Blob Blame History Raw
--- tpm2-tools-3.0.4/Makefile.am	2018-04-30 02:52:17.000000000 -0700
+++ tpm2-tools-3.0.4-new/Makefile.am	2018-09-10 07:53:19.911780215 -0700
@@ -273,8 +273,7 @@
 	     RELEASE.md \
 	     test/system
 
-if HAVE_PANDOC
-    man1_MANS := \
+man1_MANS := \
     man/man1/tpm2_activatecredential.1 \
     man/man1/tpm2_certify.1 \
     man/man1/tpm2_create.1 \
@@ -315,16 +314,6 @@
     man/man1/tpm2_unseal.1 \
     man/man1/tpm2_verifysignature.1
 
-# If pandoc is enabled, we want to generate the manpages for the dist tarball
-EXTRA_DIST += $(man1_MANS)
-else
-# If pandoc is not enabled, we want to complain that you need pandoc for make dist,
-# so hook the target and complain.
-dist-hook:
-	@(>&2 echo "You do not have pandoc, a requirement for the distribution of manpages")
-	@exit 1
-endif
-
 MARKDOWN_COMMON_DEPS = \
 	man/common/alg.md \
 	man/common/hash.md \
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_activatecredential.1 tpm2-tools-3.0.4-new/man/man1/tpm2_activatecredential.1
--- tpm2-tools-3.0.4/man/man1/tpm2_activatecredential.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_activatecredential.1	2018-09-10 07:57:12.390603034 -0700
@@ -0,0 +1,179 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_activatecredential" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_activatecredential\f[](1) \- verify that an object is
+protected with a specific key.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_activatecredential\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+Verify that the given content is protected with given keyHandle for
+given handle, and then decrypt and return the secret, if any passwd
+option is missing, assume NULL.
+Currently only support using TCG profile compliant EK as the keyHandle.
+.SH OPTIONS
+.PP
+These options control the object verification:
+.IP \[bu] 2
+\f[B]\-H\f[], \f[B]\[en]handle\f[]=\f[I]HANDLE\f[]: \f[I]HANDLE\f[] of
+the object associated with the created certificate by CA.
+.IP \[bu] 2
+\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: The
+\f[I]KEY_HANDLE\f[] of Loaded key used to decrypt the the random seed.
+.IP \[bu] 2
+\f[B]\-C\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]:
+\f[I]KEY_CONTEXT_FILE\f[] is the path to a context file.
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]password\f[]=\f[I]PASSWORD\f[]: Use
+\f[I]PASSWORD\f[] for providing an authorization value for the
+\f[I]KEY_HANDLE\f[].
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-e\f[], \f[B]\[en]endorse\-password\f[]=\f[I]ENDORSE_PASSWORD\f[]:
+The endorsement password, optional.
+Follows the same formating guidelines as the handle password option \-P.
+.IP \[bu] 2
+\f[B]\-f\f[], \f[B]\[en]in\-file\f[]=\f[I]INPUT_FILE\f[]: Input file
+path, containing the two structures needed by tpm2_activatecredential
+function.
+This is created via the tpm2_makecredential(1) command.
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUTPUT_FILE\f[]: Output file
+path, record the secret to decrypt the certificate.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_activatecredential\ \-H\ 0x81010002\ \-k\ 0x81010001\ \-P\ abc123\ \-e\ abc123\ \-f\ <filePath>\ \-o\ <filePath>
+tpm2_activatecredential\ \-c\ ak.context\ \-C\ ek.context\ \-P\ abc123\ \-e\ abc123\ \-f\ <filePath>\ \-o\ <filePath>
+tpm2_activatecredential\ \-H\ 0x81010002\ \-k\ 0x81010001\ \-P\ 123abc\ \-e\ 1a1b1c\ \-X\ \-f\ <filePath>\ \-o\ <filePath>
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_certify.1 tpm2-tools-3.0.4-new/man/man1/tpm2_certify.1
--- tpm2-tools-3.0.4/man/man1/tpm2_certify.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_certify.1	2018-09-10 07:57:12.572600547 -0700
@@ -0,0 +1,202 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_certify" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_certify\f[](1) \- prove that an object is loaded in the tpm.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_certify\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_certify\f[](1) proves that an object with a specific
+\f[I]NAME\f[] is loaded in the TPM.
+By certifying that the object is loaded, the TPM warrants that a public
+area with a given \f[I]NAME\f[] is self\-consistent and associated with
+a valid sensitive area.
+If a relying party has a public area that has the same \f[I]NAME\f[] as
+a \f[I]NAME\f[] certified with this command, then the values in that
+public area are correct.
+The object may be any object that is loaded with TPM2_Load() or
+TPM2_CreatePrimary().
+An object that only has its public area loaded cannot be certified.
+.SH OPTIONS
+.PP
+These options control the ceritifcation:
+.IP \[bu] 2
+\f[B]\-H\f[], \f[B]\[en]obj\-handle\f[]=\f[I]OBJECT_HANDLE\f[]: The
+handle of the object to be certified.
+.IP \[bu] 2
+\f[B]\-C\f[], \f[B]\[en]obj\-context\f[]=\f[I]FILE\f[]: Use
+\f[I]FILE\f[] for providing the object context.
+.IP \[bu] 2
+\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: Handle of
+the key used to sign the attestation structure.
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT\f[]: Filename
+of the key context used to sign the attestation structure.
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]pwdo\f[]=\f[I]OBJECT_PASSWORD\f[]: Use
+\f[I]OBJECT_PASSWORD\f[] for providing an authorization value for the
+object specified in \f[I]OBJECT_HANDLE\f[].
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-K\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: Use
+\f[I]KEY_PASSWORD\f[] for providing an authorization value for the key
+specified in \f[I]KEY_HANDLE\f[].
+Follows the same formatting guidelines as the object handle password or
+\-P option.
+.IP \[bu] 2
+\f[B]\-a\f[], \f[B]\[en]attest\-file\f[]=\f[I]ATTEST_FILE\f[]: Output
+file name for the attestation data.
+.IP \[bu] 2
+\f[B]\-s\f[], \f[B]\[en]sig\-file\f[]=\f[I]SIG_FILE\f[]: Output file
+name for the signature data.
+.IP \[bu] 2
+\f[B]\-f\f[], \f[B]\[en]format\f[]
+.RS 2
+.PP
+Format selection for the signature output file.
+See section \[lq]Signature Format Specifiers\[rq].
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH Signature Format Specifiers
+.PP
+Format selection for the signature output file.
+\f[B]tss\f[] (the default) will output a binary blob according to the
+TPM 2.0 specification and any potential compiler padding.
+The option \f[B]plain\f[] will output the plain signature data as
+defined by the used cryptographic algorithm.
+# EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_certify\ \-H\ 0x81010002\ \-k\ 0x81010001\ \-P\ 0x0011\ \-K\ 0x00FF\ \-g\ 0x00B\ \-a\ <fileName>\ \-s\ <fileName>
+tpm2_certify\ \-C\ obj.context\ \-c\ key.context\ \-P\ 0x0011\ \-K\ 0x00FF\ \-g\ 0x00B\ \-a\ <fileName>\ \-s\ <fileName>
+tpm2_certify\ \-H\ 0x81010002\ \-k\ 0x81010001\ \-P\ 0011\ \-K\ 00FF\ \-X\ \-g\ 0x00B\ \-a\ <fileName>\ \-s\ <fileName>
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_create.1 tpm2-tools-3.0.4-new/man/man1/tpm2_create.1
--- tpm2-tools-3.0.4/man/man1/tpm2_create.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_create.1	2018-09-10 07:57:12.772597813 -0700
@@ -0,0 +1,273 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_create" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_create\f[](1) \- create an object that can be loaded into a
+TPM using tpm2_load.
+The object will need to be loaded before it may be used.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_create\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_create\f[](1) \- create an object that can be loaded into a
+TPM using tpm2_load.
+The object will need to be loaded before it may be used.
+.SH OPTIONS
+.PP
+These options for creating the tpm entity:
+.IP \[bu] 2
+\f[B]\-H\f[], \f[B]\[en]pparent\f[]=\f[I]PARENT_HANDLE\f[]: The handle
+of the parent object to create this object under.
+.IP \[bu] 2
+\f[B]\-c\f[],
+\f[B]\[en]context\-parent\f[]=\f[I]PARENT_CONTEXT_FILE\f[]: The filename
+for parent context.
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]pwdp\f[]=\f[I]PARENT_KEY_PASSWORD\f[]: The
+password for parent key, optional.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-K\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: The password for
+key, optional.
+Follows the password formatting of the \[lq]password for parent key\[rq]
+option: \-P.
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]ALGORITHM\f[]: The hash algorithm
+to use.
+Algorithms should follow the " formatting standards, see section
+\[lq]Algorithm Specifiers\[rq].
+Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of
+supported hash algorithms.
+.IP \[bu] 2
+\f[B]\-G\f[], \f[B]\[en]kalg\f[]=\f[I]KEY_ALGORITHM\f[]: The algorithm
+associated with this object.
+It accepts friendly names just like \-g option.
+See section \[lq]Supported Public Object Algorithms\[rq] for a list of
+supported object algorithms.
+.IP \[bu] 2
+\f[B]\-A\f[], \f[B]\[en]object\-attributes\f[]=\f[I]ATTRIBUTES\f[]: The
+object attributes, optional.
+Object attribytes follow the specifications as outlined in \[lq]object
+attribute specifiers\[rq].
+The default for created objects is:
+.RS 2
+.PP
+\f[C]TPMA_OBJECT_SIGN|TPMA_OBJECT_FIXEDTPM|TPMA_OBJECT_FIXEDPARENT|TPMA_OBJECT_SENSITIVEDATAORIGIN|TPMA_OBJECT_USERWITHAUTH\f[]
+.RE
+.IP \[bu] 2
+\f[B]\-I\f[], \f[B]\[en]in\-file\f[]=\f[I]FILE\f[]: The data file to be
+sealed, optional.
+If file is \-, read from stdin.
+When sealing data only the TPM_ALG_KEYEDHASH algorithm is allowed.
+.IP \[bu] 2
+\f[B]\-L\f[], \f[B]\[en]policy\-file\f[]=\f[I]POLICY_FILE\f[]: The input
+policy file, optional.
+.IP \[bu] 2
+\f[B]\-u\f[], \f[B]\[en]pubfile\f[]=\f[I]OUTPUT_PUBLIC_FILE\f[]: The
+output file which contains the public portion of the created object,
+optional.
+.IP \[bu] 2
+\f[B]\-r\f[], \f[B]\[en]privfile\f[]=\f[I]OUTPUT_PRIVATE_FILE\f[]: The
+output file which contains the sensitive portion of the object,
+optional.
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
+Input session handle from a policy session for authorization.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH Supported Hash Algorithms
+.PP
+Supported hash algorithms are:
+.IP \[bu] 2
+\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
+\f[B](default)\f[]
+.IP \[bu] 2
+\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
+.IP \[bu] 2
+\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
+.IP \[bu] 2
+\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
+.IP \[bu] 2
+\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Supported Public Object Algorithms
+.PP
+Supported public object algorithms are:
+.IP \[bu] 2
+\f[B]0x1\f[] or \f[B]rsa\f[] for \f[B]TPM_ALG_RSA\f[]
+(\f[B]default\f[]).
+.IP \[bu] 2
+\f[B]0x8\f[] or \f[B]keyedhash\f[] for \f[B]TPM_ALG_KEYEDHASH\f[].
+.IP \[bu] 2
+\f[B]0x23\f[] or \f[B]ecc\f[] for \f[B]TPM_ALG_ECC\f[].
+.IP \[bu] 2
+\f[B]0x25\f[] or \f[B]symcipher\f[] for \f[B]TPM_ALG_SYMCIPHER\f[].
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Algorithm Specfiers
+.PP
+Options that take algorithms support \[lq]nice\-names\[rq].
+Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
+The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
+from the Algorithm Name field and converting it to lower case.
+For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
+.PP
+The algorithms can be found at:
+<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
+.SH Object Attributes
+.PP
+Object Attributes are used to control various properties of created
+objects.
+When specified as an option, either the raw bitfield mask or
+\[lq]nice\-names\[rq] may be used.
+The values can be found in Table 31 Part 2 of the TPM2.0 specification,
+which can be found here:
+.PP
+<https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf>
+.PP
+Nice names are calculated by taking the name field of table 31 and
+removing the prefix \f[B]TPMA_OBJECT_\f[] and lowercasing the result.
+Thus, \f[B]TPMA_OBJECT_FIXEDTPM\f[] becomes fixedtpm.
+Nice names can be joined using the bitwise or \[lq]|\[rq] symbol.
+.PP
+For instance, to set The fields \f[B]TPMA_OBJECT_FIXEDTPM\f[],
+\f[B]TPMA_OBJECT_NODA\f[], and \f[B]TPMA_OBJECT_SIGN\f[], the argument
+would be:
+.PP
+\f[B]fixedtpm|noda|sign\f[]
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_create\ \-H\ 0x81010001\ \-P\ abc123\ \-K\ def456\ \-g\ sha256\ \-G\ keyedhash\-I\ data.File\ \-o\ opu.File
+tpm2_create\ \-c\ parent.context\ \-P\ abc123\ \-K\ def456\ \-g\ sha256\ \-G\ keyedhash\ \-I\ data.File\ \-o\ opu.File
+tpm2_create\ \-H\ 0x81010001\ \-P\ 123abc\ \-K\ 456def\ \-X\ \-g\ sha256\ \-G\ keyedhash\ \-I\ data.File\ \-o\ opu.File
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_createpolicy.1 tpm2-tools-3.0.4-new/man/man1/tpm2_createpolicy.1
--- tpm2-tools-3.0.4/man/man1/tpm2_createpolicy.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_createpolicy.1	2018-09-10 07:57:12.945595449 -0700
@@ -0,0 +1,185 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_createpolicy" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_createpolicy\f[](1) \- Creates simple assertion authorization
+policies based on multiple pcr indices values across multiple enabled
+banks.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_createpolicy\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_createpolicy\f[](1) \- Creates simple assertion authorization
+policies based on multiple pcr indices values across multiple enabled
+banks.
