diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e1a8aa3
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/tpm2-tools-3.0.4.tar.gz
diff --git a/.tpm2-tools.metadata b/.tpm2-tools.metadata
new file mode 100644
index 0000000..dcf7fcc
--- /dev/null
+++ b/.tpm2-tools.metadata
@@ -0,0 +1 @@
+01fbd61699979dcfb7d9cd88bd4fb15118b602d5 SOURCES/tpm2-tools-3.0.4.tar.gz
diff --git a/SOURCES/0001-tpm2_create-Use-better-object-attributes-defaults-fo.patch b/SOURCES/0001-tpm2_create-Use-better-object-attributes-defaults-fo.patch
new file mode 100644
index 0000000..527697b
--- /dev/null
+++ b/SOURCES/0001-tpm2_create-Use-better-object-attributes-defaults-fo.patch
@@ -0,0 +1,114 @@
+From 1a541fbef647cd495e1c9fb9667d0f0525ff5fd7 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Mon, 30 Jul 2018 11:40:19 +0200
+Subject: [PATCH] tpm2_create: Use better object attributes defaults for
+ authentication
+
+The tpm2_create tool allows to define a policy session or a password for
+authentication. By default no policy session is used and the password is
+empty, which means that this empty password is used for authentication.
+
+So the default object attribute flag userWithAuth is set in order to use
+the empty password. This isn't a good default though if a policy is set,
+since in this case the policy session has to be used for authentication
+instead of an empty password.
+
+If a policy is defined, the userWithAuth bit has to be clear unless the
+user defines a password so in that case authentication would happen only
+using the policy session or the defined password.
+
+Also add these cases in the integration test to detect regressions.
+
+Fixes: #1123
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ test/system/test_tpm2_unseal.sh | 51 +++++++++++++++++++++++++++++++++
+ tools/tpm2_create.c             |  4 +++
+ 2 files changed, 55 insertions(+)
+
+diff --git a/test/system/test_tpm2_unseal.sh b/test/system/test_tpm2_unseal.sh
+index 1015a43..abfffce 100755
+--- a/test/system/test_tpm2_unseal.sh
++++ b/test/system/test_tpm2_unseal.sh
+@@ -109,4 +109,55 @@ unsealed=`tpm2_unseal -c $file_unseal_key_ctx -L ${alg_pcr_policy}:${pcr_ids} -F
+ 
+ test "$unsealed" == "$secret"
+ 
++# Test that unseal fails if a PCR policy isn't provided
++
++trap - ERR
++
++tpm2_unseal -c $file_unseal_key_ctx 2> /dev/null
++if [ $? != 1 ]; then
++  echo "tpm2_unseal didn't fail without a PCR policy!"
++  exit 1
++fi
++
++# Test that unseal fails if PCR state isn't the same as the defined PCR policy
++
++pcr_extend=$(echo $pcr_ids | cut -d ',' -f1)
++
++tpm2_pcrextend $pcr_extend:sha1=6c10289a8da7f774cf67bd2fc8502cd4b585346a
++
++tpm2_unseal -c $file_unseal_key_ctx -L ${alg_pcr_policy}:${pcr_ids} -F $file_pcr_value 2> /dev/null
++if [ $? != 1 ]; then
++  echo "tpm2_unseal didn't fail with a PCR state different than the policy!"
++  exit 1
++fi
++
++# Test that the object can be unsealed without a policy but a password
++
++trap onerror ERR
++
++rm $file_unseal_key_pub $file_unseal_key_priv $file_unseal_key_name
++
++tpm2_pcrlist -Q -L ${alg_pcr_policy}:${pcr_ids} -o $file_pcr_value
++
++tpm2_createpolicy -Q -P -L ${alg_pcr_policy}:${pcr_ids} -F $file_pcr_value -f $file_policy
++
++tpm2_create -Q -g $alg_create_obj -G $alg_create_key -u $file_unseal_key_pub -r $file_unseal_key_priv -I- -c $file_primary_key_ctx -L $file_policy -K secretpass\
++  -A 'sign|fixedtpm|fixedparent|sensitivedataorigin' <<< $secret
++
++tpm2_load -Q -c $file_primary_key_ctx  -u $file_unseal_key_pub  -r $file_unseal_key_priv -n $file_unseal_key_name -C $file_unseal_key_ctx
++
++unsealed=`tpm2_unseal -c $file_unseal_key_ctx -P secretpass`
++
++test "$unsealed" == "$secret"
++
++# Test that unseal fails when using a wrong password
++
++trap - ERR
++
++tpm2_unseal -c $file_unseal_key_ctx -P wrongpass 2> /dev/null
++if [ $? != 1 ]; then
++  echo "tpm2_unseal didn't fail when using a wrong object password!"
++  exit 1
++fi
++
+ exit 0
+diff --git a/tools/tpm2_create.c b/tools/tpm2_create.c
+index 41d7b42..15166fc 100644
+--- a/tools/tpm2_create.c
++++ b/tools/tpm2_create.c
+@@ -256,6 +256,7 @@ static bool on_option(char key, char *value) {
+             return false;
+         }
+         ctx.flags.K = 1;
++        ctx.in_public.t.publicArea.objectAttributes.userWithAuth = 1;
+         break;
+     case 'g':
+         ctx.nameAlg = tpm2_alg_util_from_optarg(value);
+@@ -294,6 +295,9 @@ static bool on_option(char key, char *value) {
+             return false;
+         }
+         ctx.flags.L = 1;
++        if (!ctx.flags.K) {
++             ctx.in_public.t.publicArea.objectAttributes.userWithAuth = 0;
++        }
+         break;
+     case 'S':
+         if (!tpm2_util_string_to_uint32(value, &ctx.session_data.sessionHandle)) {
+-- 
+2.17.0
+
diff --git a/SOURCES/add-man-pages.patch b/SOURCES/add-man-pages.patch
new file mode 100644
index 0000000..9b01694
--- /dev/null
+++ b/SOURCES/add-man-pages.patch
@@ -0,0 +1,7689 @@
+--- tpm2-tools-3.0.4/Makefile.am	2018-04-30 02:52:17.000000000 -0700
++++ tpm2-tools-3.0.4-new/Makefile.am	2018-09-10 07:53:19.911780215 -0700
+@@ -273,8 +273,7 @@
+ 	     RELEASE.md \
+ 	     test/system
+ 
+-if HAVE_PANDOC
+-    man1_MANS := \
++man1_MANS := \
+     man/man1/tpm2_activatecredential.1 \
+     man/man1/tpm2_certify.1 \
+     man/man1/tpm2_create.1 \
+@@ -315,16 +314,6 @@
+     man/man1/tpm2_unseal.1 \
+     man/man1/tpm2_verifysignature.1
+ 
+-# If pandoc is enabled, we want to generate the manpages for the dist tarball
+-EXTRA_DIST += $(man1_MANS)
+-else
+-# If pandoc is not enabled, we want to complain that you need pandoc for make dist,
+-# so hook the target and complain.
+-dist-hook:
+-	@(>&2 echo "You do not have pandoc, a requirement for the distribution of manpages")
+-	@exit 1
+-endif
+-
+ MARKDOWN_COMMON_DEPS = \
+ 	man/common/alg.md \
+ 	man/common/hash.md \
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_activatecredential.1 tpm2-tools-3.0.4-new/man/man1/tpm2_activatecredential.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_activatecredential.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_activatecredential.1	2018-09-10 07:57:12.390603034 -0700
+@@ -0,0 +1,179 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_activatecredential" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_activatecredential\f[](1) \- verify that an object is
++protected with a specific key.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_activatecredential\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++Verify that the given content is protected with given keyHandle for
++given handle, and then decrypt and return the secret, if any passwd
++option is missing, assume NULL.
++Currently only support using TCG profile compliant EK as the keyHandle.
++.SH OPTIONS
++.PP
++These options control the object verification:
++.IP \[bu] 2
++\f[B]\-H\f[], \f[B]\[en]handle\f[]=\f[I]HANDLE\f[]: \f[I]HANDLE\f[] of
++the object associated with the created certificate by CA.
++.IP \[bu] 2
++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: The
++\f[I]KEY_HANDLE\f[] of Loaded key used to decrypt the the random seed.
++.IP \[bu] 2
++\f[B]\-C\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]:
++\f[I]KEY_CONTEXT_FILE\f[] is the path to a context file.
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]password\f[]=\f[I]PASSWORD\f[]: Use
++\f[I]PASSWORD\f[] for providing an authorization value for the
++\f[I]KEY_HANDLE\f[].
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-e\f[], \f[B]\[en]endorse\-password\f[]=\f[I]ENDORSE_PASSWORD\f[]:
++The endorsement password, optional.
++Follows the same formating guidelines as the handle password option \-P.
++.IP \[bu] 2
++\f[B]\-f\f[], \f[B]\[en]in\-file\f[]=\f[I]INPUT_FILE\f[]: Input file
++path, containing the two structures needed by tpm2_activatecredential
++function.
++This is created via the tpm2_makecredential(1) command.
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUTPUT_FILE\f[]: Output file
++path, record the secret to decrypt the certificate.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_activatecredential\ \-H\ 0x81010002\ \-k\ 0x81010001\ \-P\ abc123\ \-e\ abc123\ \-f\ <filePath>\ \-o\ <filePath>
++tpm2_activatecredential\ \-c\ ak.context\ \-C\ ek.context\ \-P\ abc123\ \-e\ abc123\ \-f\ <filePath>\ \-o\ <filePath>
++tpm2_activatecredential\ \-H\ 0x81010002\ \-k\ 0x81010001\ \-P\ 123abc\ \-e\ 1a1b1c\ \-X\ \-f\ <filePath>\ \-o\ <filePath>
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_certify.1 tpm2-tools-3.0.4-new/man/man1/tpm2_certify.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_certify.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_certify.1	2018-09-10 07:57:12.572600547 -0700
+@@ -0,0 +1,202 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_certify" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_certify\f[](1) \- prove that an object is loaded in the tpm.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_certify\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_certify\f[](1) proves that an object with a specific
++\f[I]NAME\f[] is loaded in the TPM.
++By certifying that the object is loaded, the TPM warrants that a public
++area with a given \f[I]NAME\f[] is self\-consistent and associated with
++a valid sensitive area.
++If a relying party has a public area that has the same \f[I]NAME\f[] as
++a \f[I]NAME\f[] certified with this command, then the values in that
++public area are correct.
++The object may be any object that is loaded with TPM2_Load() or
++TPM2_CreatePrimary().
++An object that only has its public area loaded cannot be certified.
++.SH OPTIONS
++.PP
++These options control the ceritifcation:
++.IP \[bu] 2
++\f[B]\-H\f[], \f[B]\[en]obj\-handle\f[]=\f[I]OBJECT_HANDLE\f[]: The
++handle of the object to be certified.
++.IP \[bu] 2
++\f[B]\-C\f[], \f[B]\[en]obj\-context\f[]=\f[I]FILE\f[]: Use
++\f[I]FILE\f[] for providing the object context.
++.IP \[bu] 2
++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: Handle of
++the key used to sign the attestation structure.
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT\f[]: Filename
++of the key context used to sign the attestation structure.
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]pwdo\f[]=\f[I]OBJECT_PASSWORD\f[]: Use
++\f[I]OBJECT_PASSWORD\f[] for providing an authorization value for the
++object specified in \f[I]OBJECT_HANDLE\f[].
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-K\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: Use
++\f[I]KEY_PASSWORD\f[] for providing an authorization value for the key
++specified in \f[I]KEY_HANDLE\f[].
++Follows the same formatting guidelines as the object handle password or
++\-P option.
++.IP \[bu] 2
++\f[B]\-a\f[], \f[B]\[en]attest\-file\f[]=\f[I]ATTEST_FILE\f[]: Output
++file name for the attestation data.
++.IP \[bu] 2
++\f[B]\-s\f[], \f[B]\[en]sig\-file\f[]=\f[I]SIG_FILE\f[]: Output file
++name for the signature data.
++.IP \[bu] 2
++\f[B]\-f\f[], \f[B]\[en]format\f[]
++.RS 2
++.PP
++Format selection for the signature output file.
++See section \[lq]Signature Format Specifiers\[rq].
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH Signature Format Specifiers
++.PP
++Format selection for the signature output file.
++\f[B]tss\f[] (the default) will output a binary blob according to the
++TPM 2.0 specification and any potential compiler padding.
++The option \f[B]plain\f[] will output the plain signature data as
++defined by the used cryptographic algorithm.
++# EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_certify\ \-H\ 0x81010002\ \-k\ 0x81010001\ \-P\ 0x0011\ \-K\ 0x00FF\ \-g\ 0x00B\ \-a\ <fileName>\ \-s\ <fileName>
++tpm2_certify\ \-C\ obj.context\ \-c\ key.context\ \-P\ 0x0011\ \-K\ 0x00FF\ \-g\ 0x00B\ \-a\ <fileName>\ \-s\ <fileName>
++tpm2_certify\ \-H\ 0x81010002\ \-k\ 0x81010001\ \-P\ 0011\ \-K\ 00FF\ \-X\ \-g\ 0x00B\ \-a\ <fileName>\ \-s\ <fileName>
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_create.1 tpm2-tools-3.0.4-new/man/man1/tpm2_create.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_create.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_create.1	2018-09-10 07:57:12.772597813 -0700
+@@ -0,0 +1,273 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_create" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_create\f[](1) \- create an object that can be loaded into a
++TPM using tpm2_load.
++The object will need to be loaded before it may be used.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_create\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_create\f[](1) \- create an object that can be loaded into a
++TPM using tpm2_load.
++The object will need to be loaded before it may be used.
++.SH OPTIONS
++.PP
++These options for creating the tpm entity:
++.IP \[bu] 2
++\f[B]\-H\f[], \f[B]\[en]pparent\f[]=\f[I]PARENT_HANDLE\f[]: The handle
++of the parent object to create this object under.
++.IP \[bu] 2
++\f[B]\-c\f[],
++\f[B]\[en]context\-parent\f[]=\f[I]PARENT_CONTEXT_FILE\f[]: The filename
++for parent context.
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]pwdp\f[]=\f[I]PARENT_KEY_PASSWORD\f[]: The
++password for parent key, optional.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-K\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: The password for
++key, optional.
++Follows the password formatting of the \[lq]password for parent key\[rq]
++option: \-P.
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]ALGORITHM\f[]: The hash algorithm
++to use.
++Algorithms should follow the " formatting standards, see section
++\[lq]Algorithm Specifiers\[rq].
++Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of
++supported hash algorithms.
++.IP \[bu] 2
++\f[B]\-G\f[], \f[B]\[en]kalg\f[]=\f[I]KEY_ALGORITHM\f[]: The algorithm
++associated with this object.
++It accepts friendly names just like \-g option.
++See section \[lq]Supported Public Object Algorithms\[rq] for a list of
++supported object algorithms.
++.IP \[bu] 2
++\f[B]\-A\f[], \f[B]\[en]object\-attributes\f[]=\f[I]ATTRIBUTES\f[]: The
++object attributes, optional.
++Object attribytes follow the specifications as outlined in \[lq]object
++attribute specifiers\[rq].
++The default for created objects is:
++.RS 2
++.PP
++\f[C]TPMA_OBJECT_SIGN|TPMA_OBJECT_FIXEDTPM|TPMA_OBJECT_FIXEDPARENT|TPMA_OBJECT_SENSITIVEDATAORIGIN|TPMA_OBJECT_USERWITHAUTH\f[]
++.RE
++.IP \[bu] 2
++\f[B]\-I\f[], \f[B]\[en]in\-file\f[]=\f[I]FILE\f[]: The data file to be
++sealed, optional.
