tpm_activate Command

Purpose

Changes the Trusted Platform Module (TPM) active states.

Syntax

tpm_activate [ -a ] [ -h ] [ -i ] [ -l [ none | error | info | debug ] ] [ -s ] [ -t ] [ -v ]

Description

The tpm_activate command reports the status of the TPM flags regarding the active state of the TPM. This is the default behavior, and it is also accessible through the -s (or --status) option. It prompts for the owner password when it reports the TPM status.

The -a (or --active) option changes the TPM to the active state (through the TPM_PhysicalSetDeactivated API). This operation is persistent. It requires physical presence for authorization, and a system reboot operation to take effect.

The -i (or --inactive) option (through the TPM_PhysicalSetDeactivated API) changes the TPM to the inactive state. This operation is persistent. It requires physical presence for authorization, and a system reboot operation to take effect. Although an inactive TPM can be considered to be off, it still allows the tpm_takeownership command to run.

The -t (or --temp) option causes immediate TPM deactivation (through the TPM_SetTempDeactivated API) to occur but persists only for the current boot cycle.

The -s (or --status), -a (or --active), -i (or --inactive), and -t (or --temp) options are mutually exclusive and the last option on the command line is carried out.

Flags