diff --git a/0001-Fix-CVE-2024-29038.patch b/0001-Fix-CVE-2024-29038.patch new file mode 100644 index 0000000000000000000000000000000000000000..d2e3f3f0d5bdc8cadb64d17697e63a0b6257c270 --- /dev/null +++ b/0001-Fix-CVE-2024-29038.patch @@ -0,0 +1,82970 @@ +From 218d816f628ecb329d82aa10ff48dc5f5906020f Mon Sep 17 00:00:00 2001 +From: cuilichen +Date: Wed, 3 Jul 2024 17:30:18 +0800 +Subject: [PATCH] Fix CVE-2024-29038 + +--- + Makefile.am | 19 +- + Makefile.in | 82 +- + VERSION | 2 +- + aclocal.m4 | 368 +- + aminclude_static.am | 6 +- + compile | 6 +- + config.guess | 1500 ++-- + config.sub | 2609 +++--- + configure | 7444 ++++++++++------- + configure.ac | 14 +- + depcomp | 2 +- + docs/CHANGELOG.md | 132 +- + docs/MAINTAINERS.md | 2 +- + docs/RELEASE.md | 13 +- + install-sh | 161 +- + lib/config.h.in | 13 +- + lib/efi_event.h | 1 + + lib/files.c | 35 +- + lib/files.h | 10 +- + lib/object.c | 15 +- + lib/pcr.c | 71 +- + lib/pcr.h | 13 +- + lib/tpm2.c | 34 +- + lib/tpm2.h | 2 +- + lib/tpm2_auth_util.c | 193 +- + lib/tpm2_auth_util.h | 2 +- + lib/tpm2_eventlog.c | 60 +- + lib/tpm2_eventlog.h | 4 +- + lib/tpm2_eventlog_yaml.c | 162 +- + lib/tpm2_header.h | 22 +- + lib/tpm2_kdfa.c | 19 + + lib/tpm2_openssl.c | 1 + + lib/tpm2_options.c | 37 +- + lib/tpm2_options.h | 8 +- + lib/tpm2_policy.c | 171 +- + lib/tpm2_policy.h | 4 +- + lib/tpm2_session.c | 41 +- + lib/tpm2_session.h | 4 +- + lib/tpm2_util.c | 8 + + lib/tpm2_util.h | 2 + + ltmain.sh | 4 +- + m4/ax_add_fortify_source.m4 | 53 +- + m4/ax_check_gnu_make.m4 | 4 +- + m4/ax_code_coverage.m4 | 6 +- + m4/ax_is_release.m4 | 7 +- + m4/libtool.m4 | 4 +- + m4/pkg.m4 | 16 +- + man/common/options.md | 5 + + man/common/pcr.md | 9 + + man/man1/tpm2.1 | 85 +- + man/man1/tpm2_activatecredential.1 | 144 +- + man/man1/tpm2_certify.1 | 192 +- + man/man1/tpm2_certifyX509certutil.1 | 77 +- + man/man1/tpm2_certifycreation.1 | 192 +- + man/man1/tpm2_changeauth.1 | 166 +- + man/man1/tpm2_changeeps.1 | 85 +- + man/man1/tpm2_changepps.1 | 85 +- + man/man1/tpm2_checkquote.1 | 161 +- + man/man1/tpm2_clear.1 | 124 +- + man/man1/tpm2_clearcontrol.1 | 112 +- + man/man1/tpm2_clockrateadjust.1 | 124 +- + man/man1/tpm2_commit.1 | 156 +- + man/man1/tpm2_create.1 | 247 +- + man/man1/tpm2_createak.1 | 201 +- + man/man1/tpm2_createek.1 | 212 +- + man/man1/tpm2_createpolicy.1 | 164 +- + man/man1/tpm2_createprimary.1 | 218 +- + man/man1/tpm2_dictionarylockout.1 | 132 +- + man/man1/tpm2_duplicate.1 | 335 +- + man/man1/tpm2_ecdhkeygen.1 | 141 +- + man/man1/tpm2_ecdhzgen.1 | 157 +- + man/man1/tpm2_ecephemeral.1 | 142 +- + man/man1/tpm2_encodeobject.1 | 126 +- + man/man1/tpm2_encryptdecrypt.1 | 178 +- + man/man1/tpm2_eventlog.1 | 45 +- + man/man1/tpm2_evictcontrol.1 | 141 +- + man/man1/tpm2_flushcontext.1 | 103 +- + man/man1/tpm2_getcap.1 | 117 +- + man/man1/tpm2_getcommandauditdigest.1 | 124 +- + man/man1/tpm2_geteccparameters.1 | 137 +- + man/man1/tpm2_getekcertificate.1 | 120 +- + man/man1/tpm2_getpolicydigest.1 | 90 +- + man/man1/tpm2_getrandom.1 | 93 +- + man/man1/tpm2_getsessionauditdigest.1 | 138 +- + man/man1/tpm2_gettestresult.1 | 75 +- + man/man1/tpm2_gettime.1 | 180 +- + man/man1/tpm2_hash.1 | 115 +- + man/man1/tpm2_hierarchycontrol.1 | 117 +- + man/man1/tpm2_hmac.1 | 147 +- + man/man1/tpm2_import.1 | 223 +- + man/man1/tpm2_incrementalselftest.1 | 133 +- + man/man1/tpm2_load.1 | 128 +- + man/man1/tpm2_loadexternal.1 | 237 +- + man/man1/tpm2_makecredential.1 | 149 +- + man/man1/tpm2_nvcertify.1 | 206 +- + man/man1/tpm2_nvdefine.1 | 135 +- + man/man1/tpm2_nvextend.1 | 127 +- + man/man1/tpm2_nvincrement.1 | 127 +- + man/man1/tpm2_nvread.1 | 137 +- + man/man1/tpm2_nvreadlock.1 | 129 +- + man/man1/tpm2_nvreadpublic.1 | 103 +- + man/man1/tpm2_nvsetbits.1 | 129 +- + man/man1/tpm2_nvundefine.1 | 148 +- + man/man1/tpm2_nvwrite.1 | 131 +- + man/man1/tpm2_nvwritelock.1 | 139 +- + man/man1/tpm2_pcrallocate.1 | 177 +- + man/man1/tpm2_pcrevent.1 | 103 +- + man/man1/tpm2_pcrextend.1 | 77 +- + man/man1/tpm2_pcrread.1 | 137 +- + man/man1/tpm2_pcrreset.1 | 81 +- + man/man1/tpm2_policyauthorize.1 | 127 +- + man/man1/tpm2_policyauthorizenv.1 | 128 +- + man/man1/tpm2_policyauthvalue.1 | 105 +- + man/man1/tpm2_policycommandcode.1 | 229 +- + man/man1/tpm2_policycountertimer.1 | 111 +- + man/man1/tpm2_policycphash.1 | 127 +- + man/man1/tpm2_policyduplicationselect.1 | 115 +- + man/man1/tpm2_policylocality.1 | 116 +- + man/man1/tpm2_policynamehash.1 | 157 +- + man/man1/tpm2_policynv.1 | 123 +- + man/man1/tpm2_policynvwritten.1 | 103 +- + man/man1/tpm2_policyor.1 | 123 +- + man/man1/tpm2_policypassword.1 | 107 +- + man/man1/tpm2_policypcr.1 | 153 +- + man/man1/tpm2_policyrestart.1 | 103 +- + man/man1/tpm2_policysecret.1 | 148 +- + man/man1/tpm2_policysigned.1 | 133 +- + man/man1/tpm2_policytemplate.1 | 107 +- + man/man1/tpm2_policyticket.1 | 137 +- + man/man1/tpm2_print.1 | 196 +- + man/man1/tpm2_quote.1 | 151 +- + man/man1/tpm2_rc_decode.1 | 45 +- + man/man1/tpm2_readclock.1 | 75 +- + man/man1/tpm2_readpublic.1 | 110 +- + man/man1/tpm2_rsadecrypt.1 | 132 +- + man/man1/tpm2_rsaencrypt.1 | 126 +- + man/man1/tpm2_selftest.1 | 89 +- + man/man1/tpm2_send.1 | 85 +- + man/man1/tpm2_sessionconfig.1 | 134 +- + man/man1/tpm2_setclock.1 | 110 +- + man/man1/tpm2_setcommandauditstatus.1 | 207 +- + man/man1/tpm2_setprimarypolicy.1 | 164 +- + man/man1/tpm2_shutdown.1 | 85 +- + man/man1/tpm2_sign.1 | 206 +- + man/man1/tpm2_startauthsession.1 | 154 +- + man/man1/tpm2_startup.1 | 83 +- + man/man1/tpm2_stirrandom.1 | 81 +- + man/man1/tpm2_testparms.1 | 129 +- + man/man1/tpm2_tr_encode.1 | 260 + + man/man1/tpm2_unseal.1 | 126 +- + man/man1/tpm2_verifysignature.1 | 182 +- + man/man1/tpm2_zgen2phase.1 | 163 +- + man/man1/tss2_authorizepolicy.1 | 37 +- + man/man1/tss2_changeauth.1 | 33 +- + man/man1/tss2_createkey.1 | 67 +- + man/man1/tss2_createnv.1 | 55 +- + man/man1/tss2_createseal.1 | 61 +- + man/man1/tss2_decrypt.1 | 40 +- + man/man1/tss2_delete.1 | 41 +- + man/man1/tss2_encrypt.1 | 39 +- + man/man1/tss2_exportkey.1 | 37 +- + man/man1/tss2_exportpolicy.1 | 33 +- + man/man1/tss2_getappdata.1 | 29 +- + man/man1/tss2_getcertificate.1 | 31 +- + man/man1/tss2_getdescription.1 | 29 +- + man/man1/tss2_getinfo.1 | 29 +- + man/man1/tss2_getplatformcertificates.1 | 33 +- + man/man1/tss2_getrandom.1 | 33 +- + man/man1/tss2_gettpm2object.1 | 35 +- + man/man1/tss2_gettpmblobs.1 | 41 +- + man/man1/tss2_import.1 | 31 +- + man/man1/tss2_list.1 | 35 +- + man/man1/tss2_nvextend.1 | 33 +- + man/man1/tss2_nvincrement.1 | 27 +- + man/man1/tss2_nvread.1 | 37 +- + man/man1/tss2_nvsetbits.1 | 29 +- + man/man1/tss2_nvwrite.1 | 29 +- + man/man1/tss2_pcrextend.1 | 35 +- + man/man1/tss2_pcrread.1 | 47 +- + man/man1/tss2_provision.1 | 31 +- + man/man1/tss2_quote.1 | 67 +- + man/man1/tss2_setappdata.1 | 27 +- + man/man1/tss2_setcertificate.1 | 29 +- + man/man1/tss2_setdescription.1 | 27 +- + man/man1/tss2_sign.1 | 49 +- + man/man1/tss2_unseal.1 | 33 +- + man/man1/tss2_verifyquote.1 | 57 +- + man/man1/tss2_verifysignature.1 | 33 +- + man/man1/tss2_writeauthorizenv.1 | 23 +- + man/tpm2_clear.1.md | 10 +- + man/tpm2_create.1.md | 10 + + man/tpm2_createek.1.md | 17 +- + man/tpm2_duplicate.1.md | 19 +- + man/tpm2_ecdhkeygen.1.md | 2 +- + man/tpm2_ecdhzgen.1.md | 8 +- + man/tpm2_ecephemeral.1.md | 2 +- + man/tpm2_encodeobject.1.md | 2 +- + man/tpm2_geteccparameters.1.md | 2 +- + man/tpm2_getekcertificate.1.md | 8 +- + man/tpm2_import.1.md | 2 +- + man/tpm2_pcrallocate.1.md | 4 +- + man/tpm2_pcrevent.1.md | 2 +- + man/tpm2_pcrread.1.md | 2 +- + man/tpm2_policypcr.1.md | 3 +- + man/tpm2_policyrestart.1.md | 2 +- + man/tpm2_tr_encode.1.md | 58 + + man/tpm2_verifysignature.1.md | 2 +- + missing | 2 +- + src_vars.mk | 2 +- + test-driver | 19 +- + .../fixtures/event-moklisttrusted-hex.yaml | 874 ++ + .../event-pretty/event-arch-linux.bin.yaml | 686 ++ + .../event-pretty/event-bootorder.bin.yaml | 1392 +++ + .../event-gce-ubuntu-2104-log.bin.yaml | 1919 +++++ + .../event-moklisttrusted.bin.yaml | 1164 +++ + .../event-pretty/event-postcode.bin.yaml | 868 ++ + .../event-sd-boot-fedora37.bin.yaml | 356 + + .../event-pretty/event-uefi-sha1-log.bin.yaml | 182 + + .../event-pretty/event-uefiaction.bin.yaml | 47 + + .../event-pretty/event-uefiservices.bin.yaml | 45 + + .../event-pretty/event-uefivar.bin.yaml | 51 + + .../event-raw/event-arch-linux.bin.yaml | 686 ++ + .../event-raw/event-bootorder.bin.yaml | 1392 +++ + .../event-gce-ubuntu-2104-log.bin.yaml | 1919 +++++ + .../event-raw/event-moklisttrusted.bin.yaml | 1164 +++ + .../event-raw/event-postcode.bin.yaml | 868 ++ + .../event-raw/event-sd-boot-fedora37.bin.yaml | 356 + + .../event-raw/event-uefi-sha1-log.bin.yaml | 182 + + .../event-raw/event-uefiaction.bin.yaml | 47 + + .../event-raw/event-uefiservices.bin.yaml | 45 + + .../fixtures/event-raw/event-uefivar.bin.yaml | 51 + + test/integration/helpers.sh | 4 +- + .../tests/abrmd_extended-sessions.sh | 8 + + .../tests/abrmd_policycountertimer.sh | 40 +- + test/integration/tests/abrmd_policynv.sh | 77 +- + test/integration/tests/certify.sh | 2 + + test/integration/tests/certifycreation.sh | 2 + + test/integration/tests/checkquote.sh | 12 +- + test/integration/tests/commandaudit.sh | 1 + + test/integration/tests/ecc.sh | 16 + + test/integration/tests/encryptdecrypt.sh | 22 +- + test/integration/tests/eventlog.sh | 65 +- + test/integration/tests/forward-seal.sh | 176 + + test/integration/tests/getekcertificate.sh | 5 +- + test/integration/tests/gettime.sh | 2 + + test/integration/tests/load.sh | 6 +- + test/integration/tests/nvcertify.sh | 2 + + test/integration/tests/rsadecrypt.sh | 23 +- + test/integration/tests/sessionaudit.sh | 2 + + test/integration/tests/sign.sh | 2 +- + test/integration/tests/tr_encode.sh | 22 + + test/integration/tests/unseal.sh | 4 +- + test/unit/test_pcr.c | 96 +- + test/unit/test_tpm2_eventlog.c | 15 +- + test/unit/test_tpm2_header.c | 12 +- + test/unit/test_tpm2_policy.c | 135 +- + test/unit/test_tpm2_session.c | 3 +- + tools/fapi/tss2_gettpm2object.c | 8 +- + tools/misc/tpm2_checkquote.c | 139 +- + tools/misc/tpm2_encodeobject.c | 22 +- + tools/misc/tpm2_print.c | 129 +- + tools/misc/tpm2_tr_encode.c | 207 + + tools/tpm2_certifycreation.c | 2 +- + tools/tpm2_changeauth.c | 26 +- + tools/tpm2_create.c | 29 +- + tools/tpm2_createak.c | 10 +- + tools/tpm2_createek.c | 51 +- + tools/tpm2_createpolicy.c | 4 +- + tools/tpm2_createprimary.c | 13 +- + tools/tpm2_duplicate.c | 12 +- + tools/tpm2_ecdhzgen.c | 39 +- + tools/tpm2_encryptdecrypt.c | 16 +- + tools/tpm2_flushcontext.c | 4 +- + tools/tpm2_geteccparameters.c | 2 +- + tools/tpm2_getekcertificate.c | 445 +- + tools/tpm2_import.c | 24 +- + tools/tpm2_load.c | 29 +- + tools/tpm2_loadexternal.c | 10 +- + tools/tpm2_nvcertify.c | 4 +- + tools/tpm2_nvdefine.c | 4 +- + tools/tpm2_nvextend.c | 2 +- + tools/tpm2_nvincrement.c | 4 +- + tools/tpm2_nvread.c | 13 +- + tools/tpm2_nvreadlock.c | 4 +- + tools/tpm2_nvreadpublic.c | 16 +- + tools/tpm2_nvsetbits.c | 2 +- + tools/tpm2_nvundefine.c | 4 +- + tools/tpm2_nvwrite.c | 4 +- + tools/tpm2_nvwritelock.c | 6 +- + tools/tpm2_pcrallocate.c | 2 +- + tools/tpm2_pcrread.c | 4 +- + tools/tpm2_pcrreset.c | 2 +- + tools/tpm2_policypcr.c | 6 +- + tools/tpm2_policyrestart.c | 2 +- + tools/tpm2_policysecret.c | 6 +- + tools/tpm2_quote.c | 2 +- + tools/tpm2_send.c | 8 +- + tools/tpm2_startauthsession.c | 2 +- + tools/tpm2_tool.c | 4 +- + tools/tpm2_unseal.c | 2 +- + 300 files changed, 32136 insertions(+), 13395 deletions(-) + create mode 100644 man/man1/tpm2_tr_encode.1 + create mode 100644 man/tpm2_tr_encode.1.md + create mode 100644 test/integration/fixtures/event-moklisttrusted-hex.yaml + create mode 100644 test/integration/fixtures/event-pretty/event-arch-linux.bin.yaml + create mode 100644 test/integration/fixtures/event-pretty/event-bootorder.bin.yaml + create mode 100644 test/integration/fixtures/event-pretty/event-gce-ubuntu-2104-log.bin.yaml + create mode 100644 test/integration/fixtures/event-pretty/event-moklisttrusted.bin.yaml + create mode 100644 test/integration/fixtures/event-pretty/event-postcode.bin.yaml + create mode 100644 test/integration/fixtures/event-pretty/event-sd-boot-fedora37.bin.yaml + create mode 100644 test/integration/fixtures/event-pretty/event-uefi-sha1-log.bin.yaml + create mode 100644 test/integration/fixtures/event-pretty/event-uefiaction.bin.yaml + create mode 100644 test/integration/fixtures/event-pretty/event-uefiservices.bin.yaml + create mode 100644 test/integration/fixtures/event-pretty/event-uefivar.bin.yaml + create mode 100644 test/integration/fixtures/event-raw/event-arch-linux.bin.yaml + create mode 100644 test/integration/fixtures/event-raw/event-bootorder.bin.yaml + create mode 100644 test/integration/fixtures/event-raw/event-gce-ubuntu-2104-log.bin.yaml + create mode 100644 test/integration/fixtures/event-raw/event-moklisttrusted.bin.yaml + create mode 100644 test/integration/fixtures/event-raw/event-postcode.bin.yaml + create mode 100644 test/integration/fixtures/event-raw/event-sd-boot-fedora37.bin.yaml + create mode 100644 test/integration/fixtures/event-raw/event-uefi-sha1-log.bin.yaml + create mode 100644 test/integration/fixtures/event-raw/event-uefiaction.bin.yaml + create mode 100644 test/integration/fixtures/event-raw/event-uefiservices.bin.yaml + create mode 100644 test/integration/fixtures/event-raw/event-uefivar.bin.yaml + create mode 100644 test/integration/tests/forward-seal.sh + create mode 100644 test/integration/tests/tr_encode.sh + create mode 100644 tools/misc/tpm2_tr_encode.c + +diff --git a/Makefile.am b/Makefile.am +index 5e53f62..79dfd19 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -19,7 +19,7 @@ LIB_COMMON := lib/libcommon.a + AM_CFLAGS := \ + $(INCLUDE_DIRS) $(EXTRA_CFLAGS) $(TSS2_ESYS_CFLAGS) $(TSS2_MU_CFLAGS) \ + $(CRYPTO_CFLAGS) $(CODE_COVERAGE_CFLAGS) $(TSS2_TCTILDR_CFLAGS) \ +- $(TSS2_RC_CFLAGS) $(TSS2_SYS_CFLAGS) ++ $(TSS2_RC_CFLAGS) $(TSS2_SYS_CFLAGS) $(CURL_CFLAGS) + + AM_LDFLAGS := $(EXTRA_LDFLAGS) $(CODE_COVERAGE_LIBS) + +@@ -31,7 +31,7 @@ AM_DISTCHECK_CONFIGURE_FLAGS = --with-bashcompdir='$$(datarootdir)/bash-completi + + # keep me sorted + bin_PROGRAMS = +-FAPI_CFLAGS = $(EXTRA_CFLAGS) $(TSS2_FAPI_CFLAGS) $(CODE_COVERAGE_CFLAGS) ++FAPI_CFLAGS = $(EXTRA_CFLAGS) $(TSS2_FAPI_CFLAGS) $(CODE_COVERAGE_CFLAGS) $(CRYPTO_CFLAGS) + TESTS = + + if HAVE_FAPI +@@ -108,6 +108,7 @@ tpm2_tools = \ + tools/misc/tpm2_eventlog.c \ + tools/misc/tpm2_print.c \ + tools/misc/tpm2_rc_decode.c \ ++ tools/misc/tpm2_tr_encode.c \ + tools/tpm2_activatecredential.c \ + tools/tpm2_certify.c \ + tools/tpm2_changeauth.c \ +@@ -351,6 +352,7 @@ TEST_EXTENSIONS = .sh + + check-hook: + rm -rf .lock_file ++ rm -f $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml + + EXTRA_DIST_IGNORE = \ + .gitignore \ +@@ -461,6 +463,7 @@ if HAVE_MAN_PAGES + man/man1/tpm2_startup.1 \ + man/man1/tpm2_stirrandom.1 \ + man/man1/tpm2_testparms.1 \ ++ man/man1/tpm2_tr_encode.1 \ + man/man1/tpm2_unseal.1 \ + man/man1/tpm2_verifysignature.1 \ + man/man1/tpm2_setcommandauditstatus.1 \ +@@ -645,6 +648,18 @@ dist-hook: + for f in $(EXTRA_DIST_IGNORE); do \ + rm -rf `find $(distdir) -name $$f`; \ + done; ++ ++prepare-check: ++if HAVE_EFIVAR_H ++ cp $(abs_top_srcdir)/test/integration/fixtures/event-pretty/event-*.yaml \ ++ $(abs_top_srcdir)/test/integration/fixtures/ ++else ++ cp $(abs_top_srcdir)/test/integration/fixtures/event-raw/event-*.yaml \ ++ $(abs_top_srcdir)/test/integration/fixtures/ ++endif ++ ++check: prepare-check ++ + if !HAVE_PANDOC + # If pandoc is not enabled, we want to complain that you need pandoc for make dist, + # so hook the target and complain. +diff --git a/Makefile.in b/Makefile.in +index 1b6e149..cea6bc3 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -1,7 +1,7 @@ +-# Makefile.in generated by automake 1.16.1 from Makefile.am. ++# Makefile.in generated by automake 1.16.5 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994-2018 Free Software Foundation, Inc. ++# Copyright (C) 1994-2021 Free Software Foundation, Inc. + + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -17,7 +17,7 @@ + # SPDX-License-Identifier: BSD-3-Clause + + # aminclude_static.am generated automatically by Autoconf +-# from AX_AM_MACROS_STATIC on Mon Feb 13 09:09:40 CST 2023 ++# from AX_AM_MACROS_STATIC on Fri Apr 26 13:31:43 CEST 2024 + + + +@@ -484,6 +484,7 @@ am__objects_5 = tools/misc/tpm2-tpm2_certifyX509certutil.$(OBJEXT) \ + tools/misc/tpm2-tpm2_eventlog.$(OBJEXT) \ + tools/misc/tpm2-tpm2_print.$(OBJEXT) \ + tools/misc/tpm2-tpm2_rc_decode.$(OBJEXT) \ ++ tools/misc/tpm2-tpm2_tr_encode.$(OBJEXT) \ + tools/tpm2-tpm2_activatecredential.$(OBJEXT) \ + tools/tpm2-tpm2_certify.$(OBJEXT) \ + tools/tpm2-tpm2_changeauth.$(OBJEXT) \ +@@ -783,7 +784,8 @@ am__depfiles_remade = lib/$(DEPDIR)/libcommon_a-files.Po \ + tools/misc/$(DEPDIR)/tpm2-tpm2_encodeobject.Po \ + tools/misc/$(DEPDIR)/tpm2-tpm2_eventlog.Po \ + tools/misc/$(DEPDIR)/tpm2-tpm2_print.Po \ +- tools/misc/$(DEPDIR)/tpm2-tpm2_rc_decode.Po ++ tools/misc/$(DEPDIR)/tpm2-tpm2_rc_decode.Po \ ++ tools/misc/$(DEPDIR)/tpm2-tpm2_tr_encode.Po + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +@@ -918,9 +920,6 @@ am__define_uniq_tagged_files = \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +-ETAGS = etags +-CTAGS = ctags +-CSCOPE = cscope + AM_RECURSIVE_TARGETS = cscope check recheck + am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ +@@ -1077,6 +1076,7 @@ am__set_TESTS_bases = \ + bases='$(TEST_LOGS)'; \ + bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ + bases=`echo $$bases` ++AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' + RECHECK_LOGS = $(TEST_LOGS) + TEST_SUITE_LOG = test-suite.log + LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver +@@ -1098,8 +1098,8 @@ SH_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver + SH_LOG_COMPILE = $(SH_LOG_COMPILER) $(AM_SH_LOG_FLAGS) $(SH_LOG_FLAGS) + am__DIST_COMMON = $(dist_man1_MANS) $(srcdir)/Makefile.in \ + $(srcdir)/src_vars.mk $(top_srcdir)/aminclude_static.am \ +- $(top_srcdir)/lib/config.h.in compile config.guess config.sub \ +- depcomp install-sh ltmain.sh missing test-driver ++ $(top_srcdir)/lib/config.h.in README.md compile config.guess \ ++ config.sub depcomp install-sh ltmain.sh missing test-driver + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + distdir = $(PACKAGE)-$(VERSION) + top_distdir = $(distdir) +@@ -1113,6 +1113,8 @@ am__post_remove_distdir = $(am__remove_distdir) + DIST_ARCHIVES = $(distdir).tar.gz + GZIP_ENV = --best + DIST_TARGETS = dist-gzip ++# Exists only to be overridden by the user if desired. ++AM_DISTCHECK_DVI_TARGET = dvi + distuninstallcheck_listfiles = find . -type f -print + am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ + | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' +@@ -1136,10 +1138,11 @@ CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ + CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ + CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ + CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ +-CPP = @CPP@ + CPPFLAGS = @CPPFLAGS@ + CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ + CRYPTO_LIBS = @CRYPTO_LIBS@ ++CSCOPE = @CSCOPE@ ++CTAGS = @CTAGS@ + CURL_CFLAGS = @CURL_CFLAGS@ + CURL_LIBS = @CURL_LIBS@ + CYGPATH_W = @CYGPATH_W@ +@@ -1154,6 +1157,7 @@ ECHO_T = @ECHO_T@ + EFIVAR_CFLAGS = @EFIVAR_CFLAGS@ + EFIVAR_LIBS = @EFIVAR_LIBS@ + EGREP = @EGREP@ ++ETAGS = @ETAGS@ + EXEEXT = @EXEEXT@ + EXPECT = @EXPECT@ + EXTRA_CFLAGS = @EXTRA_CFLAGS@ +@@ -1305,7 +1309,7 @@ tpm2_abrmd = @tpm2_abrmd@ + tpm_server = @tpm_server@ + tpmsim = @tpmsim@ + with_bashcompdir = @with_bashcompdir@ +-@AUTOCONF_CODE_COVERAGE_2019_01_06_TRUE@@CODE_COVERAGE_ENABLED_TRUE@GITIGNOREFILES = $(GITIGNOREFILES) $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY) ++@AUTOCONF_CODE_COVERAGE_2019_01_06_TRUE@@CODE_COVERAGE_ENABLED_TRUE@GITIGNOREFILES := $(GITIGNOREFILES) $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY) + @AUTOCONF_CODE_COVERAGE_2019_01_06_TRUE@@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_lcov_cap = $(code_coverage_v_lcov_cap_$(V)) + @AUTOCONF_CODE_COVERAGE_2019_01_06_TRUE@@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_lcov_cap_ = $(code_coverage_v_lcov_cap_$(AM_DEFAULT_VERBOSITY)) + @AUTOCONF_CODE_COVERAGE_2019_01_06_TRUE@@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_lcov_cap_0 = @echo " LCOV --capture" $(CODE_COVERAGE_OUTPUT_FILE); +@@ -1321,7 +1325,7 @@ with_bashcompdir = @with_bashcompdir@ + + # sanitizes the test-name: replaces with underscores: dashes and dots + @AUTOCONF_CODE_COVERAGE_2019_01_06_TRUE@@CODE_COVERAGE_ENABLED_TRUE@code_coverage_sanitize = $(subst -,_,$(subst .,_,$(1))) +-@AUTOCONF_CODE_COVERAGE_2019_01_06_TRUE@@CODE_COVERAGE_ENABLED_TRUE@AM_DISTCHECK_CONFIGURE_FLAGS = $(AM_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage ++@AUTOCONF_CODE_COVERAGE_2019_01_06_TRUE@@CODE_COVERAGE_ENABLED_TRUE@AM_DISTCHECK_CONFIGURE_FLAGS := $(AM_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage + AM_DISTCHECK_CONFIGURE_FLAGS = --with-bashcompdir='$$(datarootdir)/bash-completion/completions' + LIB_C = lib/files.c lib/log.c lib/object.c lib/pcr.c lib/tool_rc.c lib/tpm2.c lib/tpm2_alg_util.c lib/tpm2_attr_util.c lib/tpm2_auth_util.c lib/tpm2_capability.c lib/tpm2_cc_util.c lib/tpm2_convert.c lib/tpm2_ctx_mgmt.c lib/tpm2_errata.c lib/tpm2_eventlog.c lib/tpm2_eventlog_yaml.c lib/tpm2_hash.c lib/tpm2_hierarchy.c lib/tpm2_identity_util.c lib/tpm2_kdfa.c lib/tpm2_kdfe.c lib/tpm2_openssl.c lib/tpm2_options.c lib/tpm2_policy.c lib/tpm2_session.c lib/tpm2_tool_output.c lib/tpm2_util.c + LIB_H = lib/efi_event.h lib/files.h lib/log.h lib/object.h lib/pcr.h lib/tool_rc.h lib/tpm2.h lib/tpm2_alg_util.h lib/tpm2_attr_util.h lib/tpm2_auth_util.h lib/tpm2_capability.h lib/tpm2_cc_util.h lib/tpm2_convert.h lib/tpm2_ctx_mgmt.h lib/tpm2_errata.h lib/tpm2_eventlog.h lib/tpm2_eventlog_yaml.h lib/tpm2_hash.h lib/tpm2_header.h lib/tpm2_hierarchy.h lib/tpm2_identity_util.h lib/tpm2_kdfa.h lib/tpm2_kdfe.h lib/tpm2_nv_util.h lib/tpm2_openssl.h lib/tpm2_options.h lib/tpm2_policy.h lib/tpm2_session.h lib/tpm2_systemdeps.h lib/tpm2_tool_output.h lib/tpm2_util.h +@@ -1371,6 +1375,7 @@ SYSTEM_TESTS = test/integration/tests/X509certutil.sh \ + test/integration/tests/eventlog.sh \ + test/integration/tests/evictcontrol.sh \ + test/integration/tests/flushcontext.sh \ ++ test/integration/tests/forward-seal.sh \ + test/integration/tests/getcap.sh \ + test/integration/tests/getekcertificate.sh \ + test/integration/tests/getpolicydigest.sh \ +@@ -1416,6 +1421,7 @@ SYSTEM_TESTS = test/integration/tests/X509certutil.sh \ + test/integration/tests/symlink.sh \ + test/integration/tests/testparms.sh \ + test/integration/tests/toggle_options.sh \ ++ test/integration/tests/tr_encode.sh \ + test/integration/tests/unseal.sh \ + test/integration/tests/verifysignature.sh + ALL_SYSTEM_TESTS = $(SYSTEM_TESTS) +@@ -1486,14 +1492,14 @@ LIB_COMMON := lib/libcommon.a + AM_CFLAGS := \ + $(INCLUDE_DIRS) $(EXTRA_CFLAGS) $(TSS2_ESYS_CFLAGS) $(TSS2_MU_CFLAGS) \ + $(CRYPTO_CFLAGS) $(CODE_COVERAGE_CFLAGS) $(TSS2_TCTILDR_CFLAGS) \ +- $(TSS2_RC_CFLAGS) $(TSS2_SYS_CFLAGS) ++ $(TSS2_RC_CFLAGS) $(TSS2_SYS_CFLAGS) $(CURL_CFLAGS) + + AM_LDFLAGS := $(EXTRA_LDFLAGS) $(CODE_COVERAGE_LIBS) + LDADD = \ + $(LIB_COMMON) $(TSS2_ESYS_LIBS) $(TSS2_MU_LIBS) $(CRYPTO_LIBS) $(TSS2_TCTILDR_LIBS) \ + $(TSS2_RC_LIBS) $(TSS2_SYS_LIBS) $(EFIVAR_LIBS) + +-FAPI_CFLAGS = $(EXTRA_CFLAGS) $(TSS2_FAPI_CFLAGS) $(CODE_COVERAGE_CFLAGS) ++FAPI_CFLAGS = $(EXTRA_CFLAGS) $(TSS2_FAPI_CFLAGS) $(CODE_COVERAGE_CFLAGS) $(CRYPTO_CFLAGS) + TESTS = $(am__append_2) $(am__append_4) $(am__append_5) + noinst_LIBRARIES = $(LIB_COMMON) + lib_libcommon_a_SOURCES = $(LIB_SRC) +@@ -1559,6 +1565,7 @@ tpm2_tools = \ + tools/misc/tpm2_eventlog.c \ + tools/misc/tpm2_print.c \ + tools/misc/tpm2_rc_decode.c \ ++ tools/misc/tpm2_tr_encode.c \ + tools/tpm2_activatecredential.c \ + tools/tpm2_certify.c \ + tools/tpm2_changeauth.c \ +@@ -1835,6 +1842,7 @@ EXTRA_DIST = \ + @HAVE_MAN_PAGES_TRUE@ man/man1/tpm2_startup.1 \ + @HAVE_MAN_PAGES_TRUE@ man/man1/tpm2_stirrandom.1 \ + @HAVE_MAN_PAGES_TRUE@ man/man1/tpm2_testparms.1 \ ++@HAVE_MAN_PAGES_TRUE@ man/man1/tpm2_tr_encode.1 \ + @HAVE_MAN_PAGES_TRUE@ man/man1/tpm2_unseal.1 \ + @HAVE_MAN_PAGES_TRUE@ man/man1/tpm2_verifysignature.1 \ + @HAVE_MAN_PAGES_TRUE@ man/man1/tpm2_setcommandauditstatus.1 \ +@@ -2278,6 +2286,8 @@ tools/misc/tpm2-tpm2_print.