++If file is \-, read from stdin.
++When sealing data only the TPM_ALG_KEYEDHASH algorithm is allowed.
++.IP \[bu] 2
++\f[B]\-L\f[], \f[B]\[en]policy\-file\f[]=\f[I]POLICY_FILE\f[]: The input
++policy file, optional.
++.IP \[bu] 2
++\f[B]\-u\f[], \f[B]\[en]pubfile\f[]=\f[I]OUTPUT_PUBLIC_FILE\f[]: The
++output file which contains the public portion of the created object,
++optional.
++.IP \[bu] 2
++\f[B]\-r\f[], \f[B]\[en]privfile\f[]=\f[I]OUTPUT_PRIVATE_FILE\f[]: The
++output file which contains the sensitive portion of the object,
++optional.
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
++Input session handle from a policy session for authorization.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH Supported Hash Algorithms
++.PP
++Supported hash algorithms are:
++.IP \[bu] 2
++\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
++\f[B](default)\f[]
++.IP \[bu] 2
++\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
++.IP \[bu] 2
++\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
++.IP \[bu] 2
++\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
++.IP \[bu] 2
++\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Supported Public Object Algorithms
++.PP
++Supported public object algorithms are:
++.IP \[bu] 2
++\f[B]0x1\f[] or \f[B]rsa\f[] for \f[B]TPM_ALG_RSA\f[]
++(\f[B]default\f[]).
++.IP \[bu] 2
++\f[B]0x8\f[] or \f[B]keyedhash\f[] for \f[B]TPM_ALG_KEYEDHASH\f[].
++.IP \[bu] 2
++\f[B]0x23\f[] or \f[B]ecc\f[] for \f[B]TPM_ALG_ECC\f[].
++.IP \[bu] 2
++\f[B]0x25\f[] or \f[B]symcipher\f[] for \f[B]TPM_ALG_SYMCIPHER\f[].
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Algorithm Specfiers
++.PP
++Options that take algorithms support \[lq]nice\-names\[rq].
++Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
++The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
++from the Algorithm Name field and converting it to lower case.
++For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
++.PP
++The algorithms can be found at:
++<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
++.SH Object Attributes
++.PP
++Object Attributes are used to control various properties of created
++objects.
++When specified as an option, either the raw bitfield mask or
++\[lq]nice\-names\[rq] may be used.
++The values can be found in Table 31 Part 2 of the TPM2.0 specification,
++which can be found here:
++.PP
++<https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf>
++.PP
++Nice names are calculated by taking the name field of table 31 and
++removing the prefix \f[B]TPMA_OBJECT_\f[] and lowercasing the result.
++Thus, \f[B]TPMA_OBJECT_FIXEDTPM\f[] becomes fixedtpm.
++Nice names can be joined using the bitwise or \[lq]|\[rq] symbol.
++.PP
++For instance, to set The fields \f[B]TPMA_OBJECT_FIXEDTPM\f[],
++\f[B]TPMA_OBJECT_NODA\f[], and \f[B]TPMA_OBJECT_SIGN\f[], the argument
++would be:
++.PP
++\f[B]fixedtpm|noda|sign\f[]
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_create\ \-H\ 0x81010001\ \-P\ abc123\ \-K\ def456\ \-g\ sha256\ \-G\ keyedhash\-I\ data.File
++tpm2_create\ \-c\ parent.context\ \-P\ abc123\ \-K\ def456\ \-g\ sha256\ \-G\ keyedhash\ \-I\ data.File
++tpm2_create\ \-H\ 0x81010001\ \-P\ 123abc\ \-K\ 456def\ \-X\ \-g\ sha256\ \-G\ keyedhash\ \-I\ data.File
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_createpolicy.1 tpm2-tools-3.0.4-new/man/man1/tpm2_createpolicy.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_createpolicy.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_createpolicy.1	2018-09-10 07:57:12.945595449 -0700
+@@ -0,0 +1,185 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_createpolicy" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_createpolicy\f[](1) \- Creates simple assertion authorization
++policies based on multiple pcr indices values across multiple enabled
++banks.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_createpolicy\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_createpolicy\f[](1) \- Creates simple assertion authorization
++policies based on multiple pcr indices values across multiple enabled
++banks.
++It can then be used with object creation and or tools using the object.
++.SH OPTIONS
++.PP
++These options control creating the policy authorization session:
++.IP \[bu] 2
++\f[B]\-f\f[], \f[B]\[en]policy\-file\f[]=\f[I]POLICY_FILE\f[]: File to
++save the policy digest.
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]policy\-pcr\f[]: Identifies the PCR policy type
++for policy creation.
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]policy\-digest\-alg\f[]=\f[I]HASH_ALGORITHM\f[]:
++The hash algorithm used in computation of the policy digest.
++Algorithms should follow the \[lq]formatting standards, see
++section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported
++Hash Algorithms" for a list of supported hash algorithms.
++.IP \[bu] 2
++\f[B]\-L\f[], \f[B]\[en]set\-list\f[]=\f[I]PCR_LIST\f[]: The list of pcr
++banks and selected PCRs' ids (0~23) for each bank.
++.IP \[bu] 2
++\f[B]\-F\f[], \f[B]\[en]pcr\-input\-file\f[]=\f[I]PCR_FILE\f[]: Optional
++Path or Name of the file containing expected pcr values for the
++specified index.
++Default is to read the current PCRs per the set list.
++.IP \[bu] 2
++\f[B]\-e\f[], \f[B]\[en]extend\-policy\-session\f[]: Retains the policy
++session at the end of operation.
++.IP \[bu] 2
++\f[B]\-a\f[], \f[B]\[en]auth\-policy\-session\f[]: Start a policy
++session of type \f[B]TPM_SE_POLICY\f[].
++Default without this option is \f[B]TPM_SE_TRIAL\f[].
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Supported Hash Algorithms
++.PP
++Supported hash algorithms are:
++.IP \[bu] 2
++\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
++\f[B](default)\f[]
++.IP \[bu] 2
++\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
++.IP \[bu] 2
++\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
++.IP \[bu] 2
++\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
++.IP \[bu] 2
++\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Algorithm Specfiers
++.PP
++Options that take algorithms support \[lq]nice\-names\[rq].
++Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
++The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
++from the Algorithm Name field and converting it to lower case.
++For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
++.PP
++The algorithms can be found at:
++<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
++.SH EXAMPLES
++.PP
++Create a authorization policy tied to a specific PCR index:
++.PP
++\f[B]tpm2_createpolicy \-P \-L 0x4:0 \-f policy.file \-F pcr0.bin\f[]
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_createprimary.1 tpm2-tools-3.0.4-new/man/man1/tpm2_createprimary.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_createprimary.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_createprimary.1	2018-09-10 07:57:13.139592798 -0700
+@@ -0,0 +1,274 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_createprimary" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_createprimary\f[](1) \- Create a primary key under a primary
++seed or a temporary primary key under the \f[B]TPM_RH_NULL\f[]
++hierarchy.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_createprimary\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_createprimary\f[](1) \- This command is used to create a
++Primary Object under one of the Primary Seeds or a Temporary Object
++under \f[B]TPM_RH_NULL\f[].
++The command uses a \f[B]TPM2B_PUBLIC\f[] as a template for the object to
++be created.
++The command will create and load a Primary Object.
++The sensitive area is not returned.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-H\f[], \f[B]\[en]hierarchy\f[]=\f[I]HIERARCHY\f[]: Specify the
++hierarchy under which the object is created.
++This will also dictate which authorization secret (if any) must be
++supplied.
++Supported options are:
++.RS 2
++.IP \[bu] 2
++\f[B]o\f[] for \f[B]TPM_RH_OWNER\f[]
++.IP \[bu] 2
++\f[B]p\f[] for \f[B]TPM_RH_PLATFORM\f[]
++.IP \[bu] 2
++\f[B]e\f[] for \f[B]TPM_RH_ENDORSEMENT\f[]
++.IP \[bu] 2
++\f[B]n\f[] for \f[B]TPM_RH_NULL\f[]
++.RE
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]pwdp\f[]=\f[I]PARENT_KEY_PASSWORD\f[]: Optional
++authorization string if authorization is required to create object under
++the specified hierarchy.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-K\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: Optional
++authorization string for the newly created object.
++Follows the same password formating guidelines as the parent
++authorization string under the \-P option.
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]ALGORITHM\f[]: The hash algorithm
++to use.
++Algorithms should follow the " formatting standards, see section
++\[lq]Algorithm Specifiers\[rq].
++Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of
++supported hash algorithms.
++.IP \[bu] 2
++\f[B]\-G\f[], \f[B]\[en]kalg\f[]=\f[I]KEY_ALGORITHM\f[]: Algorithm type
++for generated key.
++It supports friendly names like the \-g option.
++See section \[lq]Supported Public Object Algorithms\[rq] for a list of
++supported object algorithms.
++.IP \[bu] 2
++\f[B]\-C\f[], \f[B]\[en]context\f[]=\f[I]CONTEXT_FILE\f[]: An optional
++file used to store the object context returned.
++.IP \[bu] 2
++\f[B]\-L\f[], \f[B]\[en]policy\-file\f[]=\f[I]POLICY_FILE\f[]: An
++optional file input that contains the policy digest for policy based
++authorization of the object.
++.IP \[bu] 2
++\f[B]\-A\f[], \f[B]\[en]object\-attributes\f[]=\f[I]ATTRIBUTES\f[]: The
++object attributes, optional.
++Object attribytes follow the specifications as outlined in \[lq]object
++attribute specifiers\[rq].
++The default for created objects is:
++.RS 2
++.PP
++\f[C]TPMA_OBJECT_RESTRICTED|TPMA_OBJECT_DECRYPT|TPMA_OBJECT_FIXEDTPM|TPMA_OBJECT_FIXEDPARENT|TPMA_OBJECT_SENSITIVEDATAORIGIN|TPMA_OBJECT_USERWITHAUTH\f[]
++.RE
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
++Input session handle from a policy session for authorization.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH Supported Hash Algorithms
++.PP
++Supported hash algorithms are:
++.IP \[bu] 2
++\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
++\f[B](default)\f[]
++.IP \[bu] 2
++\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
++.IP \[bu] 2
++\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
++.IP \[bu] 2
++\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
++.IP \[bu] 2
++\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Supported Public Object Algorithms
++.PP
++Supported public object algorithms are:
++.IP \[bu] 2
++\f[B]0x1\f[] or \f[B]rsa\f[] for \f[B]TPM_ALG_RSA\f[]
++(\f[B]default\f[]).
++.IP \[bu] 2
++\f[B]0x8\f[] or \f[B]keyedhash\f[] for \f[B]TPM_ALG_KEYEDHASH\f[].
++.IP \[bu] 2
++\f[B]0x23\f[] or \f[B]ecc\f[] for \f[B]TPM_ALG_ECC\f[].
++.IP \[bu] 2
++\f[B]0x25\f[] or \f[B]symcipher\f[] for \f[B]TPM_ALG_SYMCIPHER\f[].
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Algorithm Specfiers
++.PP
++Options that take algorithms support \[lq]nice\-names\[rq].
++Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
++The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
++from the Algorithm Name field and converting it to lower case.
++For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
++.PP
++The algorithms can be found at:
++<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
++.SH Object Attributes
++.PP
++Object Attributes are used to control various properties of created
++objects.
++When specified as an option, either the raw bitfield mask or
++\[lq]nice\-names\[rq] may be used.
++The values can be found in Table 31 Part 2 of the TPM2.0 specification,
++which can be found here:
++.PP
++<https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf>
++.PP
++Nice names are calculated by taking the name field of table 31 and
++removing the prefix \f[B]TPMA_OBJECT_\f[] and lowercasing the result.
++Thus, \f[B]TPMA_OBJECT_FIXEDTPM\f[] becomes fixedtpm.
++Nice names can be joined using the bitwise or \[lq]|\[rq] symbol.
++.PP
++For instance, to set The fields \f[B]TPMA_OBJECT_FIXEDTPM\f[],
++\f[B]TPMA_OBJECT_NODA\f[], and \f[B]TPMA_OBJECT_SIGN\f[], the argument
++would be:
++.PP
++\f[B]fixedtpm|noda|sign\f[]
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_createprimary\ \-H\ o\ \-g\ sha256\ \-G\ ecc\ \-C\ context.out
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_dictionarylockout.1 tpm2-tools-3.0.4-new/man/man1/tpm2_dictionarylockout.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_dictionarylockout.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_dictionarylockout.1	2018-09-10 07:57:13.320590324 -0700
+@@ -0,0 +1,155 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_dictionarylockout" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_dictionarylockout\f[](1) \- setup or clear
++dictionary\-attack\-lockout parameters.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_dictionarylockout\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_dictionarylockout\f[](1) \- setup dictionary\-attack\-lockout
++parameters or clear dictionary\-attack\-lockout state, if any passwd
++option is missing, assume NULL.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-s\f[], \f[B]\[en]setup\-parameters\f[]=\f[I]SETUP_PARAMETERS\f[]:
++specifies the tool should operate to setup dictionary\-attack\-lockout
++parameters.
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]clear\-lockout\f[]: specifies the tool should
++operate to clear dictionary\-attack\-lockout state.
++.IP \[bu] 2
++\f[B]\-l\f[], \f[B]\-lockout\-recovery\-time\f[]=\f[I]LOCKOUT_TIME\f[]:
++specifies the wait time in seconds before another TPM_RH_LOCKOUT
++authentication attempt can be made after a failed authentication.
++.IP \[bu] 2
++\f[B]\-t\f[], \f[B]\[en]recovery\-time\f[]=\f[I]RECOVERY_TIME\f[]:
++specifies the wait time in seconds before another DA\-protected\-object
++authentication attempt can be made after max\-tries number of failed
++authentications.
++.IP \[bu] 2
++\f[B]\-n\f[], \f[B]\[en]max\-tries\f[]=\f[I]MAX_TRYS\f[]: specifies the
++maximum number of allowed authentication attempts on
++DA\-protected\-object; after which DA is activated.
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
++Input session handle from a policy session for authorization.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_dictionarylockout\ \-c\ \-p\ passwd
++tpm2_dictionarylockout\ \-s\ \-n\ 5\ \-t\ 6\ \-l\ 7\ \-p\ passwd
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_encryptdecrypt.1 tpm2-tools-3.0.4-new/man/man1/tpm2_encryptdecrypt.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_encryptdecrypt.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_encryptdecrypt.1	2018-09-10 07:57:13.685585336 -0700
+@@ -0,0 +1,170 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_encryptdecrypt" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_encryptdecrypt\f[](1) \- performs symmetric encryption or
++decryption.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_encryptdecrypt\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++tpm2_encryptdecrypt(1) \- performs symmetric encryption or decryption
++with a specified symmetric key.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]: the
++symmetric key used for the operation (encryption/decryption).
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]:
++filename of the key context used for the operation.
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: filename of the
++key context used for the operation.
++The password for parent key, optional.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-D\f[], \f[B]\[en]decrypt\f[]: Perform a decrypt operation.
++Default is encryption.
++.IP \[bu] 2
++\f[B]\-I\f[], \f[B]\[en]in\-file\f[]=\f[I]INPUT_FILE\f[]: Input file
++path containing data for decrypt or encrypt operation.
