0001 What: /sys/class/tpm/tpmX/device/
0002 Date: April 2005
0003 KernelVersion: 2.6.12
0004 Contact: linux-integrity@vger.kernel.org
0005 Description: The device/ directory under a specific TPM instance exposes
0006 the properties of that TPM chip
0007
0008
0009 What: /sys/class/tpm/tpmX/device/active
0010 Date: April 2006
0011 KernelVersion: 2.6.17
0012 Contact: linux-integrity@vger.kernel.org
0013 Description: The "active" property prints a '1' if the TPM chip is accepting
0014 commands. An inactive TPM chip still contains all the state of
0015 an active chip (Storage Root Key, NVRAM, etc), and can be
0016 visible to the OS, but will only accept a restricted set of
0017 commands. See the TPM Main Specification part 2, Structures,
0018 section 17 for more information on which commands are
0019 available.
0020
0021 What: /sys/class/tpm/tpmX/device/cancel
0022 Date: June 2005
0023 KernelVersion: 2.6.13
0024 Contact: linux-integrity@vger.kernel.org
0025 Description: The "cancel" property allows you to cancel the currently
0026 pending TPM command. Writing any value to cancel will call the
0027 TPM vendor specific cancel operation.
0028
0029 What: /sys/class/tpm/tpmX/device/caps
0030 Date: April 2005
0031 KernelVersion: 2.6.12
0032 Contact: linux-integrity@vger.kernel.org
0033 Description: The "caps" property contains TPM manufacturer and version info.
0034
0035 Example output::
0036
0037 Manufacturer: 0x53544d20
0038 TCG version: 1.2
0039 Firmware version: 8.16
0040
0041 Manufacturer is a hex dump of the 4 byte manufacturer info
0042 space in a TPM. TCG version shows the TCG TPM spec level that
0043 the chip supports. Firmware version is that of the chip and
0044 is manufacturer specific.
0045
0046 What: /sys/class/tpm/tpmX/device/durations
0047 Date: March 2011
0048 KernelVersion: 3.1
0049 Contact: linux-integrity@vger.kernel.org
0050 Description: The "durations" property shows the 3 vendor-specific values
0051 used to wait for a short, medium and long TPM command. All
0052 TPM commands are categorized as short, medium or long in
0053 execution time, so that the driver doesn't have to wait
0054 any longer than necessary before starting to poll for a
0055 result.
0056
0057 Example output::
0058
0059 3015000 4508000 180995000 [original]
0060
0061 Here the short, medium and long durations are displayed in
0062 usecs. "[original]" indicates that the values are displayed
0063 unmodified from when they were queried from the chip.
0064 Durations can be modified in the case where a buggy chip
0065 reports them in msec instead of usec and they need to be
0066 scaled to be displayed in usecs. In this case "[adjusted]"
0067 will be displayed in place of "[original]".
0068
0069 What: /sys/class/tpm/tpmX/device/enabled
0070 Date: April 2006
0071 KernelVersion: 2.6.17
0072 Contact: linux-integrity@vger.kernel.org
0073 Description: The "enabled" property prints a '1' if the TPM chip is enabled,
0074 meaning that it should be visible to the OS. This property
0075 may be visible but produce a '0' after some operation that
0076 disables the TPM.
0077
0078 What: /sys/class/tpm/tpmX/device/owned
0079 Date: April 2006
0080 KernelVersion: 2.6.17
0081 Contact: linux-integrity@vger.kernel.org
0082 Description: The "owned" property produces a '1' if the TPM_TakeOwnership
0083 ordinal has been executed successfully in the chip. A '0'
0084 indicates that ownership hasn't been taken.
0085
0086 What: /sys/class/tpm/tpmX/device/pcrs
0087 Date: April 2005
0088 KernelVersion: 2.6.12
0089 Contact: linux-integrity@vger.kernel.org
0090 Description: The "pcrs" property will dump the current value of all Platform
0091 Configuration Registers in the TPM. Note that since these
0092 values may be constantly changing, the output is only valid
0093 for a snapshot in time.
0094
0095 Example output::
0096
0097 PCR-00: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75
0098 PCR-01: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75
0099 PCR-02: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75
0100 PCR-03: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75
0101 PCR-04: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75
0102 ...
0103
0104 The number of PCRs and hex bytes needed to represent a PCR
0105 value will vary depending on TPM chip version. For TPM 1.1 and
0106 1.2 chips, PCRs represent SHA-1 hashes, which are 20 bytes
0107 long. Use the "caps" property to determine TPM version.
0108
0109 What: /sys/class/tpm/tpmX/device/pubek
0110 Date: April 2005
0111 KernelVersion: 2.6.12
0112 Contact: linux-integrity@vger.kernel.org
0113 Description: The "pubek" property will return the TPM's public endorsement
0114 key if possible. If the TPM has had ownership established and
0115 is version 1.2, the pubek will not be available without the
0116 owner's authorization. Since the TPM driver doesn't store any
0117 secrets, it can't authorize its own request for the pubek,
0118 making it unaccessible. The public endorsement key is gener-
0119 ated at TPM manufacture time and exists for the life of the
0120 chip.
