tpm_enable Command
Purpose
Changes the Trusted Platform Module (TPM) enabled states.
Syntax
tpm_enable [ -e ] [ -d ] [ -h ] [ -l [ none | error | info | debug ] ] [ -o ] [ -s ] [ -u ] [ -v ] [ -z ]
Description
The tpm_enable command reports the status of the TPM flags regarding the enabled state of the TPM. This is the default behavior, and it is also accessible through the -s (or --status) option. For requesting the TPM status report, it prompts for the owner password.
The -e (or --enable) option changes the system TPM to the enabled state (through the TPM_OwnerSetDisable API). This operation is persistent, and it prompts for the owner password.
The -d (or --disable) option (through the TPM_OwnerSetDisable API) changes the system TPM to the disabled state. This operation is persistent, and it prompts for the owner password. A disabled TPM can be considered to be off, and it does not allow the tpm_takeownership command to run.
The -f (or --force) option overrides the owner password prompt, and it relies on physical presence for the operation authorization (through the TPM_PhysicalEnable and TPM_PhysicalDisable APIs).
The --enable, --disable, and --status options are mutually exclusive, and the last option on the command line is carried out.
Flags
| Item | Description |
|---|---|
| -e (or --enable) | Enables the TPM. This operation is persistent, and it prompts for owner authorization. |
| -d (or --disable) | Disables the TPM. This operation is persistent, and it prompts for owner authorization. |
| -h (or --help) | Displays the command usage information. |
| -l (or --log) [ none | error | info | debug ] | Sets the logging level to none, error, info, or debug as specified. |
| -o (or --owner) | Overrides the prompt for owner authorization and uses physical presence to authorize the action. |
| -s (or --status) | Reports the status of flags regarding the TPM-enabled states. |
| -u (or --unicode) | Uses the Trusted Computing Group Software Stack (TSS) UNICODE encoding for the passwords to comply with the applications that are using the TSS popup boxes. |
| -v (or --version) | Displays the command version information. |
| -z (or --well-known) | Changes the password to a new one when the current owner password is a secret of all zeros (20 bytes of zeros). It must be specified which password (owner, storage root key, or both) needs to be changed. |