$(OBJEXT): tools/misc/$(am__dirstamp) \ + tools/misc/$(DEPDIR)/$(am__dirstamp) + tools/misc/tpm2-tpm2_rc_decode.$(OBJEXT): tools/misc/$(am__dirstamp) \ + tools/misc/$(DEPDIR)/$(am__dirstamp) ++tools/misc/tpm2-tpm2_tr_encode.$(OBJEXT): tools/misc/$(am__dirstamp) \ ++ tools/misc/$(DEPDIR)/$(am__dirstamp) + tools/tpm2-tpm2_activatecredential.$(OBJEXT): tools/$(am__dirstamp) \ + tools/$(DEPDIR)/$(am__dirstamp) + tools/tpm2-tpm2_certify.$(OBJEXT): tools/$(am__dirstamp) \ +@@ -2667,6 +2677,7 @@ distclean-compile: + @AMDEP_TRUE@@am__include@ @am__quote@tools/misc/$(DEPDIR)/tpm2-tpm2_eventlog.Po@am__quote@ # am--include-marker + @AMDEP_TRUE@@am__include@ @am__quote@tools/misc/$(DEPDIR)/tpm2-tpm2_print.Po@am__quote@ # am--include-marker + @AMDEP_TRUE@@am__include@ @am__quote@tools/misc/$(DEPDIR)/tpm2-tpm2_rc_decode.Po@am__quote@ # am--include-marker ++@AMDEP_TRUE@@am__include@ @am__quote@tools/misc/$(DEPDIR)/tpm2-tpm2_tr_encode.Po@am__quote@ # am--include-marker + + $(am__depfiles_remade): + @$(MKDIR_P) $(@D) +@@ -3930,6 +3941,20 @@ tools/misc/tpm2-tpm2_rc_decode.obj: tools/misc/tpm2_rc_decode.c + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ + @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tools_tpm2_CFLAGS) $(CFLAGS) -c -o tools/misc/tpm2-tpm2_rc_decode.obj `if test -f 'tools/misc/tpm2_rc_decode.c'; then $(CYGPATH_W) 'tools/misc/tpm2_rc_decode.c'; else $(CYGPATH_W) '$(srcdir)/tools/misc/tpm2_rc_decode.c'; fi` + ++tools/misc/tpm2-tpm2_tr_encode.o: tools/misc/tpm2_tr_encode.c ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tools_tpm2_CFLAGS) $(CFLAGS) -MT tools/misc/tpm2-tpm2_tr_encode.o -MD -MP -MF tools/misc/$(DEPDIR)/tpm2-tpm2_tr_encode.Tpo -c -o tools/misc/tpm2-tpm2_tr_encode.o `test -f 'tools/misc/tpm2_tr_encode.c' || echo '$(srcdir)/'`tools/misc/tpm2_tr_encode.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tools/misc/$(DEPDIR)/tpm2-tpm2_tr_encode.Tpo tools/misc/$(DEPDIR)/tpm2-tpm2_tr_encode.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tools/misc/tpm2_tr_encode.c' object='tools/misc/tpm2-tpm2_tr_encode.o' libtool=no @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tools_tpm2_CFLAGS) $(CFLAGS) -c -o tools/misc/tpm2-tpm2_tr_encode.o `test -f 'tools/misc/tpm2_tr_encode.c' || echo '$(srcdir)/'`tools/misc/tpm2_tr_encode.c ++ ++tools/misc/tpm2-tpm2_tr_encode.obj: tools/misc/tpm2_tr_encode.c ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tools_tpm2_CFLAGS) $(CFLAGS) -MT tools/misc/tpm2-tpm2_tr_encode.obj -MD -MP -MF tools/misc/$(DEPDIR)/tpm2-tpm2_tr_encode.Tpo -c -o tools/misc/tpm2-tpm2_tr_encode.obj `if test -f 'tools/misc/tpm2_tr_encode.c'; then $(CYGPATH_W) 'tools/misc/tpm2_tr_encode.c'; else $(CYGPATH_W) '$(srcdir)/tools/misc/tpm2_tr_encode.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tools/misc/$(DEPDIR)/tpm2-tpm2_tr_encode.Tpo tools/misc/$(DEPDIR)/tpm2-tpm2_tr_encode.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tools/misc/tpm2_tr_encode.c' object='tools/misc/tpm2-tpm2_tr_encode.obj' libtool=no @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tools_tpm2_CFLAGS) $(CFLAGS) -c -o tools/misc/tpm2-tpm2_tr_encode.obj `if test -f 'tools/misc/tpm2_tr_encode.c'; then $(CYGPATH_W) 'tools/misc/tpm2_tr_encode.c'; else $(CYGPATH_W) '$(srcdir)/tools/misc/tpm2_tr_encode.c'; fi` ++ + tools/tpm2-tpm2_activatecredential.o: tools/tpm2_activatecredential.c + @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tools_tpm2_CFLAGS) $(CFLAGS) -MT tools/tpm2-tpm2_activatecredential.o -MD -MP -MF tools/$(DEPDIR)/tpm2-tpm2_activatecredential.Tpo -c -o tools/tpm2-tpm2_activatecredential.o `test -f 'tools/tpm2_activatecredential.c' || echo '$(srcdir)/'`tools/tpm2_activatecredential.c + @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tools/$(DEPDIR)/tpm2-tpm2_activatecredential.Tpo tools/$(DEPDIR)/tpm2-tpm2_activatecredential.Po +@@ -5500,7 +5525,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS) + test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ + fi; \ + echo "$${col}$$br$${std}"; \ +- echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ + echo "$${col}$$br$${std}"; \ + create_testsuite_report --maybe-color; \ + echo "$$col$$br$$std"; \ +@@ -5660,7 +5685,6 @@ test/unit/test_object.log: test/unit/test_object$(EXEEXT) + @am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ + @am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_SH_LOG_DRIVER_FLAGS) $(SH_LOG_DRIVER_FLAGS) -- $(SH_LOG_COMPILE) \ + @am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) +- + distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +@@ -5722,6 +5746,10 @@ dist-xz: distdir + tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz + $(am__post_remove_distdir) + ++dist-zstd: distdir ++ tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst ++ $(am__post_remove_distdir) ++ + dist-tarZ: distdir + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 +@@ -5764,6 +5792,8 @@ distcheck: dist + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ ++ *.tar.zst*) \ ++ zstd -dc $(distdir).tar.zst | $(am__untar) ;;\ + esac + chmod -R a-w $(distdir) + chmod u+w $(distdir) +@@ -5779,7 +5809,7 @@ distcheck: dist + $(DISTCHECK_CONFIGURE_FLAGS) \ + --srcdir=../.. --prefix="$$dc_install_base" \ + && $(MAKE) $(AM_MAKEFLAGS) \ +- && $(MAKE) $(AM_MAKEFLAGS) dvi \ ++ && $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ +@@ -6075,6 +6105,7 @@ distclean: distclean-am + -rm -f tools/misc/$(DEPDIR)/tpm2-tpm2_eventlog.Po + -rm -f tools/misc/$(DEPDIR)/tpm2-tpm2_print.Po + -rm -f tools/misc/$(DEPDIR)/tpm2-tpm2_rc_decode.Po ++ -rm -f tools/misc/$(DEPDIR)/tpm2-tpm2_tr_encode.Po + -rm -f Makefile + distclean-am: clean-am distclean-compile distclean-generic \ + distclean-hdr distclean-libtool distclean-local distclean-tags +@@ -6307,6 +6338,7 @@ maintainer-clean: maintainer-clean-am + -rm -f tools/misc/$(DEPDIR)/tpm2-tpm2_eventlog.Po + -rm -f tools/misc/$(DEPDIR)/tpm2-tpm2_print.Po + -rm -f tools/misc/$(DEPDIR)/tpm2-tpm2_rc_decode.Po ++ -rm -f tools/misc/$(DEPDIR)/tpm2-tpm2_tr_encode.Po + -rm -f Makefile + maintainer-clean-am: distclean-am maintainer-clean-generic + +@@ -6337,9 +6369,9 @@ uninstall-man: uninstall-man1 + clean-checkPROGRAMS clean-cscope clean-generic clean-libtool \ + clean-local clean-noinstLIBRARIES cscope cscopelist-am ctags \ + ctags-am dist dist-all dist-bzip2 dist-gzip dist-hook \ +- dist-lzip dist-shar dist-tarZ dist-xz dist-zip distcheck \ +- distclean distclean-compile distclean-generic distclean-hdr \ +- distclean-libtool distclean-local distclean-tags \ ++ dist-lzip dist-shar dist-tarZ dist-xz dist-zip dist-zstd \ ++ distcheck distclean distclean-compile distclean-generic \ ++ distclean-hdr distclean-libtool distclean-local distclean-tags \ + distcleancheck distdir distuninstallcheck dvi dvi-am html \ + html-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-data-hook \ +@@ -6478,6 +6510,7 @@ install-exec-hook: + + check-hook: + rm -rf .lock_file ++ rm -f $(abs_top_srcdir)/test/integration/fixtures/event-uefiservices.bin.yaml + + man/man1/%.1 : man/%.1.md $(MARKDOWN_COMMON_DEPS) + $(AM_V_GEN)rm -f $@ && \ +@@ -6542,6 +6575,15 @@ dist-hook: + for f in $(EXTRA_DIST_IGNORE); do \ + rm -rf `find $(distdir) -name $$f`; \ + done; ++ ++prepare-check: ++@HAVE_EFIVAR_H_TRUE@ cp $(abs_top_srcdir)/test/integration/fixtures/event-pretty/event-*.yaml \ ++@HAVE_EFIVAR_H_TRUE@ $(abs_top_srcdir)/test/integration/fixtures/ ++@HAVE_EFIVAR_H_FALSE@ cp $(abs_top_srcdir)/test/integration/fixtures/event-raw/event-*.yaml \ ++@HAVE_EFIVAR_H_FALSE@ $(abs_top_srcdir)/test/integration/fixtures/ ++ ++check: prepare-check ++ + # If pandoc is not enabled, we want to complain that you need pandoc for make dist, + # so hook the target and complain. + @HAVE_PANDOC_FALSE@ @(>&2 echo "You do not have pandoc, a requirement for the distribution of manpages") +diff --git a/VERSION b/VERSION +index 9ad974f..760606e 100644 +--- a/VERSION ++++ b/VERSION +@@ -1 +1 @@ +-5.5 ++5.7 +diff --git a/aclocal.m4 b/aclocal.m4 +index 1e4bdef..ed2b40e 100644 +--- a/aclocal.m4 ++++ b/aclocal.m4 +@@ -1,6 +1,6 @@ +-# generated automatically by aclocal 1.16.1 -*- Autoconf -*- ++# generated automatically by aclocal 1.16.5 -*- Autoconf -*- + +-# Copyright (C) 1996-2018 Free Software Foundation, Inc. ++# Copyright (C) 1996-2021 Free Software Foundation, Inc. + + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -14,13 +14,13 @@ + m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) + m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +-m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, +-[m4_warning([this file was generated for autoconf 2.69. ++m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.71],, ++[m4_warning([this file was generated for autoconf 2.71. + You have another version of autoconf. It may work, but is not guaranteed to. + If you have problems, you may need to regenerate the build system entirely. + To do so, use the procedure documented by the package, typically 'autoreconf'.])]) + +-# Copyright (C) 2002-2018 Free Software Foundation, Inc. ++# Copyright (C) 2002-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -35,7 +35,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION], + [am__api_version='1.16' + dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to + dnl require some minimum version. Point them to the right macro. +-m4_if([$1], [1.16.1], [], ++m4_if([$1], [1.16.5], [], + [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl + ]) + +@@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], []) + # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. + # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. + AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], +-[AM_AUTOMAKE_VERSION([1.16.1])dnl ++[AM_AUTOMAKE_VERSION([1.16.5])dnl + m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl + _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) + + # AM_AUX_DIR_EXPAND -*- Autoconf -*- + +-# Copyright (C) 2001-2018 Free Software Foundation, Inc. ++# Copyright (C) 2001-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -110,7 +110,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd` + + # AM_CONDITIONAL -*- Autoconf -*- + +-# Copyright (C) 1997-2018 Free Software Foundation, Inc. ++# Copyright (C) 1997-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -141,7 +141,7 @@ AC_CONFIG_COMMANDS_PRE( + Usually this means the macro was only invoked conditionally.]]) + fi])]) + +-# Copyright (C) 1999-2018 Free Software Foundation, Inc. ++# Copyright (C) 1999-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -332,7 +332,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl + + # Generate code to set up dependency