% tpm2_evictcontrol(1) tpm2-tools | General Commands Manual
tpm2_evictcontrol(1) - Make a transient object persistent or evict a persistent object.
tpm2_evictcontrol [OPTIONS] [ARGUMENT]
tpm2_evictcontrol(1) - Allows a transient object to be made persistent or a persistent object to be evicted. The HANDLE argument controls the index the handle will be assigned to. If the object specified via -c is transient, and a permanent HANDLE is specified, the object will be persisted at HANDLE. If HANDLE is a -, then the object will be persisted at the first available permanent handle location. If the object specified via -c is a permanent handle, then the object will be evicted from it's permenent handle location.
-
-C, --hierarchy=OBJECT:
The authorization hierarchy used to authorize the commands. Defaults to the "owner" hierarchy. Supported options are:
- o for TPM_RH_OWNER
- p for TPM_RH_PLATFORM
<num>where a raw number can be used.
-
-c, --object-context=OBJECT:
A context object specifier of a transient or persistent object. If OBJECT is a transient object it will be persisted, either to the handle specified by the argument or to first available vacant persistent handle. If the OBJECT is for a persistent object, then the object will be evicted from non-volatile memory.
-
-P, --auth=AUTH:
The authorization value for the hierarchy specified with -C.
-
-o, --output=FILE:
Optionally output a serialized object representing the persistent handle. If untampered, these files are safer to use then raw persistent handles. A raw persistent handle should be verified that the object it points to is as expected.
-
--cphash=FILE
File path to record the hash of the command parameters. This is commonly termed as cpHash. NOTE: When this option is selected, The tool will not actually execute the command, it simply returns a cpHash.
-
ARGUMENT the command line argument specifies the persistent handle to save the transient object to.
The tool outputs a YAML compliant dictionary with the fields: persistent-handle: action: evicted|persisted
Where persistent-handle is the handle the action occurred to. Where action can either be one of evicted or persisted. If an object is evicted then the object is no longer resident at the persistent-handle address within the TPM. If an object is persisted then the object is resident at the persistent-handle address within the TPM.
context object format details the methods for specifying OBJECT.
authorization formatting details the methods for specifying AUTH.
common options collection of common options that provide information many users may expect.
common tcti options collection of options used to configure the various known TCTI modules.
tpm2_changeauth -c o ownerauth
tpm2_createprimary -c primary.ctx -P ownerauth
tpm2_evictcontrol -C o -c primary.ctx 0x81010002 -P ownerauthtpm2_evictcontrol -C o -c 0x81010002 -P ownerauthtpm2_evictcontrol -C o -c primary.ctx -o primary.handle -P ownerauth