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
++Input session handle from a policy session for authorization.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_encryptdecrypt\ \-k\ 0x81010001\ \-P\ abc123\ \-D\ NO\ \-I\ <filePath>\ \-o\ <filePath>
++tpm2_encryptdecrypt\ \-c\ key.context\ \-P\ abc123\ \-D\ NO\ \-I\ <filePath>\ \-o\ <filePath>
++tpm2_encryptdecrypt\ \-k\ 0x81010001\ \-P\ 123abca\ \-X\ \-D\ NO\ \-I\ <filePath>\ \-o\ <filePath>
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_evictcontrol.1 tpm2-tools-3.0.4-new/man/man1/tpm2_evictcontrol.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_evictcontrol.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_evictcontrol.1	2018-09-10 07:57:13.874582753 -0700
+@@ -0,0 +1,181 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_evictcontrol" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_evictcontrol\f[](1) \- Make a transient object persistent or
++evict a persistent object.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_evictcontrol\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_evictcontrol\f[](1) \- allows a transient object to be made
++persistent or a persistent object to be evicted.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-A\f[], \f[B]\[en]auth\f[]=\f[I]AUTH\f[]: The authorization used
++to authorize the commands.
++Valid choices are:
++.RS 2
++.IP \[bu] 2
++\f[B]o\f[] for \f[B]TPM_RH_OWNER\f[]
++.IP \[bu] 2
++\f[B]p\f[] for \f[B]TPM_RH_PLATFORM\f[]
++.RE
++.IP \[bu] 2
++\f[B]\-H\f[], \f[B]\[en]handle\f[]=\f[I]HANDLE\f[]: The handle of a
++loaded transient or a persistent object.
++.RS 2
++.PP
++If the handle is for a transient object, then a handle that will be
++assigned to the persisted object must also be specified with the
++\f[B]\-S\f[] option.
++.PP
++If the handle is for a persistent object, then the \f[B]\-S\f[] does not
++need to be provided since the handle must be the same for both options.
++.RE
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]context\f[]=\f[I]OBJECT_CONTEXT_FILE\f[]:
++Filename for object context.
++.IP \[bu] 2
++\f[B]\-S\f[], \f[B]\[en]persistent\f[]=\f[I]PERSISTENT_HANDLE\f[]: The
++persistent handle for the object handle specified via \f[I]HANDLE\f[].
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]pwda\f[]=\f[I]AUTH_PASSWORD\f[]: authorization
++password, optional.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_evictcontrol\ \-A\ o\ \-c\ object.context\ \-S\ 0x81010002\ \-P\ abc123
++tpm2_evictcontrol\ \-A\ o\ \-H\ 0x81010002\ \-S\ 0x81010002\ \-P\ abc123
++tpm2_evictcontrol\ \-A\ o\ \-H\ 0x81010002\ \-S\ 0x81010002\ \-P\ 123abc
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getcap.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getcap.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_getcap.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_getcap.1	2018-09-10 07:57:13.499587878 -0700
+@@ -0,0 +1,161 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_getcap" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_getcap\f[](1) \- Display TPM capabilities in a human readable
++form.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_getcap\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_getcap\f[](1) \- Query the TPM for it's capabilities /
++properties and dump them to the console.
++This is a thin wrapper around the GetCapability command.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]capability\f[]=\f[I]CAPABILITY_NAME\f[]: The
++name of the capability group to query.
++Currently supported capability groups are:
++.RS 2
++.IP \[bu] 2
++properties\-fixed: Display fixed TPM properties.
++.IP \[bu] 2
++properties\-variable: Display variable TPM properties.
++.IP \[bu] 2
++algorithms: Display data about supported algorithms.
++.IP \[bu] 2
++commands: Display data about supported commands.
++.IP \[bu] 2
++ecc\-curves: Display data about elliptic curves.
++.IP \[bu] 2
++handles\-transient: Display handles about transient objects.
++.IP \[bu] 2
++handles\-persistent: Display handles about persistent objects.
++.IP \[bu] 2
++handles\-permanent: Display handles about permanent objects.
++.IP \[bu] 2
++handles\-pcr: Display handles about PCRs.
++.IP \[bu] 2
++handles\-nv\-index: Display handles about NV Indices.
++.IP \[bu] 2
++handles\-loaded\-session: Display handles about both loaded HMAC and
++policy sessions.
++.IP \[bu] 2
++handles\-saved\-session: Display handles about saved sessions.
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_getcap\ \-\-capability="properties\-fixed"
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getmanufec.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getmanufec.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_getmanufec.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_getmanufec.1	2018-09-10 07:57:14.067580116 -0700
+@@ -0,0 +1,226 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_getmanufec" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_getmanufec\f[](1) \- Retrieve the Endorsement Credential
++Certificate for the TPM endorsement key from the TPM manufacturer's
++endorsement certificate hosting server.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_getmanufec\f[] [\f[I]OPTIONS\f[]] [\f[I]URL\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_getmanufec\f[](1) \- Retrieve the Endorsement Credential
++Certificate for the TPM endorsement key from the TPM manufacturer's
++endorsement certificate hosting server.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-e\f[], \f[B]\[en]endorse\-passwd\f[]=\f[I]ENDORSE_PASSWORD\f[]:
++specifies current endorse password (string, optional,default:NULL).
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]owner\-passwd\f[]=\f[I]OWNER_PASSWORD\f[]:
++specifies current owner password (string, optional,default:NULL).
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]ek\-passwd\f[]=\f[I]EK_PASSWORD\f[]: specifies
++the EK password when created (string,optional,default:NULL).
++.RS 2
++.PP
++Passwords should follow the password formatting standards, see section
++\[lq]Password Formatting\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-H\f[], \f[B]\[en]handle\f[]=\f[I]HANDLE\f[]: specifies the handle
++used to make EK persistent (hex).
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]alg\f[]=\f[I]ALGORITHM\f[]: specifies the
++algorithm type of EK.
++See section \[lq]Supported Public Object Algorithms\[rq] for a list of
++supported object algorithms.
++See section \[lq]Algorithm Specifiers\[rq] on how to specify an
++algorithm argument.
++.IP \[bu] 2
++\f[B]\-f\f[], \f[B]\[en]output\f[]=\f[I]FILE\f[]: Specifies the file
++used to save the public portion of EK.
++.IP \[bu] 2
++\f[B]\-N\f[], \f[B]\[en]non\-persistent\f[]: specifies to readout the EK
++public without making it persistent.
++.IP \[bu] 2
++\f[B]\-O\f[], \f[B]\[en]offline\f[]=\f[I]FILE\f[]: Specifies the file
++that contains an EK retrieved from offline platform that needs to be
++provisioned.
++.IP \[bu] 2
++\f[B]\-E\f[], \f[B]\[en]ec\-cert\f[]=\f[I]EC_CERT_FILE\f[]: Specifies
++the file used to save the Endorsement Credentials retrieved from the TPM
++manufacturer provisioning server.
++Defaults to stdout if not specified.
++.IP \[bu] 2
++\f[B]\-U\f[], \f[B]\[en]SSL_NO_VERIFY\f[]: specifies to attempt
++connecting with the TPM manufacturer provisioning server with
++SSL_NO_VERIFY option.
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
++Input session handle from a policy session for authorization.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH Supported Public Object Algorithms
++.PP
++Supported public object algorithms are:
++.IP \[bu] 2
++\f[B]0x1\f[] or \f[B]rsa\f[] for \f[B]TPM_ALG_RSA\f[]
++(\f[B]default\f[]).
++.IP \[bu] 2
++\f[B]0x8\f[] or \f[B]keyedhash\f[] for \f[B]TPM_ALG_KEYEDHASH\f[].
++.IP \[bu] 2
++\f[B]0x23\f[] or \f[B]ecc\f[] for \f[B]TPM_ALG_ECC\f[].
++.IP \[bu] 2
++\f[B]0x25\f[] or \f[B]symcipher\f[] for \f[B]TPM_ALG_SYMCIPHER\f[].
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Algorithm Specfiers
++.PP
++Options that take algorithms support \[lq]nice\-names\[rq].
++Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
++The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
++from the Algorithm Name field and converting it to lower case.
++For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
++.PP
++The algorithms can be found at:
++<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
++.SH NOTES
++.PP
++When the verbose option is specified, additional curl debugging
++information is provided by setting the curl mode verbose, see:
++<https://curl.haxx.se/libcurl/c/CURLOPT_VERBOSE.html> for more
++information.
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_getmanufec\ \-e\ abc123\ \-o\ abc123\ \-P\ passwd\ \-H\ 0x81010001\-g\ 0x01\ \-O\ \-N\ \-U\ \-E\ ECcert.bin\ \-f\ ek.bin\ https://tpm.manufacturer.com/ekcertserver/
++tpm2_getmanufec\ \-e\ 1a1b1c\ \-o\ 1a1b1c\ \-P\ 123abc\ \-H\ 0x81010001\-g\ 0x01\ \-O\ \-N\ \-U\ \-E\ ECcert.bin\ \-f\ ek.bin\ https://tpm.manufacturer.com/ekcertserver/
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getpubak.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getpubak.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_getpubak.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_getpubak.1	2018-09-10 07:57:14.258577505 -0700
+@@ -0,0 +1,242 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_getpubak" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_getpubak\f[](1) \- Generate attestation key with given
++algorithm under the endorsement hierarchy.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_getpubak\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_getpubak\f[](1) \- Generate attestation key with given
++algorithm under endorsement hierarchy, make it persistent with given ak
++handle, and return pub AK and AK name.
++If any passwd option is missing, assume NULL.
++.PP
++The tool outputs to stdout a YAML representation of the loaded key
++handle as well as it's name, for example:
++.IP
++.nf
++\f[C]
++loaded\-key:
++\ \ handle:\ 800000ff
++\ \ name:\ 000bac149518baa05540a0678bd9b624f8a98d042e46c60f4d098ba394d36fc49268
++\f[]
++.fi
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-e\f[], \f[B]\[en]endorse\-passwd\f[]=\f[I]ENDORSE_PASSWORD\f[]:
++Specifies current endorsement password, defaults to NULL.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]ak\-passwd\f[]=\f[I]AK_PASSWORD\f[] Specifies
++the AK password when created, defaults to NULL.
++Same formatting as the endorse password value or \-e option.
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]owner\-passwd\f[]=\f[I]OWNER_PASSWORD\f[]
++Specifies the current owner password, defaults to NULL.
++Same formatting as the endorse password value or \-e option.
++.IP \[bu] 2
++\f[B]\-E\f[], \f[B]\[en]ek\-handle\f[]=\f[I]EK_HANDLE\f[]: Specifies the
++handle used to make EK persistent.
++.IP \[bu] 2
++\f[B]\-k\f[], \f[B]\[en]ak\-handle\f[]=\f[I]AK_HANDLE\f[]: Specifies the
++handle used to make AK persistent.
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]alg\f[]=\f[I]ALGORITHM\f[]: Specifies the
++algorithm type of AK.
++Algorithms should follow the " formatting standards, see section
++\[lq]Algorithm Specifiers\[rq].
++See section \[lq]Supported Public Object Algorithms\[rq] for a list of
++supported object algorithms.
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]alg\f[]=\f[I]ALGORITHM\f[]: Like \-g, but
++specifies the algorithm of sign.
++See section \[lq]Supported Signing Algorithms\[rq] for details.
++.IP \[bu] 2
++\f[B]\-f\f[], \f[B]\[en]file\f[]=\f[I]FILE\f[]: Specifies the file used
++to save the public portion of AK.
++This will be a binary data structure corresponding to the TPM2B_PUBLIC
++struct in the specification.
++.IP \[bu] 2
++\f[B]\-n\f[], \f[B]\[en]ak\-name\f[]=\f[I]NAME\f[]: Specifies the file
++used to save the ak name, optional.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH Supported Signing Algorithms
++.PP
++Supported algorithms are:
++.IP \[bu] 2
++\f[B]0x5\f[] or \f[B]hmac\f[] for \f[B]TPM_ALG_HMAC\f[]
++\f[B](default)\f[]
++.IP \[bu] 2
++\f[B]0x14\f[] or \f[B]rsassa\f[] for \f[B]TPM_ALG_RSASSA\f[]
++.IP \[bu] 2
++\f[B]0x16\f[] or \f[B]rsapss\f[] for \f[B]TPM_ALG_RSAPSS\f[]
++.IP \[bu] 2
++\f[B]0x18\f[] or \f[B]ecdsa\f[] for \f[B]TPM_ALG_ECDSA\f[]
++.IP \[bu] 2
++\f[B]0x1A\f[] or \f[B]ecdaa\f[] for \f[B]TPM_ALG_ECDAA\f[]
++.IP \[bu] 2
++\f[B]0x1B\f[] or \f[B]sm2\f[] for \f[B]TPM_ALG_SM2\f[]
++.IP \[bu] 2
++\f[B]0x1C\f[] or \f[B]ecschnorr\f[] for \f[B]TPM_ALG_ECSCHNORR\f[]
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Supported Public Object Algorithms
++.PP
++Supported public object algorithms are:
++.IP \[bu] 2
++\f[B]0x1\f[] or \f[B]rsa\f[] for \f[B]TPM_ALG_RSA\f[]
++(\f[B]default\f[]).
++.IP \[bu] 2
++\f[B]0x8\f[] or \f[B]keyedhash\f[] for \f[B]TPM_ALG_KEYEDHASH\f[].
++.IP \[bu] 2
++\f[B]0x23\f[] or \f[B]ecc\f[] for \f[B]TPM_ALG_ECC\f[].
++.IP \[bu] 2
++\f[B]0x25\f[] or \f[B]symcipher\f[] for \f[B]TPM_ALG_SYMCIPHER\f[].
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Algorithm Specfiers
++.PP
++Options that take algorithms support \[lq]nice\-names\[rq].
++Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
++The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
++from the Algorithm Name field and converting it to lower case.
++For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
++.PP
++The algorithms can be found at:
++<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_getpubak\ \-e\ abc123\ \-P\ abc123\ \-o\ passwd\ \-E\ 0x81010001\ \-k\ 0x81010002\ \-f\ ./ak.pub\ \-n\ ./ak.name
++tpm2_getpubak\ \-e\ 1a1b1c\ \-P\ 123abc\ \-o\ 1a1b1c\ \-X\ \-E\ 0x81010001\ \-k\ 0x81010002\ \-f\ ./ak.pub\ \-n\ ./ak.name
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getpubek.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getpubek.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_getpubek.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_getpubek.1	2018-09-10 07:57:14.443574977 -0700
+@@ -0,0 +1,189 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_getpubek" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_getpubek\f[](1) \- Generate TCG profile compliant endorsement
++key.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_getpubek\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_getpubek\f[](1) \- Generate TCG profile compliant endorsement
++key(endorsement hierarchy primary object), make it persistent with give
++ek handle, and return public EK, if any passwd option is missing, assume
++NULL.
++.PP
++Refer to:
++<http://www.trustedcomputinggroup.org/files/static_page_files/7CAA5687-1A4B-B294-D04080D058E86C5F>
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-e\f[], \f[B]\[en]endorse\-passwd\f[]=\f[I]ENDORSE_PASSWORD\f[]:
++Specifies current endorsement password, defaults to NULL.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]owner\-passwd\f[]=\f[I]OWNER_PASSWORD\f[]
++Specifies the current owner password, defaults to NULL.
++Same formatting as the endorse password value or \-e option.
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]eKPasswd\f[]=\f[I]EK_PASSWORD\f[] Specifies the
++EK password when created, defaults to NULL.
++Same formatting as the endorse password value or \-e option.
++.IP \[bu] 2
++\f[B]\-H\f[], \f[B]\[en]handle\f[]=\f[I]HANDLE\f[]: specifies the handle
++used to make EK persistent (hex).
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]alg\f[]=\f[I]ALGORITHM\f[]: specifies the
++algorithm type of EK.
