% tpm2_policyduplicationselect(1) tpm2-tools | General Commands Manual
tpm2_policyduplicationselect(1) - Restricts duplication to a specific new parent.
tpm2_policyduplicationselect [OPTIONS]
tpm2_policyduplicationselect(1) - Restricts duplication to a specific new parent.
-
-S, --session=FILE:
The policy session file generated via the -S option to tpm2_startauthsession(1).
-
-n, --object-name=FILE:
Input name file of the object to be duplicated.
-
-N, --parent-name=FILE:
Input name file of the new parent.
-
-L, --policy=FILE:
File to save the policy digest.
-
--include-object:
If exists, the object name will be included in the value in policy digest.
common options collection of common options that provide information many users may expect.
common tcti options collection of options used to configure the various known TCTI modules.
tpm2_createprimary -C n -g sha256 -G rsa -c dst_n.ctx -Q
tpm2_createprimary -C o -g sha256 -G rsa -c src_o.ctx -Qtpm2_readpublic -c dst_n.ctx -n dst_n.name -Q
tpm2_startauthsession -S session.ctx
tpm2_policyduplicationselect -S session.ctx -N dst_n.name \
-L policydupselect.dat -Q
tpm2_flushcontext session.ctx
rm session.ctxtpm2_create -C src_o.ctx -g sha256 -G rsa -r dupkey.priv -u dupkey.pub \
-L policydupselect.dat -a "sensitivedataorigin|sign|decrypt" -c dupkey.ctx -Q
tpm2_readpublic -c dupkey.ctx -n dupkey.name -Qtpm2_startauthsession -S session.ctx --policy-session
tpm2_policyduplicationselect -S session.ctx -N dst_n.name -n dupkey.name -Q
tpm2_duplicate -C dst_n.ctx -c dupkey.ctx -G null -p session:session.ctx \
-r new_dupkey.priv -s dupseed.dat
tpm2_flushcontext session.ctx
rm session.ctx-
This command usually cooperates with tpm2_duplicate(1), so referring to the man page of tpm2_duplicate(1) is recommended.
-
This command will set the policy session's command code to TPM_CC_Duplicate which enables duplication role of the policy.