Project

General

Profile

ipsec attest

Synopsis

ipsec attest --files|--products|--keys|--hashes [options]

ipsec attest --components|--measurements|--add|--del [options]

Description

The ipsec attest utility manages measurement reference values used for TPM-based remote attestation (e.g. of Linux IMA).
See PTS-IMV for examples.

It is available since 4.6.2.

Options

--files [--product <name>|--pid <id>]

Show a list of files with a software product name or its primary key as an optional selector.

--products [--file <path>|--fid <id>]

Show a list of supported software products with a file path or its primary key as an optional selector.

--keys [--components <cfn>|--cid <id>]

Show a list of AIK key digests with a component or its primary key as an optional selector.

--hashes [--sha1|--sha256|--sha384] [--product <name>|--pid <id>]

Show a list of measurement hashes for a given software product or its primary key as an optional selector.

--hashes [--sha1|--sha256|--sha384] [--file <path>|--fid <id>]

Show a list of measurement hashes for a given file or its primary key as an optional selector.

--components [--key <digest>|--kid <id>]

Show a list of components with an AIK digest or its primary key as an optional selector.

--measurements [--sha1|--sha256|--sha384] [--component <cfn>|--cid <id>]

Show a list of component measurements for a given component or its primary key as an optional selector.

--measurements [--sha1|--sha256|--sha384] [--key <digest>|--kid <id>|--aik <path>]

Show a list of component measurements for a given AIK or its primary key as an optional selector.

--add --file <path>|--dir <path>|--product <name>|--component <cfn>

Add a file, directory, product or component entry Component <cfn> entries must be of the form <vendor_id>/<name>-<qualifier>

--add [--owner <name>] --key <digest>|--aik <path>

Add an AIK public key digest entry preceded by an optional owner name.

--del --file <path>|--fid <id>|--dir <path>|--did <id>

Delete a file or directory entry referenced either by value or primary key.

--del --product <name>|--pid <id>|--component <cfn>|--cid <id>

Delete a product or component entry referenced either by value or primary key.

--del --key <digest>|--kid <id>|--aik <path>

Delete an AIK entry referenced either by value or primary key.