++See section \[lq]Supported Public Object Algorithms\[rq] for a list of
++supported object algorithms.
++See section \[lq]Algorithm Specifiers\[rq] on how to specify an
++algorithm argument.
++.IP \[bu] 2
++\f[B]\-f\f[], \f[B]\[en]file\f[]=\f[I]FILE\f[]: specifies the file used
++to save the public portion of EK.
++This will be a binary data structure corresponding to the TPM2B_PUBLIC
++struct in the specification.
++.IP \[bu] 2
++\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION\f[]:
++Optional Input session handle from a policy session for authorization.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Supported Public Object Algorithms
++.PP
++Supported public object algorithms are:
++.IP \[bu] 2
++\f[B]0x1\f[] or \f[B]rsa\f[] for \f[B]TPM_ALG_RSA\f[]
++(\f[B]default\f[]).
++.IP \[bu] 2
++\f[B]0x8\f[] or \f[B]keyedhash\f[] for \f[B]TPM_ALG_KEYEDHASH\f[].
++.IP \[bu] 2
++\f[B]0x23\f[] or \f[B]ecc\f[] for \f[B]TPM_ALG_ECC\f[].
++.IP \[bu] 2
++\f[B]0x25\f[] or \f[B]symcipher\f[] for \f[B]TPM_ALG_SYMCIPHER\f[].
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Algorithm Specfiers
++.PP
++Options that take algorithms support \[lq]nice\-names\[rq].
++Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
++The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
++from the Algorithm Name field and converting it to lower case.
++For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
++.PP
++The algorithms can be found at:
++<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_getpubek\ \-e\ abc123\ \-o\ abc123\ \-P\ passwd\ \-H\ 0x81010001\ \-g\ rsa\ \-f\ ek.pub
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_getrandom.1 tpm2-tools-3.0.4-new/man/man1/tpm2_getrandom.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_getrandom.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_getrandom.1	2018-09-10 07:57:14.625572490 -0700
+@@ -0,0 +1,144 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_getrandom" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_getrandom\f[](1) \- Retrieves random bytes from the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_getrandom\f[] [\f[I]OPTIONS\f[]] \f[I]SIZE\f[]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_getrandom\f[](1) \- Returns the next \f[I]SIZE\f[] octets from
++the random number generator.
++The \f[I]SIZE\f[] parameter is expected as the only argument to the
++tool.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]output\f[]=\f[I]FILE\f[] specifies the filename
++to output the raw bytes to.
++Defaults to stdout as a hex string.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH EXAMPLES
++.PP
++Generate a random 20 bytes and output the binary data to a file:
++.IP
++.nf
++\f[C]
++tpm2_getrandom\ \-o\ random.out\ 20
++\f[]
++.fi
++.PP
++Generate a random 8 bytes and output the hex formated data to stdout:
++.IP
++.nf
++\f[C]
++tpm2_getrandom\ 8
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_hash.1 tpm2-tools-3.0.4-new/man/man1/tpm2_hash.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_hash.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_hash.1	2018-09-10 07:57:14.800570098 -0700
+@@ -0,0 +1,189 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_hash" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_hash\f[](1) \- Performs a hash operation with the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_hash\f[] [\f[I]OPTIONS\f[]] \f[I]FILE\f[]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_hash\f[](1) \- performs a hash operation on \f[I]FILE\f[] and
++returns the results.
++If \f[I]FILE\f[] is not specified, then data is read from stdin.
++If the results of the hash will be used in a signing operation that uses
++a restricted signing key, then the ticket returned by this command can
++indicate that the hash is safe to sign.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-H\f[], \f[B]\[en]hierarchy\f[]=\f[I]HIERARCHY\f[]: hierarchy to
++use for the ticket.
++Supported options are:
++.RS 2
++.IP \[bu] 2
++\f[B]o\f[] for \f[B]TPM_RH_OWNER\f[]
++.IP \[bu] 2
++\f[B]p\f[] for \f[B]TPM_RH_PLATFORM\f[]
++.IP \[bu] 2
++\f[B]e\f[] for \f[B]TPM_RH_ENDORSEMENT\f[]
++.IP \[bu] 2
++\f[B]n\f[] for \f[B]TPM_RH_NULL\f[]
++.RE
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]HASH_ALGORITHM\f[]: The hash
++algorithm to use.
++Algorithms should follow the \[lq]formatting standards, see
++section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported
++Hash Algorithms" for a list of supported hash algorithms.
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]outfile\f[]=\f[I]OUT_FILE\f[] Optional file
++record of the hash result.
++Defaults to stdout in hex form.
++.IP \[bu] 2
++\f[B]\-t\f[], \f[B]\[en]ticket\f[]=\f[I]TICKET_FILE\f[] Optional file
++record of the ticket result.
++Defaults to stdout in hex form.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Supported Hash Algorithms
++.PP
++Supported hash algorithms are:
++.IP \[bu] 2
++\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
++\f[B](default)\f[]
++.IP \[bu] 2
++\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
++.IP \[bu] 2
++\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
++.IP \[bu] 2
++\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
++.IP \[bu] 2
++\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Algorithm Specfiers
++.PP
++Options that take algorithms support \[lq]nice\-names\[rq].
++Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
++The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
++from the Algorithm Name field and converting it to lower case.
++For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
++.PP
++The algorithms can be found at:
++<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
++.SH EXAMPLES
++.PP
++Hash a file with sha1 hash algorithm and save the hash and ticket to a
++file:
++.IP
++.nf
++\f[C]
++tpm2_hash\ \-H\ e\ \-g\ sha1\ \-o\ hash.bin\ \-t\ ticket.bin\ data.txt
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_hmac.1 tpm2-tools-3.0.4-new/man/man1/tpm2_hmac.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_hmac.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_hmac.1	2018-09-10 07:57:14.979567652 -0700
+@@ -0,0 +1,214 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_hmac" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_hmac\f[](1) \- Performs an HMAC operation with the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_hmac\f[] [\f[I]OPTIONS\f[]] \f[I]FILE\f[]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_hmac\f[](1) \- performs an HMAC operation on \f[I]FILE\f[] and
++returns the results.
++If \f[I]FILE\f[] is not specified, then data is read from stdin.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_CONTEXT_FILE\f[]: The
++key handle for the symmetric signing key providing the HMAC key.
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]: The
++filename of the key context used for the operation.
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]: The password for
++key, optional.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]HASH_ALGORITHM\f[]: The hash
++algorithm to use.
++Algorithms should follow the \[lq]formatting standards, see
++section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported
++Hash Algorithms" for a list of supported hash algorithms.
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]outfile\f[]=\f[I]OUT_FILE\f[] Optional file
++record of the HMAC result.
++Defaults to stdout.
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
++Input session handle from a policy session for authorization.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH Supported Hash Algorithms
++.PP
++Supported hash algorithms are:
++.IP \[bu] 2
++\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
++\f[B](default)\f[]
++.IP \[bu] 2
++\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
++.IP \[bu] 2
++\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
++.IP \[bu] 2
++\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
++.IP \[bu] 2
++\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Algorithm Specfiers
++.PP
++Options that take algorithms support \[lq]nice\-names\[rq].
++Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
++The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
++from the Algorithm Name field and converting it to lower case.
++For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
++.PP
++The algorithms can be found at:
++<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
++.SH EXAMPLES
++.PP
++Perform a SHA1 HMAC on data.in and send output and possibly ticket to
++stdout:
++.IP
++.nf
++\f[C]
++tpm2_hmac\ \-k\ 0x81010002\ \-P\ abc123\ \-g\ sha1\ data.in
++\f[]
++.fi
++.PP
++Perform a SHA1 HMAC on data.in read as a file to stdin and send output
++to a file:
++.IP
++.nf
++\f[C]
++tpm2_hmac\ \-c\ key.context\ \-P\ abc123\ \-g\ sha1\ \-o\ hash.out\ <<\ data.in
++\f[]
++.fi
++.PP
++Perform a SHA256 HMAC on \f[I]stdin\f[] and send result and possibly
++ticket to stdout:
++.PP
++cat data.in | tpm2_hmac \-k 0x81010002 \-g sha256 \-o hash.out ```
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_listpersistent.1 tpm2-tools-3.0.4-new/man/man1/tpm2_listpersistent.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_listpersistent.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_listpersistent.1	2018-09-10 07:57:15.157565219 -0700
+@@ -0,0 +1,185 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_listpersistent" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_listpersistent\f[](1) \- Display all defined persistent
++objects.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_listpersistent\f[] [\f[I]OPTIONS\f[]] \f[I]FILE\f[]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_listpersistent\f[](1) \- display all defined persistent
++objects.
++.SH OPTIONS
++.PP
++These options for listing the persistent objects:
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]ALGORITHM\f[]: Only display
++persistent objects using this hash algorithm.
++Algorithms should follow the " formatting standards, see section
++\[lq]Algorithm Specifiers\[rq].
++Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of
++supported hash algorithms.
++.IP \[bu] 2
++\f[B]\-G\f[], \f[B]\[en]kalg\f[]=\f[I]KEY_ALGORITHM\f[]: Only display
++persistent objects using this key algorithm.
++It accepts friendly names just like \f[B]\-g\f[] option.
++See section \[lq]Supported Public Object Algorithms\[rq] for a list of
++supported object algorithms.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Supported Hash Algorithms
++.PP
++Supported hash algorithms are:
++.IP \[bu] 2
++\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
++\f[B](default)\f[]
++.IP \[bu] 2
++\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
++.IP \[bu] 2
++\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
++.IP \[bu] 2
++\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
++.IP \[bu] 2
++\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Supported Public Object Algorithms
++.PP
++Supported public object algorithms are:
++.IP \[bu] 2
++\f[B]0x1\f[] or \f[B]rsa\f[] for \f[B]TPM_ALG_RSA\f[]
++(\f[B]default\f[]).
++.IP \[bu] 2
++\f[B]0x8\f[] or \f[B]keyedhash\f[] for \f[B]TPM_ALG_KEYEDHASH\f[].
++.IP \[bu] 2
++\f[B]0x23\f[] or \f[B]ecc\f[] for \f[B]TPM_ALG_ECC\f[].
++.IP \[bu] 2
++\f[B]0x25\f[] or \f[B]symcipher\f[] for \f[B]TPM_ALG_SYMCIPHER\f[].
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Algorithm Specfiers
++.PP
++Options that take algorithms support \[lq]nice\-names\[rq].
++Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
++The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
++from the Algorithm Name field and converting it to lower case.
++For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
++.PP
++The algorithms can be found at:
++<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_listpersistent
++tpm2_listpersistent\ \-g\ sha256\ \-G\ ecc
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_load.1 tpm2-tools-3.0.4-new/man/man1/tpm2_load.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_load.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_load.1	2018-09-10 07:57:15.346562636 -0700
+@@ -0,0 +1,176 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_load" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_load\f[](1) \- Load an object into the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_load\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_load\f[](1) \- Load both the private and public portions of an
++object into the TPM.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-H\f[], \f[B]\[en]parent\f[]=\f[I]PARENT_HANDLE\f[]: The handle of
++the parent object.
++Either this option or \f[B]\-c\f[] must be used.
++.IP \[bu] 2
++\f[B]\-c\f[],
++\f[B]\[en]context\-parent\f[]=\f[I]PARENT_CONTEXT_FILE\f[]: The filename
++for parent context.
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]pwdp\f[]=\f[I]PARENT_KEY_PASSWORD\f[]: The
++password for parent key, optional.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-u\f[], \f[B]\[en]pubfile\f[]=\f[I]PUBLIC_OBJECT_DATA_FILE\f[]: A
++file containing the public portion of the object.
++.IP \[bu] 2
++\f[B]\-r\f[], \f[B]\[en]privfile\f[]=\f[I]PRIVATE_OBJECT_DATA_FILE\f[]:
++A file containing the sensitive portion of the object.
++.IP \[bu] 2
++\f[B]\-n\f[], \f[B]\[en]name\f[]=\f[I]NAME_DATA_FILE\f[]: An optional
++file to save the name structure of the object.
++.IP \[bu] 2
++\f[B]\-C\f[], \f[B]\[en]context\f[]=\f[I]CONTEXT_FILE\f[]: An optional
++file to save the object context to.
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
++Input session handle from a policy session for authorization.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_load\ \ \-H\ 0x80000000\ \-P\ abc123\ \-u\ <pubKeyFileName>\ \-r\ <privKeyFileName>\ \-n\ <outPutFileName>
++tpm2_load\ \ \-c\ parent.context\ \-P\ abc123\ \-u\ <pubKeyFileName>\ \-r\ <privKeyFileName>\ \-n\ <outPutFileName>\ \-C\ object.context
++tpm2_load\ \ \-H\ 0x80000000\ \-P\ "hex:123abc"\ \-u\ <pubKeyFileName>\ \-r\ <privKeyFileName>\ \-n\ <outPutFileName>
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_loadexternal.1 tpm2-tools-3.0.4-new/man/man1/tpm2_loadexternal.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_loadexternal.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_loadexternal.1	2018-09-10 07:57:15.520560258 -0700
+@@ -0,0 +1,166 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_loadexternal" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_loadexternal\f[](1) \- load an object that is not a Protected
++Object into the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_loadexternal\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_loadexternal\f[](1) \- load an object that is not a Protected
++Object into the TPM.
++The command allows loading of a public area or both a public and a
++sensitive area.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-H\f[], \f[B]\[en]hierarchy\f[]=\f[I]HIERARCHY\f[]: hierarchy to
++use for the ticket.
++Supported options are:
++.RS 2
++.IP \[bu] 2
++\f[B]o\f[] for \f[B]TPM_RH_OWNER\f[]
++.IP \[bu] 2
++\f[B]p\f[] for \f[B]TPM_RH_PLATFORM\f[]
++.IP \[bu] 2
++\f[B]e\f[] for \f[B]TPM_RH_ENDORSEMENT\f[]
++.IP \[bu] 2
++\f[B]n\f[] for \f[B]TPM_RH_NULL\f[]
++.RE
++.IP \[bu] 2
++\f[B]\-u\f[], \f[B]\[en]pubfile\f[]=\f[I]PUBLIC_FILE\f[]: The public
++portion of the object.
++.IP \[bu] 2
++\f[B]\-r\f[], \f[B]\[en]privfile\f[]=\f[I]PRIVATE_FILE\f[]: The
++sensitive portion of the object, optional.
++.IP \[bu] 2
++\f[B]\-C\f[], \f[B]\[en]context\f[]=\f[I]CONTEXT_FILE\f[] The file to
++save the object context, optional.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH EXAMPLES
++.PP
++Load a public area generated by tpm2_create, tpm2_readpublic or manually
++.IP
++.nf
++\f[C]
++tpm2_loadexternal\ \-H\ <e|o|p|n>\ \-u\ <pubKeyFileName>\ \-C\ object.context
++\f[]
++.fi
++.PP
++Load a key with sensitive area.
++Both the public & the senstive areas shall be generated externally.
++\f[I]DON'T\f[] use the areas generated by tpm2_create.
++.IP
++.nf
++\f[C]
++tpm2_loadexternal\ \-H\ n\ \-u\ <pubKeyFileName>\ \-r\ <privKeyFileName>\ \-C\ object.context
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_makecredential.1 tpm2-tools-3.0.4-new/man/man1/tpm2_makecredential.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_makecredential.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_makecredential.1	2018-09-10 07:57:15.705557730 -0700
+@@ -0,0 +1,142 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_makecredential" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_makecredential\f[](1) \- load an object that is not a
++Protected Object into the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_makecredential\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_makecredential\f[](1) \- Use a TPM public key to protect a
++secret that is used to encrypt the AK certififcate.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-e\f[], \f[B]\[en]enckey\f[]=\f[I]PUBLIC_FILE\f[]: A tpm Public
++Key which was used to wrap the seed.