+It can then be used with object creation and or tools using the object.
+.SH OPTIONS
+.PP
+These options control creating the policy authorization session:
+.IP \[bu] 2
+\f[B]\-f\f[], \f[B]\[en]policy\-file\f[]=\f[I]POLICY_FILE\f[]: File to
+save the policy digest.
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]policy\-pcr\f[]: Identifies the PCR policy type
+for policy creation.
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]policy\-digest\-alg\f[]=\f[I]HASH_ALGORITHM\f[]:
+The hash algorithm used in computation of the policy digest.
+Algorithms should follow the \[lq]formatting standards, see
+section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported
+Hash Algorithms" for a list of supported hash algorithms.
+.IP \[bu] 2
+\f[B]\-L\f[], \f[B]\[en]set\-list\f[]=\f[I]PCR_LIST\f[]: The list of pcr
+banks and selected PCRs' ids (0~23) for each bank.
+.IP \[bu] 2
+\f[B]\-F\f[], \f[B]\[en]pcr\-input\-file\f[]=\f[I]PCR_FILE\f[]: Optional
+Path or Name of the file containing expected pcr values for the
+specified index.
+Default is to read the current PCRs per the set list.
+.IP \[bu] 2
+\f[B]\-e\f[], \f[B]\[en]extend\-policy\-session\f[]: Retains the policy
+session at the end of operation.
+.IP \[bu] 2
+\f[B]\-a\f[], \f[B]\[en]auth\-policy\-session\f[]: Start a policy
+session of type \f[B]TPM_SE_POLICY\f[].
+Default without this option is \f[B]TPM_SE_TRIAL\f[].
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Supported Hash Algorithms
+.PP
+Supported hash algorithms are:
+.IP \[bu] 2
+\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
+\f[B](default)\f[]
+.IP \[bu] 2
+\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
+.IP \[bu] 2
+\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
+.IP \[bu] 2
+\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
+.IP \[bu] 2
+\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Algorithm Specfiers
+.PP
+Options that take algorithms support \[lq]nice\-names\[rq].
+Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
+The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
+from the Algorithm Name field and converting it to lower case.
+For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
+.PP
+The algorithms can be found at:
+<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
+.SH EXAMPLES
+.PP
+Create a authorization policy tied to a specific PCR index:
+.PP
+\f[B]tpm2_createpolicy \-P \-L 0x4:0 \-f policy.file \-F pcr0.bin\f[]
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_createprimary.1 tpm2-tools-3.0.4-new/man/man1/tpm2_createprimary.1
--- tpm2-tools-3.0.4/man/man1/tpm2_createprimary.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_createprimary.1	2018-09-10 07:57:13.139592798 -0700
@@ -0,0 +1,274 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_createprimary" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_createprimary\f[](1) \- Create a primary key under a primary
+seed or a temporary primary key under the \f[B]TPM_RH_NULL\f[]
+hierarchy.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_createprimary\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_createprimary\f[](1) \- This command is used to create a
+Primary Object under one of the Primary Seeds or a Temporary Object
+under \f[B]TPM_RH_NULL\f[].
+The command uses a \f[B]TPM2B_PUBLIC\f[] as a template for the object to
+be created.
+The command will create and load a Primary Object.
+The sensitive area is not returned.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-H\f[], \f[B]\[en]hierarchy\f[]=\f[I]HIERARCHY\f[]: Specify the
+hierarchy under which the object is created.
+This will also dictate which authorization secret (if any) must be
+supplied.
+Supported options are:
+.RS 2
+.IP \[bu] 2
+\f[B]o\f[] for \f[B]TPM_RH_OWNER\f[]
+.IP \[bu] 2
+\f[B]p\f[] for \f[B]TPM_RH_PLATFORM\f[]
+.IP \[bu] 2
+\f[B]e\f[] for \f[B]TPM_RH_ENDORSEMENT\f[]
+.IP \[bu] 2
+\f[B]n\f[] for \f[B]TPM_RH_NULL\f[]
+.RE
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]pwdp\f[]=\f[I]PARENT_KEY_PASSWORD\f[]: Optional
+authorization string if authorization is required to create object under
+the specified hierarchy.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-K\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: Optional
+authorization string for the newly created object.
+Follows the same password formating guidelines as the parent
+authorization string under the \-P option.
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]ALGORITHM\f[]: The hash algorithm
+to use.
+Algorithms should follow the " formatting standards, see section
+\[lq]Algorithm Specifiers\[rq].
+Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of
+supported hash algorithms.
+.IP \[bu] 2
+\f[B]\-G\f[], \f[B]\[en]kalg\f[]=\f[I]KEY_ALGORITHM\f[]: Algorithm type
+for generated key.
+It supports friendly names like the \-g option.
+See section \[lq]Supported Public Object Algorithms\[rq] for a list of
+supported object algorithms.
+.IP \[bu] 2
+\f[B]\-C\f[], \f[B]\[en]context\f[]=\f[I]CONTEXT_FILE\f[]: An optional
+file used to store the object context returned.
+.IP \[bu] 2
+\f[B]\-L\f[], \f[B]\[en]policy\-file\f[]=\f[I]POLICY_FILE\f[]: An
+optional file input that contains the policy digest for policy based
+authorization of the object.
+.IP \[bu] 2
+\f[B]\-A\f[], \f[B]\[en]object\-attributes\f[]=\f[I]ATTRIBUTES\f[]: The
+object attributes, optional.
+Object attribytes follow the specifications as outlined in \[lq]object
+attribute specifiers\[rq].
+The default for created objects is:
+.RS 2
+.PP
+\f[C]TPMA_OBJECT_RESTRICTED|TPMA_OBJECT_DECRYPT|TPMA_OBJECT_FIXEDTPM|TPMA_OBJECT_FIXEDPARENT|TPMA_OBJECT_SENSITIVEDATAORIGIN|TPMA_OBJECT_USERWITHAUTH\f[]
+.RE
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
+Input session handle from a policy session for authorization.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH Supported Hash Algorithms
+.PP
+Supported hash algorithms are:
+.IP \[bu] 2
+\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
+\f[B](default)\f[]
+.IP \[bu] 2
+\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
+.IP \[bu] 2
+\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
+.IP \[bu] 2
+\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
+.IP \[bu] 2
+\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Supported Public Object Algorithms
+.PP
+Supported public object algorithms are:
+.IP \[bu] 2
+\f[B]0x1\f[] or \f[B]rsa\f[] for \f[B]TPM_ALG_RSA\f[]
+(\f[B]default\f[]).
+.IP \[bu] 2
+\f[B]0x8\f[] or \f[B]keyedhash\f[] for \f[B]TPM_ALG_KEYEDHASH\f[].
+.IP \[bu] 2
+\f[B]0x23\f[] or \f[B]ecc\f[] for \f[B]TPM_ALG_ECC\f[].
+.IP \[bu] 2
+\f[B]0x25\f[] or \f[B]symcipher\f[] for \f[B]TPM_ALG_SYMCIPHER\f[].
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Algorithm Specfiers
+.PP
+Options that take algorithms support \[lq]nice\-names\[rq].
+Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
+The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
+from the Algorithm Name field and converting it to lower case.
+For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
+.PP
+The algorithms can be found at:
+<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
+.SH Object Attributes
+.PP
+Object Attributes are used to control various properties of created
+objects.
+When specified as an option, either the raw bitfield mask or
+\[lq]nice\-names\[rq] may be used.
+The values can be found in Table 31 Part 2 of the TPM2.0 specification,
+which can be found here:
+.PP
+<https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf>
+.PP
+Nice names are calculated by taking the name field of table 31 and
+removing the prefix \f[B]TPMA_OBJECT_\f[] and lowercasing the result.
+Thus, \f[B]TPMA_OBJECT_FIXEDTPM\f[] becomes fixedtpm.
+Nice names can be joined using the bitwise or \[lq]|\[rq] symbol.
+.PP
+For instance, to set The fields \f[B]TPMA_OBJECT_FIXEDTPM\f[],
+\f[B]TPMA_OBJECT_NODA\f[], and \f[B]TPMA_OBJECT_SIGN\f[], the argument
+would be:
+.PP
+\f[B]fixedtpm|noda|sign\f[]
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_createprimary\ \-H\ o\ \-g\ sha256\ \-G\ ecc\ \-C\ context.out
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_dictionarylockout.1 tpm2-tools-3.0.4-new/man/man1/tpm2_dictionarylockout.1
--- tpm2-tools-3.0.4/man/man1/tpm2_dictionarylockout.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_dictionarylockout.1	2018-09-10 07:57:13.320590324 -0700
@@ -0,0 +1,155 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_dictionarylockout" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_dictionarylockout\f[](1) \- setup or clear
+dictionary\-attack\-lockout parameters.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_dictionarylockout\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_dictionarylockout\f[](1) \- setup dictionary\-attack\-lockout
+parameters or clear dictionary\-attack\-lockout state, if any passwd
+option is missing, assume NULL.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-s\f[], \f[B]\[en]setup\-parameters\f[]=\f[I]SETUP_PARAMETERS\f[]:
+specifies the tool should operate to setup dictionary\-attack\-lockout
+parameters.
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]clear\-lockout\f[]: specifies the tool should
+operate to clear dictionary\-attack\-lockout state.
+.IP \[bu] 2
+\f[B]\-l\f[], \f[B]\-lockout\-recovery\-time\f[]=\f[I]LOCKOUT_TIME\f[]:
+specifies the wait time in seconds before another TPM_RH_LOCKOUT
+authentication attempt can be made after a failed authentication.
+.IP \[bu] 2
+\f[B]\-t\f[], \f[B]\[en]recovery\-time\f[]=\f[I]RECOVERY_TIME\f[]:
+specifies the wait time in seconds before another DA\-protected\-object
+authentication attempt can be made after max\-tries number of failed
+authentications.
+.IP \[bu] 2
+\f[B]\-n\f[], \f[B]\[en]max\-tries\f[]=\f[I]MAX_TRYS\f[]: specifies the
+maximum number of allowed authentication attempts on
+DA\-protected\-object; after which DA is activated.
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
+Input session handle from a policy session for authorization.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_dictionarylockout\ \-c\ \-p\ passwd
+tpm2_dictionarylockout\ \-s\ \-n\ 5\ \-t\ 6\ \-l\ 7\ \-p\ passwd
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_encryptdecrypt.1 tpm2-tools-3.0.4-new/man/man1/tpm2_encryptdecrypt.1
--- tpm2-tools-3.0.4/man/man1/tpm2_encryptdecrypt.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_encryptdecrypt.1	2018-09-10 07:57:13.685585336 -0700
@@ -0,0 +1,170 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_encryptdecrypt" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_encryptdecrypt\f[](1) \- performs symmetric encryption or
+decryption.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_encryptdecrypt\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+tpm2_encryptdecrypt(1) \- performs symmetric encryption or decryption
+with a specified symmetric key.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: the
+symmetric key used for the operation (encryption/decryption).
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]:
+filename of the key context used for the operation.
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: filename of the
+key context used for the operation.
+The password for parent key, optional.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-D\f[], \f[B]\[en]decrypt\f[]: Perform a decrypt operation.
+Default is encryption.
+.IP \[bu] 2
+\f[B]\-I\f[], \f[B]\[en]in\-file\f[]=\f[I]INPUT_FILE\f[]: Input file
+path containing data for decrypt or encrypt operation.
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
+Input session handle from a policy session for authorization.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_encryptdecrypt\ \-k\ 0x81010001\ \-P\ abc123\ \-D\ NO\ \-I\ <filePath>\ \-o\ <filePath>
+tpm2_encryptdecrypt\ \-c\ key.context\ \-P\ abc123\ \-D\ NO\ \-I\ <filePath>\ \-o\ <filePath>
+tpm2_encryptdecrypt\ \-k\ 0x81010001\ \-P\ 123abca\ \-X\ \-D\ NO\ \-I\ <filePath>\ \-o\ <filePath>
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_evictcontrol.1 tpm2-tools-3.0.4-new/man/man1/tpm2_evictcontrol.1
--- tpm2-tools-3.0.4/man/man1/tpm2_evictcontrol.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_evictcontrol.1	2018-09-10 07:57:13.874582753 -0700
@@ -0,0 +1,181 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_evictcontrol" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_evictcontrol\f[](1) \- Make a transient object persistent or
+evict a persistent object.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_evictcontrol\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_evictcontrol\f[](1) \- allows a transient object to be made
+persistent or a persistent object to be evicted.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-A\f[], \f[B]\[en]auth\f[]=\f[I]AUTH\f[]: The authorization used
+to authorize the commands.
+Valid choices are:
+.RS 2
+.IP \[bu] 2
+\f[B]o\f[] for \f[B]TPM_RH_OWNER\f[]
+.IP \[bu] 2
+\f[B]p\f[] for \f[B]TPM_RH_PLATFORM\f[]
+.RE
+.IP \[bu] 2
+\f[B]\-H\f[], \f[B]\[en]handle\f[]=\f[I]HANDLE\f[]: The handle of a
+loaded transient or a persistent object.
+.RS 2
+.PP
+If the handle is for a transient object, then a handle that will be
+assigned to the persisted object must also be specified with the
+\f[B]\-S\f[] option.
+.PP
+If the handle is for a persistent object, then the \f[B]\-S\f[] does not
+need to be provided since the handle must be the same for both options.
+.RE
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]context\f[]=\f[I]OBJECT_CONTEXT_FILE\f[]:
+Filename for object context.
+.IP \[bu] 2
+\f[B]\-S\f[], \f[B]\[en]persistent\f[]=\f[I]PERSISTENT_HANDLE\f[]: The
+persistent handle for the object handle specified via \f[I]HANDLE\f[].
