From 6a6e48ffcf83c2c08740d82002a585b1b58735d4 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 30 2018 04:58:06 +0000 Subject: import tpm2-tools-3.0.4-2.el7 --- diff --git a/.gitignore b/.gitignore index 58b3e9d..e1a8aa3 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/tpm2-tools-3.0.1.tar.gz +SOURCES/tpm2-tools-3.0.4.tar.gz diff --git a/.tpm2-tools.metadata b/.tpm2-tools.metadata index 4e3bb2c..dcf7fcc 100644 --- a/.tpm2-tools.metadata +++ b/.tpm2-tools.metadata @@ -1 +1 @@ -957e94aeca335b40b2e58729f82ce4b4aa5b525a SOURCES/tpm2-tools-3.0.1.tar.gz +01fbd61699979dcfb7d9cd88bd4fb15118b602d5 SOURCES/tpm2-tools-3.0.4.tar.gz diff --git a/SOURCES/0001-tpm2_create-Use-better-object-attributes-defaults-fo.patch b/SOURCES/0001-tpm2_create-Use-better-object-attributes-defaults-fo.patch new file mode 100644 index 0000000..527697b --- /dev/null +++ b/SOURCES/0001-tpm2_create-Use-better-object-attributes-defaults-fo.patch @@ -0,0 +1,114 @@ +From 1a541fbef647cd495e1c9fb9667d0f0525ff5fd7 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Mon, 30 Jul 2018 11:40:19 +0200 +Subject: [PATCH] tpm2_create: Use better object attributes defaults for + authentication + +The tpm2_create tool allows to define a policy session or a password for +authentication. By default no policy session is used and the password is +empty, which means that this empty password is used for authentication. + +So the default object attribute flag userWithAuth is set in order to use +the empty password. This isn't a good default though if a policy is set, +since in this case the policy session has to be used for authentication +instead of an empty password. + +If a policy is defined, the userWithAuth bit has to be clear unless the +user defines a password so in that case authentication would happen only +using the policy session or the defined password. + +Also add these cases in the integration test to detect regressions. + +Fixes: #1123 + +Signed-off-by: Javier Martinez Canillas +--- + test/system/test_tpm2_unseal.sh | 51 +++++++++++++++++++++++++++++++++ + tools/tpm2_create.c | 4 +++ + 2 files changed, 55 insertions(+) + +diff --git a/test/system/test_tpm2_unseal.sh b/test/system/test_tpm2_unseal.sh +index 1015a43..abfffce 100755 +--- a/test/system/test_tpm2_unseal.sh ++++ b/test/system/test_tpm2_unseal.sh +@@ -109,4 +109,55 @@ unsealed=`tpm2_unseal -c $file_unseal_key_ctx -L ${alg_pcr_policy}:${pcr_ids} -F + + test "$unsealed" == "$secret" + ++# Test that unseal fails if a PCR policy isn't provided ++ ++trap - ERR ++ ++tpm2_unseal -c $file_unseal_key_ctx 2> /dev/null ++if [ $? != 1 ]; then ++ echo "tpm2_unseal didn't fail without a PCR policy!" ++ exit 1 ++fi ++ ++# Test that unseal fails if PCR state isn't the same as the defined PCR policy ++ ++pcr_extend=$(echo $pcr_ids | cut -d ',' -f1) ++ ++tpm2_pcrextend $pcr_extend:sha1=6c10289a8da7f774cf67bd2fc8502cd4b585346a ++ ++tpm2_unseal -c $file_unseal_key_ctx -L ${alg_pcr_policy}:${pcr_ids} -F $file_pcr_value 2> /dev/null ++if [ $? != 1 ]; then ++ echo "tpm2_unseal didn't fail with a PCR state different than the policy!" ++ exit 1 ++fi ++ ++# Test that the object can be unsealed without a policy but a password ++ ++trap onerror ERR ++ ++rm $file_unseal_key_pub $file_unseal_key_priv $file_unseal_key_name ++ ++tpm2_pcrlist -Q -L ${alg_pcr_policy}:${pcr_ids} -o $file_pcr_value ++ ++tpm2_createpolicy -Q -P -L ${alg_pcr_policy}:${pcr_ids} -F $file_pcr_value -f $file_policy ++ ++tpm2_create -Q -g $alg_create_obj -G $alg_create_key -u $file_unseal_key_pub -r $file_unseal_key_priv -I- -c $file_primary_key_ctx -L $file_policy -K secretpass\ ++ -A 'sign|fixedtpm|fixedparent|sensitivedataorigin' <<< $secret ++ ++tpm2_load -Q -c $file_primary_key_ctx -u $file_unseal_key_pub -r $file_unseal_key_priv -n $file_unseal_key_name -C $file_unseal_key_ctx ++ ++unsealed=`tpm2_unseal -c $file_unseal_key_ctx -P secretpass` ++ ++test "$unsealed" == "$secret" ++ ++# Test that unseal fails when using a wrong password ++ ++trap - ERR ++ ++tpm2_unseal -c $file_unseal_key_ctx -P wrongpass 2> /dev/null ++if [ $? != 1 ]; then ++ echo "tpm2_unseal didn't fail when using a wrong object password!" ++ exit 1 ++fi ++ + exit 0 +diff --git a/tools/tpm2_create.c b/tools/tpm2_create.c +index 41d7b42..15166fc 100644 +--- a/tools/tpm2_create.c ++++ b/tools/tpm2_create.c +@@ -256,6 +256,7 @@ static bool on_option(char key, char *value) { + return false; + } + ctx.flags.K = 1; ++ ctx.in_public.t.publicArea.objectAttributes.userWithAuth = 1; + break; + case 'g': + ctx.nameAlg = tpm2_alg_util_from_optarg(value); +@@ -294,6 +295,9 @@ static bool on_option(char key, char *value) { + return false; + } + ctx.flags.L = 1; ++ if (!ctx.flags.K) { ++ ctx.in_public.t.publicArea.objectAttributes.userWithAuth = 0; ++ } + break; + case 'S': + if (!tpm2_util_string_to_uint32(value, &ctx.session_data.sessionHandle)) { +-- +2.17.0 + diff --git a/SOURCES/0001-tpm2_nvwrite-fix-buffer-overflow.patch b/SOURCES/0001-tpm2_nvwrite-fix-buffer-overflow.patch deleted file mode 100644 index 91ee61d..0000000 --- a/SOURCES/0001-tpm2_nvwrite-fix-buffer-overflow.patch +++ /dev/null @@ -1,91 +0,0 @@ -From ab1a2d468c4b2ac09a0ac651563653f36a73215f Mon Sep 17 00:00:00 2001 -From: William Roberts -Date: Fri, 15 Dec 2017 11:43:42 -0800 -Subject: [PATCH] tpm2_nvwrite: fix buffer overflow - -As reported by clang asan: - -================================================================= -==435==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe036c0902 at pc 0x0000004a326d bp 0x7ffe036c02f0 sp 0x7ffe036bfaa0 -WRITE of size 2048 at 0x7ffe036c0902 thread T0 - #0 0x4a326c in __asan_memcpy (/home/wcrobert/workspace/tpm2-tools/tools/tpm2_nvwrite+0x4a326c) - #1 0x4e887b in nv_write /home/wcrobert/workspace/tpm2-tools/tools/tpm2_nvwrite.c:129:9 - #2 0x4e82c4 in tpm2_tool_onrun /home/wcrobert/workspace/tpm2-tools/tools/tpm2_nvwrite.c:316:11 - #3 0x4e90d9 in main /home/wcrobert/workspace/tpm2-tools/tools/tpm2_tool.c:150:11 - #4 0x7fdfc968d82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291 - #5 0x4195c8 in _start (/home/wcrobert/workspace/tpm2-tools/tools/tpm2_nvwrite+0x4195c8) - -Address 0x7ffe036c0902 is located in stack of thread T0 at offset 1538 in frame - #0 0x4e846f in nv_write /home/wcrobert/workspace/tpm2-tools/tools/tpm2_nvwrite.c:76 - - This frame has 8 object(s): - [32, 172) 'session_data_out' - [240, 256) 'sessions_data' - [272, 288) 'sessions_data_out' - [304, 312) 'session_data_array' - [336, 344) 'session_data_out_array' - [368, 452) 'nv_public' - [496, 500) 'max_data_size' - [512, 1538) 'nv_write_data' <== Memory access at offset 1538 overflows this variable -HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext - (longjmp and C++ exceptions *are* supported) -SUMMARY: AddressSanitizer: stack-buffer-overflow (/home/wcrobert/workspace/tpm2-tools/tools/tpm2_nvwrite+0x4a326c) in __asan_memcpy -Shadow bytes around the buggy address: - 0x1000406d00d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - 0x1000406d00e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - 0x1000406d00f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - 0x1000406d0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - 0x1000406d0110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -=>0x1000406d0120:[02]f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 - 0x1000406d0130: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 - 0x1000406d0140: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 - 0x1000406d0150: 00 00 00 00 00 00 00 00 02 f2 f2 f2 f2 f2 00 f3 - 0x1000406d0160: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 - 0x1000406d0170: 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 01 f2 00 f3 -Shadow byte legend (one shadow byte represents 8 application bytes): - Addressable: 00 - Partially addressable: 01 02 03 04 05 06 07 - Heap left redzone: fa - Heap right redzone: fb - Freed heap region: fd - Stack left redzone: f1 - Stack mid redzone: f2 - Stack right redzone: f3 - Stack partial redzone: f4 - Stack after return: f5 - Stack use after scope: f8 - Global redzone: f9 - Global init order: f6 - Poisoned by user: f7 - Container overflow: fc - Array cookie: ac - Intra object redzone: bb - ASan internal: fe - Left alloca redzone: ca - Right alloca redzone: cb -==435==ABORTING - -Fix by using the max buffer's size field, not the loaded from -file buffers size field. - -Signed-off-by: William Roberts ---- - tools/tpm2_nvwrite.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/tpm2_nvwrite.c b/tools/tpm2_nvwrite.c -index 63c892f..a412898 100644 ---- a/tools/tpm2_nvwrite.c -+++ b/tools/tpm2_nvwrite.c -@@ -127,7 +127,7 @@ static bool nv_write(TSS2_SYS_CONTEXT *sapi_context) { - LOG_INFO("The data(size=%d) to be written:", nv_write_data.t.size); - - memcpy(nv_write_data.t.buffer, &ctx.nv_buffer.t.buffer[data_offset], -- ctx.nv_buffer.t.size); -+ nv_write_data.t.size); - - TPM_RC rval = TSS2_RETRY_EXP(Tss2_Sys_NV_Write(sapi_context, ctx.auth_handle, - ctx.nv_index, &sessions_data, &nv_write_data, ctx.offset + data_offset, --- -2.15.0 - diff --git a/SOURCES/add-man-pages.patch b/SOURCES/add-man-pages.patch index 2320055..906ba89 100644 --- a/SOURCES/add-man-pages.patch +++ b/SOURCES/add-man-pages.patch @@ -1,30 +1,37 @@ -diff --git a/Makefile.am b/Makefile.am -index 2034c2500b3e..9dfe2ca1ea7c 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -270,7 +270,6 @@ EXTRA_DIST = $(top_srcdir)/man \ - README.md \ - RELEASE.md +--- tpm2-tools-3.0.4/Makefile.am 2018-04-30 02:52:17.000000000 -0700 ++++ tpm2-tools-3.0.4-new/Makefile.am 2018-09-10 07:53:19.911780215 -0700 +@@ -273,8 +273,7 @@ + RELEASE.md \ + test/system -if HAVE_PANDOC - man1_MANS := \ +- man1_MANS := \ ++man1_MANS := \ man/man1/tpm2_activatecredential.1 \ man/man1/tpm2_certify.1 \ -@@ -311,7 +310,6 @@ if HAVE_PANDOC - man/man1/tpm2_takeownership.1 \ + man/man1/tpm2_create.1 \ +@@ -315,16 +314,6 @@ man/man1/tpm2_unseal.1 \ man/man1/tpm2_verifysignature.1 --endif +-# If pandoc is enabled, we want to generate the manpages for the dist tarball +-EXTRA_DIST += $(man1_MANS) +-else +-# If pandoc is not enabled, we want to complain that you need pandoc for make dist, +-# so hook the target and complain. +-dist-hook: +- @(>&2 echo "You do not have pandoc, a requirement for the distribution of manpages") +- @exit 1 +-endif +- MARKDOWN_COMMON_DEPS = \ man/common/alg.md \ -diff --git a/man/man1/tpm2_activatecredential.1 b/man/man1/tpm2_activatecredential.1 -new file mode 100644 -index 000000000000..afe81e4d4b02 ---- /dev/null -+++ b/man/man1/tpm2_activatecredential.1 -@@ -0,0 +1,178 @@ -+.\" Automatically generated by Pandoc 1.19.1 + man/common/hash.md \ +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_activatecredential.1 tpm2-tools-3.0.4-new/man/man1/tpm2_activatecredential.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_activatecredential.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_activatecredential.1 2018-09-10 07:57:12.390603034 -0700 +@@ -0,0 +1,179 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_activatecredential" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -45,51 +52,51 @@ index 000000000000..afe81e4d4b02 +.PP +These options control the object verification: +.IP \[bu] 2 -+\f[B]\-H\f[], \f[B]\-\-handle\f[]=\f[I]HANDLE\f[]: \f[I]HANDLE\f[] of ++\f[B]\-H\f[], \f[B]\[en]handle\f[]=\f[I]HANDLE\f[]: \f[I]HANDLE\f[] of +the object associated with the created certificate by CA. +.IP \[bu] 2 -+\f[B]\-k\f[], \f[B]\-\-key\-handle\f[]=\f[I]KEY_HANDLE\f[]: The ++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: The +\f[I]KEY_HANDLE\f[] of Loaded key used to decrypt the the random seed. +.IP \[bu] 2 -+\f[B]\-C\f[], \f[B]\-\-key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: ++\f[B]\-C\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: +\f[I]KEY_CONTEXT_FILE\f[] is the path to a context file. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-password\f[]=\f[I]PASSWORD\f[]: Use ++\f[B]\-P\f[], \f[B]\[en]password\f[]=\f[I]PASSWORD\f[]: Use +\f[I]PASSWORD\f[] for providing an authorization value for the +\f[I]KEY_HANDLE\f[]. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-e\f[], \f[B]\-\-endorse\-password\f[]=\f[I]ENDORSE_PASSWORD\f[]: ++\f[B]\-e\f[], \f[B]\[en]endorse\-password\f[]=\f[I]ENDORSE_PASSWORD\f[]: +The endorsement password, optional. +Follows the same formating guidelines as the handle password option \-P. +.IP \[bu] 2 -+\f[B]\-f\f[], \f[B]\-\-in\-file\f[]=\f[I]INPUT_FILE\f[]: Input file ++\f[B]\-f\f[], \f[B]\[en]in\-file\f[]=\f[I]INPUT_FILE\f[]: Input file +path, containing the two structures needed by tpm2_activatecredential +function. +This is created via the tpm2_makecredential(1) command. +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-out\-file\f[]=\f[I]OUTPUT_FILE\f[]: Output file ++\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUTPUT_FILE\f[]: Output file +path, record the secret to decrypt the certificate. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -122,14 +129,14 @@ index 000000000000..afe81e4d4b02 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -146,7 +153,7 @@ index 000000000000..afe81e4d4b02 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -181,7 +188,8 @@ index 000000000000..afe81e4d4b02 +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH EXAMPLES @@ -202,13 +210,11 @@ index 000000000000..afe81e4d4b02 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_certify.1 b/man/man1/tpm2_certify.1 -new file mode 100644 -index 000000000000..f1a5af18d65b ---- /dev/null -+++ b/man/man1/tpm2_certify.1 -@@ -0,0 +1,201 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_certify.1 tpm2-tools-3.0.4-new/man/man1/tpm2_certify.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_certify.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_certify.1 2018-09-10 07:57:12.572600547 -0700 +@@ -0,0 +1,202 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_certify" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -235,61 +241,61 @@ index 000000000000..f1a5af18d65b +.PP +These options control the ceritifcation: +.IP \[bu] 2 -+\f[B]\-H\f[], \f[B]\-\-obj\-handle\f[]=\f[I]OBJECT_HANDLE\f[]: The ++\f[B]\-H\f[], \f[B]\[en]obj\-handle\f[]=\f[I]OBJECT_HANDLE\f[]: The +handle of the object to be certified. +.IP \[bu] 2 -+\f[B]\-C\f[], \f[B]\-\-obj\-context\f[]=\f[I]FILE\f[]: Use \f[I]FILE\f[] -+for providing the object context. ++\f[B]\-C\f[], \f[B]\[en]obj\-context\f[]=\f[I]FILE\f[]: Use ++\f[I]FILE\f[] for providing the object context. +.IP \[bu] 2 -+\f[B]\-k\f[], \f[B]\-\-key\-handle\f[]=\f[I]KEY_HANDLE\f[]: Handle of ++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: Handle of +the key used to sign the attestation structure. +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-key\-context\f[]=\f[I]KEY_CONTEXT\f[]: Filename ++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT\f[]: Filename +of the key context used to sign the attestation structure. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-pwdo\f[]=\f[I]OBJECT_PASSWORD\f[]: Use ++\f[B]\-P\f[], \f[B]\[en]pwdo\f[]=\f[I]OBJECT_PASSWORD\f[]: Use +\f[I]OBJECT_PASSWORD\f[] for providing an authorization value for the +object specified in \f[I]OBJECT_HANDLE\f[]. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-K\f[], \f[B]\-\-pwdk\f[]=\f[I]KEY_PASSWORD\f[]: Use ++\f[B]\-K\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: Use +\f[I]KEY_PASSWORD\f[] for providing an authorization value for the key +specified in \f[I]KEY_HANDLE\f[]. +Follows the same formatting guidelines as the object handle password or +\-P option. +.IP \[bu] 2 -+\f[B]\-a\f[], \f[B]\-\-attest\-file\f[]=\f[I]ATTEST_FILE\f[]: Output ++\f[B]\-a\f[], \f[B]\[en]attest\-file\f[]=\f[I]ATTEST_FILE\f[]: Output +file name for the attestation data. +.IP \[bu] 2 -+\f[B]\-s\f[], \f[B]\-\-sig\-file\f[]=\f[I]SIG_FILE\f[]: Output file name -+for the signature data. ++\f[B]\-s\f[], \f[B]\[en]sig\-file\f[]=\f[I]SIG_FILE\f[]: Output file ++name for the signature data. +.IP \[bu] 2 -+\f[B]\-f\f[], \f[B]\-\-format\f[] ++\f[B]\-f\f[], \f[B]\[en]format\f[] +.RS 2 +.PP +Format selection for the signature output file. -+See section "Signature Format Specifiers". ++See section \[lq]Signature Format Specifiers\[rq]. +.RE +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -322,14 +328,14 @@ index 000000000000..f1a5af18d65b +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -346,7 +352,7 @@ index 000000000000..f1a5af18d65b +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -381,7 +387,8 @@ index 000000000000..f1a5af18d65b +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH Signature Format Specifiers @@ -409,13 +416,11 @@ index 000000000000..f1a5af18d65b +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_create.1 b/man/man1/tpm2_create.1 -new file mode 100644 -index 000000000000..80e158428a26 ---- /dev/null -+++ b/man/man1/tpm2_create.1 -@@ -0,0 +1,271 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_create.1 tpm2-tools-3.0.4-new/man/man1/tpm2_create.