++.IP \[bu] 2
++\f[B]\-s\f[], \f[B]\[en]sec\f[]=\f[I]SECRET_DATA_FILE\f[]: The secret
++which will be protected by the key derived from the random seed.
++.IP \[bu] 2
++\f[B]\-n\f[], \f[B]\[en]name\f[]=\f[I]NAME\f[] The name of the key for
++which certificate is to be created.
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUT_FILE\f[] The output file
++path, recording the two structures output by tpm2_makecredential
++function.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_makecredential\ \-e\ <keyFile>\ \-s\ <secFile>\ \-n\ <hexString>\ \-o\ <outFile>
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvdefine.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvdefine.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_nvdefine.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvdefine.1	2018-09-10 07:57:15.879555352 -0700
+@@ -0,0 +1,204 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_nvdefine" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_nvdefine\f[](1) \- define a TPM Non\-Volatile (NV) index.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_nvdefine\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_nvdefine\f[](1) \- Define NV index with given auth value.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index
++to define the space at.
++.IP \[bu] 2
++\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]:
++specifies the handle used to authorize:
++.RS 2
++.IP \[bu] 2
++\f[B]0x40000001\f[] for \f[B]TPM_RH_OWNER\f[]
++.IP \[bu] 2
++\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[]
++.RE
++.IP \[bu] 2
++\f[B]\-s\f[], \f[B]\[en]size\f[]=\f[I]SIZE\f[]: specifies the size of
++data area in bytes.
++Defaults to MAX_NV_INDEX_SIZE which is typically 2048.
++.IP \[bu] 2
++\f[B]\-t\f[], \f[B]\[en]attributes\f[]=\f[I]ATTRIBUTES\f[] Specifies the
++attribute values for the nv region used when creating the entitiy.
++Either the raw bitfield mask or \[lq]nice\-names\[rq] may be used.
++See section \[lq]NV Attributes\[rq] for more details.
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]:
++specifies the password of authHandle.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-I\f[], \f[B]\[en]index\-passwd\f[]=\f[I]INDEX_PASSWORD\f[]:
++specifies the password of NV Index when created.
++Follows the same formatting guidelines as the handle password or \-P
++option.
++.IP \[bu] 2
++\f[B]\-L\f[], \f[B]\[en]policy\-file\f[]=\f[I]POLICY_FILE\f[]: Specifies
++the policy digest file for policy based authorizations.
++.IP \[bu] 2
++\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]:
++Optional Input session handle from a policy session for authorization.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH NV Attributes
++.PP
++NV Attributes are used to control various properties of the NV defined
++space.
++When specified as an option, either the raw bitfield mask or
++\[lq]nice\-names\[rq] may be used.
++The values can be found in Table 204 Part 2 of the TPM2.0 specification,
++which can be found here:
++.PP
++<https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf>
++.PP
++Nice names are calculated by taking the name field of table 204 and
++removing the prefix \f[B]TPMA_NV_\f[] and lowercasing the result.
++Thus, \f[B]TPMA_NV_PPWRITE\f[] becomes ppwrite.
++Nice names can be joined using the bitwise or \[lq]|\[rq] symbol.
++.PP
++Note that the \f[B]TPM_NT\f[] field is 4 bits wide, and thus can be set
++via \f[B]nt=\f[] format.
++For instance, to set The fields \f[B]TPMA_NV_OWNERREAD\f[],
++\f[B]TPMA_NV_OWNERWRITE\f[], \f[B]TPMA_NV_POLICYWRITE\f[], and
++\f[B]TPMA_NT = 0x3\f[], the argument would be:
++.PP
++\f[B]ownerread|ownerwrite|policywrite|nt=0x3\f[] # Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_nvdefine\ \-x\ 0x1500016\ \-a\ 0x40000001\ \-s\ 32\ \-t\ 0x2000A
++tpm2_nvdefine\ \-x\ 0x1500016\ \-a\ 0x40000001\ \-s\ 32\ \-t\ ownerread|ownerwrite|policywrite\ \-I\ 1a1b1c
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvlist.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvlist.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_nvlist.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvlist.1	2018-09-10 07:57:16.056552933 -0700
+@@ -0,0 +1,192 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_nvlist" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_nvlist\f[](1) \- display all defined Non\-Volatile (NV)s
++indices.
++.SS SYNOPSIS
++.PP
++\f[B]tpm2_nvlist\f[] [\f[I]OPTIONS\f[]]
++.SS DESCRIPTION
++.PP
++\f[B]tpm2_nvlist\f[](1) \- display all defined Non\-Volatile (NV)s
++indices to stdout in a YAML format.
++.PP
++Display metadata for all defined NV indices.
++Metadata includes:
++.IP \[bu] 2
++The size of the defined region.
++.IP \[bu] 2
++The hash algorithm used to compute the name of the index.
++.IP \[bu] 2
++The auth policy.
++.IP \[bu] 2
++The NV attributes as defined in section \[lq]NV Attributes\[rq].
++.PP
++Example Output:
++.IP
++.nf
++\f[C]
++0x1500015:
++\ \ hash\ algorithm:
++\ \ \ \ friendly:\ sha256
++\ \ \ \ value:\ 0xB
++\ \ attributes:
++\ \ \ \ friendly:\ ownerwrite|ownerread
++\ \ \ \ value:\ 0x2000200
++\ \ size:\ 32
++\ \ authorization\ policy:
++
++0x1500017:
++\ \ hash\ algorithm:
++\ \ \ \ friendly:\ sha256
++\ \ \ \ value:\ 0xB
++\ \ attributes:
++\ \ \ \ friendly:\ ownerwrite|ownerread
++\ \ \ \ value:\ 0x2000200
++\ \ size:\ 32
++\ \ authorization\ policy:
++\f[]
++.fi
++.SH OPTIONS
++.PP
++This tool takes no tool specific options.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH NV Attributes
++.PP
++NV Attributes are used to control various properties of the NV defined
++space.
++When specified as an option, either the raw bitfield mask or
++\[lq]nice\-names\[rq] may be used.
++The values can be found in Table 204 Part 2 of the TPM2.0 specification,
++which can be found here:
++.PP
++<https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf>
++.PP
++Nice names are calculated by taking the name field of table 204 and
++removing the prefix \f[B]TPMA_NV_\f[] and lowercasing the result.
++Thus, \f[B]TPMA_NV_PPWRITE\f[] becomes ppwrite.
++Nice names can be joined using the bitwise or \[lq]|\[rq] symbol.
++.PP
++Note that the \f[B]TPM_NT\f[] field is 4 bits wide, and thus can be set
++via \f[B]nt=\f[] format.
++For instance, to set The fields \f[B]TPMA_NV_OWNERREAD\f[],
++\f[B]TPMA_NV_OWNERWRITE\f[], \f[B]TPMA_NV_POLICYWRITE\f[], and
++\f[B]TPMA_NT = 0x3\f[], the argument would be:
++.PP
++\f[B]ownerread|ownerwrite|policywrite|nt=0x3\f[] # EXAMPLES
++.PP
++To list the defined NV indeces to stdout:
++.IP
++.nf
++\f[C]
++tpm2_nvlist
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvread.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvread.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_nvread.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvread.1	2018-09-10 07:57:16.235550487 -0700
+@@ -0,0 +1,194 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_nvread" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_nvread\f[](1) \- Read the data stored in a Non\-Volatile (NV)s
++index.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_nvread\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_nvread\f[](1) \- Read the data stored in a Non\-Volatile (NV)s
++index.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index
++to define the space at.
++.IP \[bu] 2
++\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]:
++specifies the handle used to authorize:
++.RS 2
++.IP \[bu] 2
++\f[B]0x40000001\f[] for \f[B]TPM_RH_OWNER\f[]
++.IP \[bu] 2
++\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[]
++.RE
++.IP \[bu] 2
++\f[B]\-f\f[], \f[B]\[en]output\f[]=\f[I]FILE\f[]: file to write data
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]:
++specifies the password of authHandle.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-s\f[], \f[B]\[en]size\f[]=\f[I]SIZE\f[]: Specifies the size of
++data to be read in bytes, starting from 0 if offset is not specified.
++If not specified, the size of the data as reported by the public portion
++of the index will be used.
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]offset\f[]=\f[I]OFFSET\f[]: The offset within
++the NV index to start reading from.
++.IP \[bu] 2
++\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]:
++Optional Input session handle from a policy session for authorization.
++.IP \[bu] 2
++\f[B]\-L\f[], \f[B]\[en]set\-list\f[]==\f[I]PCR_SELECTION_LIST\f[]:
++.RS 2
++.PP
++The list of pcr banks and selected PCRs' ids.
++\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers
++standards, see section \[lq]PCR Bank Specfiers\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-F\f[],**\[en]pcr\-input\-file=\f[I]PCR_INPUT_FILE\f[]
++.RS 2
++.PP
++Optional Path or Name of the file containing expected pcr values for the
++specified index.
++Default is to read the current PCRs per the set list.
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH EXAMPLES
++.PP
++To read 32 bytes from an index starting at offset 0:
++.IP
++.nf
++\f[C]
++tpm2_nvread\ \-x\ 0x1500016\ \-a\ 0x40000001\ \-s\ 32
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvreadlock.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvreadlock.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_nvreadlock.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvreadlock.1	2018-09-10 07:57:16.415548027 -0700
+@@ -0,0 +1,169 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_nvreadlock" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_nvreadlock\f[](1) \- lock the Non\-Volatile (NV) index for
++further reads.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_nvreadlock\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_nvreadlock\f[](1) \- lock the Non\-Volatile (NV) index for
++further reads.
++The index is released on subsequent restart of the machine.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index
++to define the space at.
++.IP \[bu] 2
++\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]:
++specifies the handle used to authorize:
++.RS 2
++.IP \[bu] 2
++\f[B]0x40000001\f[] for \f[B]TPM_RH_OWNER\f[]
++.IP \[bu] 2
++\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[]
++.RE
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]:
++specifies the password of authHandle.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]:
++Optional Input session handle from a policy session for authorization.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH EXAMPLES
++.PP
++To lock an index protected by a password:
++.IP
++.nf
++\f[C]
++tpm2_nvreadlock\ \-x\ 0x1500016\ \-a\ 0x40000001\ \-P\ passwd
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvrelease.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvrelease.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_nvrelease.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvrelease.1	2018-09-10 07:57:16.603545458 -0700
+@@ -0,0 +1,168 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_nvrelease" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_nvrelease\f[](1) \- Release a Non\-Volatile (NV) index.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_nvrelease\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_nvrelease\f[](1) \- Release a Non\-Volatile (NV) index that
++was previously defined with tpm2_nvdefine(1).
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index
++to release.
++.IP \[bu] 2
++\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]:
++specifies the handle used to authorize:
++.RS 2
++.IP \[bu] 2
++\f[B]0x40000001\f[] for \f[B]TPM_RH_OWNER\f[]
++.IP \[bu] 2
++\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[]
++.RE
++.IP \[bu] 2
++\f[B]\-s\f[], \f[B]\[en]size\f[]=\f[I]SIZE\f[]: specifies the size of
++data area in bytes.
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]:
++specifies the password of authHandle.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]:
++Optional Input session handle from a policy session for authorization.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_nvrelease\ \-x\ 0x1500016\ \-a\ 0x40000001\ \-P\ passwd
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_nvwrite.1 tpm2-tools-3.0.4-new/man/man1/tpm2_nvwrite.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_nvwrite.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_nvwrite.1	2018-09-10 07:57:16.788542929 -0700
+@@ -0,0 +1,187 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_nvwrite" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_nvwrite\f[](1) \- Write data to a Non\-Volatile (NV) index.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_nvwrite\f[] [\f[I]OPTIONS\f[]] \f[I]FILE\f[]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_nvwrite\f[](1) \- Write data specified via \f[I]FILE\f[] to a
++Non\-Volatile (NV) index.
++If \f[I]FILE\f[] is not specified, it defaults to stdout.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-x\f[], \f[B]\[en]index\f[]=\f[I]NV_INDEX\f[]: Specifies the index
++to define the space at.
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]offset\f[]=\f[I]OFFSET\f[]: The offset within
++the NV index to start writing at.
++.IP \[bu] 2
++\f[B]\-a\f[], \f[B]\[en]auth\-handle\f[]=\f[I]SECRET_DATA_FILE\f[]:
++specifies the handle used to authorize:
++.RS 2
++.IP \[bu] 2
++\f[B]0x40000001\f[] for \f[B]TPM_RH_OWNER\f[]
++.IP \[bu] 2
++\f[B]0x4000000C\f[] for \f[B]TPM_RH_PLATFORM\f[]
++.RE
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]handle\-passwd\f[]=\f[I]HANDLE_PASSWORD\f[]:
++specifies the password of authHandle.
++Passwords should follow the \[lq]password formatting standards, see
++section\[rq]Password Formatting“.
++.IP \[bu] 2
++\f[B]\-S\f[], \f[B]\[en]input\-session\-handle\f[]=\f[I]SIZE\f[]:
++Optional Input session handle from a policy session for authorization.
++.IP \[bu] 2
++\f[B]\-L\f[], \f[B]\[en]set\-list\f[]==\f[I]PCR_SELECTION_LIST\f[]:
++.RS 2
++.PP
++The list of pcr banks and selected PCRs' ids.
++\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers
++standards, see section \[lq]PCR Bank Specfiers\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-F\f[],**\[en]pcr\-input\-file=\f[I]PCR_INPUT_FILE\f[]
++.RS 2
++.PP
++Optional Path or Name of the file containing expected pcr values for the
++specified index.
++Default is to read the current PCRs per the set list.
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH EXAMPLES
++.PP
++To write the file nv.data to index 0x150016:
++.IP
++.nf
++\f[C]
++tpm2_nvwrite\ \-x\ 0x1500016\ \-a\ 0x40000001\ nv.data
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_pcrevent.1 tpm2-tools-3.0.4-new/man/man1/tpm2_pcrevent.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_pcrevent.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_pcrevent.1	2018-09-10 07:57:16.965540510 -0700
+@@ -0,0 +1,162 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_pcrevent" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_pcrevent\f[](1) \- hashes a file and optionally extends a pcr.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_pcrevent\f[] [\f[I]OPTIONS\f[]] [\f[I]FILE\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_pcrevent\f[](1) hashes \f[I]FILE\f[] if specified or stdin.
++It uses all of the hashing algorithms that the tpm supports.
++Optionally, if a pcr index is specified, it extends that pcr for all
++supported algorithms with the hash digest.
++In either case, it outputs to stdout the hash algorithm used and the
++digest value, one per line:
++.PP
++\f[I]alg\f[]:\f[I]digest\f[]
++.PP
++Where \f[I]alg\f[] is the algorithm used (eg.
++sha1) and \f[I]digest\f[] is the digest resulting from the hash
++computation of \f[I]alg\f[] on the data.
++.PP
++See sections 23.1 and sections 17 of the TPM2.0
++Specification (https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-3-Commands-01.38.pdf)
++.SH OPTIONS
++.PP
++These options control extending the pcr:
++.IP \[bu] 2
++\f[B]\-i\f[], \f[B]\[en]pcr\-index\f[]=\f[I]INDEX\f[]: Not only compute
++the hash digests on \f[I]FILE\f[], also extend the pcr given by
++\f[I]INDEX\f[] for all supported hash algorithms.