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]pwda\f[]=\f[I]AUTH_PASSWORD\f[]: authorization
+password, optional.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_evictcontrol\ \-A\ o\ \-c\ object.context\ \-S\ 0x81010002\ \-P\ abc123
+tpm2_evictcontrol\ \-A\ o\ \-H\ 0x81010002\ \-S\ 0x81010002\ \-P\ abc123
+tpm2_evictcontrol\ \-A\ o\ \-H\ 0x81010002\ \-S\ 0x81010002\ \-P\ 123abc
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getcap.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getcap.1
--- tpm2-tools-3.0.4/man/man1/tpm2_getcap.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_getcap.1	2018-09-10 07:57:13.499587878 -0700
@@ -0,0 +1,161 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_getcap" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_getcap\f[](1) \- Display TPM capabilities in a human readable
+form.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_getcap\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_getcap\f[](1) \- Query the TPM for it's capabilities /
+properties and dump them to the console.
+This is a thin wrapper around the GetCapability command.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]capability\f[]=\f[I]CAPABILITY_NAME\f[]: The
+name of the capability group to query.
+Currently supported capability groups are:
+.RS 2
+.IP \[bu] 2
+properties\-fixed: Display fixed TPM properties.
+.IP \[bu] 2
+properties\-variable: Display variable TPM properties.
+.IP \[bu] 2
+algorithms: Display data about supported algorithms.
+.IP \[bu] 2
+commands: Display data about supported commands.
+.IP \[bu] 2
+ecc\-curves: Display data about elliptic curves.
+.IP \[bu] 2
+handles\-transient: Display handles about transient objects.
+.IP \[bu] 2
+handles\-persistent: Display handles about persistent objects.
+.IP \[bu] 2
+handles\-permanent: Display handles about permanent objects.
+.IP \[bu] 2
+handles\-pcr: Display handles about PCRs.
+.IP \[bu] 2
+handles\-nv\-index: Display handles about NV Indices.
+.IP \[bu] 2
+handles\-loaded\-session: Display handles about both loaded HMAC and
+policy sessions.
+.IP \[bu] 2
+handles\-saved\-session: Display handles about saved sessions.
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_getcap\ \-\-capability="properties\-fixed"
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getmanufec.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getmanufec.1
--- tpm2-tools-3.0.4/man/man1/tpm2_getmanufec.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_getmanufec.1	2018-09-10 07:57:14.067580116 -0700
@@ -0,0 +1,226 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_getmanufec" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_getmanufec\f[](1) \- Retrieve the Endorsement Credential
+Certificate for the TPM endorsement key from the TPM manufacturer's
+endorsement certificate hosting server.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_getmanufec\f[] [\f[I]OPTIONS\f[]] [\f[I]URL\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_getmanufec\f[](1) \- Retrieve the Endorsement Credential
+Certificate for the TPM endorsement key from the TPM manufacturer's
+endorsement certificate hosting server.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-e\f[], \f[B]\[en]endorse\-passwd\f[]=\f[I]ENDORSE_PASSWORD\f[]:
+specifies current endorse password (string, optional,default:NULL).
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]owner\-passwd\f[]=\f[I]OWNER_PASSWORD\f[]:
+specifies current owner password (string, optional,default:NULL).
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]ek\-passwd\f[]=\f[I]EK_PASSWORD\f[]: specifies
+the EK password when created (string,optional,default:NULL).
+.RS 2
+.PP
+Passwords should follow the password formatting standards, see section
+\[lq]Password Formatting\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-H\f[], \f[B]\[en]handle\f[]=\f[I]HANDLE\f[]: specifies the handle
+used to make EK persistent (hex).
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]alg\f[]=\f[I]ALGORITHM\f[]: specifies the
+algorithm type of EK.
+See section \[lq]Supported Public Object Algorithms\[rq] for a list of
+supported object algorithms.
+See section \[lq]Algorithm Specifiers\[rq] on how to specify an
+algorithm argument.
+.IP \[bu] 2
+\f[B]\-f\f[], \f[B]\[en]output\f[]=\f[I]FILE\f[]: Specifies the file
+used to save the public portion of EK.
+.IP \[bu] 2
+\f[B]\-N\f[], \f[B]\[en]non\-persistent\f[]: specifies to readout the EK
+public without making it persistent.
+.IP \[bu] 2
+\f[B]\-O\f[], \f[B]\[en]offline\f[]=\f[I]FILE\f[]: Specifies the file
+that contains an EK retrieved from offline platform that needs to be
+provisioned.
+.IP \[bu] 2
+\f[B]\-E\f[], \f[B]\[en]ec\-cert\f[]=\f[I]EC_CERT_FILE\f[]: Specifies
+the file used to save the Endorsement Credentials retrieved from the TPM
+manufacturer provisioning server.
+Defaults to stdout if not specified.
+.IP \[bu] 2
+\f[B]\-U\f[], \f[B]\[en]SSL_NO_VERIFY\f[]: specifies to attempt
+connecting with the TPM manufacturer provisioning server with
+SSL_NO_VERIFY option.
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
+Input session handle from a policy session for authorization.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH Supported Public Object Algorithms
+.PP
+Supported public object algorithms are:
+.IP \[bu] 2
+\f[B]0x1\f[] or \f[B]rsa\f[] for \f[B]TPM_ALG_RSA\f[]
+(\f[B]default\f[]).
+.IP \[bu] 2
+\f[B]0x8\f[] or \f[B]keyedhash\f[] for \f[B]TPM_ALG_KEYEDHASH\f[].
+.IP \[bu] 2
+\f[B]0x23\f[] or \f[B]ecc\f[] for \f[B]TPM_ALG_ECC\f[].
+.IP \[bu] 2
+\f[B]0x25\f[] or \f[B]symcipher\f[] for \f[B]TPM_ALG_SYMCIPHER\f[].
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Algorithm Specfiers
+.PP
+Options that take algorithms support \[lq]nice\-names\[rq].
+Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
+The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
+from the Algorithm Name field and converting it to lower case.
+For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
+.PP
+The algorithms can be found at:
+<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
+.SH NOTES
+.PP
+When the verbose option is specified, additional curl debugging
+information is provided by setting the curl mode verbose, see:
+<https://curl.haxx.se/libcurl/c/CURLOPT_VERBOSE.html> for more
+information.
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_getmanufec\ \-e\ abc123\ \-o\ abc123\ \-P\ passwd\ \-H\ 0x81010001\-g\ 0x01\ \-O\ \-N\ \-U\ \-E\ ECcert.bin\ \-f\ ek.bin\ https://tpm.manufacturer.com/ekcertserver/
+tpm2_getmanufec\ \-e\ 1a1b1c\ \-o\ 1a1b1c\ \-P\ 123abc\ \-H\ 0x81010001\-g\ 0x01\ \-O\ \-N\ \-U\ \-E\ ECcert.bin\ \-f\ ek.bin\ https://tpm.manufacturer.com/ekcertserver/
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getpubak.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getpubak.1
--- tpm2-tools-3.0.4/man/man1/tpm2_getpubak.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_getpubak.1	2018-09-10 07:57:14.258577505 -0700
@@ -0,0 +1,242 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_getpubak" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_getpubak\f[](1) \- Generate attestation key with given
+algorithm under the endorsement hierarchy.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_getpubak\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_getpubak\f[](1) \- Generate attestation key with given
+algorithm under endorsement hierarchy, make it persistent with given ak
+handle, and return pub AK and AK name.
+If any passwd option is missing, assume NULL.
+.PP
+The tool outputs to stdout a YAML representation of the loaded key
+handle as well as it's name, for example:
+.IP
+.nf
+\f[C]
+loaded\-key:
+\ \ handle:\ 800000ff
+\ \ name:\ 000bac149518baa05540a0678bd9b624f8a98d042e46c60f4d098ba394d36fc49268
+\f[]
+.fi
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-e\f[], \f[B]\[en]endorse\-passwd\f[]=\f[I]ENDORSE_PASSWORD\f[]:
+Specifies current endorsement password, defaults to NULL.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]ak\-passwd\f[]=\f[I]AK_PASSWORD\f[] Specifies
+the AK password when created, defaults to NULL.
+Same formatting as the endorse password value or \-e option.
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]owner\-passwd\f[]=\f[I]OWNER_PASSWORD\f[]
+Specifies the current owner password, defaults to NULL.
+Same formatting as the endorse password value or \-e option.
+.IP \[bu] 2
+\f[B]\-E\f[], \f[B]\[en]ek\-handle\f[]=\f[I]EK_HANDLE\f[]: Specifies the
+handle used to make EK persistent.
+.IP \[bu] 2
+\f[B]\-k\f[], \f[B]\[en]ak\-handle\f[]=\f[I]AK_HANDLE\f[]: Specifies the
+handle used to make AK persistent.
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]alg\f[]=\f[I]ALGORITHM\f[]: Specifies the
+algorithm type of AK.
+Algorithms should follow the " formatting standards, see section
+\[lq]Algorithm Specifiers\[rq].
+See section \[lq]Supported Public Object Algorithms\[rq] for a list of
+supported object algorithms.
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]alg\f[]=\f[I]ALGORITHM\f[]: Like \-g, but
+specifies the algorithm of sign.
+See section \[lq]Supported Signing Algorithms\[rq] for details.
+.IP \[bu] 2
+\f[B]\-f\f[], \f[B]\[en]file\f[]=\f[I]FILE\f[]: Specifies the file used
+to save the public portion of AK.
+This will be a binary data structure corresponding to the TPM2B_PUBLIC
+struct in the specification.
+.IP \[bu] 2
+\f[B]\-n\f[], \f[B]\[en]ak\-name\f[]=\f[I]NAME\f[]: Specifies the file
+used to save the ak name, optional.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH Supported Signing Algorithms
+.PP
+Supported algorithms are:
+.IP \[bu] 2
+\f[B]0x5\f[] or \f[B]hmac\f[] for \f[B]TPM_ALG_HMAC\f[]
+\f[B](default)\f[]
+.IP \[bu] 2
+\f[B]0x14\f[] or \f[B]rsassa\f[] for \f[B]TPM_ALG_RSASSA\f[]
+.IP \[bu] 2
+\f[B]0x16\f[] or \f[B]rsapss\f[] for \f[B]TPM_ALG_RSAPSS\f[]
+.IP \[bu] 2
+\f[B]0x18\f[] or \f[B]ecdsa\f[] for \f[B]TPM_ALG_ECDSA\f[]
+.IP \[bu] 2
+\f[B]0x1A\f[] or \f[B]ecdaa\f[] for \f[B]TPM_ALG_ECDAA\f[]
+.IP \[bu] 2
+\f[B]0x1B\f[] or \f[B]sm2\f[] for \f[B]TPM_ALG_SM2\f[]
+.IP \[bu] 2
+\f[B]0x1C\f[] or \f[B]ecschnorr\f[] for \f[B]TPM_ALG_ECSCHNORR\f[]
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Supported Public Object Algorithms
+.PP
+Supported public object algorithms are:
+.IP \[bu] 2
+\f[B]0x1\f[] or \f[B]rsa\f[] for \f[B]TPM_ALG_RSA\f[]
+(\f[B]default\f[]).
+.IP \[bu] 2
+\f[B]0x8\f[] or \f[B]keyedhash\f[] for \f[B]TPM_ALG_KEYEDHASH\f[].
+.IP \[bu] 2
+\f[B]0x23\f[] or \f[B]ecc\f[] for \f[B]TPM_ALG_ECC\f[].
+.IP \[bu] 2
+\f[B]0x25\f[] or \f[B]symcipher\f[] for \f[B]TPM_ALG_SYMCIPHER\f[].
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Algorithm Specfiers
+.PP
+Options that take algorithms support \[lq]nice\-names\[rq].
+Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
+The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
+from the Algorithm Name field and converting it to lower case.
+For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
+.PP
+The algorithms can be found at:
+<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_getpubak\ \-e\ abc123\ \-P\ abc123\ \-o\ passwd\ \-E\ 0x81010001\ \-k\ 0x81010002\ \-f\ ./ak.pub\ \-n\ ./ak.name
+tpm2_getpubak\ \-e\ 1a1b1c\ \-P\ 123abc\ \-o\ 1a1b1c\ \-X\ \-E\ 0x81010001\ \-k\ 0x81010002\ \-f\ ./ak.pub\ \-n\ ./ak.name
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getpubek.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getpubek.1
--- tpm2-tools-3.0.4/man/man1/tpm2_getpubek.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_getpubek.1	2018-09-10 07:57:14.443574977 -0700
@@ -0,0 +1,189 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_getpubek" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_getpubek\f[](1) \- Generate TCG profile compliant endorsement
+key.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_getpubek\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_getpubek\f[](1) \- Generate TCG profile compliant endorsement
+key(endorsement hierarchy primary object), make it persistent with give
+ek handle, and return public EK, if any passwd option is missing, assume
+NULL.
+.PP
+Refer to:
+<http://www.trustedcomputinggroup.org/files/static_page_files/7CAA5687-1A4B-B294-D04080D058E86C5F>
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-e\f[], \f[B]\[en]endorse\-passwd\f[]=\f[I]ENDORSE_PASSWORD\f[]:
+Specifies current endorsement password, defaults to NULL.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]owner\-passwd\f[]=\f[I]OWNER_PASSWORD\f[]
+Specifies the current owner password, defaults to NULL.
+Same formatting as the endorse password value or \-e option.
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]eKPasswd\f[]=\f[I]EK_PASSWORD\f[] Specifies the
+EK password when created, defaults to NULL.
+Same formatting as the endorse password value or \-e option.
+.IP \[bu] 2
+\f[B]\-H\f[], \f[B]\[en]handle\f[]=\f[I]HANDLE\f[]: specifies the handle
+used to make EK persistent (hex).
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]alg\f[]=\f[I]ALGORITHM\f[]: specifies the
+algorithm type of EK.