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_create.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_create.1 2018-09-10 07:57:12.772597813 -0700 +@@ -0,0 +1,273 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_create" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -436,83 +441,84 @@ index 000000000000..80e158428a26 +.PP +These options for creating the tpm entity: +.IP \[bu] 2 -+\f[B]\-H\f[], \f[B]\-\-pparent\f[]=\f[I]PARENT_HANDLE\f[]: The handle of -+the parent object to create this object under. ++\f[B]\-H\f[], \f[B]\[en]pparent\f[]=\f[I]PARENT_HANDLE\f[]: The handle ++of the parent object to create this object under. +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-context\-parent\f[]=\f[I]PARENT_CONTEXT_FILE\f[]: -+The filename for parent context. ++\f[B]\-c\f[], ++\f[B]\[en]context\-parent\f[]=\f[I]PARENT_CONTEXT_FILE\f[]: The filename ++for parent context. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-pwdp\f[]=\f[I]PARENT_KEY_PASSWORD\f[]: The ++\f[B]\-P\f[], \f[B]\[en]pwdp\f[]=\f[I]PARENT_KEY_PASSWORD\f[]: The +password for parent key, optional. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-K\f[], \f[B]\-\-pwdk\f[]=\f[I]KEY_PASSWORD\f[]: The password for ++\f[B]\-K\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: The password for +key, optional. -+Follows the password formatting of the "password for parent key" option: -+\-P. ++Follows the password formatting of the \[lq]password for parent key\[rq] ++option: \-P. +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-halg\f[]=\f[I]ALGORITHM\f[]: The hash algorithm ++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]ALGORITHM\f[]: The hash algorithm +to use. +Algorithms should follow the " formatting standards, see section -+"Algorithm Specifiers". -+Also, see section "Supported Hash Algorithms" for a list of supported -+hash algorithms. ++\[lq]Algorithm Specifiers\[rq]. ++Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of ++supported hash algorithms. +.IP \[bu] 2 -+\f[B]\-G\f[], \f[B]\-\-kalg\f[]=\f[I]KEY_ALGORITHM\f[]: The algorithm ++\f[B]\-G\f[], \f[B]\[en]kalg\f[]=\f[I]KEY_ALGORITHM\f[]: The algorithm +associated with this object. +It accepts friendly names just like \-g option. -+See section "Supported Public Object Algorithms" for a list of supported -+object algorithms. ++See section \[lq]Supported Public Object Algorithms\[rq] for a list of ++supported object algorithms. +.IP \[bu] 2 -+\f[B]\-A\f[], \f[B]\-\-object\-attributes\f[]=\f[I]ATTRIBUTES\f[]: The ++\f[B]\-A\f[], \f[B]\[en]object\-attributes\f[]=\f[I]ATTRIBUTES\f[]: The +object attributes, optional. -+Object attribytes follow the specifications as outlined in "object -+attribute specifiers". ++Object attribytes follow the specifications as outlined in \[lq]object ++attribute specifiers\[rq]. +The default for created objects is: +.RS 2 +.PP +\f[C]TPMA_OBJECT_SIGN|TPMA_OBJECT_FIXEDTPM|TPMA_OBJECT_FIXEDPARENT|TPMA_OBJECT_SENSITIVEDATAORIGIN|TPMA_OBJECT_USERWITHAUTH\f[] +.RE +.IP \[bu] 2 -+\f[B]\-I\f[], \f[B]\-\-in\-file\f[]=\f[I]FILE\f[]: The data file to be ++\f[B]\-I\f[], \f[B]\[en]in\-file\f[]=\f[I]FILE\f[]: The data file to be +sealed, optional. +If file is \-, read from stdin. +When sealing data only the TPM_ALG_KEYEDHASH algorithm is allowed. +.IP \[bu] 2 -+\f[B]\-L\f[], \f[B]\-\-policy\-file\f[]=\f[I]POLICY_FILE\f[]: The input ++\f[B]\-L\f[], \f[B]\[en]policy\-file\f[]=\f[I]POLICY_FILE\f[]: The input +policy file, optional. +.IP \[bu] 2 -+\f[B]\-u\f[], \f[B]\-\-pubfile\f[]=\f[I]OUTPUT_PUBLIC_FILE\f[]: The ++\f[B]\-u\f[], \f[B]\[en]pubfile\f[]=\f[I]OUTPUT_PUBLIC_FILE\f[]: The +output file which contains the public portion of the created object, +optional. +.IP \[bu] 2 -+\f[B]\-r\f[], \f[B]\-\-privfile\f[]=\f[I]OUTPUT_PRIVATE_FILE\f[]: The ++\f[B]\-r\f[], \f[B]\[en]privfile\f[]=\f[I]OUTPUT_PRIVATE_FILE\f[]: The +output file which contains the sensitive portion of the object, +optional. +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional +Input session handle from a policy session for authorization. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -545,14 +551,14 @@ index 000000000000..80e158428a26 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -569,7 +575,7 @@ index 000000000000..80e158428a26 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -604,7 +610,8 @@ index 000000000000..80e158428a26 +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH Supported Hash Algorithms @@ -639,7 +646,7 @@ index 000000000000..80e158428a26 +\f[B]NOTE\f[]: Your TPM may not support all algorithms. +.SH Algorithm Specfiers +.PP -+Options that take algorithms support "nice\-names". ++Options that take algorithms support \[lq]nice\-names\[rq]. +Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4. +The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[] +from the Algorithm Name field and converting it to lower case. @@ -652,7 +659,7 @@ index 000000000000..80e158428a26 +Object Attributes are used to control various properties of created +objects. +When specified as an option, either the raw bitfield mask or -+"nice\-names" may be used. ++\[lq]nice\-names\[rq] may be used. +The values can be found in Table 31 Part 2 of the TPM2.0 specification, +which can be found here: +.PP @@ -661,7 +668,7 @@ index 000000000000..80e158428a26 +Nice names are calculated by taking the name field of table 31 and +removing the prefix \f[B]TPMA_OBJECT_\f[] and lowercasing the result. +Thus, \f[B]TPMA_OBJECT_FIXEDTPM\f[] becomes fixedtpm. -+Nice names can be joined using the bitwise or "|" symbol. ++Nice names can be joined using the bitwise or \[lq]|\[rq] symbol. +.PP +For instance, to set The fields \f[B]TPMA_OBJECT_FIXEDTPM\f[], +\f[B]TPMA_OBJECT_NODA\f[], and \f[B]TPMA_OBJECT_SIGN\f[], the argument @@ -686,13 +693,11 @@ index 000000000000..80e158428a26 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_createpolicy.1 b/man/man1/tpm2_createpolicy.1 -new file mode 100644 -index 000000000000..355137e38852 ---- /dev/null -+++ b/man/man1/tpm2_createpolicy.1 -@@ -0,0 +1,186 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_createpolicy.1 tpm2-tools-3.0.4-new/man/man1/tpm2_createpolicy.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_createpolicy.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_createpolicy.1 2018-09-10 07:57:12.945595449 -0700 +@@ -0,0 +1,185 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_createpolicy" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -714,52 +719,51 @@ index 000000000000..355137e38852 +.PP +These options control creating the policy authorization session: +.IP \[bu] 2 -+\f[B]\-f\f[], \f[B]\-\-policy\-file\f[]=\f[I]POLICY_FILE\f[]: File to ++\f[B]\-f\f[], \f[B]\[en]policy\-file\f[]=\f[I]POLICY_FILE\f[]: File to +save the policy digest. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-policy\-pcr\f[]: Identifies the PCR policy type ++\f[B]\-P\f[], \f[B]\[en]policy\-pcr\f[]: Identifies the PCR policy type +for policy creation. +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-policy\-digest\-alg\f[]=\f[I]HASH_ALGORITHM\f[]: ++\f[B]\-g\f[], \f[B]\[en]policy\-digest\-alg\f[]=\f[I]HASH_ALGORITHM\f[]: +The hash algorithm used in computation of the policy digest. -+Algorithms should follow the "formatting standards, see section -+"Algorithm Specifiers". -+Also, see section "Supported Hash Algorithms" for a list of supported -+hash algorithms. ++Algorithms should follow the \[lq]formatting standards, see ++section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported ++Hash Algorithms" for a list of supported hash algorithms. +.IP \[bu] 2 -+\f[B]\-L\f[], \f[B]\-\-set\-list\f[]=\f[I]PCR_LIST\f[]: The list of pcr -+banks and selected PCRs\[aq] ids (0~23) for each bank. ++\f[B]\-L\f[], \f[B]\[en]set\-list\f[]=\f[I]PCR_LIST\f[]: The list of pcr ++banks and selected PCRs' ids (0~23) for each bank. +.IP \[bu] 2 -+\f[B]\-F\f[], \f[B]\-\-pcr\-input\-file\f[]=\f[I]PCR_FILE\f[]: Optional ++\f[B]\-F\f[], \f[B]\[en]pcr\-input\-file\f[]=\f[I]PCR_FILE\f[]: Optional +Path or Name of the file containing expected pcr values for the +specified index. +Default is to read the current PCRs per the set list. +.IP \[bu] 2 -+\f[B]\-e\f[], \f[B]\-\-extend\-policy\-session\f[]: Retains the policy ++\f[B]\-e\f[], \f[B]\[en]extend\-policy\-session\f[]: Retains the policy +session at the end of operation. +.IP \[bu] 2 -+\f[B]\-a\f[], \f[B]\-\-auth\-policy\-session\f[]: Start a policy session -+of type \f[B]TPM_SE_POLICY\f[]. ++\f[B]\-a\f[], \f[B]\[en]auth\-policy\-session\f[]: Start a policy ++session of type \f[B]TPM_SE_POLICY\f[]. +Default without this option is \f[B]TPM_SE_TRIAL\f[]. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -792,14 +796,14 @@ index 000000000000..355137e38852 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -816,7 +820,7 @@ index 000000000000..355137e38852 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -856,7 +860,7 @@ index 000000000000..355137e38852 +\f[B]NOTE\f[]: Your TPM may not support all algorithms. +.SH Algorithm Specfiers +.PP -+Options that take algorithms support "nice\-names". ++Options that take algorithms support \[lq]nice\-names\[rq]. +Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4. +The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[] +from the Algorithm Name field and converting it to lower case. @@ -878,13 +882,11 @@ index 000000000000..355137e38852 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_createprimary.1 b/man/man1/tpm2_createprimary.1 -new file mode 100644 -index 000000000000..5a77fc162ef1 ---- /dev/null -+++ b/man/man1/tpm2_createprimary.1 -@@ -0,0 +1,273 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_createprimary.1 tpm2-tools-3.0.4-new/man/man1/tpm2_createprimary.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_createprimary.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_createprimary.1 2018-09-10 07:57:13.139592798 -0700 +@@ -0,0 +1,274 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_createprimary" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -907,7 +909,7 @@ index 000000000000..5a77fc162ef1 +The sensitive area is not returned. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-H\f[], \f[B]\-\-hierarchy\f[]=\f[I]HIERARCHY\f[]: Specify the ++\f[B]\-H\f[], \f[B]\[en]hierarchy\f[]=\f[I]HIERARCHY\f[]: Specify the +hierarchy under which the object is created. +This will also dictate which authorization secret (if any) must be +supplied. @@ -923,41 +925,41 @@ index 000000000000..5a77fc162ef1 +\f[B]n\f[] for \f[B]TPM_RH_NULL\f[] +.RE +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-pwdp\f[]=\f[I]PARENT_KEY_PASSWORD\f[]: Optional ++\f[B]\-P\f[], \f[B]\[en]pwdp\f[]=\f[I]PARENT_KEY_PASSWORD\f[]: Optional +authorization string if authorization is required to create object under +the specified hierarchy. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-K\f[], \f[B]\-\-pwdk\f[]=\f[I]KEY_PASSWORD\f[]: Optional ++\f[B]\-K\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: Optional +authorization string for the newly created object. +Follows the same password formating guidelines as the parent +authorization string under the \-P option. +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-halg\f[]=\f[I]ALGORITHM\f[]: The hash algorithm ++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]ALGORITHM\f[]: The hash algorithm +to use. +Algorithms should follow the " formatting standards, see section -+"Algorithm Specifiers". -+Also, see section "Supported Hash Algorithms" for a list of supported -+hash algorithms. ++\[lq]Algorithm Specifiers\[rq]. ++Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of ++supported hash algorithms. +.IP \[bu] 2 -+\f[B]\-G\f[], \f[B]\-\-kalg\f[]=\f[I]KEY_ALGORITHM\f[]: Algorithm type ++\f[B]\-G\f[], \f[B]\[en]kalg\f[]=\f[I]KEY_ALGORITHM\f[]: Algorithm type +for generated key. +It supports friendly names like the \-g option. -+See section "Supported Public Object Algorithms" for a list of supported -+object algorithms. ++See section \[lq]Supported Public Object Algorithms\[rq] for a list of ++supported object algorithms. +.IP \[bu] 2 -+\f[B]\-C\f[], \f[B]\-\-context\f[]=\f[I]CONTEXT_FILE\f[]: An optional ++\f[B]\-C\f[], \f[B]\[en]context\f[]=\f[I]CONTEXT_FILE\f[]: An optional +file used to store the object context returned. +.IP \[bu] 2 -+\f[B]\-L\f[], \f[B]\-\-policy\-file\f[]=\f[I]POLICY_FILE\f[]: An ++\f[B]\-L\f[], \f[B]\[en]policy\-file\f[]=\f[I]POLICY_FILE\f[]: An +optional file input that contains the policy digest for policy based +authorization of the object. +.IP \[bu] 2 -+\f[B]\-A\f[], \f[B]\-\-object\-attributes\f[]=\f[I]ATTRIBUTES\f[]: The ++\f[B]\-A\f[], \f[B]\[en]object\-attributes\f[]=\f[I]ATTRIBUTES\f[]: The +object attributes, optional. -+Object attribytes follow the specifications as outlined in "object -+attribute specifiers". ++Object attribytes follow the specifications as outlined in \[lq]object ++attribute specifiers\[rq]. +The default for created objects is: +.RS 2 +.PP @@ -965,27 +967,27 @@ index 000000000000..5a77fc162ef1 +.RE +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional +Input session handle from a policy session for authorization. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -1018,14 +1020,14 @@ index 000000000000..5a77fc162ef1 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -1042,7 +1044,7 @@ index 000000000000..5a77fc162ef1 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -1077,7 +1079,8 @@ index 000000000000..5a77fc162ef1 +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH Supported Hash Algorithms @@ -1112,7 +1115,7 @@ index 000000000000..5a77fc162ef1 +\f[B]NOTE\f[]: Your TPM may not support all algorithms. +.SH Algorithm Specfiers +.PP -+Options that take algorithms support "nice\-names". ++Options that take algorithms support \[lq]nice\-names\[rq]. +Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4. +The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[] +from the Algorithm Name field and converting it to lower case. @@ -1125,7 +1128,7 @@ index 000000000000..5a77fc162ef1 +Object Attributes are used to control various properties of created +objects. +When specified as an option, either the raw bitfield mask or -+"nice\-names" may be used. ++\[lq]nice\-names\[rq] may be used. +The values can be found in Table 31 Part 2 of the TPM2.0 specification, +which can be found here: +.PP @@ -1134,7 +1137,7 @@ index 000000000000..5a77fc162ef1 +Nice names are calculated by taking the name field of table 31 and +removing the prefix \f[B]TPMA_OBJECT_\f[] and lowercasing the result. +Thus, \f[B]TPMA_OBJECT_FIXEDTPM\f[] becomes fixedtpm. -+Nice names can be joined using the bitwise or "|" symbol. ++Nice names can be joined using the bitwise or \[lq]|\[rq] symbol. +.PP +For instance, to set The fields \f[B]TPMA_OBJECT_FIXEDTPM\f[], +\f[B]TPMA_OBJECT_NODA\f[], and \f[B]TPMA_OBJECT_SIGN\f[], the argument @@ -1157,13 +1160,11 @@ index 000000000000..5a77fc162ef1 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_dictionarylockout.1 b/man/man1/tpm2_dictionarylockout.1 -new file mode 100644 -index 000000000000..d8e5be903645 ---- /dev/null -+++ b/man/man1/tpm2_dictionarylockout.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_dictionarylockout.1 tpm2-tools-3.0.4-new/man/man1/tpm2_dictionarylockout.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_dictionarylockout.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_dictionarylockout.1 2018-09-10 07:57:13.320590324 -0700 @@ -0,0 +1,155 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_dictionarylockout" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -1181,48 +1182,48 @@ index 000000000000..d8e5be903645 +option is missing, assume NULL. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-s\f[], \f[B]\-\-setup\-parameters\f[]=\f[I]SETUP_PARAMETERS\f[]: ++\f[B]\-s\f[], \f[B]\[en]setup\-parameters\f[]=\f[I]SETUP_PARAMETERS\f[]: +specifies the tool should operate to setup dictionary\-attack\-lockout +parameters. +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-clear\-lockout\f[]: specifies the tool should ++\f[B]\-c\f[], \f[B]\[en]clear\-lockout\f[]: specifies the tool should +operate to clear dictionary\-attack\-lockout state. +.IP \[bu] 2 +\f[B]\-l\f[], \f[B]\-lockout\-recovery\-time\f[]=\f[I]LOCKOUT_TIME\f[]: +specifies the wait time in seconds before another TPM_RH_LOCKOUT +authentication attempt can be made after a failed authentication. +.IP \[bu] 2 -+\f[B]\-t\f[], \f[B]\-\-recovery\-time\f[]=\f[I]RECOVERY_TIME\f[]: ++\f[B]\-t\f[], \f[B]\[en]recovery\-time\f[]=\f[I]RECOVERY_TIME\f[]: +specifies the wait time in seconds before another DA\-protected\-object +authentication attempt can be made after max\-tries number of failed +authentications. +.IP \[bu] 2 -+\f[B]\-n\f[], \f[B]\-\-max\-tries\f[]=\f[I]MAX_TRYS\f[]: specifies the ++\f[B]\-n\f[], \f[B]\[en]max\-tries\f[]=\f[I]MAX_TRYS\f[]: specifies the +maximum number of allowed authentication attempts on +DA\-protected\-object; after which DA is activated. +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional +Input session handle from a policy session for authorization. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -1255,14 +1256,14 @@ index 000000000000..d8e5be903645 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -1279,7 +1280,7 @@ index 000000000000..d8e5be903645 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -1318,13 +1319,11 @@ index 000000000000..d8e5be903645 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_encryptdecrypt.1 b/man/man1/tpm2_encryptdecrypt.1 -new file mode 100644 -index 000000000000..39fa1ee57d12 ---- /dev/null -+++ b/man/man1/tpm2_encryptdecrypt.1 -@@ -0,0 +1,169 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_encryptdecrypt.1 tpm2-tools-3.0.4-new/man/man1/tpm2_encryptdecrypt.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_encryptdecrypt.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_encryptdecrypt.1 2018-09-10 07:57:13.685585336 -0700 +@@ -0,0 +1,170 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_encryptdecrypt" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -1341,46 +1340,46 @@ index 000000000000..39fa1ee57d12 +with a specified symmetric key. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-k\f[], \f[B]\-\-key\-handle\f[]=\f[I]KEY_HANDLE\f[]: the ++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: the +symmetric key used for the operation (encryption/decryption). +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: ++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: +filename of the key context used for the operation. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-pwdk\f[]=\f[I]KEY_PASSWORD\f[]: filename of the ++\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: filename of the +key context used for the operation. +The password for parent key, optional. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-D\f[], \f[B]\-\-decrypt\f[]: Perform a decrypt operation. ++\f[B]\-D\f[], \f[B]\[en]decrypt\f[]: Perform a decrypt operation. +Default is encryption. +.IP \[bu] 2 -+\f[B]\-I\f[], \f[B]\-\-in\-file\f[]=\f[I]INPUT_FILE\f[]: Input file path -+containing data for decrypt or encrypt operation. ++\f[B]\-I\f[], \f[B]\[en]in\-file\f[]=\f[I]INPUT_FILE\f[]: Input file ++path containing data for decrypt or encrypt operation. +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional +Input session handle from a policy session for authorization. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -1413,14 +1412,14 @@ index 000000000000..39fa1ee57d12 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -1437,7 +1436,7 @@ index 000000000000..39fa1ee57d12 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -1472,7 +1471,8 @@ index 000000000000..39fa1ee57d12 +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH EXAMPLES @@ -1493,13 +1493,11 @@ index 000000000000..39fa1ee57d12 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_evictcontrol.1 b/man/man1/tpm2_evictcontrol.1 -new file mode 100644 -index 000000000000..37102a6fb634 ---- /dev/null -+++ b/man/man1/tpm2_evictcontrol.1 -@@ -0,0 +1,180 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_evictcontrol.1 tpm2-tools-3.0.4-new/man/man1/tpm2_evictcontrol.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_evictcontrol.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_evictcontrol.1 2018-09-10 07:57:13.874582753 -0700 +@@ -0,0 +1,181 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_evictcontrol" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -1516,8 +1514,8 @@ index 000000000000..37102a6fb634 +persistent or a persistent object to be evicted. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-A\f[], \f[B]\-\-auth\f[]=\f[I]AUTH\f[]: The authorization used to -+authorize the commands. ++\f[B]\-A\f[], \f[B]\[en]auth\f[]=\f[I]AUTH\f[]: The authorization used ++to authorize the commands. +Valid choices are: +.RS 2 +.IP \[bu] 2 @@ -1526,7 +1524,7 @@ index 000000000000..37102a6fb634 +\f[B]p\f[] for \f[B]TPM_RH_PLATFORM\f[] +.RE +.IP \[bu] 2 -+\f[B]\-H\f[], \f[B]\-\-handle\f[]=\f[I]HANDLE\f[]: The handle of a ++\f[B]\-H\f[], \f[B]\[en]handle\f[]=\f[I]HANDLE\f[]: The handle of a +loaded transient or a persistent object. +.RS 2 +.PP @@ -1538,35 +1536,35 @@ index 000000000000..37102a6fb634 +need to be provided since the handle must be the same for both options. +.RE +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-context\f[]=\f[I]OBJECT_CONTEXT_FILE\f[]: ++\f[B]\-c\f[], \f[B]\[en]context\f[]=\f[I]OBJECT_CONTEXT_FILE\f[]: +Filename for object context. +.IP \[bu] 2 -+\f[B]\-S\f[], \f[B]\-\-persistent\f[]=\f[I]PERSISTENT_HANDLE\f[]: The ++\f[B]\-S\f[], \f[B]\[en]persistent\f[]=\f[I]PERSISTENT_HANDLE\f[]: The +persistent handle for the object handle specified via \f[I]HANDLE\f[]. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-pwda\f[]=\f[I]AUTH_PASSWORD\f[]: authorization ++\f[B]\-P\f[], \f[B]\[en]pwda\f[]=\f[I]AUTH_PASSWORD\f[]: authorization +password, optional. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -1599,14 +1597,14 @@ index 000000000000..37102a6fb634 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -1623,7 +1621,7 @@ index 000000000000..37102a6fb634 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -1658,7 +1656,8 @@ index 000000000000..37102a6fb634 +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH EXAMPLES @@ -1679,13 +1678,11 @@ index 000000000000..37102a6fb634 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_getcap.1 b/man/man1/tpm2_getcap.1 -new file mode 100644 -index 000000000000..c7547a52ef35 ---- /dev/null -+++ b/man/man1/tpm2_getcap.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getcap.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getcap.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_getcap.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_getcap.1 2018-09-10 07:57:13.499587878 -0700 @@ -0,0 +1,161 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_getcap" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -1698,13 +1695,13 @@ index 000000000000..c7547a52ef35 +\f[B]tpm2_getcap\f[] [\f[I]OPTIONS\f[]] +.SH DESCRIPTION +.PP -+\f[B]tpm2_getcap\f[](1) \- Query the TPM for it\[aq]s capabilities / ++\f[B]tpm2_getcap\f[](1) \- Query the TPM for it's capabilities / +properties and dump them to the console. +This is a thin wrapper around the GetCapability command. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-capability\f[]=\f[I]CAPABILITY_NAME\f[]: The name -+of the capability group to query. ++\f[B]\-c\f[], \f[B]\[en]capability\f[]=\f[I]CAPABILITY_NAME\f[]: The ++name of the capability group to query. +Currently supported capability groups are: +.RS 2 +.IP \[bu] 2 @@ -1738,20 +1735,20 @@ index 000000000000..c7547a52ef35 +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -1784,14 +1781,14 @@ index 000000000000..c7547a52ef35 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -1808,7 +1805,7 @@ index 000000000000..c7547a52ef35 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -1846,20 +1843,18 @@ index 000000000000..c7547a52ef35 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_getmanufec.1 b/man/man1/tpm2_getmanufec.1 -new file mode 100644 -index 000000000000..93b2a485c73e ---- /dev/null -+++ b/man/man1/tpm2_getmanufec.1 -@@ -0,0 +1,225 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getmanufec.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getmanufec.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_getmanufec.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_getmanufec.1 2018-09-10 07:57:14.067580116 -0700 +@@ -0,0 +1,226 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_getmanufec" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual" +.hy +.SH NAME +.PP +\f[B]tpm2_getmanufec\f[](1) \- Retrieve the Endorsement Credential -+Certificate for the TPM endorsement key from the TPM manufacturer\[aq]s ++Certificate for the TPM endorsement key from the TPM manufacturer's +endorsement certificate hosting server. +.SH SYNOPSIS +.PP @@ -1867,75 +1862,75 @@ index 000000000000..93b2a485c73e +.SH DESCRIPTION +.PP +\f[B]tpm2_getmanufec\f[](1) \- Retrieve the Endorsement Credential -+Certificate for the TPM endorsement key from the TPM manufacturer\[aq]s ++Certificate for the TPM endorsement key from the TPM manufacturer's +endorsement certificate hosting server. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-e\f[], \f[B]\-\-endorse\-passwd\f[]=\f[I]ENDORSE_PASSWORD\f[]: ++\f[B]\-e\f[], \f[B]\[en]endorse\-passwd\f[]=\f[I]ENDORSE_PASSWORD\f[]: +specifies current endorse password (string, optional,default:NULL). +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-owner\-passwd\f[]=\f[I]OWNER_PASSWORD\f[]: ++\f[B]\-o\f[], \f[B]\[en]owner\-passwd\f[]=\f[I]OWNER_PASSWORD\f[]: +specifies current owner password (string, optional,default:NULL). +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-ek\-passwd\f[]=\f[I]EK_PASSWORD\f[]: specifies ++\f[B]\-P\f[], \f[B]\[en]ek\-passwd\f[]=\f[I]EK_PASSWORD\f[]: specifies +the EK password when created (string,optional,default:NULL). +.RS 2 +.PP +Passwords should follow the password formatting standards, see section -+"Password Formatting". ++\[lq]Password Formatting\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-H\f[], \f[B]\-\-handle\f[]=\f[I]HANDLE\f[]: specifies the handle ++\f[B]\-H\f[], \f[B]\[en]handle\f[]=\f[I]HANDLE\f[]: specifies the handle +used to make EK persistent (hex). +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-alg\f[]=\f[I]ALGORITHM\f[]: specifies the ++\f[B]\-g\f[], \f[B]\[en]alg\f[]=\f[I]ALGORITHM\f[]: specifies the +algorithm type of EK. -+See section "Supported Public Object Algorithms" for a list of supported -+object algorithms. -+See section "Algorithm Specifiers" on how to specify an algorithm -+argument. ++See section \[lq]Supported Public Object Algorithms\[rq] for a list of ++supported object algorithms. ++See section \[lq]Algorithm Specifiers\[rq] on how to specify an ++algorithm argument. +.IP \[bu] 2 -+\f[B]\-f\f[], \f[B]\-\-output\f[]=\f[I]FILE\f[]: Specifies the file used -+to save the public portion of EK. ++\f[B]\-f\f[], \f[B]\[en]output\f[]=\f[I]FILE\f[]: Specifies the file ++used to save the public portion of EK. +.IP \[bu] 2 -+\f[B]\-N\f[], \f[B]\-\-non\-persistent\f[]: specifies to readout the EK ++\f[B]\-N\f[], \f[B]\[en]non\-persistent\f[]: specifies to readout the EK +public without making it persistent. +.IP \[bu] 2 -+\f[B]\-O\f[], \f[B]\-\-offline\f[]=\f[I]FILE\f[]: Specifies the file ++\f[B]\-O\f[], \f[B]\[en]offline\f[]=\f[I]FILE\f[]: Specifies the file +that contains an EK retrieved from offline platform that needs to be +provisioned. +.IP \[bu] 2 -+\f[B]\-E\f[], \f[B]\-\-ec\-cert\f[]=\f[I]EC_CERT_FILE\f[]: Specifies the -+file used to save the Endorsement Credentials retrieved from the TPM ++\f[B]\-E\f[], \f[B]\[en]ec\-cert\f[]=\f[I]EC_CERT_FILE\f[]: Specifies ++the file used to save the Endorsement Credentials retrieved from the TPM +manufacturer provisioning server. +Defaults to stdout if not specified. +.IP \[bu] 2 -+\f[B]\-U\f[], \f[B]\-\-SSL_NO_VERIFY\f[]: specifies to attempt ++\f[B]\-U\f[], \f[B]\[en]SSL_NO_VERIFY\f[]: specifies to attempt +connecting with the TPM manufacturer provisioning server with +SSL_NO_VERIFY option. +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional +Input session handle from a policy session for authorization. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -1968,14 +1963,14 @@ index 000000000000..93b2a485c73e +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -1992,7 +1987,7 @@ index 000000000000..93b2a485c73e +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -2027,7 +2022,8 @@ index 000000000000..93b2a485c73e +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH Supported Public Object Algorithms @@ -2046,7 +2042,7 @@ index 000000000000..93b2a485c73e +\f[B]NOTE\f[]: Your TPM may not support all algorithms. +.SH Algorithm Specfiers +.PP -+Options that take algorithms support "nice\-names". ++Options that take algorithms support \[lq]nice\-names\[rq]. +Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4. +The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[] +from the Algorithm Name field and converting it to lower case. @@ -2077,13 +2073,11 @@ index 000000000000..93b2a485c73e +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_getpubak.1 b/man/man1/tpm2_getpubak.1 -new file mode 100644 -index 000000000000..32f9ca0222e9 ---- /dev/null -+++ b/man/man1/tpm2_getpubak.1 -@@ -0,0 +1,241 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getpubak.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getpubak.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_getpubak.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_getpubak.1 2018-09-10 07:57:14.258577505 -0700 +@@ -0,0 +1,242 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_getpubak" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -2102,7 +2096,7 @@ index 000000000000..32f9ca0222e9 +If any passwd option is missing, assume NULL. +.PP +The tool outputs to stdout a YAML representation of the loaded key -+handle as well as it\[aq]s name, for example: ++handle as well as it's name, for example: +.IP +.nf +\f[C] @@ -2113,62 +2107,62 @@ index 000000000000..32f9ca0222e9 +.fi +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-e\f[], \f[B]\-\-endorse\-passwd\f[]=\f[I]ENDORSE_PASSWORD\f[]: ++\f[B]\-e\f[], \f[B]\[en]endorse\-passwd\f[]=\f[I]ENDORSE_PASSWORD\f[]: +Specifies current endorsement password, defaults to NULL. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-ak\-passwd\f[]=\f[I]AK_PASSWORD\f[] Specifies the -+AK password when created, defaults to NULL. ++\f[B]\-P\f[], \f[B]\[en]ak\-passwd\f[]=\f[I]AK_PASSWORD\f[] Specifies ++the AK password when created, defaults to NULL. +Same formatting as the endorse password value or \-e option. +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-owner\-passwd\f[]=\f[I]OWNER_PASSWORD\f[] ++\f[B]\-o\f[], \f[B]\[en]owner\-passwd\f[]=\f[I]OWNER_PASSWORD\f[] +Specifies the current owner password, defaults to NULL. +Same formatting as the endorse password value or \-e option. +.IP \[bu] 2 -+\f[B]\-E\f[], \f[B]\-\-ek\-handle\f[]=\f[I]EK_HANDLE\f[]: Specifies the ++\f[B]\-E\f[], \f[B]\[en]ek\-handle\f[]=\f[I]EK_HANDLE\f[]: Specifies the +handle used to make EK persistent. +.IP \[bu] 2 -+\f[B]\-k\f[], \f[B]\-\-ak\-handle\f[]=\f[I]AK_HANDLE\f[]: Specifies the ++\f[B]\-k\f[], \f[B]\[en]ak\-handle\f[]=\f[I]AK_HANDLE\f[]: Specifies the +handle used to make AK persistent. +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-alg\f[]=\f[I]ALGORITHM\f[]: Specifies the ++\f[B]\-g\f[], \f[B]\[en]alg\f[]=\f[I]ALGORITHM\f[]: Specifies the +algorithm type of AK. +Algorithms should follow the " formatting standards, see section -+"Algorithm Specifiers". -+See section "Supported Public Object Algorithms" for a list of supported -+object algorithms. ++\[lq]Algorithm Specifiers\[rq]. ++See section \[lq]Supported Public Object Algorithms\[rq] for a list of ++supported object algorithms. +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-alg\f[]=\f[I]ALGORITHM\f[]: Like \-g, but ++\f[B]\-g\f[], \f[B]\[en]alg\f[]=\f[I]ALGORITHM\f[]: Like \-g, but +specifies the algorithm of sign. -+See section "Supported Signing Algorithms" for details. ++See section \[lq]Supported Signing Algorithms\[rq] for details. +.IP \[bu] 2 -+\f[B]\-f\f[], \f[B]\-\-file\f[]=\f[I]FILE\f[]: Specifies the file used ++\f[B]\-f\f[], \f[B]\[en]file\f[]=\f[I]FILE\f[]: Specifies the file used +to save the public portion of AK. +This will be a binary data structure corresponding to the TPM2B_PUBLIC +struct in the specification. +.IP \[bu] 2 -+\f[B]\-n\f[], \f[B]\-\-ak\-name\f[]=\f[I]NAME\f[]: Specifies the file ++\f[B]\-n\f[], \f[B]\[en]ak\-name\f[]=\f[I]NAME\f[]: Specifies the file +used to save the ak name, optional. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -2201,14 +2195,14 @@ index 000000000000..32f9ca0222e9 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -2225,7 +2219,7 @@ index 000000000000..32f9ca0222e9 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -2260,7 +2254,8 @@ index 000000000000..32f9ca0222e9 +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH Supported Signing Algorithms @@ -2299,7 +2294,7 @@ index 000000000000..32f9ca0222e9 +\f[B]NOTE\f[]: Your TPM may not support all algorithms. +.SH Algorithm Specfiers +.PP -+Options that take algorithms support "nice\-names". ++Options that take algorithms support \[lq]nice\-names\[rq]. +Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4. +The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[] +from the Algorithm Name field and converting it to lower case. @@ -2324,13 +2319,11 @@ index 000000000000..32f9ca0222e9 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_getpubek.1 b/man/man1/tpm2_getpubek.1 -new file mode 100644 -index 000000000000..1115b1095c6c ---- /dev/null -+++ b/man/man1/tpm2_getpubek.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getpubek.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getpubek.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_getpubek.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_getpubek.1 2018-09-10 07:57:14.443574977 -0700 @@ -0,0 +1,189 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_getpubek" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -2352,55 +2345,55 @@ index 000000000000..1115b1095c6c + +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-e\f[], \f[B]\-\-endorse\-passwd\f[]=\f[I]ENDORSE_PASSWORD\f[]: ++\f[B]\-e\f[], \f[B]\[en]endorse\-passwd\f[]=\f[I]ENDORSE_PASSWORD\f[]: +Specifies current endorsement password, defaults to NULL. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-owner\-passwd\f[]=\f[I]OWNER_PASSWORD\f[] ++\f[B]\-o\f[], \f[B]\[en]owner\-passwd\f[]=\f[I]OWNER_PASSWORD\f[] +Specifies the current owner password, defaults to NULL. +Same formatting as the endorse password value or \-e option. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-eKPasswd\f[]=\f[I]EK_PASSWORD\f[] Specifies the ++\f[B]\-P\f[], \f[B]\[en]eKPasswd\f[]=\f[I]EK_PASSWORD\f[] Specifies the +EK password when created, defaults to NULL. +Same formatting as the endorse password value or \-e option. +.IP \[bu] 2 -+\f[B]\-H\f[], \f[B]\-\-handle\f[]=\f[I]HANDLE\f[]: specifies the handle ++\f[B]\-H\f[], \f[B]\[en]handle\f[]=\f[I]HANDLE\f[]: specifies the handle +used to make EK persistent (hex). +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-alg\f[]=\f[I]ALGORITHM\f[]: specifies the ++\f[B]\-g\f[], \f[B]\[en]alg\f[]=\f[I]ALGORITHM\f[]: specifies the +algorithm type of EK. -+See section "Supported Public Object Algorithms" for a list of supported -+object algorithms. -+See section "Algorithm Specifiers" on how to specify an algorithm -+argument. ++See section \[lq]Supported Public Object Algorithms\[rq] for a list of ++supported object algorithms. ++See section \[lq]Algorithm Specifiers\[rq] on how to specify an ++algorithm argument. +.IP \[bu] 2 -+\f[B]\-f\f[], \f[B]\-\-file\f[]=\f[I]FILE\f[]: specifies the file used ++\f[B]\-f\f[], \f[B]\[en]file\f[]=\f[I]FILE\f[]: specifies the file used +to save the public portion of EK. +This will be a binary data structure corresponding to the TPM2B_PUBLIC +struct in the specification. +.IP \[bu] 2 -+\f[B]\-S\f[], \f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION\f[]: ++\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION\f[]: +Optional Input session handle from a policy session for authorization. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -2433,14 +2426,14 @@ index 000000000000..1115b1095c6c +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -2457,7 +2450,7 @@ index 000000000000..1115b1095c6c +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -2495,7 +2488,7 @@ index 000000000000..1115b1095c6c +\f[B]NOTE\f[]: Your TPM may not support all algorithms. +.SH Algorithm Specfiers +.PP -+Options that take algorithms support "nice\-names". ++Options that take algorithms support \[lq]nice\-names\[rq]. +Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4. +The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[] +from the Algorithm Name field and converting it to lower case. @@ -2519,13 +2512,11 @@ index 000000000000..1115b1095c6c +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_getrandom.1 b/man/man1/tpm2_getrandom.1 -new file mode 100644 -index 000000000000..1b345f3d43df ---- /dev/null -+++ b/man/man1/tpm2_getrandom.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getrandom.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getrandom.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_getrandom.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_getrandom.1 2018-09-10 07:57:14.625572490 -0700 @@ -0,0 +1,144 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_getrandom" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -2543,7 +2534,7 @@ index 000000000000..1b345f3d43df +tool. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-output\f[]=\f[I]FILE\f[] specifies the filename ++\f[B]\-o\f[], \f[B]\[en]output\f[]=\f[I]FILE\f[] specifies the filename +to output the raw bytes to. +Defaults to stdout as a hex string. +.SH COMMON OPTIONS @@ -2551,20 +2542,20 @@ index 000000000000..1b345f3d43df +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -2597,14 +2588,14 @@ index 000000000000..1b345f3d43df +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -2621,7 +2612,7 @@ index 000000000000..1b345f3d43df +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -2669,13 +2660,11 @@ index 000000000000..1b345f3d43df +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_hash.1 b/man/man1/tpm2_hash.1 -new file mode 100644 -index 000000000000..5c18718ce893 ---- /dev/null -+++ b/man/man1/tpm2_hash.1 -@@ -0,0 +1,190 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_hash.1 tpm2-tools-3.0.4-new/man/man1/tpm2_hash.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_hash.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_hash.1 2018-09-10 07:57:14.800570098 -0700 +@@ -0,0 +1,189 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_hash" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -2695,7 +2684,7 @@ index 000000000000..5c18718ce893 +indicate that the hash is safe to sign. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-H\f[], \f[B]\-\-hierarchy\f[]=\f[I]HIERARCHY\f[]: hierarchy to ++\f[B]\-H\f[], \f[B]\[en]hierarchy\f[]=\f[I]HIERARCHY\f[]: hierarchy to +use for the ticket. +Supported options are: +.RS 2 @@ -2709,18 +2698,17 @@ index 000000000000..5c18718ce893 +\f[B]n\f[] for \f[B]TPM_RH_NULL\f[] +.RE +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-halg\f[]=\f[I]HASH_ALGORITHM\f[]: The hash ++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]HASH_ALGORITHM\f[]: The hash +algorithm to use. -+Algorithms should follow the "formatting standards, see section -+"Algorithm Specifiers". -+Also, see section "Supported Hash Algorithms" for a list of supported -+hash algorithms. ++Algorithms should follow the \[lq]formatting standards, see ++section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported ++Hash Algorithms" for a list of supported hash algorithms. +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-outfile\f[]=\f[I]OUT_FILE\f[] Optional file ++\f[B]\-o\f[], \f[B]\[en]outfile\f[]=\f[I]OUT_FILE\f[] Optional file +record of the hash result. +Defaults to stdout in hex form. +.IP \[bu] 2 -+\f[B]\-t\f[], \f[B]\-\-ticket\f[]=\f[I]TICKET_FILE\f[] Optional file ++\f[B]\-t\f[], \f[B]\[en]ticket\f[]=\f[I]TICKET_FILE\f[] Optional file +record of the ticket result. +Defaults to stdout in hex form. +.SH COMMON OPTIONS @@ -2728,20 +2716,20 @@ index 000000000000..5c18718ce893 +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -2774,14 +2762,14 @@ index 000000000000..5c18718ce893 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -2798,7 +2786,7 @@ index 000000000000..5c18718ce893 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -2838,7 +2826,7 @@ index 000000000000..5c18718ce893 +\f[B]NOTE\f[]: Your TPM may not support all algorithms. +.SH Algorithm Specfiers +.PP -+Options that take algorithms support "nice\-names". ++Options that take algorithms support \[lq]nice\-names\[rq]. +Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4. +The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[] +from the Algorithm Name field and converting it to lower case. @@ -2865,13 +2853,11 @@ index 000000000000..5c18718ce893 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_hmac.1 b/man/man1/tpm2_hmac.1 -new file mode 100644 -index 000000000000..fbb81f947f0d ---- /dev/null -+++ b/man/man1/tpm2_hmac.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_hmac.1 tpm2-tools-3.0.4-new/man/man1/tpm2_hmac.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_hmac.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_hmac.1 2018-09-10 07:57:14.979567652 -0700 @@ -0,0 +1,214 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_hmac" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -2888,50 +2874,49 @@ index 000000000000..fbb81f947f0d +If \f[I]FILE\f[] is not specified, then data is read from stdin. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-k\f[], \f[B]\-\-key\-handle\f[]=\f[I]KEY_CONTEXT_FILE\f[]: The ++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_CONTEXT_FILE\f[]: The +key handle for the symmetric signing key providing the HMAC key. +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: The ++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: The +filename of the key context used for the operation. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-pwdk\f[]=\f[I]KEY_PASSWORD\f[]: The password for ++\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: The password for +key, optional. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-halg\f[]=\f[I]HASH_ALGORITHM\f[]: The hash ++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]HASH_ALGORITHM\f[]: The hash +algorithm to use. -+Algorithms should follow the "formatting standards, see section -+"Algorithm Specifiers". -+Also, see section "Supported Hash Algorithms" for a list of supported -+hash algorithms. ++Algorithms should follow the \[lq]formatting standards, see ++section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported ++Hash Algorithms" for a list of supported hash algorithms. +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-outfile\f[]=\f[I]OUT_FILE\f[] Optional file ++\f[B]\-o\f[], \f[B]\[en]outfile\f[]=\f[I]OUT_FILE\f[] Optional file +record of the HMAC result. +Defaults to stdout. +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional +Input session handle from a policy session for authorization. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -2964,14 +2949,14 @@ index 000000000000..fbb81f947f0d +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -2988,7 +2973,7 @@ index 000000000000..fbb81f947f0d +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -3023,7 +3008,8 @@ index 000000000000..fbb81f947f0d +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH Supported Hash Algorithms @@ -3044,7 +3030,7 @@ index 000000000000..fbb81f947f0d +\f[B]NOTE\f[]: Your TPM may not support all algorithms. +.SH Algorithm Specfiers +.PP -+Options that take algorithms support "nice\-names". ++Options that take algorithms support \[lq]nice\-names\[rq]. +Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4. +The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[] +from the Algorithm Name field and converting it to lower case. @@ -3085,13 +3071,11 @@ index 000000000000..fbb81f947f0d +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_listpersistent.1 b/man/man1/tpm2_listpersistent.1 -new file mode 100644 -index 000000000000..ba1e31e8c596 ---- /dev/null -+++ b/man/man1/tpm2_listpersistent.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_listpersistent.1 tpm2-tools-3.0.4-new/man/man1/tpm2_listpersistent.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_listpersistent.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_listpersistent.1 2018-09-10 07:57:15.157565219 -0700 @@ -0,0 +1,185 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_listpersistent" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -3110,37 +3094,37 @@ index 000000000000..ba1e31e8c596 +.PP +These options for listing the persistent objects: +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-halg\f[]=\f[I]ALGORITHM\f[]: Only display ++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]ALGORITHM\f[]: Only display +persistent objects using this hash algorithm. +Algorithms should follow the " formatting standards, see section -+"Algorithm Specifiers". -+Also, see section "Supported Hash Algorithms" for a list of supported -+hash algorithms. ++\[lq]Algorithm Specifiers\[rq]. ++Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of ++supported hash algorithms. +.IP \[bu] 2 -+\f[B]\-G\f[], \f[B]\-\-kalg\f[]=\f[I]KEY_ALGORITHM\f[]: Only display ++\f[B]\-G\f[], \f[B]\[en]kalg\f[]=\f[I]KEY_ALGORITHM\f[]: Only display +persistent objects using this key algorithm. +It accepts friendly names just like \f[B]\-g\f[] option. -+See section "Supported Public Object Algorithms" for a list of supported -+object algorithms. ++See section \[lq]Supported Public Object Algorithms\[rq] for a list of ++supported object algorithms. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -3173,14 +3157,14 @@ index 000000000000..ba1e31e8c596 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -3197,7 +3181,7 @@ index 000000000000..ba1e31e8c596 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -3251,7 +3235,7 @@ index 000000000000..ba1e31e8c596 +\f[B]NOTE\f[]: Your TPM may not support all algorithms. +.SH Algorithm Specfiers +.PP -+Options that take algorithms support "nice\-names". ++Options that take algorithms support \[lq]nice\-names\[rq]. +Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4. +The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[] +from the Algorithm Name field and converting it to lower case. @@ -3276,13 +3260,11 @@ index 000000000000..ba1e31e8c596 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_load.1 b/man/man1/tpm2_load.1 -new file mode 100644 -index 000000000000..20358a3a9dac ---- /dev/null -+++ b/man/man1/tpm2_load.1 -@@ -0,0 +1,174 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_load.1 tpm2-tools-3.0.4-new/man/man1/tpm2_load.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_load.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_load.1 2018-09-10 07:57:15.346562636 -0700 +@@ -0,0 +1,176 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_load" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -3298,52 +3280,53 @@ index 000000000000..20358a3a9dac +object into the TPM. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-H\f[], \f[B]\-\-parent\f[]=\f[I]PARENT_HANDLE\f[]: The handle of ++\f[B]\-H\f[], \f[B]\[en]parent\f[]=\f[I]PARENT_HANDLE\f[]: The handle of +the parent object. +Either this option or \f[B]\-c\f[] must be used. +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-context\-parent\f[]=\f[I]PARENT_CONTEXT_FILE\f[]: -+The filename for parent context. ++\f[B]\-c\f[], ++\f[B]\[en]context\-parent\f[]=\f[I]PARENT_CONTEXT_FILE\f[]: The filename ++for parent context. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-pwdp\f[]=\f[I]PARENT_KEY_PASSWORD\f[]: The ++\f[B]\-P\f[], \f[B]\[en]pwdp\f[]=\f[I]PARENT_KEY_PASSWORD\f[]: The +password for parent key, optional. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-u\f[], \f[B]\-\-pubfile\f[]=\f[I]PUBLIC_OBJECT_DATA_FILE\f[]: A ++\f[B]\-u\f[], \f[B]\[en]pubfile\f[]=\f[I]PUBLIC_OBJECT_DATA_FILE\f[]: A +file containing the public portion of the object. +.IP \[bu] 2 -+\f[B]\-r\f[], \f[B]\-\-privfile\f[]=\f[I]PRIVATE_OBJECT_DATA_FILE\f[]: A -+file containing the sensitive portion of the object. ++\f[B]\-r\f[], \f[B]\[en]privfile\f[]=\f[I]PRIVATE_OBJECT_DATA_FILE\f[]: ++A file containing the sensitive portion of the object. +.IP \[bu] 2 -+\f[B]\-n\f[], \f[B]\-\-name\f[]=\f[I]NAME_DATA_FILE\f[]: An optional ++\f[B]\-n\f[], \f[B]\[en]name\f[]=\f[I]NAME_DATA_FILE\f[]: An optional +file to save the name structure of the object. +.IP \[bu] 2 -+\f[B]\-C\f[], \f[B]\-\-context\f[]=\f[I]CONTEXT_FILE\f[]: An optional ++\f[B]\-C\f[], \f[B]\[en]context\f[]=\f[I]CONTEXT_FILE\f[]: An optional +file to save the object context to. +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional +Input session handle from a policy session for authorization. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -3376,14 +3359,14 @@ index 000000000000..20358a3a9dac +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -3400,7 +3383,7 @@ index 000000000000..20358a3a9dac +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -3435,7 +3418,8 @@ index 000000000000..20358a3a9dac +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH EXAMPLES @@ -3456,13 +3440,11 @@ index 000000000000..20358a3a9dac +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_loadexternal.1 b/man/man1/tpm2_loadexternal.1 -new file mode 100644 -index 000000000000..b4be6d9a2892 ---- /dev/null -+++ b/man/man1/tpm2_loadexternal.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_loadexternal.1 tpm2-tools-3.0.4-new/man/man1/tpm2_loadexternal.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_loadexternal.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_loadexternal.1 2018-09-10 07:57:15.520560258 -0700 @@ -0,0 +1,166 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_loadexternal" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -3481,7 +3463,7 @@ index 000000000000..b4be6d9a2892 +sensitive area. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-H\f[], \f[B]\-\-hierarchy\f[]=\f[I]HIERARCHY\f[]: hierarchy to ++\f[B]\-H\f[], \f[B]\[en]hierarchy\f[]=\f[I]HIERARCHY\f[]: hierarchy to +use for the ticket. +Supported options are: +.RS 2 @@ -3495,33 +3477,33 @@ index 000000000000..b4be6d9a2892 +\f[B]n\f[] for \f[B]TPM_RH_NULL\f[] +.RE +.IP \[bu] 2 -+\f[B]\-u\f[], \f[B]\-\-pubfile\f[]=\f[I]PUBLIC_FILE\f[]: The public ++\f[B]\-u\f[], \f[B]\[en]pubfile\f[]=\f[I]PUBLIC_FILE\f[]: The public +portion of the object. +.IP \[bu] 2 -+\f[B]\-r\f[], \f[B]\-\-privfile\f[]=\f[I]PRIVATE_FILE\f[]: The sensitive -+portion of the object, optional. ++\f[B]\-r\f[], \f[B]\[en]privfile\f[]=\f[I]PRIVATE_FILE\f[]: The ++sensitive portion of the object, optional. +.IP \[bu] 2 -+\f[B]\-C\f[], \f[B]\-\-context\f[]=\f[I]CONTEXT_FILE\f[] The file to ++\f[B]\-C\f[], \f[B]\[en]context\f[]=\f[I]CONTEXT_FILE\f[] The file to +save the object context, optional. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -3554,14 +3536,14 @@ index 000000000000..b4be6d9a2892 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -3578,7 +3560,7 @@ index 000000000000..b4be6d9a2892 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -3612,7 +3594,7 @@ index 000000000000..b4be6d9a2892 +.PP +Load a key with sensitive area. +Both the public & the senstive areas shall be generated externally. -+\f[I]DON\[aq]T\f[] use the areas generated by tpm2_create. ++\f[I]DON'T\f[] use the areas generated by tpm2_create. +.IP +.nf +\f[C] @@ -3628,13 +3610,11 @@ index 000000000000..b4be6d9a2892 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_makecredential.1 b/man/man1/tpm2_makecredential.1 -new file mode 100644 -index 000000000000..90cae8c0ecb1 ---- /dev/null -+++ b/man/man1/tpm2_makecredential.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_makecredential.1 tpm2-tools-3.0.4-new/man/man1/tpm2_makecredential.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_makecredential.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_makecredential.1 2018-09-10 07:57:15.705557730 -0700 @@ -0,0 +1,142 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_makecredential" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -3651,16 +3631,16 @@ index 000000000000..90cae8c0ecb1 +secret that is used to encrypt the AK certififcate. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-e\f[], \f[B]\-\-enckey\f[]=\f[I]PUBLIC_FILE\f[]: A tpm Public Key -+which was used to wrap the seed. ++\f[B]\-e\f[], \f[B]\[en]enckey\f[]=\f[I]PUBLIC_FILE\f[]: A tpm Public ++Key which was used to wrap the seed. +.IP \[bu] 2 -+\f[B]\-s\f[], \f[B]\-\-sec\f[]=\f[I]SECRET_DATA_FILE\f[]: The secret ++\f[B]\-s\f[], \f[B]\[en]sec\f[]=\f[I]SECRET_DATA_FILE\f[]: The secret +which will be protected by the key derived from the random seed. +.IP \[bu] 2 -+\f[B]\-n\f[], \f[B]\-\-name\f[]=\f[I]NAME\f[] The name of the key for ++\f[B]\-n\f[], \f[B]\[en]name\f[]=\f[I]NAME\f[] The name of the key for +which certificate is to be created. +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-out\-file\f[]=\f[I]OUT_FILE\f[] The output file ++\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUT_FILE\f[] The output file +path, recording the two structures output by tpm2_makecredential +function. +.SH COMMON OPTIONS @@ -3668,20 +3648,20 @@ index 000000000000..90cae8c0ecb1 +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -3714,14 +3694,14 @@ index 000000000000..90cae8c0ecb1 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -3738,7 +3718,7 @@ index 000000000000..90cae8c0ecb1 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -3776,13 +3756,11 @@ index 000000000000..90cae8c0ecb1 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_nvdefine.1 b/man/man1/tpm2_nvdefine.1 -new file mode 100644 -index 000000000000..95c8c84be731 ---- /dev/null -+++ b/man/man1/tpm2_nvdefine.1 -@@ -0,0 +1,203 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvdefine.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvdefine.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_nvdefine.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvdefine.1 2018-09-10 07:57:15.879555352 -0700 +@@ -0,0 +1,204 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_nvdefine" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -3797,10 +3775,10 @@ index 000000000000..95c8c84be731 +\f[B]tpm2_nvdefine\f[](1) \- Define NV index with given auth value. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-x\f[], \f[B]\-\-index\f[]=\f[I]NV_INDEX\f[]: Specifies the index ++\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index +to define the space at. +.IP \[bu] 2 -+\f[B]\-a\f[], \f[B]\-\-auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]: ++\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]: +specifies the handle used to authorize: +.RS 2 +.IP \[bu] 2 @@ -3809,49 +3787,49 @@ index 000000000000..95c8c84be731 +\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[] +.RE +.IP \[bu] 2 -+\f[B]\-s\f[], \f[B]\-\-size\f[]=\f[I]SIZE\f[]: specifies the size of ++\f[B]\-s\f[], \f[B]\[en]size\f[]=\f[I]SIZE\f[]: specifies the size of +data area in bytes. +Defaults to MAX_NV_INDEX_SIZE which is typically 2048. +.IP \[bu] 2 -+\f[B]\-t\f[], \f[B]\-\-attributes\f[]=\f[I]ATTRIBUTES\f[] Specifies the ++\f[B]\-t\f[], \f[B]\[en]attributes\f[]=\f[I]ATTRIBUTES\f[] Specifies the +attribute values for the nv region used when creating the entitiy. -+Either the raw bitfield mask or "nice\-names" may be used. -+See section "NV Attributes" for more details. ++Either the raw bitfield mask or \[lq]nice\-names\[rq] may be used. ++See section \[lq]NV Attributes\[rq] for more details. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]: ++\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]: +specifies the password of authHandle. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-I\f[], \f[B]\-\-index\-passwd\f[]=\f[I]INDEX_PASSWORD\f[]: ++\f[B]\-I\f[], \f[B]\[en]index\-passwd\f[]=\f[I]INDEX_PASSWORD\f[]: +specifies the password of NV Index when created. +Follows the same formatting guidelines as the handle password or \-P +option. +.IP \[bu] 2 -+\f[B]\-L\f[], \f[B]\-\-policy\-file\f[]=\f[I]POLICY_FILE\f[]: Specifies ++\f[B]\-L\f[], \f[B]\[en]policy\-file\f[]=\f[I]POLICY_FILE\f[]: Specifies +the policy digest file for policy based authorizations. +.IP \[bu] 2 -+\f[B]\-S\f[], \f[B]\-\-input\-session\-handle\f[]=\f[I]SIZE\f[]: ++\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]: +Optional Input session handle from a policy session for authorization. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -3884,14 +3862,14 @@ index 000000000000..95c8c84be731 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -3908,7 +3886,7 @@ index 000000000000..95c8c84be731 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -3935,7 +3913,7 @@ index 000000000000..95c8c84be731 +NV Attributes are used to control various properties of the NV defined +space. +When specified as an option, either the raw bitfield mask or -+"nice\-names" may be used. ++\[lq]nice\-names\[rq] may be used. +The values can be found in Table 204 Part 2 of the TPM2.0 specification, +which can be found here: +.PP @@ -3944,7 +3922,7 @@ index 000000000000..95c8c84be731 +Nice names are calculated by taking the name field of table 204 and +removing the prefix \f[B]TPMA_NV_\f[] and lowercasing the result. +Thus, \f[B]TPMA_NV_PPWRITE\f[] becomes ppwrite. -+Nice names can be joined using the bitwise or "|" symbol. ++Nice names can be joined using the bitwise or \[lq]|\[rq] symbol. +.PP +Note that the \f[B]TPM_NT\f[] field is 4 bits wide, and thus can be set +via \f[B]nt=\f[] format. @@ -3965,7 +3943,8 @@ index 000000000000..95c8c84be731 +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH EXAMPLES @@ -3985,13 +3964,11 @@ index 000000000000..95c8c84be731 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_nvlist.1 b/man/man1/tpm2_nvlist.1 -new file mode 100644 -index 000000000000..ac8c5dec8743 ---- /dev/null -+++ b/man/man1/tpm2_nvlist.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvlist.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvlist.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_nvlist.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvlist.1 2018-09-10 07:57:16.056552933 -0700 @@ -0,0 +1,192 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_nvlist" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -4016,7 +3993,7 @@ index 000000000000..ac8c5dec8743 +.IP \[bu] 2 +The auth policy. +.IP \[bu] 2 -+The NV attributes as defined in section "NV Attributes". ++The NV attributes as defined in section \[lq]NV Attributes\[rq]. +.PP +Example Output: +.IP @@ -4051,20 +4028,20 @@ index 000000000000..ac8c5dec8743 +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -4097,14 +4074,14 @@ index 000000000000..ac8c5dec8743 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -4121,7 +4098,7 @@ index 000000000000..ac8c5dec8743 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -4148,7 +4125,7 @@ index 000000000000..ac8c5dec8743 +NV Attributes are used to control various properties of the NV defined +space. +When specified as an option, either the raw bitfield mask or -+"nice\-names" may be used. ++\[lq]nice\-names\[rq] may be used. +The values can be found in Table 204 Part 2 of the TPM2.0 specification, +which can be found here: +.PP @@ -4157,7 +4134,7 @@ index 000000000000..ac8c5dec8743 +Nice names are calculated by taking the name field of table 204 and +removing the prefix \f[B]TPMA_NV_\f[] and lowercasing the result. +Thus, \f[B]TPMA_NV_PPWRITE\f[] becomes ppwrite. -+Nice names can be joined using the bitwise or "|" symbol. ++Nice names can be joined using the bitwise or \[lq]|\[rq] symbol. +.PP +Note that the \f[B]TPM_NT\f[] field is 4 bits wide, and thus can be set +via \f[B]nt=\f[] format. @@ -4183,13 +4160,11 @@ index 000000000000..ac8c5dec8743 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_nvread.1 b/man/man1/tpm2_nvread.1 -new file mode 100644 -index 000000000000..59025e755dd0 ---- /dev/null -+++ b/man/man1/tpm2_nvread.1 -@@ -0,0 +1,193 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvread.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvread.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_nvread.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvread.1 2018-09-10 07:57:16.235550487 -0700 +@@ -0,0 +1,194 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_nvread" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -4206,10 +4181,10 @@ index 000000000000..59025e755dd0 +index. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-x\f[], \f[B]\-\-index\f[]=\f[I]NV_INDEX\f[]: Specifies the index ++\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index +to define the space at. +.IP \[bu] 2 -+\f[B]\-a\f[], \f[B]\-\-auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]: ++\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]: +specifies the handle used to authorize: +.RS 2 +.IP \[bu] 2 @@ -4218,33 +4193,33 @@ index 000000000000..59025e755dd0 +\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[] +.RE +.IP \[bu] 2 -+\f[B]\-f\f[], \f[B]\-\-output\f[]=\f[I]FILE\f[]: file to write data ++\f[B]\-f\f[], \f[B]\[en]output\f[]=\f[I]FILE\f[]: file to write data +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]: ++\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]: +specifies the password of authHandle. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-s\f[], \f[B]\-\-size\f[]=\f[I]SIZE\f[]: Specifies the size of ++\f[B]\-s\f[], \f[B]\[en]size\f[]=\f[I]SIZE\f[]: Specifies the size of +data to be read in bytes, starting from 0 if offset is not specified. +If not specified, the size of the data as reported by the public portion +of the index will be used. +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-offset\f[]=\f[I]OFFSET\f[]: The offset within the -+NV index to start reading from. ++\f[B]\-o\f[], \f[B]\[en]offset\f[]=\f[I]OFFSET\f[]: The offset within ++the NV index to start reading from. +.IP \[bu] 2 -+\f[B]\-S\f[], \f[B]\-\-input\-session\-handle\f[]=\f[I]SIZE\f[]: ++\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]: +Optional Input session handle from a policy session for authorization. +.IP \[bu] 2 -+\f[B]\-L\f[], \f[B]\-\-set\-list\f[]==\f[I]PCR_SELECTION_LIST\f[]: ++\f[B]\-L\f[], \f[B]\[en]set\-list\f[]==\f[I]PCR_SELECTION_LIST\f[]: +.RS 2 +.PP -+The list of pcr banks and selected PCRs\[aq] ids. ++The list of pcr banks and selected PCRs' ids. +\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers -+standards, see section "PCR Bank Specfiers". ++standards, see section \[lq]PCR Bank Specfiers\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-F\f[],**\-\-pcr\-input\-file=\f[I]PCR_INPUT_FILE\f[] ++\f[B]\-F\f[],**\[en]pcr\-input\-file=\f[I]PCR_INPUT_FILE\f[] +.RS 2 +.PP +Optional Path or Name of the file containing expected pcr values for the @@ -4256,20 +4231,20 @@ index 000000000000..59025e755dd0 +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -4302,14 +4277,14 @@ index 000000000000..59025e755dd0 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -4326,7 +4301,7 @@ index 000000000000..59025e755dd0 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -4361,7 +4336,8 @@ index 000000000000..59025e755dd0 +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH EXAMPLES @@ -4382,13 +4358,11 @@ index 000000000000..59025e755dd0 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_nvreadlock.1 b/man/man1/tpm2_nvreadlock.1 -new file mode 100644 -index 000000000000..3dcb5c9e51fc ---- /dev/null -+++ b/man/man1/tpm2_nvreadlock.1 -@@ -0,0 +1,168 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvreadlock.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvreadlock.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_nvreadlock.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvreadlock.1 2018-09-10 07:57:16.415548027 -0700 +@@ -0,0 +1,169 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_nvreadlock" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -4406,10 +4380,10 @@ index 000000000000..3dcb5c9e51fc +The index is released on subsequent restart of the machine. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-x\f[], \f[B]\-\-index\f[]=\f[I]NV_INDEX\f[]: Specifies the index ++\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index +to define the space at. +.IP \[bu] 2 -+\f[B]\-a\f[], \f[B]\-\-auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]: ++\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]: +specifies the handle used to authorize: +.RS 2 +.IP \[bu] 2 @@ -4418,32 +4392,32 @@ index 000000000000..3dcb5c9e51fc +\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[] +.RE +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]: ++\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]: +specifies the password of authHandle. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-S\f[], \f[B]\-\-input\-session\-handle\f[]=\f[I]SIZE\f[]: ++\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]: +Optional Input session handle from a policy session for authorization. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -4476,14 +4450,14 @@ index 000000000000..3dcb5c9e51fc +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -4500,7 +4474,7 @@ index 000000000000..3dcb5c9e51fc +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -4535,7 +4509,8 @@ index 000000000000..3dcb5c9e51fc +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH EXAMPLES @@ -4556,13 +4531,11 @@ index 000000000000..3dcb5c9e51fc +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_nvrelease.1 b/man/man1/tpm2_nvrelease.1 -new file mode 100644 -index 000000000000..be984d747144 ---- /dev/null -+++ b/man/man1/tpm2_nvrelease.1 -@@ -0,0 +1,167 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvrelease.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvrelease.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_nvrelease.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvrelease.1 2018-09-10 07:57:16.603545458 -0700 +@@ -0,0 +1,168 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_nvrelease" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -4578,10 +4551,10 @@ index 000000000000..be984d747144 +was previously defined with tpm2_nvdefine(1). +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-x\f[], \f[B]\-\-index\f[]=\f[I]NV_INDEX\f[]: Specifies the index ++\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index +to release. +.IP \[bu] 2 -+\f[B]\-a\f[], \f[B]\-\-auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]: ++\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]: +specifies the handle used to authorize: +.RS 2 +.IP \[bu] 2 @@ -4590,35 +4563,35 @@ index 000000000000..be984d747144 +\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[] +.RE +.IP \[bu] 2 -+\f[B]\-s\f[], \f[B]\-\-size\f[]=\f[I]SIZE\f[]: specifies the size of ++\f[B]\-s\f[], \f[B]\[en]size\f[]=\f[I]SIZE\f[]: specifies the size of +data area in bytes. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]: ++\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]: +specifies the password of authHandle. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-S\f[], \f[B]\-\-input\-session\-handle\f[]=\f[I]SIZE\f[]: ++\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]: +Optional Input session handle from a policy session for authorization. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -4651,14 +4624,14 @@ index 000000000000..be984d747144 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -4675,7 +4648,7 @@ index 000000000000..be984d747144 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -4710,7 +4683,8 @@ index 000000000000..be984d747144 +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH EXAMPLES @@ -4729,13 +4703,11 @@ index 000000000000..be984d747144 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_nvwrite.1 b/man/man1/tpm2_nvwrite.1 -new file mode 100644 -index 000000000000..8f69e026d49f ---- /dev/null -+++ b/man/man1/tpm2_nvwrite.1 -@@ -0,0 +1,186 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvwrite.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvwrite.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_nvwrite.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvwrite.1 2018-09-10 07:57:16.788542929 -0700 +@@ -0,0 +1,187 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_nvwrite" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -4752,13 +4724,13 @@ index 000000000000..8f69e026d49f +If \f[I]FILE\f[] is not specified, it defaults to stdout. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-x\f[], \f[B]\-\-index\f[]=\f[I]NV_INDEX\f[]: Specifies the index ++\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index +to define the space at. +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-offset\f[]=\f[I]OFFSET\f[]: The offset within the -+NV index to start writing at. ++\f[B]\-o\f[], \f[B]\[en]offset\f[]=\f[I]OFFSET\f[]: The offset within ++the NV index to start writing at. +.IP \[bu] 2 -+\f[B]\-a\f[], \f[B]\-\-auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]: ++\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]: +specifies the handle used to authorize: +.RS 2 +.IP \[bu] 2 @@ -4767,23 +4739,23 @@ index 000000000000..8f69e026d49f +\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[] +.RE +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]: ++\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]: +specifies the password of authHandle. -+Passwords should follow the "password formatting standards, see section -+"Password Formatting". ++Passwords should follow the \[lq]password formatting standards, see ++section\[rq]Password Formatting“. +.IP \[bu] 2 -+\f[B]\-S\f[], \f[B]\-\-input\-session\-handle\f[]=\f[I]SIZE\f[]: ++\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]: +Optional Input session handle from a policy session for authorization. +.IP \[bu] 2 -+\f[B]\-L\f[], \f[B]\-\-set\-list\f[]==\f[I]PCR_SELECTION_LIST\f[]: ++\f[B]\-L\f[], \f[B]\[en]set\-list\f[]==\f[I]PCR_SELECTION_LIST\f[]: +.RS 2 +.PP -+The list of pcr banks and selected PCRs\[aq] ids. ++The list of pcr banks and selected PCRs' ids. +\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers -+standards, see section "PCR Bank Specfiers". ++standards, see section \[lq]PCR Bank Specfiers\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-F\f[],**\-\-pcr\-input\-file=\f[I]PCR_INPUT_FILE\f[] ++\f[B]\-F\f[],**\[en]pcr\-input\-file=\f[I]PCR_INPUT_FILE\f[] +.RS 2 +.PP +Optional Path or Name of the file containing expected pcr values for the @@ -4795,20 +4767,20 @@ index 000000000000..8f69e026d49f +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -4841,14 +4813,14 @@ index 000000000000..8f69e026d49f +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -4865,7 +4837,7 @@ index 000000000000..8f69e026d49f +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -4900,7 +4872,8 @@ index 000000000000..8f69e026d49f +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH EXAMPLES @@ -4921,13 +4894,11 @@ index 000000000000..8f69e026d49f +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_pcrevent.1 b/man/man1/tpm2_pcrevent.1 -new file mode 100644 -index 000000000000..1359d00dbc6d ---- /dev/null -+++ b/man/man1/tpm2_pcrevent.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_pcrevent.1 tpm2-tools-3.0.4-new/man/man1/tpm2_pcrevent.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_pcrevent.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_pcrevent.1 2018-09-10 07:57:16.965540510 -0700 @@ -0,0 +1,162 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_pcrevent" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -4958,18 +4929,18 @@ index 000000000000..1359d00dbc6d +.PP +These options control extending the pcr: +.IP \[bu] 2 -+\f[B]\-i\f[], \f[B]\-\-pcr\-index\f[]=\f[I]INDEX\f[]: Not only compute ++\f[B]\-i\f[], \f[B]\[en]pcr\-index\f[]=\f[I]INDEX\f[]: Not only compute +the hash digests on \f[I]FILE\f[], also extend the pcr given by +\f[I]INDEX\f[] for all supported hash algorithms. +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Use ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Use +\f[I]SESSION_HANDLE\f[] for providing an authorization session for the +pcr specified by \f[I]INDEX\f[]. +It is an error to specify \f[B]\-S\f[] without specifying a pcr index +with \f[B]\-i\f[]. +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-password\f[]=\f[I]PASSWORD\f[]: Use ++\f[B]\-P\f[], \f[B]\[en]password\f[]=\f[I]PASSWORD\f[]: Use +\f[I]PASSWORD\f[] for providing an authorization value for the pcr +specified in \f[I]INDEX\f[]. +It is an error to specify \f[B]\-P\f[] without specifying a pcr index @@ -4979,20 +4950,20 @@ index 000000000000..1359d00dbc6d +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -5025,14 +4996,14 @@ index 000000000000..1359d00dbc6d +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -5049,7 +5020,7 @@ index 000000000000..1359d00dbc6d +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -5089,13 +5060,11 @@ index 000000000000..1359d00dbc6d +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_pcrextend.1 b/man/man1/tpm2_pcrextend.1 -new file mode 100644 -index 000000000000..5a4a232907f6 ---- /dev/null -+++ b/man/man1/tpm2_pcrextend.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_pcrextend.1 tpm2-tools-3.0.4-new/man/man1/tpm2_pcrextend.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_pcrextend.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_pcrextend.1 2018-09-10 07:57:17.146538037 -0700 @@ -0,0 +1,178 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_pcrextend" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -5147,20 +5116,20 @@ index 000000000000..5a4a232907f6 +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -5193,14 +5162,14 @@ index 000000000000..5a4a232907f6 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -5217,7 +5186,7 @@ index 000000000000..5a4a232907f6 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -5241,7 +5210,7 @@ index 000000000000..5a4a232907f6 +.RE +.SH EXAMPLES +.PP -+Extend PCR 4\[aq]s SHA1 bank with a hash: ++Extend PCR 4's SHA1 bank with a hash: +.IP +.nf +\f[C] @@ -5249,7 +5218,7 @@ index 000000000000..5a4a232907f6 +\f[] +.fi +.PP -+Extend PCR 4\[aq]s SHA1 and SHA256 banks with hashes: ++Extend PCR 4's SHA1 and SHA256 banks with hashes: +.IP +.nf +\f[C] @@ -5257,7 +5226,7 @@ index 000000000000..5a4a232907f6 +\f[] +.fi +.PP -+Extend PCR 4\[aq]s SHA1 and PCR 7\[aq]s SHA256 bank with hashes: ++Extend PCR 4's SHA1 and PCR 7's SHA256 bank with hashes: +.IP +.nf +\f[C] @@ -5273,13 +5242,11 @@ index 000000000000..5a4a232907f6 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_pcrlist.1 b/man/man1/tpm2_pcrlist.1 -new file mode 100644 -index 000000000000..fb9a329da20b ---- /dev/null -+++ b/man/man1/tpm2_pcrlist.1 -@@ -0,0 +1,246 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_pcrlist.1 tpm2-tools-3.0.4-new/man/man1/tpm2_pcrlist.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_pcrlist.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_pcrlist.1 2018-09-10 07:57:17.326535577 -0700 +@@ -0,0 +1,244 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_pcrlist" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -5312,46 +5279,44 @@ index 000000000000..fb9a329da20b +.fi +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-algorithm\f[]=\f[I]HASH_ALGORITHM\f[]: Only ++\f[B]\-g\f[], \f[B]\[en]algorithm\f[]=\f[I]HASH_ALGORITHM\f[]: Only +output PCR banks with the given algorithm. -+Algorithms should follow the "formatting standards, see section -+"Algorithm Specifiers". -+Also, see section "Supported Hash Algorithms" for a list of supported -+hash algorithms. ++Algorithms should follow the \[lq]formatting standards, see ++section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported ++Hash Algorithms" for a list of supported hash algorithms. +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-output\f[]=\f[I]FILE\f[]: The output file to ++\f[B]\-o\f[], \f[B]\[en]output\f[]=\f[I]FILE\f[]: The output file to +write the PCR values in binary format, optional. +.IP \[bu] 2 -+\f[B]\-L\f[], \f[B]\-\-sel\-list\f[]=\f[I]PCR_SELECTION_LIST\f[]: ++\f[B]\-L\f[], \f[B]\[en]sel\-list\f[]=\f[I]PCR_SELECTION_LIST\f[]: +.RS 2 +.PP -+The list of pcr banks and selected PCRs\[aq] ids for each bank to -+display. ++The list of pcr banks and selected PCRs' ids for each bank to display. +\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers -+standards, see section "PCR Bank Specfiers". ++standards, see section \[lq]PCR Bank Specfiers\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-s\f[], \f[B]\-\-algs\f[]: Output the list of supported ++\f[B]\-s\f[], \f[B]\[en]algs\f[]: Output the list of supported +algorithms. +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -5384,14 +5349,14 @@ index 000000000000..fb9a329da20b +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -5408,7 +5373,7 @@ index 000000000000..fb9a329da20b +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -5440,7 +5405,7 @@ index 000000000000..fb9a329da20b +\f[] +.fi +.PP -+multiple banks may be separated by \[aq]+\[aq]. ++multiple banks may be separated by `+'. +.PP +For example: +.IP @@ -5475,7 +5440,7 @@ index 000000000000..fb9a329da20b +\f[B]NOTE\f[]: Your TPM may not support all algorithms. +.SH Algorithm Specfiers +.PP -+Options that take algorithms support "nice\-names". ++Options that take algorithms support \[lq]nice\-names\[rq]. +Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4. +The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[] +from the Algorithm Name field and converting it to lower case. @@ -5525,13 +5490,11 @@ index 000000000000..fb9a329da20b +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_quote.1 b/man/man1/tpm2_quote.1 -new file mode 100644 -index 000000000000..3d49cb84dbce ---- /dev/null -+++ b/man/man1/tpm2_quote.1 -@@ -0,0 +1,255 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_quote.1 tpm2-tools-3.0.4-new/man/man1/tpm2_quote.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_quote.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_quote.1 2018-09-10 07:57:17.506533117 -0700 +@@ -0,0 +1,256 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_quote" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -5547,63 +5510,63 @@ index 000000000000..3d49cb84dbce +PCRs in given algorithm/banks. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-k\f[], \f[B]\-\-ak\-handle\f[]=\f[I]AK_HANDLE\f[]: ++\f[B]\-k\f[], \f[B]\[en]ak\-handle\f[]=\f[I]AK_HANDLE\f[]: +.RS 2 +.PP +Handle of existing AK. +.RE +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-ak\-context\f[]=\f[I]AK_CONTEXT_FILE\f[]: ++\f[B]\-c\f[], \f[B]\[en]ak\-context\f[]=\f[I]AK_CONTEXT_FILE\f[]: +.RS 2 +.PP -+Filename for the existing AK\[aq]s context. ++Filename for the existing AK's context. +.RE +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-ak\-password\f[]=\f[I]AK_PASSWORD\f[]: ++\f[B]\-P\f[], \f[B]\[en]ak\-password\f[]=\f[I]AK_PASSWORD\f[]: +.RS 2 +.PP +specifies the password of \f[I]AK_HANDLE\f[]. +Passwords should follow the password formatting standards, see section -+"Password Formatting". ++\[lq]Password Formatting\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-l\f[], \f[B]\-\-id\-list\f[]=\f[I]PCR_ID_LIST\f[] ++\f[B]\-l\f[], \f[B]\[en]id\-list\f[]=\f[I]PCR_ID_LIST\f[] +.RS 2 +.PP -+The comma separated list of selected PCRs\[aq] ids, 0~23 e.g. -+"4,5,6". ++The comma separated list of selected PCRs' ids, 0~23 e.g. ++\[lq]4,5,6\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-L\f[], \f[B]\-\-sel\-list\f[]=\f[I]PCR_SELECTION_LIST\f[]: ++\f[B]\-L\f[], \f[B]\[en]sel\-list\f[]=\f[I]PCR_SELECTION_LIST\f[]: +.RS 2 +.PP -+The list of pcr banks and selected PCRs\[aq] ids for each bank. ++The list of pcr banks and selected PCRs' ids for each bank. +\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers -+standards, see section "PCR Bank Specfiers". ++standards, see section \[lq]PCR Bank Specfiers\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-m\f[], \f[B]\-\-message\f[]: ++\f[B]\-m\f[], \f[B]\[en]message\f[]: +.RS 2 +.PP +message output file, records the quote message that makes up the data +that is signed by the TPM. +.RE +.IP \[bu] 2 -+\f[B]\-s\f[], \f[B]\-\-signature\f[]: ++\f[B]\-s\f[], \f[B]\[en]signature\f[]: +.RS 2 +.PP +signature output file, records the signature in the format specified via +the \f[B]\-f\f[] option. +.RE +.IP \[bu] 2 -+\f[B]\-f\f[], \f[B]\-\-format\f[] ++\f[B]\-f\f[], \f[B]\[en]format\f[] +.RS 2 +.PP +Format selection for the signature output file. -+See section "Signature Format Specifiers". ++See section \[lq]Signature Format Specifiers\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-q\f[], \f[B]\-\-qualify\-data\f[]: ++\f[B]\-q\f[], \f[B]\[en]qualify\-data\f[]: +.RS 2 +.PP +Data given as a Hex string to qualify the quote, optional. @@ -5611,10 +5574,10 @@ index 000000000000..3d49cb84dbce +.RE +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional +Input session handle from a policy session for authorization. +.IP \[bu] 2 -+\f[B]\-G\f[], \f[B]\-\-sig\-hash\-algorithm\f[]: ++\f[B]\-G\f[], \f[B]\[en]sig\-hash\-algorithm\f[]: +.RS 2 +.PP +Hash algorithm for signature. @@ -5624,20 +5587,20 @@ index 000000000000..3d49cb84dbce +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -5670,14 +5633,14 @@ index 000000000000..3d49cb84dbce +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -5694,7 +5657,7 @@ index 000000000000..3d49cb84dbce +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -5729,7 +5692,8 @@ index 000000000000..3d49cb84dbce +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH PCR Bank Specfiers @@ -5742,7 +5706,7 @@ index 000000000000..3d49cb84dbce +\f[] +.fi +.PP -+multiple banks may be separated by \[aq]+\[aq]. ++multiple banks may be separated by `+'. +.PP +For example: +.IP @@ -5786,13 +5750,11 @@ index 000000000000..3d49cb84dbce +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_rc_decode.1 b/man/man1/tpm2_rc_decode.1 -new file mode 100644 -index 000000000000..492eea90607c ---- /dev/null -+++ b/man/man1/tpm2_rc_decode.