0121
0122 Example output::
0123
0124 Algorithm: 00 00 00 01
0125 Encscheme: 00 03
0126 Sigscheme: 00 01
0127 Parameters: 00 00 08 00 00 00 00 02 00 00 00 00
0128 Modulus length: 256
0129 Modulus:
0130 B4 76 41 82 C9 20 2C 10 18 40 BC 8B E5 44 4C 6C
0131 3A B2 92 0C A4 9B 2A 83 EB 5C 12 85 04 48 A0 B6
0132 1E E4 81 84 CE B2 F2 45 1C F0 85 99 61 02 4D EB
0133 86 C4 F7 F3 29 60 52 93 6B B2 E5 AB 8B A9 09 E3
0134 D7 0E 7D CA 41 BF 43 07 65 86 3C 8C 13 7A D0 8B
0135 82 5E 96 0B F8 1F 5F 34 06 DA A2 52 C1 A9 D5 26
0136 0F F4 04 4B D9 3F 2D F2 AC 2F 74 64 1F 8B CD 3E
0137 1E 30 38 6C 70 63 69 AB E2 50 DF 49 05 2E E1 8D
0138 6F 78 44 DA 57 43 69 EE 76 6C 38 8A E9 8E A3 F0
0139 A7 1F 3C A8 D0 12 15 3E CA 0E BD FA 24 CD 33 C6
0140 47 AE A4 18 83 8E 22 39 75 93 86 E6 FD 66 48 B6
0141 10 AD 94 14 65 F9 6A 17 78 BD 16 53 84 30 BF 70
0142 E0 DC 65 FD 3C C6 B0 1E BF B9 C1 B5 6C EF B1 3A
0143 F8 28 05 83 62 26 11 DC B4 6B 5A 97 FF 32 26 B6
0144 F7 02 71 CF 15 AE 16 DD D1 C1 8E A8 CF 9B 50 7B
0145 C3 91 FF 44 1E CF 7C 39 FE 17 77 21 20 BD CE 9B
0146
0147 Possible values::
0148
0149 Algorithm: TPM_ALG_RSA (1)
0150 Encscheme: TPM_ES_RSAESPKCSv15 (2)
0151 TPM_ES_RSAESOAEP_SHA1_MGF1 (3)
0152 Sigscheme: TPM_SS_NONE (1)
0153 Parameters, a byte string of 3 u32 values:
0154 Key Length (bits): 00 00 08 00 (2048)
0155 Num primes: 00 00 00 02 (2)
0156 Exponent Size: 00 00 00 00 (0 means the
0157 default exp)
0158 Modulus Length: 256 (bytes)
0159 Modulus: The 256 byte Endorsement Key modulus
0160
0161 What: /sys/class/tpm/tpmX/device/temp_deactivated
0162 Date: April 2006
0163 KernelVersion: 2.6.17
0164 Contact: linux-integrity@vger.kernel.org
0165 Description: The "temp_deactivated" property returns a '1' if the chip has
0166 been temporarily deactivated, usually until the next power
0167 cycle. Whether a warm boot (reboot) will clear a TPM chip
0168 from a temp_deactivated state is platform specific.
0169
0170 What: /sys/class/tpm/tpmX/device/timeouts
0171 Date: March 2011
0172 KernelVersion: 3.1
0173 Contact: linux-integrity@vger.kernel.org
0174 Description: The "timeouts" property shows the 4 vendor-specific values
0175 for the TPM's interface spec timeouts. The use of these
0176 timeouts is defined by the TPM interface spec that the chip
0177 conforms to.
0178
0179 Example output::
0180
0181 750000 750000 750000 750000 [original]
0182
0183 The four timeout values are shown in usecs, with a trailing
0184 "[original]" or "[adjusted]" depending on whether the values
0185 were scaled by the driver to be reported in usec from msecs.
0186
0187 What: /sys/class/tpm/tpmX/tpm_version_major
0188 Date: October 2019
0189 KernelVersion: 5.5
0190 Contact: linux-integrity@vger.kernel.org
0191 Description: The "tpm_version_major" property shows the TCG spec major version
0192 implemented by the TPM device.
0193
0194 Example output::
0195
0196 2
0197
0198 What: /sys/class/tpm/tpmX/pcr-<H>/<N>
0199 Date: March 2021
0200 KernelVersion: 5.12
0201 Contact: linux-integrity@vger.kernel.org
0202 Description: produces output in compact hex representation for PCR
0203 number N from hash bank H. N is the numeric value of
0204 the PCR number and H is the crypto string
0205 representation of the hash
0206
0207 Example output::
0208
0209 cat /sys/class/tpm/tpm0/pcr-sha256/7
0210 2ED93F199692DC6788EFA6A1FE74514AB9760B2A6CEEAEF6C808C13E4ABB0D42