+See section \[lq]Supported Public Object Algorithms\[rq] for a list of
+supported object algorithms.
+See section \[lq]Algorithm Specifiers\[rq] on how to specify an
+algorithm argument.
+.IP \[bu] 2
+\f[B]\-f\f[], \f[B]\[en]file\f[]=\f[I]FILE\f[]: specifies the file used
+to save the public portion of EK.
+This will be a binary data structure corresponding to the TPM2B_PUBLIC
+struct in the specification.
+.IP \[bu] 2
+\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION\f[]:
+Optional Input session handle from a policy session for authorization.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Supported Public Object Algorithms
+.PP
+Supported public object algorithms are:
+.IP \[bu] 2
+\f[B]0x1\f[] or \f[B]rsa\f[] for \f[B]TPM_ALG_RSA\f[]
+(\f[B]default\f[]).
+.IP \[bu] 2
+\f[B]0x8\f[] or \f[B]keyedhash\f[] for \f[B]TPM_ALG_KEYEDHASH\f[].
+.IP \[bu] 2
+\f[B]0x23\f[] or \f[B]ecc\f[] for \f[B]TPM_ALG_ECC\f[].
+.IP \[bu] 2
+\f[B]0x25\f[] or \f[B]symcipher\f[] for \f[B]TPM_ALG_SYMCIPHER\f[].
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Algorithm Specfiers
+.PP
+Options that take algorithms support \[lq]nice\-names\[rq].
+Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
+The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
+from the Algorithm Name field and converting it to lower case.
+For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
+.PP
+The algorithms can be found at:
+<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_getpubek\ \-e\ abc123\ \-o\ abc123\ \-P\ passwd\ \-H\ 0x81010001\ \-g\ rsa\ \-f\ ek.pub
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getrandom.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getrandom.1
--- tpm2-tools-3.0.4/man/man1/tpm2_getrandom.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_getrandom.1	2018-09-10 07:57:14.625572490 -0700
@@ -0,0 +1,144 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_getrandom" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_getrandom\f[](1) \- Retrieves random bytes from the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_getrandom\f[] [\f[I]OPTIONS\f[]] \f[I]SIZE\f[]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_getrandom\f[](1) \- Returns the next \f[I]SIZE\f[] octets from
+the random number generator.
+The \f[I]SIZE\f[] parameter is expected as the only argument to the
+tool.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]output\f[]=\f[I]FILE\f[] specifies the filename
+to output the raw bytes to.
+Defaults to stdout as a hex string.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH EXAMPLES
+.PP
+Generate a random 20 bytes and output the binary data to a file:
+.IP
+.nf
+\f[C]
+tpm2_getrandom\ \-o\ random.out\ 20
+\f[]
+.fi
+.PP
+Generate a random 8 bytes and output the hex formated data to stdout:
+.IP
+.nf
+\f[C]
+tpm2_getrandom\ 8
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_hash.1 tpm2-tools-3.0.4-new/man/man1/tpm2_hash.1
--- tpm2-tools-3.0.4/man/man1/tpm2_hash.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_hash.1	2018-09-10 07:57:14.800570098 -0700
@@ -0,0 +1,189 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_hash" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_hash\f[](1) \- Performs a hash operation with the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_hash\f[] [\f[I]OPTIONS\f[]] \f[I]FILE\f[]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_hash\f[](1) \- performs a hash operation on \f[I]FILE\f[] and
+returns the results.
+If \f[I]FILE\f[] is not specified, then data is read from stdin.
+If the results of the hash will be used in a signing operation that uses
+a restricted signing key, then the ticket returned by this command can
+indicate that the hash is safe to sign.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-H\f[], \f[B]\[en]hierarchy\f[]=\f[I]HIERARCHY\f[]: hierarchy to
+use for the ticket.
+Supported options are:
+.RS 2
+.IP \[bu] 2
+\f[B]o\f[] for \f[B]TPM_RH_OWNER\f[]
+.IP \[bu] 2
+\f[B]p\f[] for \f[B]TPM_RH_PLATFORM\f[]
+.IP \[bu] 2
+\f[B]e\f[] for \f[B]TPM_RH_ENDORSEMENT\f[]
+.IP \[bu] 2
+\f[B]n\f[] for \f[B]TPM_RH_NULL\f[]
+.RE
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]HASH_ALGORITHM\f[]: The hash
+algorithm to use.
+Algorithms should follow the \[lq]formatting standards, see
+section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported
+Hash Algorithms" for a list of supported hash algorithms.
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]outfile\f[]=\f[I]OUT_FILE\f[] Optional file
+record of the hash result.
+Defaults to stdout in hex form.
+.IP \[bu] 2
+\f[B]\-t\f[], \f[B]\[en]ticket\f[]=\f[I]TICKET_FILE\f[] Optional file
+record of the ticket result.
+Defaults to stdout in hex form.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Supported Hash Algorithms
+.PP
+Supported hash algorithms are:
+.IP \[bu] 2
+\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
+\f[B](default)\f[]
+.IP \[bu] 2
+\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
+.IP \[bu] 2
+\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
+.IP \[bu] 2
+\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
+.IP \[bu] 2
+\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Algorithm Specfiers
+.PP
+Options that take algorithms support \[lq]nice\-names\[rq].
+Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
+The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
+from the Algorithm Name field and converting it to lower case.
+For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
+.PP
+The algorithms can be found at:
+<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
+.SH EXAMPLES
+.PP
+Hash a file with sha1 hash algorithm and save the hash and ticket to a
+file:
+.IP
+.nf
+\f[C]
+tpm2_hash\ \-H\ e\ \-g\ sha1\ \-o\ hash.bin\ \-t\ ticket.bin\ data.txt
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_hmac.1 tpm2-tools-3.0.4-new/man/man1/tpm2_hmac.1
--- tpm2-tools-3.0.4/man/man1/tpm2_hmac.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_hmac.1	2018-09-10 07:57:14.979567652 -0700
@@ -0,0 +1,214 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_hmac" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_hmac\f[](1) \- Performs an HMAC operation with the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_hmac\f[] [\f[I]OPTIONS\f[]] \f[I]FILE\f[]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_hmac\f[](1) \- performs an HMAC operation on \f[I]FILE\f[] and
+returns the results.
+If \f[I]FILE\f[] is not specified, then data is read from stdin.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_CONTEXT_FILE\f[]: The
+key handle for the symmetric signing key providing the HMAC key.
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: The
+filename of the key context used for the operation.
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: The password for
+key, optional.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]HASH_ALGORITHM\f[]: The hash
+algorithm to use.
+Algorithms should follow the \[lq]formatting standards, see
+section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported
+Hash Algorithms" for a list of supported hash algorithms.
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]outfile\f[]=\f[I]OUT_FILE\f[] Optional file
+record of the HMAC result.
+Defaults to stdout.
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
+Input session handle from a policy session for authorization.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH Supported Hash Algorithms
+.PP
+Supported hash algorithms are:
+.IP \[bu] 2
+\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
+\f[B](default)\f[]
+.IP \[bu] 2
+\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
+.IP \[bu] 2
+\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
+.IP \[bu] 2
+\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
+.IP \[bu] 2
+\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Algorithm Specfiers
+.PP
+Options that take algorithms support \[lq]nice\-names\[rq].
+Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
+The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
+from the Algorithm Name field and converting it to lower case.
+For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
+.PP
+The algorithms can be found at:
+<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
+.SH EXAMPLES
+.PP
+Perform a SHA1 HMAC on data.in and send output and possibly ticket to
+stdout:
+.IP
+.nf
+\f[C]
+tpm2_hmac\ \-k\ 0x81010002\ \-P\ abc123\ \-g\ sha1\ data.in
+\f[]
+.fi
+.PP
+Perform a SHA1 HMAC on data.in read as a file to stdin and send output
+to a file:
+.IP
+.nf
+\f[C]
+tpm2_hmac\ \-c\ key.context\ \-P\ abc123\ \-g\ sha1\ \-o\ hash.out\ <<\ data.in
+\f[]
+.fi
+.PP
+Perform a SHA256 HMAC on \f[I]stdin\f[] and send result and possibly
+ticket to stdout:
+.PP
+cat data.in | tpm2_hmac \-k 0x81010002 \-g sha256 \-o hash.out ```
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_listpersistent.1 tpm2-tools-3.0.4-new/man/man1/tpm2_listpersistent.1
--- tpm2-tools-3.0.4/man/man1/tpm2_listpersistent.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_listpersistent.1	2018-09-10 07:57:15.157565219 -0700
@@ -0,0 +1,185 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_listpersistent" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_listpersistent\f[](1) \- Display all defined persistent
+objects.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_listpersistent\f[] [\f[I]OPTIONS\f[]] \f[I]FILE\f[]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_listpersistent\f[](1) \- display all defined persistent
+objects.
+.SH OPTIONS
+.PP
+These options for listing the persistent objects:
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]ALGORITHM\f[]: Only display
+persistent objects using this hash algorithm.
+Algorithms should follow the " formatting standards, see section
+\[lq]Algorithm Specifiers\[rq].
+Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of
+supported hash algorithms.
+.IP \[bu] 2
+\f[B]\-G\f[], \f[B]\[en]kalg\f[]=\f[I]KEY_ALGORITHM\f[]: Only display
+persistent objects using this key algorithm.
+It accepts friendly names just like \f[B]\-g\f[] option.
+See section \[lq]Supported Public Object Algorithms\[rq] for a list of
+supported object algorithms.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Supported Hash Algorithms
+.PP
+Supported hash algorithms are:
+.IP \[bu] 2
+\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
+\f[B](default)\f[]
+.IP \[bu] 2
+\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
+.IP \[bu] 2
+\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
+.IP \[bu] 2
+\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
+.IP \[bu] 2
+\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Supported Public Object Algorithms
+.PP
+Supported public object algorithms are:
+.IP \[bu] 2
+\f[B]0x1\f[] or \f[B]rsa\f[] for \f[B]TPM_ALG_RSA\f[]
+(\f[B]default\f[]).
+.IP \[bu] 2
+\f[B]0x8\f[] or \f[B]keyedhash\f[] for \f[B]TPM_ALG_KEYEDHASH\f[].
+.IP \[bu] 2
+\f[B]0x23\f[] or \f[B]ecc\f[] for \f[B]TPM_ALG_ECC\f[].
+.IP \[bu] 2
+\f[B]0x25\f[] or \f[B]symcipher\f[] for \f[B]TPM_ALG_SYMCIPHER\f[].
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Algorithm Specfiers
+.PP
+Options that take algorithms support \[lq]nice\-names\[rq].
+Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
+The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
+from the Algorithm Name field and converting it to lower case.
+For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
+.PP
+The algorithms can be found at:
+<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_listpersistent
+tpm2_listpersistent\ \-g\ sha256\ \-G\ ecc
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_load.1 tpm2-tools-3.0.4-new/man/man1/tpm2_load.1
--- tpm2-tools-3.0.4/man/man1/tpm2_load.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_load.1	2018-09-10 07:57:15.346562636 -0700
@@ -0,0 +1,176 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_load" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_load\f[](1) \- Load an object into the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_load\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_load\f[](1) \- Load both the private and public portions of an
+object into the TPM.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-H\f[], \f[B]\[en]parent\f[]=\f[I]PARENT_HANDLE\f[]: The handle of
+the parent object.
+Either this option or \f[B]\-c\f[] must be used.
+.IP \[bu] 2
+\f[B]\-c\f[],
+\f[B]\[en]context\-parent\f[]=\f[I]PARENT_CONTEXT_FILE\f[]: The filename
+for parent context.
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]pwdp\f[]=\f[I]PARENT_KEY_PASSWORD\f[]: The
+password for parent key, optional.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-u\f[], \f[B]\[en]pubfile\f[]=\f[I]PUBLIC_OBJECT_DATA_FILE\f[]: A
+file containing the public portion of the object.
+.IP \[bu] 2
+\f[B]\-r\f[], \f[B]\[en]privfile\f[]=\f[I]PRIVATE_OBJECT_DATA_FILE\f[]:
+A file containing the sensitive portion of the object.
+.IP \[bu] 2
+\f[B]\-n\f[], \f[B]\[en]name\f[]=\f[I]NAME_DATA_FILE\f[]: An optional
+file to save the name structure of the object.
+.IP \[bu] 2
+\f[B]\-C\f[], \f[B]\[en]context\f[]=\f[I]CONTEXT_FILE\f[]: An optional
+file to save the object context to.
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
+Input session handle from a policy session for authorization.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_load\ \ \-H\ 0x80000000\ \-P\ abc123\ \-u\ <pubKeyFileName>\ \-r\ <privKeyFileName>\ \-n\ <outPutFileName>
+tpm2_load\ \ \-c\ parent.context\ \-P\ abc123\ \-u\ <pubKeyFileName>\ \-r\ <privKeyFileName>\ \-n\ <outPutFileName>\ \-C\ object.context
+tpm2_load\ \ \-H\ 0x80000000\ \-P\ "hex:123abc"\ \-u\ <pubKeyFileName>\ \-r\ <privKeyFileName>\ \-n\ <outPutFileName>
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_loadexternal.1 tpm2-tools-3.0.4-new/man/man1/tpm2_loadexternal.1
--- tpm2-tools-3.0.4/man/man1/tpm2_loadexternal.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_loadexternal.1	2018-09-10 07:57:15.520560258 -0700
@@ -0,0 +1,166 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_loadexternal" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_loadexternal\f[](1) \- load an object that is not a Protected
+Object into the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_loadexternal\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_loadexternal\f[](1) \- load an object that is not a Protected
+Object into the TPM.
+The command allows loading of a public area or both a public and a
+sensitive area.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-H\f[], \f[B]\[en]hierarchy\f[]=\f[I]HIERARCHY\f[]: hierarchy to
+use for the ticket.