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_rc_decode.1 tpm2-tools-3.0.4-new/man/man1/tpm2_rc_decode.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_rc_decode.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_rc_decode.1 2018-09-10 07:57:17.680530739 -0700 @@ -0,0 +1,132 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_rc_decode" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -5816,20 +5778,20 @@ index 000000000000..492eea90607c +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -5862,14 +5824,14 @@ index 000000000000..492eea90607c +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -5886,7 +5848,7 @@ index 000000000000..492eea90607c +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -5924,13 +5886,11 @@ index 000000000000..492eea90607c +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_readpublic.1 b/man/man1/tpm2_readpublic.1 -new file mode 100644 -index 000000000000..ccc8c4010af1 ---- /dev/null -+++ b/man/man1/tpm2_readpublic.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_readpublic.1 tpm2-tools-3.0.4-new/man/man1/tpm2_readpublic.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_readpublic.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_readpublic.1 2018-09-10 07:57:17.852528388 -0700 @@ -0,0 +1,155 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_readpublic" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -5945,52 +5905,52 @@ index 000000000000..ccc8c4010af1 +\f[B]tpm2_readpublic\f[](1) Reads the public area of a loaded object. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-H\f[], \f[B]\-\-object\f[]=\f[I]HANDLE\f[]: ++\f[B]\-H\f[], \f[B]\[en]object\f[]=\f[I]HANDLE\f[]: +.RS 2 +.PP +The loaded object handle to read the public data of. +.RE +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-ak\-context\f[]=\f[I]OBJECT_CONTEXT_FILE\f[]: ++\f[B]\-c\f[], \f[B]\[en]ak\-context\f[]=\f[I]OBJECT_CONTEXT_FILE\f[]: +.RS 2 +.PP +Filename for object context. +.RE +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-opu\f[]: ++\f[B]\-o\f[], \f[B]\[en]opu\f[]: +.RS 2 +.PP +The output file path, recording the public portion of the object. +.RE +.IP \[bu] 2 -+\f[B]\-f\f[], \f[B]\-\-format\f[]: ++\f[B]\-f\f[], \f[B]\[en]format\f[]: +.RS 2 +.PP +Format selection for the public key output file. -+\[aq]tss\[aq] (the default) will output a binary blob according to the -+TPM 2.0 secification. -+\[aq]pem\[aq] will output an OpenSSL compatible PEM encoded public key. -+\[aq]der\[aq] will output an OpenSSL compatible DER encoded public key. ++`tss' (the default) will output a binary blob according to the TPM 2.0 ++secification. ++`pem' will output an OpenSSL compatible PEM encoded public key. ++`der' will output an OpenSSL compatible DER encoded public key. +.RE +.SH COMMON OPTIONS +.PP +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -6023,14 +5983,14 @@ index 000000000000..ccc8c4010af1 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -6047,7 +6007,7 @@ index 000000000000..ccc8c4010af1 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -6085,13 +6045,11 @@ index 000000000000..ccc8c4010af1 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_rsadecrypt.1 b/man/man1/tpm2_rsadecrypt.1 -new file mode 100644 -index 000000000000..dede7d971717 ---- /dev/null -+++ b/man/man1/tpm2_rsadecrypt.1 -@@ -0,0 +1,191 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_rsadecrypt.1 tpm2-tools-3.0.4-new/man/man1/tpm2_rsadecrypt.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_rsadecrypt.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_rsadecrypt.1 2018-09-10 07:57:18.040525819 -0700 +@@ -0,0 +1,192 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_rsadecrypt" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -6112,43 +6070,43 @@ index 000000000000..dede7d971717 +.IP "1." 3 +an RSA key +.IP "2." 3 -+Have the attribute \f[I]decrypt\f[] \f[B]SET\f[] in it\[aq]s attributes. ++Have the attribute \f[I]decrypt\f[] \f[B]SET\f[] in it's attributes. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-k\f[], \f[B]\-\-key\-handle\f[]=\f[I]KEY_HANDLE\f[]: ++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: +.RS 2 +.PP +the public portion of RSA key to use for decryption. +.RE +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: ++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: +.RS 2 +.PP +filename of the key context used for the operation. +.RE +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-pwdk\f[]=\f[I]KEY_PASSWORD\f[]: ++\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: +.RS 2 +.PP +specifies the password of \f[I]KEY_HANDLE\f[]. +Passwords should follow the password formatting standards, see section -+"Password Formatting". ++\[lq]Password Formatting\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-I\f[], \f[B]\-\-in\-file\f[]=\f[I]INPUT\f[]: ++\f[B]\-I\f[], \f[B]\[en]in\-file\f[]=\f[I]INPUT\f[]: +.RS 2 +.PP +Input file path, containing the data to be decrypted. +.RE +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-out\-file\f[]=\f[I]OUTPUT_FILE\f[]: ++\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUTPUT_FILE\f[]: +.RS 2 +.PP +Output file path, record the decrypted data. +.RE +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: +.RS 2 +.PP +Optional Input session handle from a policy session for authorization. @@ -6158,20 +6116,20 @@ index 000000000000..dede7d971717 +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -6204,14 +6162,14 @@ index 000000000000..dede7d971717 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -6228,7 +6186,7 @@ index 000000000000..dede7d971717 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -6263,7 +6221,8 @@ index 000000000000..dede7d971717 +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH EXAMPLES @@ -6282,13 +6241,11 @@ index 000000000000..dede7d971717 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_rsaencrypt.1 b/man/man1/tpm2_rsaencrypt.1 -new file mode 100644 -index 000000000000..29e2bcd7e9df ---- /dev/null -+++ b/man/man1/tpm2_rsaencrypt.1 -@@ -0,0 +1,188 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_rsaencrypt.1 tpm2-tools-3.0.4-new/man/man1/tpm2_rsaencrypt.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_rsaencrypt.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_rsaencrypt.1 2018-09-10 07:57:18.219523373 -0700 +@@ -0,0 +1,189 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_rsaencrypt" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -6310,30 +6267,30 @@ index 000000000000..29e2bcd7e9df +.IP "1." 3 +an RSA key +.IP "2." 3 -+Have the attribute \f[I]decrypt\f[] \f[B]SET\f[] in it\[aq]s attributes. ++Have the attribute \f[I]decrypt\f[] \f[B]SET\f[] in it's attributes. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-k\f[], \f[B]\-\-key\-handle\f[]=\f[I]KEY_HANDLE\f[]: ++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: +.RS 2 +.PP +the public portion of RSA key to use for encryption. +.RE +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: ++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: +.RS 2 +.PP +filename of the key context used for the operation. +.RE +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-pwdk\f[]=\f[I]KEY_PASSWORD\f[]: ++\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: +.RS 2 +.PP +specifies the password of \f[I]KEY_HANDLE\f[]. +Passwords should follow the password formatting standards, see section -+"Password Formatting". ++\[lq]Password Formatting\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-out\-file\f[]=\f[I]OUTPUT_FILE\f[]: ++\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUTPUT_FILE\f[]: +.RS 2 +.PP +Output file path, record the decrypted data. @@ -6342,7 +6299,7 @@ index 000000000000..29e2bcd7e9df +.RE +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: +.RS 2 +.PP +Optional Input session handle from a policy session for authorization. @@ -6352,20 +6309,20 @@ index 000000000000..29e2bcd7e9df +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -6398,14 +6355,14 @@ index 000000000000..29e2bcd7e9df +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -6422,7 +6379,7 @@ index 000000000000..29e2bcd7e9df +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -6457,7 +6414,8 @@ index 000000000000..29e2bcd7e9df +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH EXAMPLES @@ -6476,13 +6434,11 @@ index 000000000000..29e2bcd7e9df +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_send.1 b/man/man1/tpm2_send.1 -new file mode 100644 -index 000000000000..193b66d101b7 ---- /dev/null -+++ b/man/man1/tpm2_send.1 -@@ -0,0 +1,154 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_send.1 tpm2-tools-3.0.4-new/man/man1/tpm2_send.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_send.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_send.1 2018-09-10 07:57:18.394520981 -0700 +@@ -0,0 +1,147 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_send" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -6503,14 +6459,7 @@ index 000000000000..193b66d101b7 +to decode and display the response in a human readable form. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-i\f[], \f[B]\-\-input\f[]=\f[I]INPUT\f[]: -+.RS 2 -+.PP -+Input file to read a command buffer from. -+Defaults to stdin. -+.RE -+.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-out\-file\f[]=\f[I]OUTPUT_FILE\f[]: ++\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUTPUT_FILE\f[]: +.RS 2 +.PP +Output file to send response buffer to. @@ -6521,20 +6470,20 @@ index 000000000000..193b66d101b7 +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -6567,14 +6516,14 @@ index 000000000000..193b66d101b7 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -6591,7 +6540,7 @@ index 000000000000..193b66d101b7 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -6636,13 +6585,11 @@ index 000000000000..193b66d101b7 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_sign.1 b/man/man1/tpm2_sign.1 -new file mode 100644 -index 000000000000..67e079619fba ---- /dev/null -+++ b/man/man1/tpm2_sign.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_sign.1 tpm2-tools-3.0.4-new/man/man1/tpm2_sign.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_sign.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_sign.1 2018-09-10 07:57:18.572518548 -0700 @@ -0,0 +1,245 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_sign" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -6663,63 +6610,62 @@ index 000000000000..67e079619fba +The scheme of keyHandle should not be \f[B]TPM_ALG_NULL\f[]. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-k\f[], \f[B]\-\-key\-handle\f[]=\f[I]KEY_HANDLE\f[]: ++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: +.RS 2 +.PP +Handle of key that will perform signing. +.RE +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: ++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: +.RS 2 +.PP +Filename of the key context used for the operation. +.RE +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-pwdk\f[]=\f[I]KEY_PASSWORD\f[]: ++\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: +.RS 2 +.PP +Specifies the password of \f[I]KEY_HANDLE\f[]. +Passwords should follow the password formatting standards, see section -+"Password Formatting". ++\[lq]Password Formatting\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-halg\f[]=\f[I]HASH_ALGORITHM\f[]: ++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]HASH_ALGORITHM\f[]: +.RS 2 +.PP +The hash algorithm used to digest the message. -+Algorithms should follow the "formatting standards, see section -+"Algorithm Specifiers". -+Also, see section "Supported Hash Algorithms" for a list of supported -+hash algorithms. ++Algorithms should follow the \[lq]formatting standards, see ++section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported ++Hash Algorithms" for a list of supported hash algorithms. +.RE +.IP \[bu] 2 -+\f[B]\-m\f[], \f[B]\-\-msg\f[]=\f[I]MSG_FILE\f[]: ++\f[B]\-m\f[], \f[B]\[en]msg\f[]=\f[I]MSG_FILE\f[]: +.RS 2 +.PP +The message file, containing the content to be digested. +.RE +.IP \[bu] 2 -+\f[B]\-t\f[], \f[B]\-\-ticket\f[]=\f[I]TICKET_FILE\f[]: ++\f[B]\-t\f[], \f[B]\[en]ticket\f[]=\f[I]TICKET_FILE\f[]: +.RS 2 +.PP +The ticket file, containning the validation structure, optional. +.RE +.IP \[bu] 2 -+\f[B]\-s\f[], \f[B]\-\-sig\f[]=\f[I]TICKET_FILE\f[]: ++\f[B]\-s\f[], \f[B]\[en]sig\f[]=\f[I]TICKET_FILE\f[]: +.RS 2 +.PP +The signature file, records the signature structure. +.RE +.IP \[bu] 2 -+\f[B]\-f\f[], \f[B]\-\-format\f[] ++\f[B]\-f\f[], \f[B]\[en]format\f[] +.RS 2 +.PP +Format selection for the signature output file. -+See section "Signature Format Specifiers". ++See section \[lq]Signature Format Specifiers\[rq]. +.RE +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: +.RS 2 +.PP +Optional Input session handle from a policy session for authorization. @@ -6729,20 +6675,20 @@ index 000000000000..67e079619fba +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -6775,14 +6721,14 @@ index 000000000000..67e079619fba +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -6799,7 +6745,7 @@ index 000000000000..67e079619fba +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -6834,7 +6780,8 @@ index 000000000000..67e079619fba +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH Supported Hash Algorithms @@ -6855,7 +6802,7 @@ index 000000000000..67e079619fba +\f[B]NOTE\f[]: Your TPM may not support all algorithms. +.SH Algorithm Specfiers +.PP -+Options that take algorithms support "nice\-names". ++Options that take algorithms support \[lq]nice\-names\[rq]. +Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4. +The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[] +from the Algorithm Name field and converting it to lower case. @@ -6887,13 +6834,11 @@ index 000000000000..67e079619fba +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_startup.1 b/man/man1/tpm2_startup.1 -new file mode 100644 -index 000000000000..ca40b6bceb79 ---- /dev/null -+++ b/man/man1/tpm2_startup.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_startup.1 tpm2-tools-3.0.4-new/man/man1/tpm2_startup.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_startup.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_startup.1 2018-09-10 07:57:18.742516225 -0700 @@ -0,0 +1,139 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_startup" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -6912,7 +6857,7 @@ index 000000000000..ca40b6bceb79 +will have already sent this command. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-clear\f[]: ++\f[B]\-c\f[], \f[B]\[en]clear\f[]: +.RS 2 +.PP +Startup type sent will be \f[B]TPM_SU_CLEAR\f[] instead of @@ -6923,20 +6868,20 @@ index 000000000000..ca40b6bceb79 +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -6969,14 +6914,14 @@ index 000000000000..ca40b6bceb79 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -6993,7 +6938,7 @@ index 000000000000..ca40b6bceb79 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -7032,13 +6977,11 @@ index 000000000000..ca40b6bceb79 +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_takeownership.1 b/man/man1/tpm2_takeownership.1 -new file mode 100644 -index 000000000000..aee0bc7d4ced ---- /dev/null -+++ b/man/man1/tpm2_takeownership.1 -@@ -0,0 +1,220 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_takeownership.1 tpm2-tools-3.0.4-new/man/man1/tpm2_takeownership.