tracking. -*- Autoconf -*- + +-# Copyright (C) 1999-2018 Free Software Foundation, Inc. ++# Copyright (C) 1999-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -371,7 +371,9 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], + done + if test $am_rc -ne 0; then + AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments +- for automatic dependency tracking. Try re-running configure with the ++ for automatic dependency tracking. If GNU make was not used, consider ++ re-running the configure script with MAKE="gmake" (or whatever is ++ necessary). You can also try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking).]) + fi +@@ -398,7 +400,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], + + # Do all the work for Automake. -*- Autoconf -*- + +-# Copyright (C) 1996-2018 Free Software Foundation, Inc. ++# Copyright (C) 1996-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -426,6 +428,10 @@ m4_defn([AC_PROG_CC]) + # release and drop the old call support. + AC_DEFUN([AM_INIT_AUTOMAKE], + [AC_PREREQ([2.65])dnl ++m4_ifdef([_$0_ALREADY_INIT], ++ [m4_fatal([$0 expanded multiple times ++]m4_defn([_$0_ALREADY_INIT]))], ++ [m4_define([_$0_ALREADY_INIT], m4_expansion_stack)])dnl + dnl Autoconf wants to disallow AM_ names. We explicitly allow + dnl the ones we care about. + m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl +@@ -462,7 +468,7 @@ m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl + [_AM_SET_OPTIONS([$1])dnl + dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. + m4_if( +- m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), ++ m4_ifset([AC_PACKAGE_NAME], [ok]):m4_ifset([AC_PACKAGE_VERSION], [ok]), + [ok:ok],, + [m4_fatal([AC_INIT should be called with package and version arguments])])dnl + AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl +@@ -514,6 +520,20 @@ AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], + [m4_define([AC_PROG_OBJCXX], + m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl + ]) ++# Variables for tags utilities; see am/tags.am ++if test -z "$CTAGS"; then ++ CTAGS=ctags ++fi ++AC_SUBST([CTAGS]) ++if test -z "$ETAGS"; then ++ ETAGS=etags ++fi ++AC_SUBST([ETAGS]) ++if test -z "$CSCOPE"; then ++ CSCOPE=cscope ++fi ++AC_SUBST([CSCOPE]) ++ + AC_REQUIRE([AM_SILENT_RULES])dnl + dnl The testsuite driver may need to know about EXEEXT, so add the + dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This +@@ -595,7 +615,7 @@ for _am_header in $config_headers :; do + done + echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) + +-# Copyright (C) 2001-2018 Free Software Foundation, Inc. ++# Copyright (C) 2001-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -616,7 +636,7 @@ if test x"${install_sh+set}" != xset; then + fi + AC_SUBST([install_sh])]) + +-# Copyright (C) 2003-2018 Free Software Foundation, Inc. ++# Copyright (C) 2003-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -637,7 +657,7 @@ AC_SUBST([am__leading_dot])]) + + # Check to see how 'make' treats includes. -*- Autoconf -*- + +-# Copyright (C) 2001-2018 Free Software Foundation, Inc. ++# Copyright (C) 2001-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -680,7 +700,7 @@ AC_SUBST([am__quote])]) + + # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- + +-# Copyright (C) 1997-2018 Free Software Foundation, Inc. ++# Copyright (C) 1997-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -701,12 +721,7 @@ AC_DEFUN([AM_MISSING_HAS_RUN], + [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl + AC_REQUIRE_AUX_FILE([missing])dnl + if test x"${MISSING+set}" != xset; then +- case $am_aux_dir in +- *\ * | *\ *) +- MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; +- *) +- MISSING="\${SHELL} $am_aux_dir/missing" ;; +- esac ++ MISSING="\${SHELL} '$am_aux_dir/missing'" + fi + # Use eval to expand $SHELL + if eval "$MISSING --is-lightweight"; then +@@ -719,7 +734,7 @@ fi + + # Helper functions for option handling. -*- Autoconf -*- + +-# Copyright (C) 2001-2018 Free Software Foundation, Inc. ++# Copyright (C) 2001-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -748,7 +763,7 @@ AC_DEFUN([_AM_SET_OPTIONS], + AC_DEFUN([_AM_IF_OPTION], + [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) + +-# Copyright (C) 1999-2018 Free Software Foundation, Inc. ++# Copyright (C) 1999-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -795,7 +810,7 @@ AC_LANG_POP([C])]) + # For backward compatibility. + AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) + +-# Copyright (C) 1999-2018 Free Software Foundation, Inc. ++# Copyright (C) 1999-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -830,6 +845,7 @@ AC_DEFUN([AM_PATH_PYTHON], + dnl supported. (2.0 was released on October 16, 2000). + m4_define_default([_AM_PYTHON_INTERPRETER_LIST], + [python python2 python3 dnl ++ python3.11 python3.10 dnl + python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 dnl + python3.2 python3.1 python3.0 dnl + python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 dnl +@@ -874,34 +890,141 @@ AC_DEFUN([AM_PATH_PYTHON], + ]) + + if test "$PYTHON" = :; then +- dnl Run any user-specified action, or abort. ++ dnl Run any user-specified action, or abort. + m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])]) + else + +- dnl Query Python for its version number. Getting [:3] seems to be +- dnl the best way to do this; it's what "site.py" does in the standard +- dnl library. +- ++ dnl Query Python for its version number. Although site.py simply uses ++ dnl sys.version[:3], printing that failed with Python 3.10, since the ++ dnl trailing zero was eliminated. So now we output just the major ++ dnl and minor version numbers, as numbers. Apparently the tertiary ++ dnl version is not of interest. ++ dnl + AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version], +- [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`]) ++ [am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[[:2]])"`]) + AC_SUBST([PYTHON_VERSION], [$am_cv_python_version]) + +- dnl Use the values of $prefix and $exec_prefix for the corresponding +- dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made +- dnl distinct variables so they can be overridden if need be. However, +- dnl general consensus is that you shouldn't need this ability. +- +- AC_SUBST([PYTHON_PREFIX], ['${prefix}']) +- AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}']) +- +- dnl At times (like when building shared libraries) you may want ++ dnl At times, e.g., when building shared libraries, you may want + dnl to know which OS platform Python thinks this is. +- ++ dnl + AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform], + [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) + AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) + +- # Just factor out some code duplication. ++ dnl emacs-page ++ dnl If --with-python-sys-prefix is given, use the values of sys.prefix ++ dnl and sys.exec_prefix for the corresponding values of PYTHON_PREFIX ++ dnl and PYTHON_EXEC_PREFIX. Otherwise, use the GNU ${prefix} and ++ dnl ${exec_prefix} variables. ++ dnl ++ dnl The two are made distinct variables so they can be overridden if ++ dnl need be, although general consensus is that you shouldn't need ++ dnl this separation. ++ dnl ++ dnl Also allow directly setting the prefixes via configure options, ++ dnl overriding any default. ++ dnl ++ if test "x$prefix" = xNONE; then ++ am__usable_prefix=$ac_default_prefix ++ else ++ am__usable_prefix=$prefix ++ fi ++ ++ # Allow user to request using sys.* values from Python, ++ # instead of the GNU $prefix values. ++ AC_ARG_WITH([python-sys-prefix], ++ [AS_HELP_STRING([--with-python-sys-prefix], ++ [use Python's sys.prefix and sys.exec_prefix values])], ++ [am_use_python_sys=:], ++ [am_use_python_sys=false]) ++ ++ # Allow user to override whatever the default Python prefix is. ++ AC_ARG_WITH([python_prefix], ++ [AS_HELP_STRING([--with-python_prefix], ++ [override the default PYTHON_PREFIX])], ++ [am_python_prefix_subst=$withval ++ am_cv_python_prefix=$withval ++ AC_MSG_CHECKING([for explicit $am_display_PYTHON prefix]) ++ AC_MSG_RESULT([$am_cv_python_prefix])], ++ [ ++ if $am_use_python_sys; then ++ # using python sys.prefix value, not GNU ++ AC_CACHE_CHECK([for python default $am_display_PYTHON prefix], ++ [am_cv_python_prefix], ++ [am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`]) ++ ++ dnl If sys.prefix is a subdir of $prefix, replace the literal value of ++ dnl $prefix with a variable reference so it can be overridden. ++ case $am_cv_python_prefix in ++ $am__usable_prefix*) ++ am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'` ++ am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"` ++ ;; ++ *) ++ am_python_prefix_subst=$am_cv_python_prefix ++ ;; ++ esac ++ else # using GNU prefix value, not python sys.prefix ++ am_python_prefix_subst='${prefix}' ++ am_python_prefix=$am_python_prefix_subst ++ AC_MSG_CHECKING([for GNU default $am_display_PYTHON prefix]) ++ AC_MSG_RESULT([$am_python_prefix]) ++ fi]) ++ # Substituting python_prefix_subst value. ++ AC_SUBST([PYTHON_PREFIX], [$am_python_prefix_subst]) ++ ++ # emacs-page Now do it all over again for Python exec_prefix, but with yet ++ # another conditional: fall back to regular prefix if that was specified. ++ AC_ARG_WITH([python_exec_prefix], ++ [AS_HELP_STRING([--with-python_exec_prefix], ++ [override the default PYTHON_EXEC_PREFIX])], ++ [am_python_exec_prefix_subst=$withval ++ am_cv_python_exec_prefix=$withval ++ AC_MSG_CHECKING([for explicit $am_display_PYTHON exec_prefix]) ++ AC_MSG_RESULT([$am_cv_python_exec_prefix])], ++ [ ++ # no explicit --with-python_exec_prefix, but if ++ # --with-python_prefix was given, use its value for python_exec_prefix too. ++ AS_IF([test -n "$with_python_prefix"], ++ [am_python_exec_prefix_subst=$with_python_prefix ++ am_cv_python_exec_prefix=$with_python_prefix ++ AC_MSG_CHECKING([for python_prefix-given $am_display_PYTHON exec_prefix]) ++ AC_MSG_RESULT([$am_cv_python_exec_prefix])], ++ [ ++ # Set am__usable_exec_prefix whether using GNU or Python values, ++ # since we use that variable for pyexecdir. ++ if test "x$exec_prefix" = xNONE; then ++ am__usable_exec_prefix=$am__usable_prefix ++ else ++ am__usable_exec_prefix=$exec_prefix ++ fi ++ # ++ if $am_use_python_sys; then # using python sys.exec_prefix, not GNU ++ AC_CACHE_CHECK([for python default $am_display_PYTHON exec_prefix], ++ [am_cv_python_exec_prefix], ++ [am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`]) ++ dnl If sys.exec_prefix is a subdir of $exec_prefix, replace the ++ dnl literal value of $exec_prefix with a variable reference so it can ++ dnl be overridden. ++ case $am_cv_python_exec_prefix in ++ $am__usable_exec_prefix*) ++ am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'` ++ am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"` ++ ;; ++ *) ++ am_python_exec_prefix_subst=$am_cv_python_exec_prefix ++ ;; ++ esac ++ else # using GNU $exec_prefix, not python sys.exec_prefix ++ am_python_exec_prefix_subst='${exec_prefix}' ++ am_python_exec_prefix=$am_python_exec_prefix_subst ++ AC_MSG_CHECKING([for GNU default $am_display_PYTHON exec_prefix]) ++ AC_MSG_RESULT([$am_python_exec_prefix]) ++ fi])]) ++ # Substituting python_exec_prefix_subst. ++ AC_SUBST([PYTHON_EXEC_PREFIX], [$am_python_exec_prefix_subst]) ++ ++ # Factor out some code duplication into this shell variable. + am_python_setup_sysconfig="\ + import sys + # Prefer sysconfig over distutils.sysconfig, for better compatibility +@@ -921,96 +1044,109 @@ try: + except ImportError: + pass" + +- dnl Set up 4 directories: ++ dnl emacs-page Set up 4 directories: + +- dnl pythondir -- where to install python scripts. This is the +- dnl site-packages directory, not the python standard library +- dnl directory like in previous automake betas. This behavior +- dnl is more consistent with lispdir.m4 for example. ++ dnl 1. pythondir: where to install python scripts. This is the ++ dnl site-packages directory, not the python standard library ++ dnl directory like in previous automake betas. This behavior ++ dnl is more consistent with lispdir.m4 for example. + dnl Query distutils for this directory. +- AC_CACHE_CHECK([for $am_display_PYTHON script directory], +- [am_cv_python_pythondir], +- [if test "x$prefix" = xNONE +- then +- am_py_prefix=$ac_default_prefix +- else +- am_py_prefix=$prefix +- fi +- am_cv_python_pythondir=`$PYTHON -c " ++ dnl ++ AC_CACHE_CHECK([for $am_display_PYTHON script directory (pythondir)], ++ [am_cv_python_pythondir], ++ [if test "x$am_cv_python_prefix" = x; then ++ am_py_prefix=$am__usable_prefix ++ else ++ am_py_prefix=$am_cv_python_prefix ++ fi ++ am_cv_python_pythondir=`$PYTHON -c " + $am_python_setup_sysconfig + if can_use_sysconfig: +- sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) ++ if hasattr(sysconfig, 'get_default_scheme'): ++ scheme = sysconfig.get_default_scheme() ++ else: ++ scheme = sysconfig._get_default_scheme() ++ if scheme == 'posix_local': ++ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/ ++ scheme = 'posix_prefix' ++ sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'}) + else: +- from distutils import sysconfig +- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') ++ from distutils import sysconfig ++ sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') + sys.stdout.write(sitedir)"` +- case $am_cv_python_pythondir in +- $am_py_prefix*) +- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` +- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` +- ;; +- *) +- case $am_py_prefix in +- /usr|/System*) ;; +- *) +- am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages +- ;; +- esac +- ;; ++ # ++ case $am_cv_python_pythondir in ++ $am_py_prefix*) ++ am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` ++ am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"` ++ ;; ++ *) ++ case $am_py_prefix in ++ /usr|/System*) ;; ++ *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages" ++ ;; + esac +- ]) ++ ;; ++ esac ++ ]) + AC_SUBST([pythondir], [$am_cv_python_pythondir]) + +- dnl pkgpythondir -- $PACKAGE directory under pythondir. Was +- dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is +- dnl more consistent with the rest of automake. +- ++ dnl 2. pkgpythondir: $PACKAGE directory under pythondir. Was ++ dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is ++ dnl more consistent with the rest of automake. ++ dnl + AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE]) + +- dnl pyexecdir -- directory for installing python extension modules +- dnl (shared libraries) ++ dnl 3. pyexecdir: directory for installing python extension modules ++ dnl (shared libraries). + dnl Query distutils for this directory. +- AC_CACHE_CHECK([for $am_display_PYTHON extension module directory], +- [am_cv_python_pyexecdir], +- [if test "x$exec_prefix" = xNONE +- then +- am_py_exec_prefix=$am_py_prefix +- else +- am_py_exec_prefix=$exec_prefix +- fi +- am_cv_python_pyexecdir=`$PYTHON -c " ++ dnl ++ AC_CACHE_CHECK([for $am_display_PYTHON extension module directory (pyexecdir)], ++ [am_cv_python_pyexecdir], ++ [if test "x$am_cv_python_exec_prefix" = x; then ++ am_py_exec_prefix=$am__usable_exec_prefix ++ else ++ am_py_exec_prefix=$am_cv_python_exec_prefix ++ fi ++ am_cv_python_pyexecdir=`$PYTHON -c " + $am_python_setup_sysconfig + if can_use_sysconfig: +- sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) ++ if hasattr(sysconfig, 'get_default_scheme'): ++ scheme = sysconfig.get_default_scheme() ++ else: ++ scheme = sysconfig._get_default_scheme() ++ if scheme == 'posix_local': ++ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/ ++ scheme = 'posix_prefix' ++ sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'}) + else: +- from distutils import sysconfig +- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') ++ from distutils import sysconfig ++ sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix') + sys.stdout.write(sitedir)"` +- case $am_cv_python_pyexecdir in +- $am_py_exec_prefix*) +- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` +- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` +- ;; +- *) +- case $am_py_exec_prefix in +- /usr|/System*) ;; +- *) +- am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages +- ;; +- esac +- ;; ++ # ++ case $am_cv_python_pyexecdir in ++ $am_py_exec_prefix*) ++ am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` ++ am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"` ++ ;; ++ *) ++ case $am_py_exec_prefix in ++ /usr|/System*) ;; ++ *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages" ++ ;; + esac +- ]) ++ ;; ++ esac ++ ]) + AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir]) + +- dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE) +- ++ dnl 4. pkgpyexecdir: $(pyexecdir)/$(PACKAGE) ++ dnl + AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE]) + + dnl Run any user-specified action. + $2 + fi +- + ]) + + +@@ -1033,7 +1169,7 @@ for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] + sys.exit(sys.hexversion < minverhex)" + AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) + +-# Copyright (C) 2001-2018 Free Software Foundation, Inc. ++# Copyright (C) 2001-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -1052,7 +1188,7 @@ AC_DEFUN([AM_RUN_LOG], + + # Check to make sure that the build environment is sane. -*- Autoconf -*- + +-# Copyright (C) 1996-2018 Free Software Foundation, Inc. ++# Copyright (C) 1996-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -1133,7 +1269,7 @@ AC_CONFIG_COMMANDS_PRE( + rm -f conftest.file + ]) + +-# Copyright (C) 2009-2018 Free Software Foundation, Inc. ++# Copyright (C) 2009-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -1193,7 +1329,7 @@ AC_SUBST([AM_BACKSLASH])dnl + _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl + ]) + +-# Copyright (C) 2001-2018 Free Software Foundation, Inc. ++# Copyright (C) 2001-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -1221,7 +1357,7 @@ fi + INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + AC_SUBST([INSTALL_STRIP_PROGRAM])]) + +-# Copyright (C) 2006-2018 Free Software Foundation, Inc. ++# Copyright (C) 2006-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +@@ -1240,7 +1376,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) + + # Check how to create a tarball. -*- Autoconf -*- + +-# Copyright (C) 2004-2018 Free Software Foundation, Inc. ++# Copyright (C) 2004-2021 Free Software Foundation, Inc. + # + # This file is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, +diff --git a/aminclude_static.am b/aminclude_static.am +index ce309ae..afa2e16 100644 +--- a/aminclude_static.am ++++ b/aminclude_static.am +@@ -1,6 +1,6 @@ + + # aminclude_static.am generated automatically by Autoconf +-# from AX_AM_MACROS_STATIC on Mon Feb 13 09:09:40 CST 2023 ++# from AX_AM_MACROS_STATIC on Fri Apr 26 13:31:43 CEST 2024 + + + # Code coverage +@@ -60,7 +60,7 @@ CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT ?=$(if $(CODE_COVERAGE_BRANCH_COVERAGE),-- + CODE_COVERAGE_GENHTML_OPTIONS ?= $(CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT) + CODE_COVERAGE_IGNORE_PATTERN ?= + +-GITIGNOREFILES = $(GITIGNOREFILES) $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY) ++GITIGNOREFILES := $(GITIGNOREFILES) $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY) + code_coverage_v_lcov_cap = $(code_coverage_v_lcov_cap_$(V)) + code_coverage_v_lcov_cap_ = $(code_coverage_v_lcov_cap_$(AM_DEFAULT_VERBOSITY)) + code_coverage_v_lcov_cap_0 = @echo " LCOV --capture" $(CODE_COVERAGE_OUTPUT_FILE); +@@ -97,7 +97,7 @@ code-coverage-clean: + + code-coverage-dist-clean: + +-AM_DISTCHECK_CONFIGURE_FLAGS = $(AM_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage ++AM_DISTCHECK_CONFIGURE_FLAGS := $(AM_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage + else # ifneq ($(abs_builddir), $(abs_top_builddir)) + check-code-coverage: + +diff --git a/compile b/compile +index 99e5052..df363c8 100755 +--- a/compile ++++ b/compile +@@ -3,7 +3,7 @@ + + scriptversion=2018-03-07.03; # UTC + +-# Copyright (C) 1999-2018 Free Software Foundation, Inc. ++# Copyright (C) 1999-2021 Free Software Foundation, Inc. + # Written by Tom Tromey . + # + # This program is free software; you can redistribute it and/or modify +@@ -53,7 +53,7 @@ func_file_conv () + MINGW*) + file_conv=mingw + ;; +- CYGWIN*) ++ CYGWIN* | MSYS*) + file_conv=cygwin + ;; + *) +@@ -67,7 +67,7 @@ func_file_conv () + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; +- cygwin/*) ++ cygwin/* | msys/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) +diff --git a/config.guess b/config.guess +index f50dcdb..7f76b62 100755 +--- a/config.guess ++++ b/config.guess +@@ -1,12 +1,14 @@ + #! /bin/sh + # Attempt to guess a canonical system name. +-# Copyright 1992-2018 Free Software Foundation, Inc. ++# Copyright 1992-2022 Free Software Foundation, Inc. + +-timestamp='2018-02-24' ++# shellcheck disable=SC2006,SC2268 # see below for rationale ++ ++timestamp='2022-01-09' + + # This file is free software; you can redistribute it and/or modify it + # under the terms of the GNU General Public License as published by +-# the Free Software Foundation; either version 3 of the License, or ++# the Free Software Foundation, either version 3 of the License, or + # (at your option) any later version. + # + # This program is distributed in the hope that it will be useful, but +@@ -27,11 +29,19 @@ timestamp='2018-02-24' + # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. + # + # You can get the latest version of this script from: +-# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess ++# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess + # + # Please send patches to . + + ++# The "shellcheck disable" line above the timestamp inhibits complaints ++# about features and limitations of the classic Bourne shell that were ++# superseded or lifted in POSIX. However, this script identifies a wide ++# variety of pre-POSIX systems that do not have POSIX shells at all, and ++# even some reasonably current systems (Solaris 10 as case-in-point) still ++# have a pre-POSIX /bin/sh. ++ ++ + me=`echo "$0" | sed -e 's,.