.\" Automatically generated by Pandoc 2.9.2.1
.\"
.TH "tss2_verifyquote" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual"
.hy
.SH NAME
.PP
\f[B]tss2_verifyquote\f[R](1) -
.SH SYNOPSIS
.PP
\f[B]tss2_verifyquote\f[R] [\f[I]OPTIONS\f[R]]
.SH SEE ALSO
.PP
\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used
cryptographic profile and TCTI or directories for the Fapi metadata
storages.
.PP
\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and
parameters for all keys and operations of a specific TPM interaction
like the name hash algorithm, the asymmetric signature algorithm, scheme
and parameters and PCR bank selection.
.SH DESCRIPTION
.PP
\f[B]tss2_verifyquote\f[R](1) - This command verifies that the data
returned by a quote is valid.
This includes
.IP \[bu] 2
Reconstructing the quoteInfo\[cq]s PCR values from the eventLog (if an
eventLog was provided)
.IP \[bu] 2
Verifying the quoteInfo using the signature and the publicKeyPath
.PP
The used signature verification scheme is specified in the cryptographic
profile (cf., \f[B]fapi-profile(5)\f[R]).
.PP
An application using tss2_verifyquote() will further have to
.IP \[bu] 2
Assess the publicKey\[cq]s trustworthiness
.IP \[bu] 2
Assess the eventLog entries\[cq] trustworthiness
.SH OPTIONS
.PP
These are the available options:
.IP \[bu] 2
\f[B]-Q\f[R], \f[B]--qualifyingData\f[R]=\f[I]FILENAME\f[R] or
\f[I]-\f[R] (for stdin):
.RS 2
.PP
A nonce provided by the caller to ensure freshness of the signature.
Optional parameter.
.RE
.IP \[bu] 2
\f[B]-l\f[R], \f[B]--pcrLog\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for
stdin):
.RS 2
.PP
Returns the PCR event log for the chosen PCR.
Optional parameter.
.PP
PCR event logs are a list (arbitrary length JSON array) of log entries
with the following content.
.IP
.nf
\f[C]
- recnum: Unique record number
- pcr: PCR index
- digest: The digests
- type: The type of event. At the moment the only possible value is: \[dq]LINUX_IMA\[dq] (legacy IMA)
- eventDigest: Digest of the event; e.g. the digest of the measured file
- eventName: Name of the event; e.g. the name of the measured file.
\f[R]
.fi
.RE
.IP \[bu] 2
\f[B]-q\f[R], \f[B]--quoteInfo\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R]
(for stdin):
.RS 2
.PP
The JSON-encoded structure holding the inputs to the quote operation.
This includes the digest value and PCR values.
.RE
.IP \[bu] 2
\f[B]-k\f[R], \f[B]--publicKeyPath\f[R]=\f[I]STRING\f[R]:
.RS 2
.PP
Identifies the signing key.
MAY be a path to the public key hierarchy /ext.
.RE
.IP \[bu] 2
\f[B]-i\f[R], \f[B]--signature\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R]
(for stdin):
.RS 2
.PP
The signature over the quoted material.
.RE
.SH COMMON OPTIONS
.PP
This collection of options are common to all tss2 programs and provide
information that many users may expect.
.IP \[bu] 2
\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage.
By default, it attempts to invoke the manpager for the tool, however, on
failure will output a short tool summary.
This is the same behavior if the \[lq]man\[rq] option argument is
specified, however if explicit \[lq]man\[rq] is requested, the tool will
provide errors from man on stderr.
If the \[lq]no-man\[rq] option if specified, or the manpager fails, the
short options will be output to stdout.
.RS 2
.PP
To successfully use the manpages feature requires the manpages to be
installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more
details.
.RE
.IP \[bu] 2
\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this
tool, supported tctis and exit.
.SH EXAMPLE
.IP
.nf
\f[C]
    tss2_verifyquote --publicKeyPath=\[dq]ext/myNewParent\[dq] --qualifyingData=qualifyingData.file --quoteInfo=quoteInfo.file --signature=signature.file --pcrLog=pcrLog.file
\f[R]
.fi
.SH RETURNS
.PP
0 on success or 1 on failure.
.SH BUGS
.PP
Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
.SH HELP
.PP
See the Mailing
List (https://lists.linuxfoundation.org/mailman/listinfo/tpm2)