TCTI-CMD(7) TPM2 Software Stack TCTI-CMD(7)

tcti-cmd - TPM2 Sub-process Command TCTI library

A TPM Command Transmission Interface (TCTI) module for interaction with a sub-process.

tcti-cmd is a library that abstracts the details of direct communication with the interface and protocol exposed by a sub-process that can receive and transmit raw TPM2 command and response buffers. The interface exposed by this library is defined in the “TSS System Level API and TPM Command Transmission Interface Specification” specification.

For example, if you wanted to use the tpm2_send(1) command as the sub-process to send data to and from the TPM, one could do so like this:

tpm2_getrandom -T "cmd:tpm2_send -s" --hex 4

A more useful example would be connecting to a remote machine using ssh and interacting with the remote machine's TPM as if it were local. This uses tpm2_send(1) on a remote machine and uses ssh as the sub-process to create the tunnel to the remote machine. If encrypted sessions are used, the remote machine is blinded to the TPM data and cannot interpose on that traffic.

tpm2_getrandom -T "cmd:ssh remotehost tpm2_send" -s --hex 4

TPM2 Software Project

Tss2_Tcti_Device_Init(3), Tss2_Tcti_Socket_Init(3), Tss2_TctiLdr_Initialize(3), Tss2_TctiLdr_Finalize(3), tcti-device(7), tcti-socket(7), tcti-tabrmd(7), tpm2-abrmd(8)

This page is part of release 4.0.1 of Open Source implementation of the TCG TPM2 Software Stack (TSS2). A description of the project, information about reporting bugs, and the latest version of this page can be found at

MAY 2020 Intel