*/,,'` + + usage="\ +@@ -50,7 +60,7 @@ version="\ + GNU config.guess ($timestamp) + + Originally written by Per Bothner. +-Copyright 1992-2018 Free Software Foundation, Inc. ++Copyright 1992-2022 Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -84,7 +94,8 @@ if test $# != 0; then + exit 1 + fi + +-trap 'exit 1' 1 2 15 ++# Just in case it came from the environment. ++GUESS= + + # CC_FOR_BUILD -- compiler used by this script. Note that the use of a + # compiler to aid in system detection is discouraged as it requires +@@ -96,73 +107,90 @@ trap 'exit 1' 1 2 15 + + # Portable tmp directory creation inspired by the Autoconf team. + +-set_cc_for_build=' +-trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +-trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +-: ${TMPDIR=/tmp} ; +- { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || +- { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || +- { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || +- { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +-dummy=$tmp/dummy ; +-tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +-case $CC_FOR_BUILD,$HOST_CC,$CC in +- ,,) echo "int x;" > "$dummy.c" ; +- for c in cc gcc c89 c99 ; do +- if ($c -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then +- CC_FOR_BUILD="$c"; break ; +- fi ; +- done ; +- if test x"$CC_FOR_BUILD" = x ; then +- CC_FOR_BUILD=no_compiler_found ; +- fi +- ;; +- ,,*) CC_FOR_BUILD=$CC ;; +- ,*,*) CC_FOR_BUILD=$HOST_CC ;; +-esac ; set_cc_for_build= ;' ++tmp= ++# shellcheck disable=SC2172 ++trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15 ++ ++set_cc_for_build() { ++ # prevent multiple calls if $tmp is already set ++ test "$tmp" && return 0 ++ : "${TMPDIR=/tmp}" ++ # shellcheck disable=SC2039,SC3028 ++ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || ++ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || ++ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || ++ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ++ dummy=$tmp/dummy ++ case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in ++ ,,) echo "int x;" > "$dummy.c" ++ for driver in cc gcc c89 c99 ; do ++ if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then ++ CC_FOR_BUILD=$driver ++ break ++ fi ++ done ++ if test x"$CC_FOR_BUILD" = x ; then ++ CC_FOR_BUILD=no_compiler_found ++ fi ++ ;; ++ ,,*) CC_FOR_BUILD=$CC ;; ++ ,*,*) CC_FOR_BUILD=$HOST_CC ;; ++ esac ++} + + # This is needed to find uname on a Pyramid OSx when run in the BSD universe. + # (ghazi@noc.rutgers.edu 1994-08-24) +-if (test -f /.attbin/uname) >/dev/null 2>&1 ; then ++if test -f /.attbin/uname ; then + PATH=$PATH:/.attbin ; export PATH + fi + + UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown + UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +-UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown ++UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown + UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +-case "$UNAME_SYSTEM" in ++case $UNAME_SYSTEM in + Linux|GNU|GNU/*) +- # If the system lacks a compiler, then just pick glibc. +- # We could probably try harder. +- LIBC=gnu ++ LIBC=unknown + +- eval "$set_cc_for_build" ++ set_cc_for_build + cat <<-EOF > "$dummy.c" + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc +- #else ++ #elif defined(__GLIBC__) + LIBC=gnu ++ #else ++ #include ++ /* First heuristic to detect musl libc. */ ++ #ifdef __DEFINED_va_list ++ LIBC=musl ++ #endif + #endif + EOF +- eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" ++ cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` ++ eval "$cc_set_libc" + +- # If ldd exists, use it to detect musl libc. +- if command -v ldd >/dev/null && \ +- ldd --version 2>&1 | grep -q ^musl +- then +- LIBC=musl ++ # Second heuristic to detect musl libc. ++ if [ "$LIBC" = unknown ] && ++ command -v ldd >/dev/null && ++ ldd --version 2>&1 | grep -q ^musl; then ++ LIBC=musl ++ fi ++ ++ # If the system lacks a compiler, then just pick glibc. ++ # We could probably try harder. ++ if [ "$LIBC" = unknown ]; then ++ LIBC=gnu + fi + ;; + esac + + # Note: order is significant - the case branches are not exclusive. + +-case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in ++case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, +@@ -174,12 +202,12 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". +- sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ +- "/sbin/$sysctl" 2>/dev/null || \ +- "/usr/sbin/$sysctl" 2>/dev/null || \ ++ /sbin/sysctl -n hw.machine_arch 2>/dev/null || \ ++ /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \ + echo unknown)` +- case "$UNAME_MACHINE_ARCH" in ++ case $UNAME_MACHINE_ARCH in ++ aarch64eb) machine=aarch64_be-unknown ;; + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; +@@ -188,18 +216,18 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + earmv*) + arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` +- machine="${arch}${endian}"-unknown ++ machine=${arch}${endian}-unknown + ;; +- *) machine="$UNAME_MACHINE_ARCH"-unknown ;; ++ *) machine=$UNAME_MACHINE_ARCH-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently (or will in the future) and ABI. +- case "$UNAME_MACHINE_ARCH" in ++ case $UNAME_MACHINE_ARCH in + earm*) + os=netbsdelf + ;; + arm*|i386|m68k|ns32k|sh3*|sparc|vax) +- eval "$set_cc_for_build" ++ set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ELF__ + then +@@ -215,7 +243,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + ;; + esac + # Determine ABI tags. +- case "$UNAME_MACHINE_ARCH" in ++ case $UNAME_MACHINE_ARCH in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` +@@ -226,7 +254,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. +- case "$UNAME_VERSION" in ++ case $UNAME_VERSION in + Debian*) + release='-gnu' + ;; +@@ -237,45 +265,57 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. +- echo "$machine-${os}${release}${abi}" +- exit ;; ++ GUESS=$machine-${os}${release}${abi-} ++ ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` +- echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_MACHINE_ARCH-unknown-bitrig$UNAME_RELEASE ++ ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` +- echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_MACHINE_ARCH-unknown-openbsd$UNAME_RELEASE ++ ;; ++ *:SecBSD:*:*) ++ UNAME_MACHINE_ARCH=`arch | sed 's/SecBSD.//'` ++ GUESS=$UNAME_MACHINE_ARCH-unknown-secbsd$UNAME_RELEASE ++ ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` +- echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_MACHINE_ARCH-unknown-libertybsd$UNAME_RELEASE ++ ;; + *:MidnightBSD:*:*) +- echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-midnightbsd$UNAME_RELEASE ++ ;; + *:ekkoBSD:*:*) +- echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-ekkobsd$UNAME_RELEASE ++ ;; + *:SolidBSD:*:*) +- echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-solidbsd$UNAME_RELEASE ++ ;; ++ *:OS108:*:*) ++ GUESS=$UNAME_MACHINE-unknown-os108_$UNAME_RELEASE ++ ;; + macppc:MirBSD:*:*) +- echo powerpc-unknown-mirbsd"$UNAME_RELEASE" +- exit ;; ++ GUESS=powerpc-unknown-mirbsd$UNAME_RELEASE ++ ;; + *:MirBSD:*:*) +- echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-mirbsd$UNAME_RELEASE ++ ;; + *:Sortix:*:*) +- echo "$UNAME_MACHINE"-unknown-sortix +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-sortix ++ ;; ++ *:Twizzler:*:*) ++ GUESS=$UNAME_MACHINE-unknown-twizzler ++ ;; + *:Redox:*:*) +- echo "$UNAME_MACHINE"-unknown-redox +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-redox ++ ;; + mips:OSF1:*.*) +- echo mips-dec-osf1 +- exit ;; ++ GUESS=mips-dec-osf1 ++ ;; + alpha:OSF1:*:*) ++ # Reset EXIT trap before exiting to avoid spurious non-zero exit code. ++ trap '' 0 + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` +@@ -289,7 +329,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` +- case "$ALPHA_CPU_TYPE" in ++ case $ALPHA_CPU_TYPE in + "EV4 (21064)") + UNAME_MACHINE=alpha ;; + "EV4.5 (21064)") +@@ -326,117 +366,121 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. +- echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" +- # Reset EXIT trap before exiting to avoid spurious non-zero exit code. +- exitcode=$? +- trap '' 0 +- exit $exitcode ;; ++ OSF_REL=`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` ++ GUESS=$UNAME_MACHINE-dec-osf$OSF_REL ++ ;; + Amiga*:UNIX_System_V:4.0:*) +- echo m68k-unknown-sysv4 +- exit ;; ++ GUESS=m68k-unknown-sysv4 ++ ;; + *:[Aa]miga[Oo][Ss]:*:*) +- echo "$UNAME_MACHINE"-unknown-amigaos +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-amigaos ++ ;; + *:[Mm]orph[Oo][Ss]:*:*) +- echo "$UNAME_MACHINE"-unknown-morphos +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-morphos ++ ;; + *:OS/390:*:*) +- echo i370-ibm-openedition +- exit ;; ++ GUESS=i370-ibm-openedition ++ ;; + *:z/VM:*:*) +- echo s390-ibm-zvmoe +- exit ;; ++ GUESS=s390-ibm-zvmoe ++ ;; + *:OS400:*:*) +- echo powerpc-ibm-os400 +- exit ;; ++ GUESS=powerpc-ibm-os400 ++ ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) +- echo arm-acorn-riscix"$UNAME_RELEASE" +- exit ;; ++ GUESS=arm-acorn-riscix$UNAME_RELEASE ++ ;; + arm*:riscos:*:*|arm*:RISCOS:*:*) +- echo arm-unknown-riscos +- exit ;; ++ GUESS=arm-unknown-riscos ++ ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) +- echo hppa1.1-hitachi-hiuxmpp +- exit ;; ++ GUESS=hppa1.1-hitachi-hiuxmpp ++ ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. +- if test "`(/bin/universe) 2>/dev/null`" = att ; then +- echo pyramid-pyramid-sysv3 +- else +- echo pyramid-pyramid-bsd +- fi +- exit ;; ++ case `(/bin/universe) 2>/dev/null` in ++ att) GUESS=pyramid-pyramid-sysv3 ;; ++ *) GUESS=pyramid-pyramid-bsd ;; ++ esac ++ ;; + NILE*:*:*:dcosx) +- echo pyramid-pyramid-svr4 +- exit ;; ++ GUESS=pyramid-pyramid-svr4 ++ ;; + DRS?6000:unix:4.0:6*) +- echo sparc-icl-nx6 +- exit ;; ++ GUESS=sparc-icl-nx6 ++ ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in +- sparc) echo sparc-icl-nx7; exit ;; +- esac ;; ++ sparc) GUESS=sparc-icl-nx7 ;; ++ esac ++ ;; + s390x:SunOS:*:*) +- echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" +- exit ;; ++ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` ++ GUESS=$UNAME_MACHINE-ibm-solaris2$SUN_REL ++ ;; + sun4H:SunOS:5.*:*) +- echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" +- exit ;; ++ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` ++ GUESS=sparc-hal-solaris2$SUN_REL ++ ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) +- echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" +- exit ;; ++ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` ++ GUESS=sparc-sun-solaris2$SUN_REL ++ ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) +- echo i386-pc-auroraux"$UNAME_RELEASE" +- exit ;; ++ GUESS=i386-pc-auroraux$UNAME_RELEASE ++ ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) +- eval "$set_cc_for_build" ++ set_cc_for_build + SUN_ARCH=i386 + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. +- if [ "$CC_FOR_BUILD" != no_compiler_found ]; then ++ if test "$CC_FOR_BUILD" != no_compiler_found; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ +- (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ ++ (CCOPTS="" $CC_FOR_BUILD -m64 -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH=x86_64 + fi + fi +- echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" +- exit ;; ++ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` ++ GUESS=$SUN_ARCH-pc-solaris2$SUN_REL ++ ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. +- echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" +- exit ;; ++ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` ++ GUESS=sparc-sun-solaris3$SUN_REL ++ ;; + sun4*:SunOS:*:*) +- case "`/usr/bin/arch -k`" in ++ case `/usr/bin/arch -k` in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. +- echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" +- exit ;; ++ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/'` ++ GUESS=sparc-sun-sunos$SUN_REL ++ ;; + sun3*:SunOS:*:*) +- echo m68k-sun-sunos"$UNAME_RELEASE" +- exit ;; ++ GUESS=m68k-sun-sunos$UNAME_RELEASE ++ ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 +- case "`/bin/arch`" in ++ case `/bin/arch` in + sun3) +- echo m68k-sun-sunos"$UNAME_RELEASE" ++ GUESS=m68k-sun-sunos$UNAME_RELEASE + ;; + sun4) +- echo sparc-sun-sunos"$UNAME_RELEASE" ++ GUESS=sparc-sun-sunos$UNAME_RELEASE + ;; + esac +- exit ;; ++ ;; + aushp:SunOS:*:*) +- echo sparc-auspex-sunos"$UNAME_RELEASE" +- exit ;; ++ GUESS=sparc-auspex-sunos$UNAME_RELEASE ++ ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor +@@ -446,43 +490,43 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) +- echo m68k-atari-mint"$UNAME_RELEASE" +- exit ;; ++ GUESS=m68k-atari-mint$UNAME_RELEASE ++ ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) +- echo m68k-atari-mint"$UNAME_RELEASE" +- exit ;; ++ GUESS=m68k-atari-mint$UNAME_RELEASE ++ ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) +- echo