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Use
++\f[I]SESSION_HANDLE\f[] for providing an authorization session for the
++pcr specified by \f[I]INDEX\f[].
++It is an error to specify \f[B]\-S\f[] without specifying a pcr index
++with \f[B]\-i\f[].
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]password\f[]=\f[I]PASSWORD\f[]: Use
++\f[I]PASSWORD\f[] for providing an authorization value for the pcr
++specified in \f[I]INDEX\f[].
++It is an error to specify \f[B]\-P\f[] without specifying a pcr index
++with \f[B]\-i\f[].
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH EXAMPLES
++.PP
++Hash a file:
++.PP
++tpm2_pcrevent data
++.PP
++Hash a file and extend pcr 8:
++.PP
++tpm2_pcrevent \-i 8 data
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_pcrextend.1 tpm2-tools-3.0.4-new/man/man1/tpm2_pcrextend.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_pcrextend.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_pcrextend.1	2018-09-10 07:57:17.146538037 -0700
+@@ -0,0 +1,178 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_pcrextend" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_pcrextend\f[](1) \- Extends a PCR.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_pcrextend\f[] [\f[I]OPTIONS\f[]] [\f[I]PCR_DIGEST_SPEC\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_pcrextend\f[](1) Extends the pcrs with values indicated by
++\f[I]PCR_DIGEST_SPEC\f[].
++.PP
++A \f[I]PCR_DIGEST_SPEC\f[] is defined as follows:
++.IP \[bu] 2
++A numerical pcr identifier.
++.IP \[bu] 2
++A colon followed by the algorithm hash specification.
++The algorithm hash specification is as follows:
++.RS 2
++.IP \[bu] 2
++The algorithm friendly name or raw numerical.
++.IP \[bu] 2
++An equals sign.
++.IP \[bu] 2
++The hex hash value.
++.RE
++.PP
++Example Digest Specification:
++.IP
++.nf
++\f[C]
++4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
++\f[]
++.fi
++.PP
++\f[B]Note\f[]: that multiple specifications of PCR and hash are allowed.
++Multiple hashes cause the pcr to be extended with both hashes.
++Multiple same PCR values cause the PCR to be extended multiple times.
++Extension is done in order from left to right as specified.
++At most 5 hash extensions per PCR entry are supported.
++This is to keep the parser simple.
++.SH OPTIONS
++.PP
++This tool accepts no tool specific options.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH EXAMPLES
++.PP
++Extend PCR 4's SHA1 bank with a hash:
++.IP
++.nf
++\f[C]
++tpm2_pcrextend\ 4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
++\f[]
++.fi
++.PP
++Extend PCR 4's SHA1 and SHA256 banks with hashes:
++.IP
++.nf
++\f[C]
++tpm2_pcrextend\ 4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15,sha256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
++\f[]
++.fi
++.PP
++Extend PCR 4's SHA1 and PCR 7's SHA256 bank with hashes:
++.IP
++.nf
++\f[C]
++tpm2_pcrextend\ 4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15\ 7:sha256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_pcrlist.1 tpm2-tools-3.0.4-new/man/man1/tpm2_pcrlist.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_pcrlist.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_pcrlist.1	2018-09-10 07:57:17.326535577 -0700
+@@ -0,0 +1,244 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_pcrlist" "1" "AUGUST 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_pcrlist\f[](1) \- List PCR values.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_pcrlist\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_pcrlist\f[](1) Displays PCR values.
++Without any options, \f[B]tpm2_pcrlist\f[] outputs all pcrs and their
++hash banks.
++One can use either the \f[B]\-g\f[] or \f[B]\-L\f[] mutually exclusive
++options to filter the output.
++.PP
++Output is writtien in a YAML format to stdout, with each algorithm
++followed by a PCR index and its value.
++As a simple example assume just sha1 and sha256 support and only 1 PCR.
++The output would be:
++.IP
++.nf
++\f[C]
++sha1\ :
++\ \ 0\ \ :\ 0000000000000000000000000000000000000003
++sha256\ :
++\ \ 0\ \ :\ 0000000000000000000000000000000000000000000000000000000000000003
++\f[]
++.fi
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]algorithm\f[]=\f[I]HASH_ALGORITHM\f[]: Only
++output PCR banks with the given algorithm.
++Algorithms should follow the \[lq]formatting standards, see
++section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported
++Hash Algorithms" for a list of supported hash algorithms.
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]output\f[]=\f[I]FILE\f[]: The output file to
++write the PCR values in binary format, optional.
++.IP \[bu] 2
++\f[B]\-L\f[], \f[B]\[en]sel\-list\f[]=\f[I]PCR_SELECTION_LIST\f[]:
++.RS 2
++.PP
++The list of pcr banks and selected PCRs' ids for each bank to display.
++\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers
++standards, see section \[lq]PCR Bank Specfiers\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-s\f[], \f[B]\[en]algs\f[]: Output the list of supported
++algorithms.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH PCR Bank Specfiers
++.PP
++PCR Bank Selection lists follow the below specification:
++.IP
++.nf
++\f[C]
++<BANK>:<PCR>[,<PCR>]
++\f[]
++.fi
++.PP
++multiple banks may be separated by `+'.
++.PP
++For example:
++.IP
++.nf
++\f[C]
++sha:3,4+sha256:5,6
++\f[]
++.fi
++.PP
++will select PCRs 3 and 4 from the SHA bank and PCRs 5 and 6 from the
++SHA256 bank.
++.SS Note
++.PP
++PCR Selections allow for up to 5 hash to pcr selection mappings.
++This is a limitaion in design in the single call to the tpm to get the
++pcr values.
++.SH Supported Hash Algorithms
++.PP
++Supported hash algorithms are:
++.IP \[bu] 2
++\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
++\f[B](default)\f[]
++.IP \[bu] 2
++\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
++.IP \[bu] 2
++\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
++.IP \[bu] 2
++\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
++.IP \[bu] 2
++\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Algorithm Specfiers
++.PP
++Options that take algorithms support \[lq]nice\-names\[rq].
++Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
++The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
++from the Algorithm Name field and converting it to lower case.
++For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
++.PP
++The algorithms can be found at:
++<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
++.SH EXAMPLES
++.PP
++display all PCR values:
++.IP
++.nf
++\f[C]
++tpm2_pcrlist
++\f[]
++.fi
++.PP
++Display the PCR values with a specified bank:
++.IP
++.nf
++\f[C]
++tpm2_pcrlist\ \-g\ sha1
++\f[]
++.fi
++.PP
++Display the PCR values with specified banks and store in a file:
++.IP
++.nf
++\f[C]
++tpm2_pcrlist\ \-L\ sha1:16,17,18+sha256:16,17,18\ \-o\ pcrs
++\f[]
++.fi
++.PP
++Display the supported PCR bank algorithms and exit:
++.IP
++.nf
++\f[C]
++tpm2_pcrlist\ \-s
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_quote.1 tpm2-tools-3.0.4-new/man/man1/tpm2_quote.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_quote.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_quote.1	2018-09-10 07:57:17.506533117 -0700
+@@ -0,0 +1,256 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_quote" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_quote\f[](1) \- Provide a quote and signature from the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_quote\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_quote\f[](1) Provide quote and signature for given list of
++PCRs in given algorithm/banks.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-k\f[], \f[B]\[en]ak\-handle\f[]=\f[I]AK_HANDLE\f[]:
++.RS 2
++.PP
++Handle of existing AK.
++.RE
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]ak\-context\f[]=\f[I]AK_CONTEXT_FILE\f[]:
++.RS 2
++.PP
++Filename for the existing AK's context.
++.RE
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]ak\-password\f[]=\f[I]AK_PASSWORD\f[]:
++.RS 2
++.PP
++specifies the password of \f[I]AK_HANDLE\f[].
++Passwords should follow the password formatting standards, see section
++\[lq]Password Formatting\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-l\f[], \f[B]\[en]id\-list\f[]=\f[I]PCR_ID_LIST\f[]
++.RS 2
++.PP
++The comma separated list of selected PCRs' ids, 0~23 e.g.
++\[lq]4,5,6\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-L\f[], \f[B]\[en]sel\-list\f[]=\f[I]PCR_SELECTION_LIST\f[]:
++.RS 2
++.PP
++The list of pcr banks and selected PCRs' ids for each bank.
++\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers
++standards, see section \[lq]PCR Bank Specfiers\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-m\f[], \f[B]\[en]message\f[]:
++.RS 2
++.PP
++message output file, records the quote message that makes up the data
++that is signed by the TPM.
++.RE
++.IP \[bu] 2
++\f[B]\-s\f[], \f[B]\[en]signature\f[]:
++.RS 2
++.PP
++signature output file, records the signature in the format specified via
++the \f[B]\-f\f[] option.
++.RE
++.IP \[bu] 2
++\f[B]\-f\f[], \f[B]\[en]format\f[]
++.RS 2
++.PP
++Format selection for the signature output file.
++See section \[lq]Signature Format Specifiers\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-q\f[], \f[B]\[en]qualify\-data\f[]:
++.RS 2
++.PP
++Data given as a Hex string to qualify the quote, optional.
++This is typically used to add a nonce against replay attacks.
++.RE
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]: Optional
++Input session handle from a policy session for authorization.
++.IP \[bu] 2
++\f[B]\-G\f[], \f[B]\[en]sig\-hash\-algorithm\f[]:
++.RS 2
++.PP
++Hash algorithm for signature.
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH PCR Bank Specfiers
++.PP
++PCR Bank Selection lists follow the below specification:
++.IP
++.nf
++\f[C]
++<BANK>:<PCR>[,<PCR>]
++\f[]
++.fi
++.PP
++multiple banks may be separated by `+'.
++.PP
++For example:
++.IP
++.nf
++\f[C]
++sha:3,4+sha256:5,6
++\f[]
++.fi
++.PP
++will select PCRs 3 and 4 from the SHA bank and PCRs 5 and 6 from the
++SHA256 bank.
++.SS Note
++.PP
++PCR Selections allow for up to 5 hash to pcr selection mappings.
++This is a limitaion in design in the single call to the tpm to get the
++pcr values.
++.SH Signature Format Specifiers
++.PP
++Format selection for the signature output file.
++\f[B]tss\f[] (the default) will output a binary blob according to the
++TPM 2.0 specification and any potential compiler padding.
++The option \f[B]plain\f[] will output the plain signature data as
++defined by the used cryptographic algorithm.
++# EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_quote\ \-k\ 0x81010002\ \-P\ abc123\ \-g\ sha1\ \-l\ 16,17,18
++tpm2_quote\ \-c\ ak.context\ \-P\ "str:abc123"\ \-g\ sha1\ \-l\ 16,17,18
++tpm2_quote\ \-k\ 0x81010002\ \-g\ sha1\ \-l\ 16,17,18
++tpm2_quote\ \-c\ ak.context\ \-g\ sha1\ \-l\ 16,17,18
++tpm2_quote\ \-k\ 0x81010002\ \-P\ "hex:123abc"\ \-L\ sha1:16,17,18+sha256:16,17,18\ \-q\ 11aa22bb
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_rc_decode.1 tpm2-tools-3.0.4-new/man/man1/tpm2_rc_decode.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_rc_decode.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_rc_decode.1	2018-09-10 07:57:17.680530739 -0700
+@@ -0,0 +1,132 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_rc_decode" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_rc_decode\f[](1) \- Decode TPM2 error codes to human readable
++format.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_rc_decode\f[] [\f[I]OPTIONS\f[]] \f[I]RC_CODE\f[]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_rc_decode\f[](1) converts \f[I]RC_CODE\f[] originating from
++the SAPI and TCTI into human readable errors.
++Analogous to strerror(3), but for the tpm2 stack.
++.SH OPTIONS
++.PP
++This tool takes no tool specific options.
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_rc_decode\ 0x100
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_readpublic.1 tpm2-tools-3.0.4-new/man/man1/tpm2_readpublic.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_readpublic.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_readpublic.1	2018-09-10 07:57:17.852528388 -0700
+@@ -0,0 +1,155 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_readpublic" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_readpublic\f[](1) \- Read the public area of a loaded object.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_readpublic\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_readpublic\f[](1) Reads the public area of a loaded object.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-H\f[], \f[B]\[en]object\f[]=\f[I]HANDLE\f[]:
++.RS 2
++.PP
++The loaded object handle to read the public data of.
++.RE
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]ak\-context\f[]=\f[I]OBJECT_CONTEXT_FILE\f[]:
++.RS 2
++.PP
++Filename for object context.
++.RE
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]opu\f[]:
++.RS 2
++.PP
++The output file path, recording the public portion of the object.
++.RE
++.IP \[bu] 2
++\f[B]\-f\f[], \f[B]\[en]format\f[]:
++.RS 2
++.PP
++Format selection for the public key output file.
++`tss' (the default) will output a binary blob according to the TPM 2.0
++secification.
++`pem' will output an OpenSSL compatible PEM encoded public key.
++`der' will output an OpenSSL compatible DER encoded public key.
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_readpublic\ \-H\ 0x81010002\ \-\-opu\ output.dat
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_rsadecrypt.1 tpm2-tools-3.0.4-new/man/man1/tpm2_rsadecrypt.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_rsadecrypt.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_rsadecrypt.1	2018-09-10 07:57:18.040525819 -0700
+@@ -0,0 +1,192 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_rsadecrypt" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_rsadecrypt\f[](1) \- Performs an RSA Decryption operation
++using the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_tpm2_rsadecrypt\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_rsadecrypt\f[](1) performs RSA decryption using the indicated
++padding scheme according to IETF RFC 3447 (PKCS#1).
++The scheme of keyHandle should not be \f[B]TPM_ALG_NULL\f[].
++.PP
++The key referenced by keyHandle is \f[B]required\f[] to be:
++.IP "1." 3
++an RSA key
++.IP "2." 3
++Have the attribute \f[I]decrypt\f[] \f[B]SET\f[] in it's attributes.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]:
++.RS 2
++.PP
++the public portion of RSA key to use for decryption.
++.RE
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]:
++.RS 2
++.PP
++filename of the key context used for the operation.
++.RE
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]:
++.RS 2
++.PP
++specifies the password of \f[I]KEY_HANDLE\f[].
++Passwords should follow the password formatting standards, see section
++\[lq]Password Formatting\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-I\f[], \f[B]\[en]in\-file\f[]=\f[I]INPUT\f[]:
++.RS 2
++.PP
++Input file path, containing the data to be decrypted.
++.RE
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUTPUT_FILE\f[]:
++.RS 2
++.PP
++Output file path, record the decrypted data.
++.RE
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]:
++.RS 2
++.PP
++Optional Input session handle from a policy session for authorization.
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_rsadecrypt\ \-k\ 0x81010001\ \-I\ encrypted.in\ \-o\ plain.out
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_rsaencrypt.1 tpm2-tools-3.0.4-new/man/man1/tpm2_rsaencrypt.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_rsaencrypt.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_rsaencrypt.1	2018-09-10 07:57:18.219523373 -0700
+@@ -0,0 +1,189 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_rsaencrypt" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_rsaencrypt\f[](1) \- Performs an RSA Encryption operation
++using the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_rsaencrypt\f[] [\f[I]OPTIONS\f[]] \f[I]FILE\f[]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_rsaencrypt\f[](1) performs RSA encryption on the contents of
++\f[I]FILE\f[] (defaulting to stdin) using the indicated padding scheme
++according to IETF RFC 3447 (PKCS#1).
++The scheme of keyHandle should not be \f[B]TPM_ALG_NULL\f[].