+Supported options are:
+.RS 2
+.IP \[bu] 2
+\f[B]o\f[] for \f[B]TPM_RH_OWNER\f[]
+.IP \[bu] 2
+\f[B]p\f[] for \f[B]TPM_RH_PLATFORM\f[]
+.IP \[bu] 2
+\f[B]e\f[] for \f[B]TPM_RH_ENDORSEMENT\f[]
+.IP \[bu] 2
+\f[B]n\f[] for \f[B]TPM_RH_NULL\f[]
+.RE
+.IP \[bu] 2
+\f[B]\-u\f[], \f[B]\[en]pubfile\f[]=\f[I]PUBLIC_FILE\f[]: The public
+portion of the object.
+.IP \[bu] 2
+\f[B]\-r\f[], \f[B]\[en]privfile\f[]=\f[I]PRIVATE_FILE\f[]: The
+sensitive portion of the object, optional.
+.IP \[bu] 2
+\f[B]\-C\f[], \f[B]\[en]context\f[]=\f[I]CONTEXT_FILE\f[] The file to
+save the object context, optional.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH EXAMPLES
+.PP
+Load a public area generated by tpm2_create, tpm2_readpublic or manually
+.IP
+.nf
+\f[C]
+tpm2_loadexternal\ \-H\ <e|o|p|n>\ \-u\ <pubKeyFileName>\ \-C\ object.context
+\f[]
+.fi
+.PP
+Load a key with sensitive area.
+Both the public & the senstive areas shall be generated externally.
+\f[I]DON'T\f[] use the areas generated by tpm2_create.
+.IP
+.nf
+\f[C]
+tpm2_loadexternal\ \-H\ n\ \-u\ <pubKeyFileName>\ \-r\ <privKeyFileName>\ \-C\ object.context
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_makecredential.1 tpm2-tools-3.0.4-new/man/man1/tpm2_makecredential.1
--- tpm2-tools-3.0.4/man/man1/tpm2_makecredential.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_makecredential.1	2018-09-10 07:57:15.705557730 -0700
@@ -0,0 +1,142 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_makecredential" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_makecredential\f[](1) \- load an object that is not a
+Protected Object into the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_makecredential\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_makecredential\f[](1) \- Use a TPM public key to protect a
+secret that is used to encrypt the AK certififcate.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-e\f[], \f[B]\[en]enckey\f[]=\f[I]PUBLIC_FILE\f[]: A tpm Public
+Key which was used to wrap the seed.
+.IP \[bu] 2
+\f[B]\-s\f[], \f[B]\[en]sec\f[]=\f[I]SECRET_DATA_FILE\f[]: The secret
+which will be protected by the key derived from the random seed.
+.IP \[bu] 2
+\f[B]\-n\f[], \f[B]\[en]name\f[]=\f[I]NAME\f[] The name of the key for
+which certificate is to be created.
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUT_FILE\f[] The output file
+path, recording the two structures output by tpm2_makecredential
+function.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_makecredential\ \-e\ <keyFile>\ \-s\ <secFile>\ \-n\ <hexString>\ \-o\ <outFile>
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvdefine.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvdefine.1
--- tpm2-tools-3.0.4/man/man1/tpm2_nvdefine.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvdefine.1	2018-09-10 07:57:15.879555352 -0700
@@ -0,0 +1,204 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_nvdefine" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_nvdefine\f[](1) \- define a TPM Non\-Volatile (NV) index.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_nvdefine\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_nvdefine\f[](1) \- Define NV index with given auth value.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index
+to define the space at.
+.IP \[bu] 2
+\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]:
+specifies the handle used to authorize:
+.RS 2
+.IP \[bu] 2
+\f[B]0x40000001\f[] for \f[B]TPM_RH_OWNER\f[]
+.IP \[bu] 2
+\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[]
+.RE
+.IP \[bu] 2
+\f[B]\-s\f[], \f[B]\[en]size\f[]=\f[I]SIZE\f[]: specifies the size of
+data area in bytes.
+Defaults to MAX_NV_INDEX_SIZE which is typically 2048.
+.IP \[bu] 2
+\f[B]\-t\f[], \f[B]\[en]attributes\f[]=\f[I]ATTRIBUTES\f[] Specifies the
+attribute values for the nv region used when creating the entitiy.
+Either the raw bitfield mask or \[lq]nice\-names\[rq] may be used.
+See section \[lq]NV Attributes\[rq] for more details.
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]:
+specifies the password of authHandle.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-I\f[], \f[B]\[en]index\-passwd\f[]=\f[I]INDEX_PASSWORD\f[]:
+specifies the password of NV Index when created.
+Follows the same formatting guidelines as the handle password or \-P
+option.
+.IP \[bu] 2
+\f[B]\-L\f[], \f[B]\[en]policy\-file\f[]=\f[I]POLICY_FILE\f[]: Specifies
+the policy digest file for policy based authorizations.
+.IP \[bu] 2
+\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]:
+Optional Input session handle from a policy session for authorization.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH NV Attributes
+.PP
+NV Attributes are used to control various properties of the NV defined
+space.
+When specified as an option, either the raw bitfield mask or
+\[lq]nice\-names\[rq] may be used.
+The values can be found in Table 204 Part 2 of the TPM2.0 specification,
+which can be found here:
+.PP
+<https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf>
+.PP
+Nice names are calculated by taking the name field of table 204 and
+removing the prefix \f[B]TPMA_NV_\f[] and lowercasing the result.
+Thus, \f[B]TPMA_NV_PPWRITE\f[] becomes ppwrite.
+Nice names can be joined using the bitwise or \[lq]|\[rq] symbol.
+.PP
+Note that the \f[B]TPM_NT\f[] field is 4 bits wide, and thus can be set
+via \f[B]nt=\f[] format.
+For instance, to set The fields \f[B]TPMA_NV_OWNERREAD\f[],
+\f[B]TPMA_NV_OWNERWRITE\f[], \f[B]TPMA_NV_POLICYWRITE\f[], and
+\f[B]TPMA_NT = 0x3\f[], the argument would be:
+.PP
+\f[B]ownerread|ownerwrite|policywrite|nt=0x3\f[] # Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_nvdefine\ \-x\ 0x1500016\ \-a\ 0x40000001\ \-s\ 32\ \-t\ 0x2000A
+tpm2_nvdefine\ \-x\ 0x1500016\ \-a\ 0x40000001\ \-s\ 32\ \-t\ ownerread|ownerwrite|policywrite\ \-I\ 1a1b1c
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvlist.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvlist.1
--- tpm2-tools-3.0.4/man/man1/tpm2_nvlist.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvlist.1	2018-09-10 07:57:16.056552933 -0700
@@ -0,0 +1,192 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_nvlist" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_nvlist\f[](1) \- display all defined Non\-Volatile (NV)s
+indices.
+.SS SYNOPSIS
+.PP
+\f[B]tpm2_nvlist\f[] [\f[I]OPTIONS\f[]]
+.SS DESCRIPTION
+.PP
+\f[B]tpm2_nvlist\f[](1) \- display all defined Non\-Volatile (NV)s
+indices to stdout in a YAML format.
+.PP
+Display metadata for all defined NV indices.
+Metadata includes:
+.IP \[bu] 2
+The size of the defined region.
+.IP \[bu] 2
+The hash algorithm used to compute the name of the index.
+.IP \[bu] 2
+The auth policy.
+.IP \[bu] 2
+The NV attributes as defined in section \[lq]NV Attributes\[rq].
+.PP
+Example Output:
+.IP
+.nf
+\f[C]
+0x1500015:
+\ \ hash\ algorithm:
+\ \ \ \ friendly:\ sha256
+\ \ \ \ value:\ 0xB
+\ \ attributes:
+\ \ \ \ friendly:\ ownerwrite|ownerread
+\ \ \ \ value:\ 0x2000200
+\ \ size:\ 32
+\ \ authorization\ policy:
+
+0x1500017:
+\ \ hash\ algorithm:
+\ \ \ \ friendly:\ sha256
+\ \ \ \ value:\ 0xB
+\ \ attributes:
+\ \ \ \ friendly:\ ownerwrite|ownerread
+\ \ \ \ value:\ 0x2000200
+\ \ size:\ 32
+\ \ authorization\ policy:
+\f[]
+.fi
+.SH OPTIONS
+.PP
+This tool takes no tool specific options.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH NV Attributes
+.PP
+NV Attributes are used to control various properties of the NV defined
+space.
+When specified as an option, either the raw bitfield mask or
+\[lq]nice\-names\[rq] may be used.
+The values can be found in Table 204 Part 2 of the TPM2.0 specification,
+which can be found here:
+.PP
+<https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf>
+.PP
+Nice names are calculated by taking the name field of table 204 and
+removing the prefix \f[B]TPMA_NV_\f[] and lowercasing the result.
+Thus, \f[B]TPMA_NV_PPWRITE\f[] becomes ppwrite.
+Nice names can be joined using the bitwise or \[lq]|\[rq] symbol.
+.PP
+Note that the \f[B]TPM_NT\f[] field is 4 bits wide, and thus can be set
+via \f[B]nt=\f[] format.
+For instance, to set The fields \f[B]TPMA_NV_OWNERREAD\f[],
+\f[B]TPMA_NV_OWNERWRITE\f[], \f[B]TPMA_NV_POLICYWRITE\f[], and
+\f[B]TPMA_NT = 0x3\f[], the argument would be:
+.PP
+\f[B]ownerread|ownerwrite|policywrite|nt=0x3\f[] # EXAMPLES
+.PP
+To list the defined NV indeces to stdout:
+.IP
+.nf
+\f[C]
+tpm2_nvlist
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvread.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvread.1
--- tpm2-tools-3.0.4/man/man1/tpm2_nvread.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvread.1	2018-09-10 07:57:16.235550487 -0700
@@ -0,0 +1,194 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_nvread" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_nvread\f[](1) \- Read the data stored in a Non\-Volatile (NV)s
+index.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_nvread\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_nvread\f[](1) \- Read the data stored in a Non\-Volatile (NV)s
+index.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index
+to define the space at.
+.IP \[bu] 2
+\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]:
+specifies the handle used to authorize:
+.RS 2
+.IP \[bu] 2
+\f[B]0x40000001\f[] for \f[B]TPM_RH_OWNER\f[]
+.IP \[bu] 2
+\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[]
+.RE
+.IP \[bu] 2
+\f[B]\-f\f[], \f[B]\[en]output\f[]=\f[I]FILE\f[]: file to write data
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]:
+specifies the password of authHandle.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-s\f[], \f[B]\[en]size\f[]=\f[I]SIZE\f[]: Specifies the size of
+data to be read in bytes, starting from 0 if offset is not specified.
+If not specified, the size of the data as reported by the public portion
+of the index will be used.
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]offset\f[]=\f[I]OFFSET\f[]: The offset within
+the NV index to start reading from.
+.IP \[bu] 2
+\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]:
+Optional Input session handle from a policy session for authorization.
+.IP \[bu] 2
+\f[B]\-L\f[], \f[B]\[en]set\-list\f[]==\f[I]PCR_SELECTION_LIST\f[]:
+.RS 2
+.PP
+The list of pcr banks and selected PCRs' ids.
+\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers
+standards, see section \[lq]PCR Bank Specfiers\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-F\f[],**\[en]pcr\-input\-file=\f[I]PCR_INPUT_FILE\f[]
+.RS 2
+.PP
+Optional Path or Name of the file containing expected pcr values for the
+specified index.
+Default is to read the current PCRs per the set list.
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH EXAMPLES
+.PP
+To read 32 bytes from an index starting at offset 0:
+.IP
+.nf
+\f[C]
+tpm2_nvread\ \-x\ 0x1500016\ \-a\ 0x40000001\ \-s\ 32
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvreadlock.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvreadlock.1
--- tpm2-tools-3.0.4/man/man1/tpm2_nvreadlock.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvreadlock.1	2018-09-10 07:57:16.415548027 -0700
@@ -0,0 +1,169 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_nvreadlock" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_nvreadlock\f[](1) \- lock the Non\-Volatile (NV) index for
+further reads.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_nvreadlock\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_nvreadlock\f[](1) \- lock the Non\-Volatile (NV) index for
+further reads.
+The index is released on subsequent restart of the machine.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index
+to define the space at.
+.IP \[bu] 2
+\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]:
+specifies the handle used to authorize:
+.RS 2
+.IP \[bu] 2
+\f[B]0x40000001\f[] for \f[B]TPM_RH_OWNER\f[]
+.IP \[bu] 2
+\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[]
+.RE
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]:
+specifies the password of authHandle.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]:
+Optional Input session handle from a policy session for authorization.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH EXAMPLES
+.PP
+To lock an index protected by a password:
+.IP
+.nf
+\f[C]
+tpm2_nvreadlock\ \-x\ 0x1500016\ \-a\ 0x40000001\ \-P\ passwd
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvrelease.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvrelease.1
--- tpm2-tools-3.0.4/man/man1/tpm2_nvrelease.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvrelease.1	2018-09-10 07:57:16.603545458 -0700
@@ -0,0 +1,168 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_nvrelease" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_nvrelease\f[](1) \- Release a Non\-Volatile (NV) index.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_nvrelease\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_nvrelease\f[](1) \- Release a Non\-Volatile (NV) index that
+was previously defined with tpm2_nvdefine(1).
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index
+to release.
+.IP \[bu] 2
+\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]:
+specifies the handle used to authorize:
+.RS 2
+.IP \[bu] 2
+\f[B]0x40000001\f[] for \f[B]TPM_RH_OWNER\f[]
+.IP \[bu] 2
+\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[]
+.RE
+.IP \[bu] 2
+\f[B]\-s\f[], \f[B]\[en]size\f[]=\f[I]SIZE\f[]: specifies the size of
+data area in bytes.