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_takeownership.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_takeownership.1 2018-09-10 07:57:18.932513629 -0700 +@@ -0,0 +1,221 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_takeownership" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -7059,15 +7002,15 @@ index 000000000000..aee0bc7d4ced +indicate that the hash is safe to sign. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-owner\-password\f[]=\f[I]OWNER_PASSWORD\f[]: The ++\f[B]\-o\f[], \f[B]\[en]owner\-password\f[]=\f[I]OWNER_PASSWORD\f[]: The +new owner authorization value. +.RS 2 +.PP +Passwords should follow the password formatting standards, see section -+"Password Formatting". ++\[lq]Password Formatting\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-e\f[], \f[B]\-\-endorse\-password\f[]=\f[I]ENDORSE_PASSWORD\f[]: ++\f[B]\-e\f[], \f[B]\[en]endorse\-password\f[]=\f[I]ENDORSE_PASSWORD\f[]: +.RS 2 +.PP +The new endorse authorization value. @@ -7075,7 +7018,7 @@ index 000000000000..aee0bc7d4ced +option. +.RE +.IP \[bu] 2 -+\f[B]\-l\f[], \f[B]\-\-lockout\-password\f[]=\f[I]LOCKOUT_PASSWORD\f[]: ++\f[B]\-l\f[], \f[B]\[en]lockout\-password\f[]=\f[I]LOCKOUT_PASSWORD\f[]: +.RS 2 +.PP +The new lockout authorization value. @@ -7086,7 +7029,7 @@ index 000000000000..aee0bc7d4ced +.RE +.IP \[bu] 2 +\f[B]\-O\f[], -+\f[B]\-\-old\-ownerPassword\f[]=\f[I]OLD_OWNER_PASSWORD\f[]: ++\f[B]\[en]old\-ownerPassword\f[]=\f[I]OLD_OWNER_PASSWORD\f[]: +.RS 2 +.PP +The old owner authorization value. @@ -7095,7 +7038,7 @@ index 000000000000..aee0bc7d4ced +.RE +.IP \[bu] 2 +\f[B]\-E\f[], -+\f[B]\-\-old\-endorsePassword\f[]=\f[I]OLD_ENDORSE_PASSWORD\f[]: ++\f[B]\[en]old\-endorsePassword\f[]=\f[I]OLD_ENDORSE_PASSWORD\f[]: +.RS 2 +.PP +The old endorse authorization value. @@ -7104,7 +7047,7 @@ index 000000000000..aee0bc7d4ced +.RE +.IP \[bu] 2 +\f[B]\-L\f[], -+\f[B]\-\-old\-lockoutPassword\f[]=\f[I]OLD_LOCKOUT_PASSWORD\f[]: ++\f[B]\[en]old\-lockoutPassword\f[]=\f[I]OLD_LOCKOUT_PASSWORD\f[]: +.RS 2 +.PP +The old lockout authorization value. @@ -7112,7 +7055,7 @@ index 000000000000..aee0bc7d4ced +option. +.RE +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-clear\f[]: ++\f[B]\-c\f[], \f[B]\[en]clear\f[]: +.RS 2 +.PP +Clears the 3 authorizations values with lockout auth, thus one must @@ -7123,20 +7066,20 @@ index 000000000000..aee0bc7d4ced +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -7169,14 +7112,14 @@ index 000000000000..aee0bc7d4ced +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -7193,7 +7136,7 @@ index 000000000000..aee0bc7d4ced +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -7228,7 +7171,8 @@ index 000000000000..aee0bc7d4ced +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH EXAMPLES @@ -7258,13 +7202,11 @@ index 000000000000..aee0bc7d4ced +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_unseal.1 b/man/man1/tpm2_unseal.1 -new file mode 100644 -index 000000000000..81a3b6696b7a ---- /dev/null -+++ b/man/man1/tpm2_unseal.1 -@@ -0,0 +1,232 @@ -+.\" Automatically generated by Pandoc 1.19.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_unseal.1 tpm2-tools-3.0.4-new/man/man1/tpm2_unseal.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_unseal.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_unseal.1 2018-09-10 07:57:19.123511018 -0700 +@@ -0,0 +1,233 @@ ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_unseal" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -7280,35 +7222,35 @@ index 000000000000..81a3b6696b7a +\f[B]tpm2_unseal\f[](1) \- \-returns the data in a loaded Sealed Data +Object. +.PP -+\f[B]NOTE\f[]: The \f[B]\-\-set\-list\f[] and -+\f[B]\-\-pcr\-input\-file\f[] options should only be used for simple PCR -+authentication policies. ++\f[B]NOTE\f[]: The \f[B]\[en]set\-list\f[] and ++\f[B]\[en]pcr\-input\-file\f[] options should only be used for simple ++PCR authentication policies. +For more complex policies the tools should be ran in an execution +environment that keeps the session context alive and pass that session -+using the \f[B]\-\-input\-session\-handle\f[] option. ++using the \f[B]\[en]input\-session\-handle\f[] option. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-H\f[], \f[B]\-\-item\f[]=\f[I]ITEM_HANDLE\f[]: ++\f[B]\-H\f[], \f[B]\[en]item\f[]=\f[I]ITEM_HANDLE\f[]: +.RS 2 +.PP +Item handle of loaded object. +.RE +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-item\-context\f[]=\f[I]ITEM_CONTEXT_FILE\f[]: ++\f[B]\-c\f[], \f[B]\[en]item\-context\f[]=\f[I]ITEM_CONTEXT_FILE\f[]: +.RS 2 +.PP +Filename of the item context. +.RE +.IP \[bu] 2 -+\f[B]\-P\f[], \f[B]\-\-pwdk\f[]=\f[I]KEY_PASSWORD\f[]: ++\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: +.RS 2 +.PP +Specifies the password of \f[I]ITEM_HANDLE\f[]. +Passwords should follow the password formatting standards, see section -+"Password Formatting". ++\[lq]Password Formatting\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-o\f[], \f[B]\-\-outfile\f[]=\f[I]OUT_FILE\f[]: ++\f[B]\-o\f[], \f[B]\[en]outfile\f[]=\f[I]OUT_FILE\f[]: +.RS 2 +.PP +Output file name, containing the unsealed data. @@ -7316,21 +7258,21 @@ index 000000000000..81a3b6696b7a +.RE +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: +.RS 2 +.PP +Optional Input session handle from a policy session for authorization. +.RE +.IP \[bu] 2 -+\f[B]\-L\f[], \f[B]\-\-set\-list\f[]==\f[I]PCR_SELECTION_LIST\f[]: ++\f[B]\-L\f[], \f[B]\[en]set\-list\f[]==\f[I]PCR_SELECTION_LIST\f[]: +.RS 2 +.PP -+The list of pcr banks and selected PCRs\[aq] ids. ++The list of pcr banks and selected PCRs' ids. +\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers -+standards, see section "PCR Bank Specfiers". ++standards, see section \[lq]PCR Bank Specfiers\[rq]. +.RE +.IP \[bu] 2 -+\f[B]\-F\f[],**\-\-pcr\-input\-file=\f[I]PCR_INPUT_FILE\f[] ++\f[B]\-F\f[],**\[en]pcr\-input\-file=\f[I]PCR_INPUT_FILE\f[] +.RS 2 +.PP +Optional Path or Name of the file containing expected pcr values for the @@ -7342,20 +7284,20 @@ index 000000000000..81a3b6696b7a +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -7388,14 +7330,14 @@ index 000000000000..81a3b6696b7a +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -7412,7 +7354,7 @@ index 000000000000..81a3b6696b7a +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -7447,7 +7389,8 @@ index 000000000000..81a3b6696b7a +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH PCR Bank Specfiers @@ -7460,7 +7403,7 @@ index 000000000000..81a3b6696b7a +\f[] +.fi +.PP -+multiple banks may be separated by \[aq]+\[aq]. ++multiple banks may be separated by `+'. +.PP +For example: +.IP @@ -7496,13 +7439,11 @@ index 000000000000..81a3b6696b7a +.SH HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) -diff --git a/man/man1/tpm2_verifysignature.1 b/man/man1/tpm2_verifysignature.1 -new file mode 100644 -index 000000000000..ed047386d4f8 ---- /dev/null -+++ b/man/man1/tpm2_verifysignature.1 +diff -urN tpm2-tools-3.0.4/man/man1/tpm2_verifysignature.1 tpm2-tools-3.0.4-new/man/man1/tpm2_verifysignature.1 +--- tpm2-tools-3.0.4/man/man1/tpm2_verifysignature.1 1969-12-31 17:00:00.000000000 -0700 ++++ tpm2-tools-3.0.4-new/man/man1/tpm2_verifysignature.1 2018-09-10 07:57:19.305508531 -0700 @@ -0,0 +1,244 @@ -+.\" Automatically generated by Pandoc 1.19.1 ++.\" Automatically generated by Pandoc 2.0.6 +.\" +.TH "tpm2_verifysignature" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual" +.hy @@ -7525,35 +7466,34 @@ index 000000000000..ed047386d4f8 +private portions need to be loaded. +.SH OPTIONS +.IP \[bu] 2 -+\f[B]\-k\f[], \f[B]\-\-key\-handle\f[]=\f[I]KEY_HANDLE\f[]: ++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: +.RS 2 +.PP +Handle of key that will used in the validation. +.RE +.IP \[bu] 2 -+\f[B]\-c\f[], \f[B]\-\-key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: ++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: +.RS 2 +.PP +Filename of the key context used for the operation. +.RE +.IP \[bu] 2 -+\f[B]\-g\f[], \f[B]\-\-halg\f[]=\f[I]HASH_ALGORITHM\f[]: ++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]HASH_ALGORITHM\f[]: +.RS 2 +.PP +The hash algorithm used to digest the message. -+Algorithms should follow the "formatting standards, see section -+"Algorithm Specifiers". -+Also, see section "Supported Hash Algorithms" for a list of supported -+hash algorithms. ++Algorithms should follow the \[lq]formatting standards, see ++section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported ++Hash Algorithms" for a list of supported hash algorithms. +.RE +.IP \[bu] 2 -+\f[B]\-m\f[], \f[B]\-\-msg\f[]=\f[I]MSG_FILE\f[]: ++\f[B]\-m\f[], \f[B]\[en]msg\f[]=\f[I]MSG_FILE\f[]: +.RS 2 +.PP +The message file, containing the content to be digested. +.RE +.IP \[bu] 2 -+\f[B]\-D\f[], \f[B]\-\-digest\f[]=\f[I]DIGEST_FILE\f[]: ++\f[B]\-D\f[], \f[B]\[en]digest\f[]=\f[I]DIGEST_FILE\f[]: +.RS 2 +.PP +The input hash file, containing the hash of the message. @@ -7561,27 +7501,27 @@ index 000000000000..ed047386d4f8 +algorithm (\f[B]\-g\f[]) options do not need to be specified. +.RE +.IP \[bu] 2 -+\f[B]\-s\f[], \f[B]\-\-sig\f[]=\f[I]SIG_FILE\f[]: ++\f[B]\-s\f[], \f[B]\[en]sig\f[]=\f[I]SIG_FILE\f[]: +.RS 2 +.PP +The input signature file of the signature to be validated. +.RE +.IP \[bu] 2 -+\f[B]\-r\f[], \f[B]\-\-raw\f[]: ++\f[B]\-r\f[], \f[B]\[en]raw\f[]: +.RS 2 +.PP +Set the input signature file to raw type. +The default is TPMT_SIGNATURE. +.RE +.IP \[bu] 2 -+\f[B]\-t\f[], \f[B]\-\-ticket\f[]=\f[I]TICKET_FILE\f[]: ++\f[B]\-t\f[], \f[B]\[en]ticket\f[]=\f[I]TICKET_FILE\f[]: +.RS 2 +.PP +The ticket file to record the validation structure. +.RE +.IP \[bu] 2 +\f[B]\-S\f[], -+\f[B]\-\-input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: ++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: +.RS 2 +.PP +Optional Input session handle from a policy session for authorization. @@ -7591,20 +7531,20 @@ index 000000000000..ed047386d4f8 +This collection of options are common to many programs and provide +information that many users may expect. +.IP \[bu] 2 -+\f[B]\-h\f[], \f[B]\-\-help\f[]: Display the tools manpage. ++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage. +This requires the manpages to be installed or on \f[I]MANPATH\f[], See +man(1) for more details. +.IP \[bu] 2 -+\f[B]\-v\f[], \f[B]\-\-version\f[]: Display version information for this -+tool, supported tctis and exit. ++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for ++this tool, supported tctis and exit. +.IP \[bu] 2 -+\f[B]\-V\f[], \f[B]\-\-verbose\f[]: Increase the information that the ++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the +tool prints to the console during its execution. +When using this option the file and line number are printed. +.IP \[bu] 2 -+\f[B]\-Q\f[], \f[B]\-\-quiet\f[]: Silence normal tool output to stdout. ++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout. +.IP \[bu] 2 -+\f[B]\-Z\f[], \f[B]\-\-enable\-errata\f[]: Enable the application of ++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of +errata fixups. +Useful if an errata fixup needs to be applied to commands sent to the +TPM. @@ -7637,14 +7577,14 @@ index 000000000000..ed047386d4f8 +.IP \[bu] 2 +\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the +TPM device file. -+The default is "/dev/tpm0". ++The default is \[lq]/dev/tpm0\[rq]. +.RS 2 +.PP +Note: Using the tpm directly requires the users to ensure that +concurrent access does not occur and that they manage the tpm resources. +These tasks are usually managed by a resource manager. +Linux 4.12 and greater supports an in kernel resource manager at -+"/dev/tpmrm\f[B]\f[]", typically "/dev/tpmrm0". ++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq]. +.RE +.IP \[bu] 2 +\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify @@ -7661,7 +7601,7 @@ index 000000000000..ed047386d4f8 +They override any environment variables. +.IP \[bu] 2 +\f[B]\-T\f[], -+\f[B]\-\-tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[B]:\f[I]TCTI_OPTIONS\f[]\f[]]\f[]: ++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]: +Select the TCTI used for communication with the next component down the +TSS stack. +In most configurations this will be the resource manager: @@ -7696,7 +7636,8 @@ index 000000000000..ed047386d4f8 +Password form is specified with special prefix values, they are: +.IP \[bu] 2 +str: \- Used to indicate it is a raw string. -+Useful for escaping a password that starts with the "hex:" prefix. ++Useful for escaping a password that starts with the \[lq]hex:\[rq] ++prefix. +.IP \[bu] 2 +hex: \- Used when specifying a password in hex string format. +.SH Supported Hash Algorithms @@ -7717,7 +7658,7 @@ index 000000000000..ed047386d4f8 +\f[B]NOTE\f[]: Your TPM may not support all algorithms. +.SH Algorithm Specfiers +.PP -+Options that take algorithms support "nice\-names". ++Options that take algorithms support \[lq]nice\-names\[rq]. +Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4. +The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[] +from the Algorithm Name field and converting it to lower case. @@ -7746,6 +7687,3 @@ index 000000000000..ed047386d4f8 +HELP +.PP +See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2) --- -2.14.3 - diff --git a/SOURCES/autoconf-fixup.patch b/SOURCES/autoconf-fixup.patch index 1ff90e8..b248354 100644 --- a/SOURCES/autoconf-fixup.patch +++ b/SOURCES/autoconf-fixup.patch @@ -4,7 +4,7 @@ diff -urN tpm2-tools-3.0.1/configure.ac tpm2-tools-3.0.1-new/configure.ac @@ -1,5 +1,4 @@ -AC_INIT([tpm2-tools], - [m4_esyscmd_s([git describe --tags --always --dirty])]) -+AC_INIT([tpm2-tools],[3.0.1]) ++AC_INIT([tpm2-tools],[3.0.4]) AC_CONFIG_MACRO_DIR([m4]) AC_PROG_CC LT_INIT diff --git a/SOURCES/max-nv-buffer.patch b/SOURCES/max-nv-buffer.patch deleted file mode 100644 index aebdf94..0000000 --- a/SOURCES/max-nv-buffer.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -urN tpm2-tools-3.0.1/tools/tpm2_nvread.c tpm2-tools-3.0.1-new/tools/tpm2_nvread.c ---- tpm2-tools-3.0.1/tools/tpm2_nvread.c 2017-12-11 08:34:01.000000000 -0700 -+++ tpm2-tools-3.0.1-new/tools/tpm2_nvread.c 2017-12-15 18:08:18.361935382 -0700 -@@ -120,6 +120,10 @@ - return false; - } - -+ if (max_data_size > MAX_NV_BUFFER_SIZE) { -+ max_data_size = MAX_NV_BUFFER_SIZE; -+ } -+ - UINT8 *data_buffer = malloc(data_size); - if (!data_buffer) { - LOG_ERR("oom"); -diff -urN tpm2-tools-3.0.1/tools/tpm2_nvwrite.c tpm2-tools-3.0.1-new/tools/tpm2_nvwrite.c ---- tpm2-tools-3.0.1/tools/tpm2_nvwrite.c 2017-12-11 08:34:01.000000000 -0700 -+++ tpm2-tools-3.0.1-new/tools/tpm2_nvwrite.c 2017-12-15 18:08:09.055066735 -0700 -@@ -116,6 +116,10 @@ - return false; - } - -+ if (max_data_size > MAX_NV_BUFFER_SIZE) { -+ max_data_size = MAX_NV_BUFFER_SIZE; -+ } -+ - UINT16 data_offset = 0; - UINT16 bytes_left = ctx.nv_buffer.t.size; - while (bytes_left > 0) { diff --git a/SPECS/tpm2-tools.spec b/SPECS/tpm2-tools.spec index 308ecfa..adeaf84 100644 --- a/SPECS/tpm2-tools.spec +++ b/SPECS/tpm2-tools.spec @@ -1,20 +1,17 @@ Name: tpm2-tools -Version: 3.0.1 -Release: 1%{?dist} +Version: 3.0.4 +Release: 2%{?dist} Summary: A TPM2.0 testing tool build upon TPM2.0-TSS License: BSD -URL: https://github.com/01org/tpm2-tools -Source0: https://github.com/01org/tpm2-tools/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz +URL: https://github.com/tpm2-software/tpm2-tools +Source0: https://github.com/tpm2-software/tpm2-tools/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz # work around lack of pandoc in RHEL7 Patch0: add-man-pages.patch # Deal with RHEL rpmbuilds not being from git Patch1: autoconf-fixup.patch -# Upstream commit ab1a2d468c4b2ac09a0ac651563653f36a73215f -Patch2: 0001-tpm2_nvwrite-fix-buffer-overflow.patch -# Submitted upstream: https://github.com/intel/tpm2-tools/pull/725 -Patch3: max-nv-buffer.patch +Patch2: 0001-tpm2_create-Use-better-object-attributes-defaults-fo.patch BuildRequires: gcc-c++ BuildRequires: libtool @@ -59,6 +56,14 @@ tpm2-tools is a batch of testing tools for tpm2.0. It is based on tpm2-tss. %{_mandir}/man1/tpm2_*.1.gz %changelog +* Thu Sep 06 2018 Jerry Snitselaar - 3.0.4-2 +- tpm2_create: Use better object attributes defaults for authentication +resolves: rhbz#1627282 + +* Fri Jun 15 2018 Jerry Snitselaar - 3.0.4-1 +- Rebase to 3.0.4 release +resolves: rhbz#1515108 + * Wed Dec 13 2017 Jerry Snitselaar - 3.0.1-1 - Rebase to 3.0.1 release resolves: rhbz#1463100