 256 1298c2ecf20Sopenharmony_ci Modulus: 1308c2ecf20Sopenharmony_ci B4 76 41 82 C9 20 2C 10 18 40 BC 8B E5 44 4C 6C 1318c2ecf20Sopenharmony_ci 3A B2 92 0C A4 9B 2A 83 EB 5C 12 85 04 48 A0 B6 1328c2ecf20Sopenharmony_ci 1E E4 81 84 CE B2 F2 45 1C F0 85 99 61 02 4D EB 1338c2ecf20Sopenharmony_ci 86 C4 F7 F3 29 60 52 93 6B B2 E5 AB 8B A9 09 E3 1348c2ecf20Sopenharmony_ci D7 0E 7D CA 41 BF 43 07 65 86 3C 8C 13 7A D0 8B 1358c2ecf20Sopenharmony_ci 82 5E 96 0B F8 1F 5F 34 06 DA A2 52 C1 A9 D5 26 1368c2ecf20Sopenharmony_ci 0F F4 04 4B D9 3F 2D F2 AC 2F 74 64 1F 8B CD 3E 1378c2ecf20Sopenharmony_ci 1E 30 38 6C 70 63 69 AB E2 50 DF 49 05 2E E1 8D 1388c2ecf20Sopenharmony_ci 6F 78 44 DA 57 43 69 EE 76 6C 38 8A E9 8E A3 F0 1398c2ecf20Sopenharmony_ci A7 1F 3C A8 D0 12 15 3E CA 0E BD FA 24 CD 33 C6 1408c2ecf20Sopenharmony_ci 47 AE A4 18 83 8E 22 39 75 93 86 E6 FD 66 48 B6 1418c2ecf20Sopenharmony_ci 10 AD 94 14 65 F9 6A 17 78 BD 16 53 84 30 BF 70 1428c2ecf20Sopenharmony_ci E0 DC 65 FD 3C C6 B0 1E BF B9 C1 B5 6C EF B1 3A 1438c2ecf20Sopenharmony_ci F8 28 05 83 62 26 11 DC B4 6B 5A 97 FF 32 26 B6 1448c2ecf20Sopenharmony_ci F7 02 71 CF 15 AE 16 DD D1 C1 8E A8 CF 9B 50 7B 1458c2ecf20Sopenharmony_ci C3 91 FF 44 1E CF 7C 39 FE 17 77 21 20 BD CE 9B 1468c2ecf20Sopenharmony_ci 1478c2ecf20Sopenharmony_ci Possible values:: 1488c2ecf20Sopenharmony_ci 1498c2ecf20Sopenharmony_ci Algorithm: TPM_ALG_RSA (1) 1508c2ecf20Sopenharmony_ci Encscheme: TPM_ES_RSAESPKCSv15 (2) 1518c2ecf20Sopenharmony_ci TPM_ES_RSAESOAEP_SHA1_MGF1 (3) 1528c2ecf20Sopenharmony_ci Sigscheme: TPM_SS_NONE (1) 1538c2ecf20Sopenharmony_ci Parameters, a byte string of 3 u32 values: 1548c2ecf20Sopenharmony_ci Key Length (bits): 00 00 08 00 (2048) 1558c2ecf20Sopenharmony_ci Num primes: 00 00 00 02 (2) 1568c2ecf20Sopenharmony_ci Exponent Size: 00 00 00 00 (0 means the 1578c2ecf20Sopenharmony_ci default exp) 1588c2ecf20Sopenharmony_ci Modulus Length: 256 (bytes) 1598c2ecf20Sopenharmony_ci Modulus: The 256 byte Endorsement Key modulus 1608c2ecf20Sopenharmony_ci 1618c2ecf20Sopenharmony_ciWhat: /sys/class/tpm/tpmX/device/temp_deactivated 1628c2ecf20Sopenharmony_ciDate: April 2006 1638c2ecf20Sopenharmony_ciKernelVersion: 2.6.17 1648c2ecf20Sopenharmony_ciContact: linux-integrity@vger.kernel.org 1658c2ecf20Sopenharmony_ciDescription: The "temp_deactivated" property returns a '1' if the chip has 1668c2ecf20Sopenharmony_ci been temporarily deactivated, usually until the next power 1678c2ecf20Sopenharmony_ci cycle. Whether a warm boot (reboot) will clear a TPM chip 1688c2ecf20Sopenharmony_ci from a temp_deactivated state is platform specific. 1698c2ecf20Sopenharmony_ci 1708c2ecf20Sopenharmony_ciWhat: /sys/class/tpm/tpmX/device/timeouts 1718c2ecf20Sopenharmony_ciDate: March 2011 1728c2ecf20Sopenharmony_ciKernelVersion: 3.1 1738c2ecf20Sopenharmony_ciContact: linux-integrity@vger.kernel.org 1748c2ecf20Sopenharmony_ciDescription: The "timeouts" property shows the 4 vendor-specific values 1758c2ecf20Sopenharmony_ci for the TPM's interface spec timeouts. The use of these 1768c2ecf20Sopenharmony_ci timeouts is defined by the TPM interface spec that the chip 1778c2ecf20Sopenharmony_ci conforms to. 1788c2ecf20Sopenharmony_ci 1798c2ecf20Sopenharmony_ci Example output:: 1808c2ecf20Sopenharmony_ci 1818c2ecf20Sopenharmony_ci 750000 750000 750000 750000 [original] 1828c2ecf20Sopenharmony_ci 1838c2ecf20Sopenharmony_ci The four timeout values are shown in usecs, with a trailing 1848c2ecf20Sopenharmony_ci "[original]" or "[adjusted]" depending on whether the values 1858c2ecf20Sopenharmony_ci were scaled by the driver to be reported in usec from msecs. 1868c2ecf20Sopenharmony_ci 1878c2ecf20Sopenharmony_ciWhat: /sys/class/tpm/tpmX/tpm_version_major 1888c2ecf20Sopenharmony_ciDate: October 2019 1898c2ecf20Sopenharmony_ciKernelVersion: 5.5 1908c2ecf20Sopenharmony_ciContact: linux-integrity@vger.kernel.org 1918c2ecf20Sopenharmony_ciDescription: The "tpm_version_major" property shows the TCG spec major version 1928c2ecf20Sopenharmony_ci implemented by the TPM device. 1938c2ecf20Sopenharmony_ci 1948c2ecf20Sopenharmony_ci Example output:: 1958c2ecf20Sopenharmony_ci 1968c2ecf20Sopenharmony_ci 2 197