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]:
+specifies the password of authHandle.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]:
+Optional Input session handle from a policy session for authorization.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_nvrelease\ \-x\ 0x1500016\ \-a\ 0x40000001\ \-P\ passwd
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvwrite.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvwrite.1
--- tpm2-tools-3.0.4/man/man1/tpm2_nvwrite.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvwrite.1	2018-09-10 07:57:16.788542929 -0700
@@ -0,0 +1,187 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_nvwrite" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_nvwrite\f[](1) \- Write data to a Non\-Volatile (NV) index.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_nvwrite\f[] [\f[I]OPTIONS\f[]] \f[I]FILE\f[]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_nvwrite\f[](1) \- Write data specified via \f[I]FILE\f[] to a
+Non\-Volatile (NV) index.
+If \f[I]FILE\f[] is not specified, it defaults to stdout.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index
+to define the space at.
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]offset\f[]=\f[I]OFFSET\f[]: The offset within
+the NV index to start writing at.
+.IP \[bu] 2
+\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]:
+specifies the handle used to authorize:
+.RS 2
+.IP \[bu] 2
+\f[B]0x40000001\f[] for \f[B]TPM_RH_OWNER\f[]
+.IP \[bu] 2
+\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[]
+.RE
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]:
+specifies the password of authHandle.
+Passwords should follow the \[lq]password formatting standards, see
+section\[rq]Password Formatting“.
+.IP \[bu] 2
+\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]:
+Optional Input session handle from a policy session for authorization.
+.IP \[bu] 2
+\f[B]\-L\f[], \f[B]\[en]set\-list\f[]==\f[I]PCR_SELECTION_LIST\f[]:
+.RS 2
+.PP
+The list of pcr banks and selected PCRs' ids.
+\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers
+standards, see section \[lq]PCR Bank Specfiers\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-F\f[],**\[en]pcr\-input\-file=\f[I]PCR_INPUT_FILE\f[]
+.RS 2
+.PP
+Optional Path or Name of the file containing expected pcr values for the
+specified index.
+Default is to read the current PCRs per the set list.
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH EXAMPLES
+.PP
+To write the file nv.data to index 0x150016:
+.IP
+.nf
+\f[C]
+tpm2_nvwrite\ \-x\ 0x1500016\ \-a\ 0x40000001\ nv.data
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_pcrevent.1 tpm2-tools-3.0.4-new/man/man1/tpm2_pcrevent.1
--- tpm2-tools-3.0.4/man/man1/tpm2_pcrevent.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_pcrevent.1	2018-09-10 07:57:16.965540510 -0700
@@ -0,0 +1,162 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_pcrevent" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_pcrevent\f[](1) \- hashes a file and optionally extends a pcr.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_pcrevent\f[] [\f[I]OPTIONS\f[]] [\f[I]FILE\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_pcrevent\f[](1) hashes \f[I]FILE\f[] if specified or stdin.
+It uses all of the hashing algorithms that the tpm supports.
+Optionally, if a pcr index is specified, it extends that pcr for all
+supported algorithms with the hash digest.
+In either case, it outputs to stdout the hash algorithm used and the
+digest value, one per line:
+.PP
+\f[I]alg\f[]:\f[I]digest\f[]
+.PP
+Where \f[I]alg\f[] is the algorithm used (eg.
+sha1) and \f[I]digest\f[] is the digest resulting from the hash
+computation of \f[I]alg\f[] on the data.
+.PP
+See sections 23.1 and sections 17 of the TPM2.0
+Specification (https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-3-Commands-01.38.pdf)
+.SH OPTIONS
+.PP
+These options control extending the pcr:
+.IP \[bu] 2
+\f[B]\-i\f[], \f[B]\[en]pcr\-index\f[]=\f[I]INDEX\f[]: Not only compute
+the hash digests on \f[I]FILE\f[], also extend the pcr given by
+\f[I]INDEX\f[] for all supported hash algorithms.
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Use
+\f[I]SESSION_HANDLE\f[] for providing an authorization session for the
+pcr specified by \f[I]INDEX\f[].
+It is an error to specify \f[B]\-S\f[] without specifying a pcr index
+with \f[B]\-i\f[].
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]password\f[]=\f[I]PASSWORD\f[]: Use
+\f[I]PASSWORD\f[] for providing an authorization value for the pcr
+specified in \f[I]INDEX\f[].
+It is an error to specify \f[B]\-P\f[] without specifying a pcr index
+with \f[B]\-i\f[].
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH EXAMPLES
+.PP
+Hash a file:
+.PP
+tpm2_pcrevent data
+.PP
+Hash a file and extend pcr 8:
+.PP
+tpm2_pcrevent \-i 8 data
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_pcrextend.1 tpm2-tools-3.0.4-new/man/man1/tpm2_pcrextend.1
--- tpm2-tools-3.0.4/man/man1/tpm2_pcrextend.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_pcrextend.1	2018-09-10 07:57:17.146538037 -0700
@@ -0,0 +1,178 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_pcrextend" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_pcrextend\f[](1) \- Extends a PCR.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_pcrextend\f[] [\f[I]OPTIONS\f[]] [\f[I]PCR_DIGEST_SPEC\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_pcrextend\f[](1) Extends the pcrs with values indicated by
+\f[I]PCR_DIGEST_SPEC\f[].
+.PP
+A \f[I]PCR_DIGEST_SPEC\f[] is defined as follows:
+.IP \[bu] 2
+A numerical pcr identifier.
+.IP \[bu] 2
+A colon followed by the algorithm hash specification.
+The algorithm hash specification is as follows:
+.RS 2
+.IP \[bu] 2
+The algorithm friendly name or raw numerical.
+.IP \[bu] 2
+An equals sign.
+.IP \[bu] 2
+The hex hash value.
+.RE
+.PP
+Example Digest Specification:
+.IP
+.nf
+\f[C]
+4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
+\f[]
+.fi
+.PP
+\f[B]Note\f[]: that multiple specifications of PCR and hash are allowed.
+Multiple hashes cause the pcr to be extended with both hashes.
+Multiple same PCR values cause the PCR to be extended multiple times.
+Extension is done in order from left to right as specified.
+At most 5 hash extensions per PCR entry are supported.
+This is to keep the parser simple.
+.SH OPTIONS
+.PP
+This tool accepts no tool specific options.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH EXAMPLES
+.PP
+Extend PCR 4's SHA1 bank with a hash:
+.IP
+.nf
+\f[C]
+tpm2_pcrextend\ 4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
+\f[]
+.fi
+.PP
+Extend PCR 4's SHA1 and SHA256 banks with hashes:
+.IP
+.nf
+\f[C]
+tpm2_pcrextend\ 4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15,sha256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
+\f[]
+.fi
+.PP
+Extend PCR 4's SHA1 and PCR 7's SHA256 bank with hashes:
+.IP
+.nf
+\f[C]
+tpm2_pcrextend\ 4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15\ 7:sha256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_pcrlist.1 tpm2-tools-3.0.4-new/man/man1/tpm2_pcrlist.1
--- tpm2-tools-3.0.4/man/man1/tpm2_pcrlist.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_pcrlist.1	2018-09-10 07:57:17.326535577 -0700
@@ -0,0 +1,244 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_pcrlist" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_pcrlist\f[](1) \- List PCR values.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_pcrlist\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_pcrlist\f[](1) Displays PCR values.
+Without any options, \f[B]tpm2_pcrlist\f[] outputs all pcrs and their
+hash banks.
+One can use either the \f[B]\-g\f[] or \f[B]\-L\f[] mutually exclusive
+options to filter the output.
+.PP
+Output is writtien in a YAML format to stdout, with each algorithm
+followed by a PCR index and its value.
+As a simple example assume just sha1 and sha256 support and only 1 PCR.
+The output would be:
+.IP
+.nf
+\f[C]
+sha1\ :
+\ \ 0\ \ :\ 0000000000000000000000000000000000000003
+sha256\ :
+\ \ 0\ \ :\ 0000000000000000000000000000000000000000000000000000000000000003
+\f[]
+.fi
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]algorithm\f[]=\f[I]HASH_ALGORITHM\f[]: Only
+output PCR banks with the given algorithm.
+Algorithms should follow the \[lq]formatting standards, see
+section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported
+Hash Algorithms" for a list of supported hash algorithms.
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]output\f[]=\f[I]FILE\f[]: The output file to
+write the PCR values in binary format, optional.
+.IP \[bu] 2
+\f[B]\-L\f[], \f[B]\[en]sel\-list\f[]=\f[I]PCR_SELECTION_LIST\f[]:
+.RS 2
+.PP
+The list of pcr banks and selected PCRs' ids for each bank to display.
+\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers
+standards, see section \[lq]PCR Bank Specfiers\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-s\f[], \f[B]\[en]algs\f[]: Output the list of supported
+algorithms.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH PCR Bank Specfiers
+.PP
+PCR Bank Selection lists follow the below specification:
+.IP
+.nf
+\f[C]
+<BANK>:<PCR>[,<PCR>]
+\f[]
+.fi
+.PP
+multiple banks may be separated by `+'.
+.PP
+For example:
+.IP
+.nf
+\f[C]
+sha:3,4+sha256:5,6
+\f[]
+.fi
+.PP
+will select PCRs 3 and 4 from the SHA bank and PCRs 5 and 6 from the
+SHA256 bank.
+.SS Note
+.PP
+PCR Selections allow for up to 5 hash to pcr selection mappings.
+This is a limitaion in design in the single call to the tpm to get the
+pcr values.
+.SH Supported Hash Algorithms
+.PP
+Supported hash algorithms are:
+.IP \[bu] 2
+\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
+\f[B](default)\f[]
+.IP \[bu] 2
+\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
+.IP \[bu] 2
+\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
+.IP \[bu] 2
+\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
+.IP \[bu] 2
+\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Algorithm Specfiers
+.PP
+Options that take algorithms support \[lq]nice\-names\[rq].
+Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
+The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
+from the Algorithm Name field and converting it to lower case.
+For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
+.PP
+The algorithms can be found at:
+<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
+.SH EXAMPLES
+.PP
+display all PCR values:
+.IP
+.nf
+\f[C]
+tpm2_pcrlist
+\f[]
+.fi
+.PP
+Display the PCR values with a specified bank:
+.IP
+.nf
+\f[C]
+tpm2_pcrlist\ \-g\ sha1
+\f[]
+.fi
+.PP
+Display the PCR values with specified banks and store in a file:
+.IP
+.nf
+\f[C]
+tpm2_pcrlist\ \-L\ sha1:16,17,18+sha256:16,17,18\ \-o\ pcrs
+\f[]
+.fi
+.PP
+Display the supported PCR bank algorithms and exit:
+.IP
+.nf
+\f[C]
+tpm2_pcrlist\ \-s
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_quote.1 tpm2-tools-3.0.4-new/man/man1/tpm2_quote.1
--- tpm2-tools-3.0.4/man/man1/tpm2_quote.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_quote.1	2018-09-10 07:57:17.506533117 -0700
@@ -0,0 +1,256 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_quote" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_quote\f[](1) \- Provide a quote and signature from the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_quote\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_quote\f[](1) Provide quote and signature for given list of
+PCRs in given algorithm/banks.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-k\f[], \f[B]\[en]ak\-handle\f[]=\f[I]AK_HANDLE\f[]:
+.RS 2
+.PP
+Handle of existing AK.
+.RE
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]ak\-context\f[]=\f[I]AK_CONTEXT_FILE\f[]:
+.RS 2
+.PP
+Filename for the existing AK's context.
+.RE
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]ak\-password\f[]=\f[I]AK_PASSWORD\f[]:
+.RS 2
+.PP
+specifies the password of \f[I]AK_HANDLE\f[].
+Passwords should follow the password formatting standards, see section
+\[lq]Password Formatting\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-l\f[], \f[B]\[en]id\-list\f[]=\f[I]PCR_ID_LIST\f[]
+.RS 2
+.PP
+The comma separated list of selected PCRs' ids, 0~23 e.g.
+\[lq]4,5,6\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-L\f[], \f[B]\[en]sel\-list\f[]=\f[I]PCR_SELECTION_LIST\f[]:
+.RS 2
+.PP
+The list of pcr banks and selected PCRs' ids for each bank.
+\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers
+standards, see section \[lq]PCR Bank Specfiers\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-m\f[], \f[B]\[en]message\f[]:
+.RS 2
+.PP
+message output file, records the quote message that makes up the data
+that is signed by the TPM.
+.RE
+.IP \[bu] 2
+\f[B]\-s\f[], \f[B]\[en]signature\f[]:
+.RS 2
+.PP
+signature output file, records the signature in the format specified via
+the \f[B]\-f\f[] option.
+.RE
+.IP \[bu] 2
+\f[B]\-f\f[], \f[B]\[en]format\f[]
+.RS 2
+.PP
+Format selection for the signature output file.
+See section \[lq]Signature Format Specifiers\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-q\f[], \f[B]\[en]qualify\-data\f[]:
+.RS 2
+.PP
+Data given as a Hex string to qualify the quote, optional.
+This is typically used to add a nonce against replay attacks.
+.RE
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
+Input session handle from a policy session for authorization.
+.IP \[bu] 2
+\f[B]\-G\f[], \f[B]\[en]sig\-hash\-algorithm\f[]:
+.RS 2
+.PP
+Hash algorithm for signature.
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH PCR Bank Specfiers
+.PP
+PCR Bank Selection lists follow the below specification:
+.IP
+.nf
+\f[C]
+<BANK>:<PCR>[,<PCR>]
+\f[]
+.fi
+.PP
+multiple banks may be separated by `+'.
+.PP
+For example:
+.IP
+.nf
+\f[C]
+sha:3,4+sha256:5,6
+\f[]
+.fi
+.PP
+will select PCRs 3 and 4 from the SHA bank and PCRs 5 and 6 from the
+SHA256 bank.
+.SS Note
+.PP
+PCR Selections allow for up to 5 hash to pcr selection mappings.
+This is a limitaion in design in the single call to the tpm to get the
+pcr values.
+.SH Signature Format Specifiers
+.PP
+Format selection for the signature output file.
+\f[B]tss\f[] (the default) will output a binary blob according to the
+TPM 2.0 specification and any potential compiler padding.