++.PP
++The key referenced by keyHandle is \f[B]required\f[] to be:
++.IP "1." 3
++an RSA key
++.IP "2." 3
++Have the attribute \f[I]decrypt\f[] \f[B]SET\f[] in it's attributes.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]:
++.RS 2
++.PP
++the public portion of RSA key to use for encryption.
++.RE
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]:
++.RS 2
++.PP
++filename of the key context used for the operation.
++.RE
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]:
++.RS 2
++.PP
++specifies the password of \f[I]KEY_HANDLE\f[].
++Passwords should follow the password formatting standards, see section
++\[lq]Password Formatting\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUTPUT_FILE\f[]:
++.RS 2
++.PP
++Output file path, record the decrypted data.
++The default is to print an xxd compatible hexdump to stdout.
++If a file is specified, raw binary output is performed.
++.RE
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]:
++.RS 2
++.PP
++Optional Input session handle from a policy session for authorization.
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_rsaencrypt\ \-k\ 0x81010001\ \-I\ plain.in\ \-o\ encrypted.out
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_send.1 tpm2-tools-3.0.4-new/man/man1/tpm2_send.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_send.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_send.1	2018-09-10 07:57:18.394520981 -0700
+@@ -0,0 +1,147 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_send" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_send\f[](1) \- Send a raw command buffer to the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_send\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_send\f[](1) Sends a TPM command to the TPM.
++The command is read from a file as a binary stream and transmitted to
++the TPM using the TCTI specified by the caller.
++The response received from the TPM is written to the output file.
++.PP
++Likely the caller will want to redirect this to a file or into a program
++to decode and display the response in a human readable form.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]out\-file\f[]=\f[I]OUTPUT_FILE\f[]:
++.RS 2
++.PP
++Output file to send response buffer to.
++Defaults to stdout.
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH EXAMPLES
++.PP
++Send the contents of tpm2\-command.bin to a device and collect the
++response as tpm2\-response.bin.
++All examples of below accomplish this task.
++.IP
++.nf
++\f[C]
++tpm2_send\ \-\-tcti=device\ <\ tpm2\-command.bin\ >\ tpm2\-response.bin
++tpm2_send\ \-\-tcti=device\ \-i\ tpm2\-command.bin\ >\ tpm2\-response.bin
++tpm2_send\ \-\-tcti=device\ <\ tpm2\-command.bin\ \-o\ tpm2\-response.bin
++tpm2_send\ \-\-tcti=device\ \-i\ tpm2\-command.bin\ \-o\ tpm2\-response.bin
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_sign.1 tpm2-tools-3.0.4-new/man/man1/tpm2_sign.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_sign.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_sign.1	2018-09-10 07:57:18.572518548 -0700
+@@ -0,0 +1,245 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_sign" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_sign\f[](1) \- Sign a hash using the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_sign\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_sign\f[](1) signs an externally provided hash with the
++specified symmetric or asymmetric signing key.
++If keyHandle references a restricted signing key, then validation shall
++be provided, indicating that the TPM performed the hash of the data and
++validation shall indicate that hashed data did not start with
++\f[B]TPM_GENERATED_VALUE\f[].
++The scheme of keyHandle should not be \f[B]TPM_ALG_NULL\f[].
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]:
++.RS 2
++.PP
++Handle of key that will perform signing.
++.RE
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]:
++.RS 2
++.PP
++Filename of the key context used for the operation.
++.RE
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]:
++.RS 2
++.PP
++Specifies the password of \f[I]KEY_HANDLE\f[].
++Passwords should follow the password formatting standards, see section
++\[lq]Password Formatting\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]HASH_ALGORITHM\f[]:
++.RS 2
++.PP
++The hash algorithm used to digest the message.
++Algorithms should follow the \[lq]formatting standards, see
++section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported
++Hash Algorithms" for a list of supported hash algorithms.
++.RE
++.IP \[bu] 2
++\f[B]\-m\f[], \f[B]\[en]msg\f[]=\f[I]MSG_FILE\f[]:
++.RS 2
++.PP
++The message file, containing the content to be digested.
++.RE
++.IP \[bu] 2
++\f[B]\-t\f[], \f[B]\[en]ticket\f[]=\f[I]TICKET_FILE\f[]:
++.RS 2
++.PP
++The ticket file, containning the validation structure, optional.
++.RE
++.IP \[bu] 2
++\f[B]\-s\f[], \f[B]\[en]sig\f[]=\f[I]TICKET_FILE\f[]:
++.RS 2
++.PP
++The signature file, records the signature structure.
++.RE
++.IP \[bu] 2
++\f[B]\-f\f[], \f[B]\[en]format\f[]
++.RS 2
++.PP
++Format selection for the signature output file.
++See section \[lq]Signature Format Specifiers\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]:
++.RS 2
++.PP
++Optional Input session handle from a policy session for authorization.
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH Supported Hash Algorithms
++.PP
++Supported hash algorithms are:
++.IP \[bu] 2
++\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
++\f[B](default)\f[]
++.IP \[bu] 2
++\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
++.IP \[bu] 2
++\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
++.IP \[bu] 2
++\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
++.IP \[bu] 2
++\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Algorithm Specfiers
++.PP
++Options that take algorithms support \[lq]nice\-names\[rq].
++Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
++The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
++from the Algorithm Name field and converting it to lower case.
++For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
++.PP
++The algorithms can be found at:
++<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
++.SH Signature Format Specifiers
++.PP
++Format selection for the signature output file.
++\f[B]tss\f[] (the default) will output a binary blob according to the
++TPM 2.0 specification and any potential compiler padding.
++The option \f[B]plain\f[] will output the plain signature data as
++defined by the used cryptographic algorithm.
++# EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_sign\ \-k\ 0x81010001\ \-P\ abc123\ \-g\ sha256\ \-m\ <filePath>\ \-s\ <filePath>\ \-t\ <filePath>
++tpm2_sign\ \-c\ key.context\ \-P\ abc123\ \-g\ sha256\ \-m\ <filePath>\ \-s\ <filePath>\ \-t\ <filePath>
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_startup.1 tpm2-tools-3.0.4-new/man/man1/tpm2_startup.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_startup.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_startup.1	2018-09-10 07:57:18.742516225 -0700
+@@ -0,0 +1,139 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_startup" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_startup\f[](1) \- Send a startup command to the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_startup\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_startup\f[](1) Send a \f[B]TPM2_Startup\f[] command with
++either \f[B]TPM_SU_CLEAR\f[] or \f[B]TPM_SU_STATE\f[].
++.PP
++\f[B]NOTE\f[]: Typically a Resource Manager or low\-level/boot software
++will have already sent this command.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]clear\f[]:
++.RS 2
++.PP
++Startup type sent will be \f[B]TPM_SU_CLEAR\f[] instead of
++\f[B]TPM2_SU_STATE\f[].
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_startup
++tpm2_startup\ \-c
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_takeownership.1 tpm2-tools-3.0.4-new/man/man1/tpm2_takeownership.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_takeownership.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_takeownership.1	2018-09-10 07:57:18.932513629 -0700
+@@ -0,0 +1,221 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_takeownership" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_takeownership\f[](1) \- Insert authorization values for the
++owner, endorsement and lockout authorizations.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_takeownership\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_takeownership\f[](1) \- performs a hash operation on
++\f[I]FILE\f[] and returns the results.
++If \f[I]FILE\f[] is not specified, then data is read from stdin.
++If the results of the hash will be used in a signing operation that uses
++a restricted signing key, then the ticket returned by this command can
++indicate that the hash is safe to sign.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]owner\-password\f[]=\f[I]OWNER_PASSWORD\f[]: The
++new owner authorization value.
++.RS 2
++.PP
++Passwords should follow the password formatting standards, see section
++\[lq]Password Formatting\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-e\f[], \f[B]\[en]endorse\-password\f[]=\f[I]ENDORSE_PASSWORD\f[]:
++.RS 2
++.PP
++The new endorse authorization value.
++Passwords should follow the same formatting requirements as the \-o
++option.
++.RE
++.IP \[bu] 2
++\f[B]\-l\f[], \f[B]\[en]lockout\-password\f[]=\f[I]LOCKOUT_PASSWORD\f[]:
++.RS 2
++.PP
++The new lockout authorization value.
++.PP
++The new endorse authorization value.
++Passwords should follow the same formatting requirements as the \-o
++option.
++.RE
++.IP \[bu] 2
++\f[B]\-O\f[],
++\f[B]\[en]old\-ownerPassword\f[]=\f[I]OLD_OWNER_PASSWORD\f[]:
++.RS 2
++.PP
++The old owner authorization value.
++Passwords should follow the same formatting requirements as the \-o
++option.
++.RE
++.IP \[bu] 2
++\f[B]\-E\f[],
++\f[B]\[en]old\-endorsePassword\f[]=\f[I]OLD_ENDORSE_PASSWORD\f[]:
++.RS 2
++.PP
++The old endorse authorization value.
++Passwords should follow the same formatting requirements as the \-o
++option.
++.RE
++.IP \[bu] 2
++\f[B]\-L\f[],
++\f[B]\[en]old\-lockoutPassword\f[]=\f[I]OLD_LOCKOUT_PASSWORD\f[]:
++.RS 2
++.PP
++The old lockout authorization value.
++Passwords should follow the same formatting requirements as the \-o
++option.
++.RE
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]clear\f[]:
++.RS 2
++.PP
++Clears the 3 authorizations values with lockout auth, thus one must
++specify \-L.
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH EXAMPLES
++.PP
++Set owner, endorsement and lockout authorizations to an empty auth
++value:
++.IP
++.nf
++\f[C]
++tpm2_takeownership\ \-c\ \-L\ oldlockoutpasswd
++\f[]
++.fi
++.PP
++Set owner, endorsement and lockout authorizations to a new value:
++.IP
++.nf
++\f[C]
++tpm2_takeownership\ \-o\ newo\ \-e\ newe\ \-l\ newl\ \-O\ oldo\ \-E\ olde\ \-L\ oldl
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_unseal.1 tpm2-tools-3.0.4-new/man/man1/tpm2_unseal.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_unseal.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_unseal.1	2018-09-10 07:57:19.123511018 -0700
+@@ -0,0 +1,233 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_unseal" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_unseal\f[](1) \- Returns the data in a loaded Sealed Data
++Object.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_unseal\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_unseal\f[](1) \- \-returns the data in a loaded Sealed Data
++Object.
++.PP
++\f[B]NOTE\f[]: The \f[B]\[en]set\-list\f[] and
++\f[B]\[en]pcr\-input\-file\f[] options should only be used for simple
++PCR authentication policies.
++For more complex policies the tools should be ran in an execution
++environment that keeps the session context alive and pass that session
++using the \f[B]\[en]input\-session\-handle\f[] option.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-H\f[], \f[B]\[en]item\f[]=\f[I]ITEM_HANDLE\f[]:
++.RS 2
++.PP
++Item handle of loaded object.
++.RE
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]item\-context\f[]=\f[I]ITEM_CONTEXT_FILE\f[]:
++.RS 2
++.PP
++Filename of the item context.
++.RE
++.IP \[bu] 2
++\f[B]\-P\f[], \f[B]\[en]pwdk\f[]=\f[I]KEY_PASSWORD\f[]:
++.RS 2
++.PP
++Specifies the password of \f[I]ITEM_HANDLE\f[].
++Passwords should follow the password formatting standards, see section
++\[lq]Password Formatting\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-o\f[], \f[B]\[en]outfile\f[]=\f[I]OUT_FILE\f[]:
++.RS 2
++.PP
++Output file name, containing the unsealed data.
++Defaults to stdout if not specified.
++.RE
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]:
++.RS 2
++.PP
++Optional Input session handle from a policy session for authorization.
++.RE
++.IP \[bu] 2
++\f[B]\-L\f[], \f[B]\[en]set\-list\f[]==\f[I]PCR_SELECTION_LIST\f[]:
++.RS 2
++.PP
++The list of pcr banks and selected PCRs' ids.
++\f[I]PCR_SELECTION_LIST\f[] values should follow the pcr bank specifiers
++standards, see section \[lq]PCR Bank Specfiers\[rq].
++.RE
++.IP \[bu] 2
++\f[B]\-F\f[],**\[en]pcr\-input\-file=\f[I]PCR_INPUT_FILE\f[]
++.RS 2
++.PP
++Optional Path or Name of the file containing expected pcr values for the
++specified index.
++Default is to read the current PCRs per the set list.
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH PCR Bank Specfiers
++.PP
++PCR Bank Selection lists follow the below specification:
++.IP
++.nf
++\f[C]
++<BANK>:<PCR>[,<PCR>]
++\f[]
++.fi
++.PP
++multiple banks may be separated by `+'.
++.PP
++For example:
++.IP
++.nf
++\f[C]
++sha:3,4+sha256:5,6
++\f[]
++.fi
++.PP
++will select PCRs 3 and 4 from the SHA bank and PCRs 5 and 6 from the
++SHA256 bank.
++.SS Note
++.PP
++PCR Selections allow for up to 5 hash to pcr selection mappings.
++This is a limitaion in design in the single call to the tpm to get the
++pcr values.
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_unseal\ \-H\ 0x81010001\ \-P\ abc123\ \-o\ out.dat
++tpm2_unseal\ \-c\ item.context\ \-P\ abc123\ \-o\ out.dat
++tpm2_unseal\ \-H\ 0x81010001\ \-P\ "hex:123abc"\ \-o\ out.dat
++tpm2_unseal\ \-c\ item.context\ \-L\ sha1:0,1,2\ \-F\ out.dat
++\f[]
++.fi
++.SH RETURNS
++.PP
++0 on success or 1 on failure.
++.SH BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.SH HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
+diff -urN tpm2-tools-3.0.4/man/man1/tpm2_verifysignature.1 tpm2-tools-3.0.4-new/man/man1/tpm2_verifysignature.1
+--- tpm2-tools-3.0.4/man/man1/tpm2_verifysignature.1	1969-12-31 17:00:00.000000000 -0700
++++ tpm2-tools-3.0.4-new/man/man1/tpm2_verifysignature.1	2018-09-10 07:57:19.305508531 -0700
+@@ -0,0 +1,244 @@
++.\" Automatically generated by Pandoc 2.0.6
++.\"
++.TH "tpm2_verifysignature" "1" "SEPTEMBER 2017" "tpm2\-tools" "General Commands Manual"
++.hy
++.SH NAME
++.PP
++\f[B]tpm2_verifysignature\f[](1) \- Validates a signature using the TPM.
++.SH SYNOPSIS
++.PP
++\f[B]tpm2_verifysignature\f[] [\f[I]OPTIONS\f[]]
++.SH DESCRIPTION
++.PP
++\f[B]tpm2_verifysignature\f[](1) uses loaded keys to validate a
++signature on a message with the message digest passed to the TPM.
++If the signature check succeeds, then the TPM will produce a
++\f[B]TPMT_TK_VERIFIED\f[].
++Otherwise, the TPM shall return \f[B]TPM_RC_SIGNATURE\f[].
++If \f[I]KEY_HANDLE\f[] references an asymmetric key, only the public
++portion of the key needs to be loaded.
++If \f[I]KEY_HANDLE\f[] references a symmetric key, both the public and
++private portions need to be loaded.
++.SH OPTIONS
++.IP \[bu] 2
++\f[B]\-k\f[], \f[B]\[en]key\-handle\f[]=\f[I]KEY_HANDLE\f[]:
++.RS 2
++.PP
++Handle of key that will used in the validation.
++.RE
++.IP \[bu] 2
++\f[B]\-c\f[], \f[B]\[en]key\-context\f[]=\f[I]KEY_CONTEXT_FILE\f[]:
++.RS 2
++.PP
++Filename of the key context used for the operation.
++.RE
++.IP \[bu] 2
++\f[B]\-g\f[], \f[B]\[en]halg\f[]=\f[I]HASH_ALGORITHM\f[]:
++.RS 2
++.PP
++The hash algorithm used to digest the message.
++Algorithms should follow the \[lq]formatting standards, see
++section\[rq]Algorithm Specifiers\[lq]. Also, see section\[rq]Supported
++Hash Algorithms" for a list of supported hash algorithms.
++.RE
++.IP \[bu] 2
++\f[B]\-m\f[], \f[B]\[en]msg\f[]=\f[I]MSG_FILE\f[]:
++.RS 2
++.PP
++The message file, containing the content to be digested.
++.RE
++.IP \[bu] 2
++\f[B]\-D\f[], \f[B]\[en]digest\f[]=\f[I]DIGEST_FILE\f[]:
++.RS 2
++.PP
++The input hash file, containing the hash of the message.
++If this option is selected, then the message (\f[B]\-m\f[]) and
++algorithm (\f[B]\-g\f[]) options do not need to be specified.
++.RE
++.IP \[bu] 2
++\f[B]\-s\f[], \f[B]\[en]sig\f[]=\f[I]SIG_FILE\f[]:
++.RS 2
++.PP
++The input signature file of the signature to be validated.
++.RE
++.IP \[bu] 2
++\f[B]\-r\f[], \f[B]\[en]raw\f[]:
++.RS 2
++.PP
++Set the input signature file to raw type.
++The default is TPMT_SIGNATURE.
++.RE
++.IP \[bu] 2
++\f[B]\-t\f[], \f[B]\[en]ticket\f[]=\f[I]TICKET_FILE\f[]:
++.RS 2
++.PP
++The ticket file to record the validation structure.
++.RE
++.IP \[bu] 2
++\f[B]\-S\f[],
++\f[B]\[en]input\-session\-handle\f[]=\f[I]SESSION_HANDLE\f[]:
++.RS 2
++.PP
++Optional Input session handle from a policy session for authorization.
++.RE
++.SH COMMON OPTIONS
++.PP
++This collection of options are common to many programs and provide
++information that many users may expect.
++.IP \[bu] 2
++\f[B]\-h\f[], \f[B]\[en]help\f[]: Display the tools manpage.
++This requires the manpages to be installed or on \f[I]MANPATH\f[], See
++man(1) for more details.
++.IP \[bu] 2
++\f[B]\-v\f[], \f[B]\[en]version\f[]: Display version information for
++this tool, supported tctis and exit.
++.IP \[bu] 2
++\f[B]\-V\f[], \f[B]\[en]verbose\f[]: Increase the information that the
++tool prints to the console during its execution.
++When using this option the file and line number are printed.
++.IP \[bu] 2
++\f[B]\-Q\f[], \f[B]\[en]quiet\f[]: Silence normal tool output to stdout.
++.IP \[bu] 2
++\f[B]\-Z\f[], \f[B]\[en]enable\-errata\f[]: Enable the application of
++errata fixups.
++Useful if an errata fixup needs to be applied to commands sent to the
++TPM.
++# TCTI ENVIRONMENT
++.PP
++This collection of environment variables that may be used to configure
++the various TCTI modules available.
++.PP
++The values passed through these variables can be overridden on a
++per\-command basis using the available command line options, see the
++\f[I]TCTI_OPTIONS\f[] section.
++.PP
++The variables respected depend on how the software was configured.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_TCTI_NAME\f[]: Select the TCTI used for communication
++with the next component down the TSS stack.
++In most configurations this will be the TPM but it could be a simulator
++or proxy.
++The current known TCTIs are:
++.RS 2
++.IP \[bu] 2
++tabrmd \- The new resource manager, called
++tabrmd (https://github.com/01org/tpm2-abrmd).
++.IP \[bu] 2
++socket \- Typically used with the old resource manager, or talking
++directly to a simulator.
++.IP \[bu] 2
++device \- Used when talking directly to a TPM device file.
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_DEVICE_FILE\f[]: When using the device TCTI, specify the
++TPM device file.
++The default is \[lq]/dev/tpm0\[rq].
++.RS 2
++.PP
++Note: Using the tpm directly requires the users to ensure that
++concurrent access does not occur and that they manage the tpm resources.
++These tasks are usually managed by a resource manager.
++Linux 4.12 and greater supports an in kernel resource manager at
++\[lq]/dev/tpmrm\f[B]\f[]\[rq], typically \[lq]/dev/tpmrm0\[rq].
++.RE
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_ADDRESS\f[]: When using the socket TCTI, specify
++the domain name or IP address used.
++The default is 127.0.0.1.
++.IP \[bu] 2
++\f[I]TPM2TOOLS_SOCKET_PORT\f[]: When using the socket TCTI, specify the
++port number used.
++The default is 2321.
++.SH TCTI OPTIONS
++.PP
++This collection of options are used to configure the varous TCTI modules
++available.
++They override any environment variables.
++.IP \[bu] 2
++\f[B]\-T\f[],
++\f[B]\[en]tcti\f[]=\f[I]TCTI_NAME\f[]\f[B][\f[]:\f[I]TCTI_OPTIONS\f[]\f[B]]\f[]:
++Select the TCTI used for communication with the next component down the
++TSS stack.
++In most configurations this will be the resource manager:
++tabrmd (https://github.com/01org/tpm2-abrmd) Optionally, tcti specific
++options can appended to \f[I]TCTI_NAME\f[] by appending a \f[B]:\f[] to
++\f[I]TCTI_NAME\f[].
++.RS 2
++.IP \[bu] 2
++For the device TCTI, the TPM device file for use by the device TCTI can
++be specified.
++The default is /dev/tpm0.
++Example: \f[B]\-T device:/dev/tpm0\f[]
++.IP \[bu] 2
++For the socket TCTI, the domain name or IP address and port number used
++by the socket can be specified.
++The default are 127.0.0.1 and 2321.
++Example: \f[B]\-T socket:127.0.0.1:2321\f[]
++.IP \[bu] 2
++For the abrmd TCTI, it takes no options.
++Example: \f[B]\-T abrmd\f[]
++.RE
++.SH Password Formatting
++.PP
++Passwords are interpreted in two forms, string and hex\-string.
++A string password is not interpreted, and is directly used for
++authorization.
++A hex\-string, is converted from a hexidecimal form into a byte array
++form, thus allowing passwords with non\-printable and/or terminal
++un\-friendly characters.
++.PP
++By default passwords are assumed to be in the string form.
++Password form is specified with special prefix values, they are:
++.IP \[bu] 2
++str: \- Used to indicate it is a raw string.
++Useful for escaping a password that starts with the \[lq]hex:\[rq]
++prefix.
++.IP \[bu] 2
++hex: \- Used when specifying a password in hex string format.
++.SH Supported Hash Algorithms
++.PP
++Supported hash algorithms are:
++.IP \[bu] 2
++\f[B]0x4\f[] or \f[B]sha1\f[] for \f[B]TPM_ALG_SHA1\f[]
++\f[B](default)\f[]
++.IP \[bu] 2
++\f[B]0xB\f[] or \f[B]sha256\f[] for \f[B]TPM_ALG_SHA256\f[]
++.IP \[bu] 2
++\f[B]0xC\f[] or \f[B]sha384\f[] for \f[B]TPM_ALG_SHA384\f[]
++.IP \[bu] 2
++\f[B]0xD\f[] or \f[B]sha512\f[] for \f[B]TPM_ALG_SHA512\f[]
++.IP \[bu] 2
++\f[B]0x12\f[] or \f[B]sm3_256\f[] for \f[B]TPM_ALG_SM3_256\f[]
++.PP
++\f[B]NOTE\f[]: Your TPM may not support all algorithms.
++.SH Algorithm Specfiers
++.PP
++Options that take algorithms support \[lq]nice\-names\[rq].
++Nice names, like sha1 can be used in place of the raw hex for sha1: 0x4.
++The nice names are converted by stripping the leading \f[B]TPM_ALG_\f[]
++from the Algorithm Name field and converting it to lower case.
++For instance \f[B]TPM_ALG_SHA3_256\f[] becomes \f[B]sha3_256\f[].
++.PP
++The algorithms can be found at:
++<https://trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.24.pdf>
++.SH EXAMPLES
++.IP
++.nf
++\f[C]
++tpm2_verifysignature\ \-k\ 0x81010001\ \-g\ sha256\ \-m\ <filePath>\ \-s\ <filePath>\ \-t\ <filePath>
++tpm2_verifysignature\ \-k\ 0x81010001\ \-D\ <filePath>\ \-s\ <filePath>\ \-t\ <filePath>
++tpm2_verifysignature\ \-c\ key.context\ \-g\ sha256\ \-m\ <filePath>\ \-s\ <filePath>\ \-t\ <filePath>
++\f[]
++.fi
++.PP
++RETURNS
++.PP
++0 on success or 1 on failure.
++.PP
++BUGS
++.PP
++Github Issues (https://github.com/01org/tpm2-tools/issues)
++.PP
++HELP
++.PP
++See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
diff --git a/SOURCES/autoconf-fixup.patch b/SOURCES/autoconf-fixup.patch
new file mode 100644
index 0000000..b248354
--- /dev/null
+++ b/SOURCES/autoconf-fixup.patch
@@ -0,0 +1,10 @@
+diff -urN tpm2-tools-3.0.1/configure.ac tpm2-tools-3.0.1-new/configure.ac
+--- tpm2-tools-3.0.1/configure.ac	2017-12-08 11:19:47.000000000 -0700
++++ tpm2-tools-3.0.1-new/configure.ac	2017-12-15 10:01:43.128340107 -0700
+@@ -1,5 +1,4 @@
+-AC_INIT([tpm2-tools],
+-    [m4_esyscmd_s([git describe --tags --always --dirty])])
++AC_INIT([tpm2-tools],[3.0.4])
+ AC_CONFIG_MACRO_DIR([m4])
+ AC_PROG_CC
+ LT_INIT
diff --git a/SPECS/tpm2-tools.spec b/SPECS/tpm2-tools.spec
new file mode 100644
index 0000000..49e553b
--- /dev/null
+++ b/SPECS/tpm2-tools.spec
@@ -0,0 +1,122 @@
+Name: tpm2-tools
+Version: 3.0.4
+Release: 3%{?dist}
+Summary: A TPM2.0 testing tool build upon TPM2.0-TSS
+
+License: BSD
+URL:     https://github.com/tpm2-software/tpm2-tools
+Source0: https://github.com/tpm2-software/tpm2-tools/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+
+# work around lack of pandoc in RHEL7
+Patch0: add-man-pages.patch
+# Deal with RHEL rpmbuilds not being from git
+Patch1: autoconf-fixup.patch
+Patch2: 0001-tpm2_create-Use-better-object-attributes-defaults-fo.patch
+
+BuildRequires: gcc-c++
+BuildRequires: libtool
+BuildRequires: autoconf-archive
+BuildRequires: pkgconfig(cmocka)
+BuildRequires: pkgconfig(libcurl)
+BuildRequires: pkgconfig(openssl)
+# tpm2-tss-devel provides sapi/tcti-device/tcti-socket
+BuildRequires: pkgconfig(sapi)
+BuildRequires: pkgconfig(tcti-device)
+BuildRequires: pkgconfig(tcti-socket)
+BuildRequires: pkgconfig(tcti-tabrmd)
+
+# this package does not support big endian arch so far,
+# and has been verified only on Intel platforms.
+ExclusiveArch: %{ix86} x86_64
+
+# tpm2-tools is heavily depending on TPM2.0-TSS project, matched tss is required
+Requires: tpm2-tss%{?_isa} >= 1.3.0-1%{?dist}
+
+# tpm2-tools project changed the install path for binaries and man page section
+Obsoletes: tpm2-tools <= 2.1.0-2
+
+%description
+tpm2-tools is a batch of testing tools for tpm2.0. It is based on tpm2-tss.
+
+%prep
+%autosetup -p1 -n %{name}-%{version}
+./bootstrap
+
+%build
+%configure --prefix=/usr --disable-static --disable-silent-rules
+%make_build
+
+%install
+%make_install
+
+%files
+%doc README.md CHANGELOG.md
+%license LICENSE
+%{_bindir}/tpm2_*
+%{_mandir}/man1/tpm2_*.1.gz
+
+%changelog
+* Thu Feb 21 2019 Jerry Snitselaar  <jsnitsel@redhat.com> - 3.0.4-3
+- Remove obsolete flag from tpm2_create examples
+resolves: rhbz#1570870
+
+* Thu Sep 06 2018 Jerry Snitselaar <jsnitsel@redhat.com> - 3.0.4-2
+- tpm2_create: Use better object attributes defaults for authentication
+resolves: rhbz#1627282
+
+* Fri Jun 15 2018 Jerry Snitselaar <jsnitsel@redhat.com> - 3.0.4-1
+- Rebase to 3.0.4 release
+resolves: rhbz#1515108
+
+* Wed Dec 13 2017 Jerry Snitselaar <jsnitsel@redhat.com> - 3.0.1-1
+- Rebase to 3.0.1 release
+resolves: rhbz#1463100
+
+* Wed Oct 18 2017 Jerry Snitselaar <jsnitsel@redhat.com> - 2.1.0-2
+- Fix potential memory leak
+resolves: rhbz#1463100
+
+* Wed Aug 30 2017 Jerry Snitselaar <jsnitsel@redhat.com> - 2.1.0-1
+- Rebase to 2.1.0 release
+resolves: rhbz#1463100
+
+* Mon May 15 2017 Jerry Snitselaar <jsnitsel@redhat.com> - 1.1.0-7
+- decide pcrs to read based off data returned from TPM2_GetCapability
+resolves: rhbz#1449276
+
+* Wed Apr 19 2017 Jerry Snitselaar <jsnitsel@redhat.com> - 1.1.0-6
+- check for null ptrs in RetrieveEndorsementCredentials
+
+* Tue Apr 04 2017 Jerry Snitselaar <jsnitsel@redhat.com> - 1.1.0-5
+- Remove epel dependencies
+- Change tpm2-tss dependency to not be tied to 1 version
+- Fix resource leak in InitSysContext
+- Clean up HashEKPublicKey
+- Add needed null checks to tpm2_getmanufec
+- clean up resource leak in tpm2_getmanufec
+- use strdup to get server address in tpm2_getmanufec
+- change preparePcrSelections_g to void
+- return on success in print_rc_tpm_error_code
+- Update release version
+resolves: rhbz#1275029 - Add tpm2.0-tools package
+
+* Fri Jan 20 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-4
+- Dependency check failed for Requires again, here to fix this
+- Update release version and changelog
+
+* Thu Jan 19 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-3
+- Change spec file permission to 644 to avoid rpmlint complain
+- Update Requires to fix dependency check error reported in Bodhi
+- Remove tpm2-tss-devel version in BuildRequires comment
+- Update release version and changelog
+
+* Wed Dec 21 2016 Sun Yunying <yunying.sun@intel.com> - 1.1.0-2
+- Remove pkg_version to avoid dupliate use of version
+- Remove redundant BuildRequires for autoconf/automake/pkgconfig
+- Add comments for BuildRequires of sapi/tcti-device/tcti-socket
+- Use ExclusiveArch instead of ExcludeArch
+- Requires tpm2-tss version updated to 1.0-2
+- Updated release version and changelog
+
+* Fri Dec 2 2016 Sun Yunying <yunying.sun@intel.com> - 1.1.0-1
+- Initial version of the package