+The option \f[B]plain\f[] will output the plain signature data as
+defined by the used cryptographic algorithm.
+# EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_quote\ \-k\ 0x81010002\ \-P\ abc123\ \-g\ sha1\ \-l\ 16,17,18
+tpm2_quote\ \-c\ ak.context\ \-P\ "str:abc123"\ \-g\ sha1\ \-l\ 16,17,18
+tpm2_quote\ \-k\ 0x81010002\ \-g\ sha1\ \-l\ 16,17,18
+tpm2_quote\ \-c\ ak.context\ \-g\ sha1\ \-l\ 16,17,18
+tpm2_quote\ \-k\ 0x81010002\ \-P\ "hex:123abc"\ \-L\ sha1:16,17,18+sha256:16,17,18\ \-q\ 11aa22bb
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_rc_decode.1 tpm2-tools-3.0.4-new/man/man1/tpm2_rc_decode.1
--- tpm2-tools-3.0.4/man/man1/tpm2_rc_decode.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_rc_decode.1	2018-09-10 07:57:17.680530739 -0700
@@ -0,0 +1,132 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_rc_decode" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_rc_decode\f[](1) \- Decode TPM2 error codes to human readable
+format.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_rc_decode\f[] [\f[I]OPTIONS\f[]] \f[I]RC_CODE\f[]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_rc_decode\f[](1) converts \f[I]RC_CODE\f[] originating from
+the SAPI and TCTI into human readable errors.
+Analogous to strerror(3), but for the tpm2 stack.
+.SH OPTIONS
+.PP
+This tool takes no tool specific options.
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_rc_decode\ 0x100
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_readpublic.1 tpm2-tools-3.0.4-new/man/man1/tpm2_readpublic.1
--- tpm2-tools-3.0.4/man/man1/tpm2_readpublic.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_readpublic.1	2018-09-10 07:57:17.852528388 -0700
@@ -0,0 +1,155 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_readpublic" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_readpublic\f[](1) \- Read the public area of a loaded object.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_readpublic\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_readpublic\f[](1) Reads the public area of a loaded object.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-H\f[], \f[B]\[en]object\f[]=\f[I]HANDLE\f[]:
+.RS 2
+.PP
+The loaded object handle to read the public data of.
+.RE
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]ak\-context\f[]=\f[I]OBJECT_CONTEXT_FILE\f[]:
+.RS 2
+.PP
+Filename for object context.
+.RE
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]opu\f[]:
+.RS 2
+.PP
+The output file path, recording the public portion of the object.
+.RE
+.IP \[bu] 2
+\f[B]\-f\f[], \f[B]\[en]format\f[]:
+.RS 2
+.PP
+Format selection for the public key output file.
+`tss' (the default) will output a binary blob according to the TPM 2.0
+secification.
+`pem' will output an OpenSSL compatible PEM encoded public key.
+`der' will output an OpenSSL compatible DER encoded public key.
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_readpublic\ \-H\ 0x81010002\ \-\-opu\ output.dat
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_rsadecrypt.1 tpm2-tools-3.0.4-new/man/man1/tpm2_rsadecrypt.1
--- tpm2-tools-3.0.4/man/man1/tpm2_rsadecrypt.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_rsadecrypt.1	2018-09-10 07:57:18.040525819 -0700
@@ -0,0 +1,192 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_rsadecrypt" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_rsadecrypt\f[](1) \- Performs an RSA Decryption operation
+using the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_tpm2_rsadecrypt\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_rsadecrypt\f[](1) performs RSA decryption using the indicated
+padding scheme according to IETF RFC 3447 (PKCS#1).
+The scheme of keyHandle should not be \f[B]TPM_ALG_NULL\f[].
+.PP
+The key referenced by keyHandle is \f[B]required\f[] to be:
+.IP "1." 3
+an RSA key
+.IP "2." 3
+Have the attribute \f[I]decrypt\f[] \f[B]SET\f[] in it's attributes.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]:
+.RS 2
+.PP
+the public portion of RSA key to use for decryption.
+.RE
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]:
+.RS 2
+.PP
+filename of the key context used for the operation.
+.RE
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]:
+.RS 2
+.PP
+specifies the password of \f[I]KEY_HANDLE\f[].
+Passwords should follow the password formatting standards, see section
+\[lq]Password Formatting\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-I\f[], \f[B]\[en]in\-file\f[]=\f[I]INPUT\f[]:
+.RS 2
+.PP
+Input file path, containing the data to be decrypted.
+.RE
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUTPUT_FILE\f[]:
+.RS 2
+.PP
+Output file path, record the decrypted data.
+.RE
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]:
+.RS 2
+.PP
+Optional Input session handle from a policy session for authorization.
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_rsadecrypt\ \-k\ 0x81010001\ \-I\ encrypted.in\ \-o\ plain.out
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_rsaencrypt.1 tpm2-tools-3.0.4-new/man/man1/tpm2_rsaencrypt.1
--- tpm2-tools-3.0.4/man/man1/tpm2_rsaencrypt.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_rsaencrypt.1	2018-09-10 07:57:18.219523373 -0700
@@ -0,0 +1,189 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_rsaencrypt" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_rsaencrypt\f[](1) \- Performs an RSA Encryption operation
+using the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_rsaencrypt\f[] [\f[I]OPTIONS\f[]] \f[I]FILE\f[]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_rsaencrypt\f[](1) performs RSA encryption on the contents of
+\f[I]FILE\f[] (defaulting to stdin) using the indicated padding scheme
+according to IETF RFC 3447 (PKCS#1).
+The scheme of keyHandle should not be \f[B]TPM_ALG_NULL\f[].
+.PP
+The key referenced by keyHandle is \f[B]required\f[] to be:
+.IP "1." 3
+an RSA key
+.IP "2." 3
+Have the attribute \f[I]decrypt\f[] \f[B]SET\f[] in it's attributes.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]:
+.RS 2
+.PP
+the public portion of RSA key to use for encryption.
+.RE
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]:
+.RS 2
+.PP
+filename of the key context used for the operation.
+.RE
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]:
+.RS 2
+.PP
+specifies the password of \f[I]KEY_HANDLE\f[].
+Passwords should follow the password formatting standards, see section
+\[lq]Password Formatting\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUTPUT_FILE\f[]:
+.RS 2
+.PP
+Output file path, record the decrypted data.
+The default is to print an xxd compatible hexdump to stdout.
+If a file is specified, raw binary output is performed.
+.RE
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]:
+.RS 2
+.PP
+Optional Input session handle from a policy session for authorization.
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_rsaencrypt\ \-k\ 0x81010001\ \-I\ plain.in\ \-o\ encrypted.out
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_send.1 tpm2-tools-3.0.4-new/man/man1/tpm2_send.1
--- tpm2-tools-3.0.4/man/man1/tpm2_send.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_send.1	2018-09-10 07:57:18.394520981 -0700
@@ -0,0 +1,147 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_send" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_send\f[](1) \- Send a raw command buffer to the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_send\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_send\f[](1) Sends a TPM command to the TPM.
+The command is read from a file as a binary stream and transmitted to
+the TPM using the TCTI specified by the caller.
+The response received from the TPM is written to the output file.
+.PP
+Likely the caller will want to redirect this to a file or into a program
+to decode and display the response in a human readable form.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUTPUT_FILE\f[]:
+.RS 2
+.PP
+Output file to send response buffer to.
+Defaults to stdout.
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH EXAMPLES
+.PP
+Send the contents of tpm2\-command.bin to a device and collect the
+response as tpm2\-response.bin.
+All examples of below accomplish this task.
+.IP
+.nf
+\f[C]
+tpm2_send\ \-\-tcti=device\ <\ tpm2\-command.bin\ >\ tpm2\-response.bin
+tpm2_send\ \-\-tcti=device\ \-i\ tpm2\-command.bin\ >\ tpm2\-response.bin
+tpm2_send\ \-\-tcti=device\ <\ tpm2\-command.bin\ \-o\ tpm2\-response.bin
+tpm2_send\ \-\-tcti=device\ \-i\ tpm2\-command.bin\ \-o\ tpm2\-response.bin
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_sign.1 tpm2-tools-3.0.4-new/man/man1/tpm2_sign.1
--- tpm2-tools-3.0.4/man/man1/tpm2_sign.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_sign.1	2018-09-10 07:57:18.572518548 -0700
@@ -0,0 +1,245 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_sign" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_sign\f[](1) \- Sign a hash using the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_sign\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_sign\f[](1) signs an externally provided hash with the
+specified symmetric or asymmetric signing key.
+If keyHandle references a restricted signing key, then validation shall
+be provided, indicating that the TPM performed the hash of the data and
+validation shall indicate that hashed data did not start with
+\f[B]TPM_GENERATED_VALUE\f[].
+The scheme of keyHandle should not be \f[B]TPM_ALG_NULL\f[].
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]:
+.RS 2
+.PP
+Handle of key that will perform signing.
+.RE
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]:
+.RS 2
+.PP
+Filename of the key context used for the operation.
+.RE
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]:
+.RS 2
+.PP
+Specifies the password of \f[I]KEY_HANDLE\f[].
+Passwords should follow the password formatting standards, see section
+\[lq]Password Formatting\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]HASH_ALGORITHM\f[]:
+.RS 2
+.PP
+The hash algorithm used to digest the message.
+Algorithms should follow the \[lq]formatting standards, see
+section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported
+Hash Algorithms" for a list of supported hash algorithms.
+.RE
+.IP \[bu] 2
+\f[B]\-m\f[], \f[B]\[en]msg\f[]=\f[I]MSG_FILE\f[]:
+.RS 2
+.PP
+The message file, containing the content to be digested.
+.RE
+.IP \[bu] 2
+\f[B]\-t\f[], \f[B]\[en]ticket\f[]=\f[I]TICKET_FILE\f[]:
+.RS 2
+.PP
+The ticket file, containning the validation structure, optional.
+.RE
+.IP \[bu] 2
+\f[B]\-s\f[], \f[B]\[en]sig\f[]=\f[I]TICKET_FILE\f[]:
+.RS 2
+.PP
+The signature file, records the signature structure.
+.RE
+.IP \[bu] 2
+\f[B]\-f\f[], \f[B]\[en]format\f[]
+.RS 2
+.PP
+Format selection for the signature output file.
+See section \[lq]Signature Format Specifiers\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]:
+.RS 2
+.PP
+Optional Input session handle from a policy session for authorization.
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH Supported Hash Algorithms
+.PP
+Supported hash algorithms are:
+.IP \[bu] 2
+\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
+\f[B](default)\f[]
+.IP \[bu] 2
+\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
+.IP \[bu] 2
+\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
+.IP \[bu] 2
+\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
+.IP \[bu] 2
+\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Algorithm Specfiers
+.PP
+Options that take algorithms support \[lq]nice\-names\[rq].
+Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
+The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
+from the Algorithm Name field and converting it to lower case.
+For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
+.PP
+The algorithms can be found at:
+<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
+.SH Signature Format Specifiers
+.PP
+Format selection for the signature output file.
+\f[B]tss\f[] (the default) will output a binary blob according to the
+TPM 2.0 specification and any potential compiler padding.
+The option \f[B]plain\f[] will output the plain signature data as
+defined by the used cryptographic algorithm.
+# EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_sign\ \-k\ 0x81010001\ \-P\ abc123\ \-g\ sha256\ \-m\ <filePath>\ \-s\ <filePath>\ \-t\ <filePath>
+tpm2_sign\ \-c\ key.context\ \-P\ abc123\ \-g\ sha256\ \-m\ <filePath>\ \-s\ <filePath>\ \-t\ <filePath>
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_startup.1 tpm2-tools-3.0.4-new/man/man1/tpm2_startup.1
--- tpm2-tools-3.0.4/man/man1/tpm2_startup.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_startup.1	2018-09-10 07:57:18.742516225 -0700
@@ -0,0 +1,139 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_startup" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_startup\f[](1) \- Send a startup command to the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_startup\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_startup\f[](1) Send a \f[B]TPM2_Startup\f[] command with
+either \f[B]TPM_SU_CLEAR\f[] or \f[B]TPM_SU_STATE\f[].
+.PP
+\f[B]NOTE\f[]: Typically a Resource Manager or low\-level/boot software
+will have already sent this command.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]clear\f[]:
+.RS 2
+.PP
+Startup type sent will be \f[B]TPM_SU_CLEAR\f[] instead of
+\f[B]TPM2_SU_STATE\f[].
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_startup
+tpm2_startup\ \-c
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_takeownership.1 tpm2-tools-3.0.4-new/man/man1/tpm2_takeownership.1
--- tpm2-tools-3.0.4/man/man1/tpm2_takeownership.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_takeownership.1	2018-09-10 07:57:18.932513629 -0700
@@ -0,0 +1,221 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_takeownership" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_takeownership\f[](1) \- Insert authorization values for the
+owner, endorsement and lockout authorizations.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_takeownership\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_takeownership\f[](1) \- performs a hash operation on
+\f[I]FILE\f[] and returns the results.
+If \f[I]FILE\f[] is not specified, then data is read from stdin.
+If the results of the hash will be used in a signing operation that uses
+a restricted signing key, then the ticket returned by this command can
+indicate that the hash is safe to sign.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]owner\-password\f[]=\f[I]OWNER_PASSWORD\f[]: The
+new owner authorization value.
+.RS 2
+.PP
+Passwords should follow the password formatting standards, see section
+\[lq]Password Formatting\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-e\f[], \f[B]\[en]endorse\-password\f[]=\f[I]ENDORSE_PASSWORD\f[]:
+.RS 2
+.PP
+The new endorse authorization value.
+Passwords should follow the same formatting requirements as the \-o
+option.
+.RE
+.IP \[bu] 2
+\f[B]\-l\f[], \f[B]\[en]lockout\-password\f[]=\f[I]LOCKOUT_PASSWORD\f[]:
+.RS 2
+.PP
+The new lockout authorization value.
+.PP
+The new endorse authorization value.
+Passwords should follow the same formatting requirements as the \-o
+option.
+.RE
+.IP \[bu] 2
+\f[B]\-O\f[],
+\f[B]\[en]old\-ownerPassword\f[]=\f[I]OLD_OWNER_PASSWORD\f[]:
+.RS 2
+.PP
+The old owner authorization value.
+Passwords should follow the same formatting requirements as the \-o
+option.
+.RE
+.IP \[bu] 2
+\f[B]\-E\f[],
+\f[B]\[en]old\-endorsePassword\f[]=\f[I]OLD_ENDORSE_PASSWORD\f[]:
+.RS 2
+.PP
+The old endorse authorization value.
+Passwords should follow the same formatting requirements as the \-o
+option.
+.RE
+.IP \[bu] 2
+\f[B]\-L\f[],
+\f[B]\[en]old\-lockoutPassword\f[]=\f[I]OLD_LOCKOUT_PASSWORD\f[]:
+.RS 2
+.PP
+The old lockout authorization value.
+Passwords should follow the same formatting requirements as the \-o
+option.
+.RE
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]clear\f[]:
+.RS 2
+.PP
+Clears the 3 authorizations values with lockout auth, thus one must
+specify \-L.
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH EXAMPLES
+.PP
+Set owner, endorsement and lockout authorizations to an empty auth
+value:
+.IP
+.nf
+\f[C]
+tpm2_takeownership\ \-c\ \-L\ oldlockoutpasswd
+\f[]
+.fi
+.PP
+Set owner, endorsement and lockout authorizations to a new value:
+.IP
+.nf
+\f[C]
+tpm2_takeownership\ \-o\ newo\ \-e\ newe\ \-l\ newl\ \-O\ oldo\ \-E\ olde\ \-L\ oldl
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_unseal.1 tpm2-tools-3.0.4-new/man/man1/tpm2_unseal.1
--- tpm2-tools-3.0.4/man/man1/tpm2_unseal.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_unseal.1	2018-09-10 07:57:19.123511018 -0700
@@ -0,0 +1,233 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_unseal" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_unseal\f[](1) \- Returns the data in a loaded Sealed Data
+Object.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_unseal\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_unseal\f[](1) \- \-returns the data in a loaded Sealed Data
+Object.
+.PP
+\f[B]NOTE\f[]: The \f[B]\[en]set\-list\f[] and
+\f[B]\[en]pcr\-input\-file\f[] options should only be used for simple
+PCR authentication policies.
+For more complex policies the tools should be ran in an execution
+environment that keeps the session context alive and pass that session
+using the \f[B]\[en]input\-session\-handle\f[] option.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-H\f[], \f[B]\[en]item\f[]=\f[I]ITEM_HANDLE\f[]:
+.RS 2
+.PP
+Item handle of loaded object.
+.RE
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]item\-context\f[]=\f[I]ITEM_CONTEXT_FILE\f[]:
+.RS 2
+.PP
+Filename of the item context.
+.RE
+.IP \[bu] 2
+\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]:
+.RS 2
+.PP
+Specifies the password of \f[I]ITEM_HANDLE\f[].
+Passwords should follow the password formatting standards, see section
+\[lq]Password Formatting\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-o\f[], \f[B]\[en]outfile\f[]=\f[I]OUT_FILE\f[]:
+.RS 2
+.PP
+Output file name, containing the unsealed data.
+Defaults to stdout if not specified.
+.RE
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]:
+.RS 2
+.PP
+Optional Input session handle from a policy session for authorization.
+.RE
+.IP \[bu] 2
+\f[B]\-L\f[], \f[B]\[en]set\-list\f[]==\f[I]PCR_SELECTION_LIST\f[]:
+.RS 2
+.PP
+The list of pcr banks and selected PCRs' ids.
+\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers
+standards, see section \[lq]PCR Bank Specfiers\[rq].
+.RE
+.IP \[bu] 2
+\f[B]\-F\f[],**\[en]pcr\-input\-file=\f[I]PCR_INPUT_FILE\f[]
+.RS 2
+.PP
+Optional Path or Name of the file containing expected pcr values for the
+specified index.
+Default is to read the current PCRs per the set list.
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH PCR Bank Specfiers
+.PP
+PCR Bank Selection lists follow the below specification:
+.IP
+.nf
+\f[C]
+<BANK>:<PCR>[,<PCR>]
+\f[]
+.fi
+.PP
+multiple banks may be separated by `+'.
+.PP
+For example:
+.IP
+.nf
+\f[C]
+sha:3,4+sha256:5,6
+\f[]
+.fi
+.PP
+will select PCRs 3 and 4 from the SHA bank and PCRs 5 and 6 from the
+SHA256 bank.
+.SS Note
+.PP
+PCR Selections allow for up to 5 hash to pcr selection mappings.
+This is a limitaion in design in the single call to the tpm to get the
+pcr values.
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_unseal\ \-H\ 0x81010001\ \-P\ abc123\ \-o\ out.dat
+tpm2_unseal\ \-c\ item.context\ \-P\ abc123\ \-o\ out.dat
+tpm2_unseal\ \-H\ 0x81010001\ \-P\ "hex:123abc"\ \-o\ out.dat
+tpm2_unseal\ \-c\ item.context\ \-L\ sha1:0,1,2\ \-F\ out.dat
+\f[]
+.fi
+.SH RETURNS
+.PP
+0 on success or 1 on failure.
+.SH BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.SH HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff -urN tpm2-tools-3.0.4/man/man1/tpm2_verifysignature.1 tpm2-tools-3.0.4-new/man/man1/tpm2_verifysignature.1
--- tpm2-tools-3.0.4/man/man1/tpm2_verifysignature.1	1969-12-31 17:00:00.000000000 -0700
+++ tpm2-tools-3.0.4-new/man/man1/tpm2_verifysignature.1	2018-09-10 07:57:19.305508531 -0700
@@ -0,0 +1,244 @@
+.\" Automatically generated by Pandoc 2.0.6
+.\"
+.TH "tpm2_verifysignature" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
+.hy
+.SH NAME
+.PP
+\f[B]tpm2_verifysignature\f[](1) \- Validates a signature using the TPM.
+.SH SYNOPSIS
+.PP
+\f[B]tpm2_verifysignature\f[] [\f[I]OPTIONS\f[]]
+.SH DESCRIPTION
+.PP
+\f[B]tpm2_verifysignature\f[](1) uses loaded keys to validate a
+signature on a message with the message digest passed to the TPM.
+If the signature check succeeds, then the TPM will produce a
+\f[B]TPMT_TK_VERIFIED\f[].
+Otherwise, the TPM shall return \f[B]TPM_RC_SIGNATURE\f[].
+If \f[I]KEY_HANDLE\f[] references an asymmetric key, only the public
+portion of the key needs to be loaded.
+If \f[I]KEY_HANDLE\f[] references a symmetric key, both the public and
+private portions need to be loaded.
+.SH OPTIONS
+.IP \[bu] 2
+\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]:
+.RS 2
+.PP
+Handle of key that will used in the validation.
+.RE
+.IP \[bu] 2
+\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]:
+.RS 2
+.PP
+Filename of the key context used for the operation.
+.RE
+.IP \[bu] 2
+\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]HASH_ALGORITHM\f[]:
+.RS 2
+.PP
+The hash algorithm used to digest the message.
+Algorithms should follow the \[lq]formatting standards, see
+section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported
+Hash Algorithms" for a list of supported hash algorithms.
+.RE
+.IP \[bu] 2
+\f[B]\-m\f[], \f[B]\[en]msg\f[]=\f[I]MSG_FILE\f[]:
+.RS 2
+.PP
+The message file, containing the content to be digested.
+.RE
+.IP \[bu] 2
+\f[B]\-D\f[], \f[B]\[en]digest\f[]=\f[I]DIGEST_FILE\f[]:
+.RS 2
+.PP
+The input hash file, containing the hash of the message.
+If this option is selected, then the message (\f[B]\-m\f[]) and
+algorithm (\f[B]\-g\f[]) options do not need to be specified.
+.RE
+.IP \[bu] 2
+\f[B]\-s\f[], \f[B]\[en]sig\f[]=\f[I]SIG_FILE\f[]:
+.RS 2
+.PP
+The input signature file of the signature to be validated.
+.RE
+.IP \[bu] 2
+\f[B]\-r\f[], \f[B]\[en]raw\f[]:
+.RS 2
+.PP
+Set the input signature file to raw type.
+The default is TPMT_SIGNATURE.
+.RE
+.IP \[bu] 2
+\f[B]\-t\f[], \f[B]\[en]ticket\f[]=\f[I]TICKET_FILE\f[]:
+.RS 2
+.PP
+The ticket file to record the validation structure.
+.RE
+.IP \[bu] 2
+\f[B]\-S\f[],
+\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]:
+.RS 2
+.PP
+Optional Input session handle from a policy session for authorization.
+.RE
+.SH COMMON OPTIONS
+.PP
+This collection of options are common to many programs and provide
+information that many users may expect.
+.IP \[bu] 2
+\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
+This requires the manpages to be installed or on \f[I]MANPATH\f[], See
+man(1) for more details.
+.IP \[bu] 2
+\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
+this tool, supported tctis and exit.
+.IP \[bu] 2
+\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
+tool prints to the console during its execution.
+When using this option the file and line number are printed.
+.IP \[bu] 2
+\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
+.IP \[bu] 2
+\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
+errata fixups.
+Useful if an errata fixup needs to be applied to commands sent to the
+TPM.
+# TCTI ENVIRONMENT
+.PP
+This collection of environment variables that may be used to configure
+the various TCTI modules available.
+.PP
+The values passed through these variables can be overridden on a
+per\-command basis using the available command line options, see the
+\f[I]TCTI_OPTIONS\f[] section.
+.PP
+The variables respected depend on how the software was configured.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
+with the next component down the TSS stack.
+In most configurations this will be the TPM but it could be a simulator
+or proxy.
+The current known TCTIs are:
+.RS 2
+.IP \[bu] 2
+tabrmd \- The new resource manager, called
+tabrmd (https://github.com/01org/tpm2-abrmd).
+.IP \[bu] 2
+socket \- Typically used with the old resource manager, or talking
+directly to a simulator.
+.IP \[bu] 2
+device \- Used when talking directly to a TPM device file.
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
+TPM device file.
+The default is \[lq]/dev/tpm0\[rq].
+.RS 2
+.PP
+Note: Using the tpm directly requires the users to ensure that
+concurrent access does not occur and that they manage the tpm resources.
+These tasks are usually managed by a resource manager.
+Linux 4.12 and greater supports an in kernel resource manager at
+\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
+.RE
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
+the domain name or IP address used.
+The default is 127.0.0.1.
+.IP \[bu] 2
+\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
+port number used.
+The default is 2321.
+.SH TCTI OPTIONS
+.PP
+This collection of options are used to configure the varous TCTI modules
+available.
+They override any environment variables.
+.IP \[bu] 2
+\f[B]\-T\f[],
+\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
+Select the TCTI used for communication with the next component down the
+TSS stack.
+In most configurations this will be the resource manager:
+tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
+options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
+\f[I]TCTI_NAME\f[].
+.RS 2
+.IP \[bu] 2
+For the device TCTI, the TPM device file for use by the device TCTI can
+be specified.
+The default is /dev/tpm0.
+Example: \f[B]\-T device:/dev/tpm0\f[]
+.IP \[bu] 2
+For the socket TCTI, the domain name or IP address and port number used
+by the socket can be specified.
+The default are 127.0.0.1 and 2321.
+Example: \f[B]\-T socket:127.0.0.1:2321\f[]
+.IP \[bu] 2
+For the abrmd TCTI, it takes no options.
+Example: \f[B]\-T abrmd\f[]
+.RE
+.SH Password Formatting
+.PP
+Passwords are interpreted in two forms, string and hex\-string.
+A string password is not interpreted, and is directly used for
+authorization.
+A hex\-string, is converted from a hexidecimal form into a byte array
+form, thus allowing passwords with non\-printable and/or terminal
+un\-friendly characters.
+.PP
+By default passwords are assumed to be in the string form.
+Password form is specified with special prefix values, they are:
+.IP \[bu] 2
+str: \- Used to indicate it is a raw string.
+Useful for escaping a password that starts with the \[lq]hex:\[rq]
+prefix.
+.IP \[bu] 2
+hex: \- Used when specifying a password in hex string format.
+.SH Supported Hash Algorithms
+.PP
+Supported hash algorithms are:
+.IP \[bu] 2
+\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
+\f[B](default)\f[]
+.IP \[bu] 2
+\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
+.IP \[bu] 2
+\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
+.IP \[bu] 2
+\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
+.IP \[bu] 2
+\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
+.PP
+\f[B]NOTE\f[]: Your TPM may not support all algorithms.
+.SH Algorithm Specfiers
+.PP
+Options that take algorithms support \[lq]nice\-names\[rq].
+Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
+The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
+from the Algorithm Name field and converting it to lower case.
+For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
+.PP
+The algorithms can be found at:
+<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
+.SH EXAMPLES
+.IP
+.nf
+\f[C]
+tpm2_verifysignature\ \-k\ 0x81010001\ \-g\ sha256\ \-m\ <filePath>\ \-s\ <filePath>\ \-t\ <filePath>
+tpm2_verifysignature\ \-k\ 0x81010001\ \-D\ <filePath>\ \-s\ <filePath>\ \-t\ <filePath>
+tpm2_verifysignature\ \-c\ key.context\ \-g\ sha256\ \-m\ <filePath>\ \-s\ <filePath>\ \-t\ <filePath>
+\f[]
+.fi
+.PP
+RETURNS
+.PP
+0 on success or 1 on failure.
+.PP
+BUGS
+.PP
+Github Issues (https://github.com/01org/tpm2-tools/issues)
+.PP
+HELP
+.PP
+See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)