m68k-atari-mint"$UNAME_RELEASE" +- exit ;; ++ GUESS=m68k-atari-mint$UNAME_RELEASE ++ ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) +- echo m68k-milan-mint"$UNAME_RELEASE" +- exit ;; ++ GUESS=m68k-milan-mint$UNAME_RELEASE ++ ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) +- echo m68k-hades-mint"$UNAME_RELEASE" +- exit ;; ++ GUESS=m68k-hades-mint$UNAME_RELEASE ++ ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) +- echo m68k-unknown-mint"$UNAME_RELEASE" +- exit ;; ++ GUESS=m68k-unknown-mint$UNAME_RELEASE ++ ;; + m68k:machten:*:*) +- echo m68k-apple-machten"$UNAME_RELEASE" +- exit ;; ++ GUESS=m68k-apple-machten$UNAME_RELEASE ++ ;; + powerpc:machten:*:*) +- echo powerpc-apple-machten"$UNAME_RELEASE" +- exit ;; ++ GUESS=powerpc-apple-machten$UNAME_RELEASE ++ ;; + RISC*:Mach:*:*) +- echo mips-dec-mach_bsd4.3 +- exit ;; ++ GUESS=mips-dec-mach_bsd4.3 ++ ;; + RISC*:ULTRIX:*:*) +- echo mips-dec-ultrix"$UNAME_RELEASE" +- exit ;; ++ GUESS=mips-dec-ultrix$UNAME_RELEASE ++ ;; + VAX*:ULTRIX*:*:*) +- echo vax-dec-ultrix"$UNAME_RELEASE" +- exit ;; ++ GUESS=vax-dec-ultrix$UNAME_RELEASE ++ ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) +- echo clipper-intergraph-clix"$UNAME_RELEASE" +- exit ;; ++ GUESS=clipper-intergraph-clix$UNAME_RELEASE ++ ;; + mips:*:*:UMIPS | mips:*:*:RISCos) +- eval "$set_cc_for_build" ++ set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + #ifdef __cplusplus + #include /* for printf() prototype */ +@@ -508,78 +552,79 @@ EOF + dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`"$dummy" "$dummyarg"` && + { echo "$SYSTEM_NAME"; exit; } +- echo mips-mips-riscos"$UNAME_RELEASE" +- exit ;; ++ GUESS=mips-mips-riscos$UNAME_RELEASE ++ ;; + Motorola:PowerMAX_OS:*:*) +- echo powerpc-motorola-powermax +- exit ;; ++ GUESS=powerpc-motorola-powermax ++ ;; + Motorola:*:4.3:PL8-*) +- echo powerpc-harris-powermax +- exit ;; ++ GUESS=powerpc-harris-powermax ++ ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) +- echo powerpc-harris-powermax +- exit ;; ++ GUESS=powerpc-harris-powermax ++ ;; + Night_Hawk:Power_UNIX:*:*) +- echo powerpc-harris-powerunix +- exit ;; ++ GUESS=powerpc-harris-powerunix ++ ;; + m88k:CX/UX:7*:*) +- echo m88k-harris-cxux7 +- exit ;; ++ GUESS=m88k-harris-cxux7 ++ ;; + m88k:*:4*:R4*) +- echo m88k-motorola-sysv4 +- exit ;; ++ GUESS=m88k-motorola-sysv4 ++ ;; + m88k:*:3*:R3*) +- echo m88k-motorola-sysv3 +- exit ;; ++ GUESS=m88k-motorola-sysv3 ++ ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` +- if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] ++ if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110 + then +- if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ +- [ "$TARGET_BINARY_INTERFACE"x = x ] ++ if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \ ++ test "$TARGET_BINARY_INTERFACE"x = x + then +- echo m88k-dg-dgux"$UNAME_RELEASE" ++ GUESS=m88k-dg-dgux$UNAME_RELEASE + else +- echo m88k-dg-dguxbcs"$UNAME_RELEASE" ++ GUESS=m88k-dg-dguxbcs$UNAME_RELEASE + fi + else +- echo i586-dg-dgux"$UNAME_RELEASE" ++ GUESS=i586-dg-dgux$UNAME_RELEASE + fi +- exit ;; ++ ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) +- echo m88k-dolphin-sysv3 +- exit ;; ++ GUESS=m88k-dolphin-sysv3 ++ ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 +- echo m88k-motorola-sysv3 +- exit ;; ++ GUESS=m88k-motorola-sysv3 ++ ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) +- echo m88k-tektronix-sysv3 +- exit ;; ++ GUESS=m88k-tektronix-sysv3 ++ ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) +- echo m68k-tektronix-bsd +- exit ;; ++ GUESS=m68k-tektronix-bsd ++ ;; + *:IRIX*:*:*) +- echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" +- exit ;; ++ IRIX_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/g'` ++ GUESS=mips-sgi-irix$IRIX_REL ++ ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. +- echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id +- exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' ++ GUESS=romp-ibm-aix # uname -m gives an 8 hex-code CPU id ++ ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) +- echo i386-ibm-aix +- exit ;; ++ GUESS=i386-ibm-aix ++ ;; + ia64:AIX:*:*) +- if [ -x /usr/bin/oslevel ] ; then ++ if test -x /usr/bin/oslevel ; then + IBM_REV=`/usr/bin/oslevel` + else +- IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" ++ IBM_REV=$UNAME_VERSION.$UNAME_RELEASE + fi +- echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" +- exit ;; ++ GUESS=$UNAME_MACHINE-ibm-aix$IBM_REV ++ ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then +- eval "$set_cc_for_build" ++ set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + #include + +@@ -593,16 +638,16 @@ EOF + EOF + if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` + then +- echo "$SYSTEM_NAME" ++ GUESS=$SYSTEM_NAME + else +- echo rs6000-ibm-aix3.2.5 ++ GUESS=rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then +- echo rs6000-ibm-aix3.2.4 ++ GUESS=rs6000-ibm-aix3.2.4 + else +- echo rs6000-ibm-aix3.2 ++ GUESS=rs6000-ibm-aix3.2 + fi +- exit ;; ++ ;; + *:AIX:*:[4567]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then +@@ -610,57 +655,57 @@ EOF + else + IBM_ARCH=powerpc + fi +- if [ -x /usr/bin/lslpp ] ; then +- IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | ++ if test -x /usr/bin/lslpp ; then ++ IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | \ + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` + else +- IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" ++ IBM_REV=$UNAME_VERSION.$UNAME_RELEASE + fi +- echo "$IBM_ARCH"-ibm-aix"$IBM_REV" +- exit ;; ++ GUESS=$IBM_ARCH-ibm-aix$IBM_REV ++ ;; + *:AIX:*:*) +- echo rs6000-ibm-aix +- exit ;; ++ GUESS=rs6000-ibm-aix ++ ;; + ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) +- echo romp-ibm-bsd4.4 +- exit ;; ++ GUESS=romp-ibm-bsd4.4 ++ ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and +- echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to +- exit ;; # report: romp-ibm BSD 4.3 ++ GUESS=romp-ibm-bsd$UNAME_RELEASE # 4.3 with uname added to ++ ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) +- echo rs6000-bull-bosx +- exit ;; ++ GUESS=rs6000-bull-bosx ++ ;; + DPX/2?00:B.O.S.:*:*) +- echo m68k-bull-sysv3 +- exit ;; ++ GUESS=m68k-bull-sysv3 ++ ;; + 9000/[34]??:4.3bsd:1.*:*) +- echo m68k-hp-bsd +- exit ;; ++ GUESS=m68k-hp-bsd ++ ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) +- echo m68k-hp-bsd4.4 +- exit ;; ++ GUESS=m68k-hp-bsd4.4 ++ ;; + 9000/[34678]??:HP-UX:*:*) +- HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` +- case "$UNAME_MACHINE" in ++ HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'` ++ case $UNAME_MACHINE in + 9000/31?) HP_ARCH=m68000 ;; + 9000/[34]??) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) +- if [ -x /usr/bin/getconf ]; then ++ if test -x /usr/bin/getconf; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` +- case "$sc_cpu_version" in ++ case $sc_cpu_version in + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 +- case "$sc_kernel_bits" in ++ case $sc_kernel_bits in + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 + esac ;; + esac + fi +- if [ "$HP_ARCH" = "" ]; then +- eval "$set_cc_for_build" ++ if test "$HP_ARCH" = ""; then ++ set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + + #define _HPUX_SOURCE +@@ -698,9 +743,9 @@ EOF + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac +- if [ "$HP_ARCH" = hppa2.0w ] ++ if test "$HP_ARCH" = hppa2.0w + then +- eval "$set_cc_for_build" ++ set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler +@@ -719,14 +764,14 @@ EOF + HP_ARCH=hppa64 + fi + fi +- echo "$HP_ARCH"-hp-hpux"$HPUX_REV" +- exit ;; ++ GUESS=$HP_ARCH-hp-hpux$HPUX_REV ++ ;; + ia64:HP-UX:*:*) +- HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` +- echo ia64-hp-hpux"$HPUX_REV" +- exit ;; ++ HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'` ++ GUESS=ia64-hp-hpux$HPUX_REV ++ ;; + 3050*:HI-UX:*:*) +- eval "$set_cc_for_build" ++ set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + #include + int +@@ -754,36 +799,36 @@ EOF + EOF + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && + { echo "$SYSTEM_NAME"; exit; } +- echo unknown-hitachi-hiuxwe2 +- exit ;; ++ GUESS=unknown-hitachi-hiuxwe2 ++ ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) +- echo hppa1.1-hp-bsd +- exit ;; ++ GUESS=hppa1.1-hp-bsd ++ ;; + 9000/8??:4.3bsd:*:*) +- echo hppa1.0-hp-bsd +- exit ;; ++ GUESS=hppa1.0-hp-bsd ++ ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) +- echo hppa1.0-hp-mpeix +- exit ;; ++ GUESS=hppa1.0-hp-mpeix ++ ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) +- echo hppa1.1-hp-osf +- exit ;; ++ GUESS=hppa1.1-hp-osf ++ ;; + hp8??:OSF1:*:*) +- echo hppa1.0-hp-osf +- exit ;; ++ GUESS=hppa1.0-hp-osf ++ ;; + i*86:OSF1:*:*) +- if [ -x /usr/sbin/sysversion ] ; then +- echo "$UNAME_MACHINE"-unknown-osf1mk ++ if test -x /usr/sbin/sysversion ; then ++ GUESS=$UNAME_MACHINE-unknown-osf1mk + else +- echo "$UNAME_MACHINE"-unknown-osf1 ++ GUESS=$UNAME_MACHINE-unknown-osf1 + fi +- exit ;; ++ ;; + parisc*:Lites*:*:*) +- echo hppa1.1-hp-lites +- exit ;; ++ GUESS=hppa1.1-hp-lites ++ ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) +- echo c1-convex-bsd +- exit ;; ++ GUESS=c1-convex-bsd ++ ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd +@@ -791,17 +836,18 @@ EOF + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) +- echo c34-convex-bsd +- exit ;; ++ GUESS=c34-convex-bsd ++ ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) +- echo c38-convex-bsd +- exit ;; ++ GUESS=c38-convex-bsd ++ ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) +- echo c4-convex-bsd +- exit ;; ++ GUESS=c4-convex-bsd ++ ;; + CRAY*Y-MP:*:*:*) +- echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' +- exit ;; ++ CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` ++ GUESS=ymp-cray-unicos$CRAY_REL ++ ;; + CRAY*[A-Z]90:*:*:*) + echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ +@@ -809,103 +855,129 @@ EOF + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) +- echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' +- exit ;; ++ CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` ++ GUESS=t90-cray-unicos$CRAY_REL ++ ;; + CRAY*T3E:*:*:*) +- echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' +- exit ;; ++ CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` ++ GUESS=alphaev5-cray-unicosmk$CRAY_REL ++ ;; + CRAY*SV1:*:*:*) +- echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' +- exit ;; ++ CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` ++ GUESS=sv1-cray-unicos$CRAY_REL ++ ;; + *:UNICOS/mp:*:*) +- echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' +- exit ;; ++ CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` ++ GUESS=craynv-cray-unicosmp$CRAY_REL ++ ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` +- echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" +- exit ;; ++ GUESS=${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL} ++ ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` +- echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" +- exit ;; ++ GUESS=sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL} ++ ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) +- echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-bsdi$UNAME_RELEASE ++ ;; + sparc*:BSD/OS:*:*) +- echo sparc-unknown-bsdi"$UNAME_RELEASE" +- exit ;; ++ GUESS=sparc-unknown-bsdi$UNAME_RELEASE ++ ;; + *:BSD/OS:*:*) +- echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-bsdi$UNAME_RELEASE ++ ;; ++ arm:FreeBSD:*:*) ++ UNAME_PROCESSOR=`uname -p` ++ set_cc_for_build ++ if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ ++ | grep -q __ARM_PCS_VFP ++ then ++ FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` ++ GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabi ++ else ++ FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` ++ GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabihf ++ fi ++ ;; + *:FreeBSD:*:*) + UNAME_PROCESSOR=`/usr/bin/uname -p` +- case "$UNAME_PROCESSOR" in ++ case $UNAME_PROCESSOR in + amd64) + UNAME_PROCESSOR=x86_64 ;; + i386) + UNAME_PROCESSOR=i586 ;; + esac +- echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" +- exit ;; ++ FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` ++ GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL ++ ;; + i*:CYGWIN*:*) +- echo "$UNAME_MACHINE"-pc-cygwin +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-cygwin ++ ;; + *:MINGW64*:*) +- echo "$UNAME_MACHINE"-pc-mingw64 +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-mingw64 ++ ;; + *:MINGW*:*) +- echo "$UNAME_MACHINE"-pc-mingw32 +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-mingw32 ++ ;; + *:MSYS*:*) +- echo "$UNAME_MACHINE"-pc-msys +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-msys ++ ;; + i*:PW*:*) +- echo "$UNAME_MACHINE"-pc-pw32 +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-pw32 ++ ;; ++ *:SerenityOS:*:*) ++ GUESS=$UNAME_MACHINE-pc-serenity ++ ;; + *:Interix*:*) +- case "$UNAME_MACHINE" in ++ case $UNAME_MACHINE in + x86) +- echo i586-pc-interix"$UNAME_RELEASE" +- exit ;; ++ GUESS=i586-pc-interix$UNAME_RELEASE ++ ;; + authenticamd | genuineintel | EM64T) +- echo x86_64-unknown-interix"$UNAME_RELEASE" +- exit ;; ++ GUESS=x86_64-unknown-interix$UNAME_RELEASE ++ ;; + IA64) +- echo ia64-unknown-interix"$UNAME_RELEASE" +- exit ;; ++ GUESS=ia64-unknown-interix$UNAME_RELEASE ++ ;; + esac ;; + i*:UWIN*:*) +- echo "$UNAME_MACHINE"-pc-uwin +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-uwin ++ ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) +- echo x86_64-unknown-cygwin +- exit ;; ++ GUESS=x86_64-pc-cygwin ++ ;; + prep*:SunOS:5.*:*) +- echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" +- exit ;; ++ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` ++ GUESS=powerpcle-unknown-solaris2$SUN_REL ++ ;; + *:GNU:*:*) + # the GNU system +- echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" +- exit ;; ++ GNU_ARCH=`echo "$UNAME_MACHINE" | sed -e 's,[-/].*$,,'` ++ GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's,/.*$,,'` ++ GUESS=$GNU_ARCH-unknown-$LIBC$GNU_REL ++ ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland +- echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" +- exit ;; +- i*86:Minix:*:*) +- echo "$UNAME_MACHINE"-pc-minix +- exit ;; ++ GNU_SYS=`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"` ++ GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` ++ GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC ++ ;; ++ *:Minix:*:*) ++ GUESS=$UNAME_MACHINE-unknown-minix ++ ;; + aarch64:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + aarch64_be:Linux:*:*) + UNAME_MACHINE=aarch64_be +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + alpha:Linux:*:*) +- case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in ++ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; +@@ -916,187 +988,225 @@ EOF + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; +- arc:Linux:*:* | arceb:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; ++ arc:Linux:*:* | arceb:Linux:*:* | arc32:Linux:*:* | arc64:Linux:*:*) ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + arm*:Linux:*:*) +- eval "$set_cc_for_build" ++ set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + else + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi ++ GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabi + else +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf ++ GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabihf + fi + fi +- exit ;; ++ ;; + avr32*:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + cris:Linux:*:*) +- echo "$UNAME_MACHINE"-axis-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-axis-linux-$LIBC ++ ;; + crisv32:Linux:*:*) +- echo "$UNAME_MACHINE"-axis-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-axis-linux-$LIBC ++ ;; + e2k:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + frv:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + hexagon:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + i*86:Linux:*:*) +- echo "$UNAME_MACHINE"-pc-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-linux-$LIBC ++ ;; + ia64:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + k1om:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; ++ loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*) ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + m32r*:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + m68*:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + mips:Linux:*:* | mips64:Linux:*:*) +- eval "$set_cc_for_build" ++ set_cc_for_build ++ IS_GLIBC=0 ++ test x"${LIBC}" = xgnu && IS_GLIBC=1 + sed 's/^ //' << EOF > "$dummy.c" + #undef CPU +- #undef ${UNAME_MACHINE} +- #undef ${UNAME_MACHINE}el ++ #undef mips ++ #undef mipsel ++ #undef mips64 ++ #undef mips64el ++ #if ${IS_GLIBC} && defined(_ABI64) ++ LIBCABI=gnuabi64 ++ #else ++ #if ${IS_GLIBC} && defined(_ABIN32) ++ LIBCABI=gnuabin32 ++ #else ++ LIBCABI=${LIBC} ++ #endif ++ #endif ++ ++ #if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 ++ CPU=mipsisa64r6 ++ #else ++ #if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 ++ CPU=mipsisa32r6 ++ #else ++ #if defined(__mips64) ++ CPU=mips64 ++ #else ++ CPU=mips ++ #endif ++ #endif ++ #endif ++ + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) +- CPU=${UNAME_MACHINE}el ++ MIPS_ENDIAN=el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) +- CPU=${UNAME_MACHINE} ++ MIPS_ENDIAN= + #else +- CPU= ++ MIPS_ENDIAN= + #endif + #endif + EOF +- eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU'`" +- test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; } ++ cc_set_vars=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'` ++ eval "$cc_set_vars" ++ test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; } + ;; + mips64el:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + openrisc*:Linux:*:*) +- echo or1k-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=or1k-unknown-linux-$LIBC ++ ;; + or32:Linux:*:* | or1k*:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + padre:Linux:*:*) +- echo sparc-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=sparc-unknown-linux-$LIBC ++ ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) +- echo hppa64-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=hppa64-unknown-linux-$LIBC ++ ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in +- PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; +- PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; +- *) echo hppa-unknown-linux-"$LIBC" ;; ++ PA7*) GUESS=hppa1.1-unknown-linux-$LIBC ;; ++ PA8*) GUESS=hppa2.0-unknown-linux-$LIBC ;; ++ *) GUESS=hppa-unknown-linux-$LIBC ;; + esac +- exit ;; ++ ;; + ppc64:Linux:*:*) +- echo powerpc64-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=powerpc64-unknown-linux-$LIBC ++ ;; + ppc:Linux:*:*) +- echo powerpc-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=powerpc-unknown-linux-$LIBC ++ ;; + ppc64le:Linux:*:*) +- echo powerpc64le-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=powerpc64le-unknown-linux-$LIBC ++ ;; + ppcle:Linux:*:*) +- echo powerpcle-unknown-linux-"$LIBC" +- exit ;; +- riscv32:Linux:*:* | riscv64:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=powerpcle-unknown-linux-$LIBC ++ ;; ++ riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*) ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + s390:Linux:*:* | s390x:Linux:*:*) +- echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-ibm-linux-$LIBC ++ ;; + sh64*:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + sh*:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + sparc:Linux:*:* | sparc64:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + tile*:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + vax:Linux:*:*) +- echo "$UNAME_MACHINE"-dec-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-dec-linux-$LIBC ++ ;; + x86_64:Linux:*:*) +- if objdump -f /bin/sh | grep -q elf32-x86-64; then +- echo "$UNAME_MACHINE"-pc-linux-"$LIBC"x32 +- else +- echo "$UNAME_MACHINE"-pc-linux-"$LIBC" ++ set_cc_for_build ++ LIBCABI=$LIBC ++ if test "$CC_FOR_BUILD" != no_compiler_found; then ++ if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \ ++ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ ++ grep IS_X32 >/dev/null ++ then ++ LIBCABI=${LIBC}x32 ++ fi + fi +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI ++ ;; + xtensa*:Linux:*:*) +- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. +- echo i386-sequent-sysv4 +- exit ;; ++ GUESS=i386-sequent-sysv4 ++ ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. +- echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-sysv4.2uw$UNAME_VERSION ++ ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. +- echo "$UNAME_MACHINE"-pc-os2-emx +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-os2-emx ++ ;; + i*86:XTS-300:*:STOP) +- echo "$UNAME_MACHINE"-unknown-stop +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-stop ++ ;; + i*86:atheos:*:*) +- echo "$UNAME_MACHINE"-unknown-atheos +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-atheos ++ ;; + i*86:syllable:*:*) +- echo "$UNAME_MACHINE"-pc-syllable +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-syllable ++ ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) +- echo i386-unknown-lynxos"$UNAME_RELEASE" +- exit ;; ++ GUESS=i386-unknown-lynxos$UNAME_RELEASE ++ ;; + i*86:*DOS:*:*) +- echo "$UNAME_MACHINE"-pc-msdosdjgpp +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-msdosdjgpp ++ ;; + i*86:*:4.*:*) + UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then +- echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" ++ GUESS=$UNAME_MACHINE-univel-sysv$UNAME_REL + else +- echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" ++ GUESS=$UNAME_MACHINE-pc-sysv$UNAME_REL + fi +- exit ;; ++ ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in +@@ -1104,12 +1214,12 @@ EOF + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac +- echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}" +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} ++ ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 +@@ -1119,11 +1229,11 @@ EOF + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 +- echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" ++ GUESS=$UNAME_MACHINE-pc-sco$UNAME_REL + else +- echo "$UNAME_MACHINE"-pc-sysv32 ++ GUESS=$UNAME_MACHINE-pc-sysv32 + fi +- exit ;; ++ ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about +@@ -1131,31 +1241,31 @@ EOF + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configure will decide that + # this is a cross-build. +- echo i586-pc-msdosdjgpp +- exit ;; ++ GUESS=i586-pc-msdosdjgpp ++ ;; + Intel:Mach:3*:*) +- echo i386-pc-mach3 +- exit ;; ++ GUESS=i386-pc-mach3 ++ ;; + paragon:*:*:*) +- echo i860-intel-osf1 +- exit ;; ++ GUESS=i860-intel-osf1 ++ ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then +- echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 ++ GUESS=i860-stardent-sysv$UNAME_RELEASE # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. +- echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 ++ GUESS=i860-unknown-sysv$UNAME_RELEASE # Unknown i860-SVR4 + fi +- exit ;; ++ ;; + mini*:CTIX:SYS*5:*) + # "miniframe" +- echo m68010-convergent-sysv +- exit ;; ++ GUESS=m68010-convergent-sysv ++ ;; + mc68k:UNIX:SYSTEM5:3.51m) +- echo m68k-convergent-sysv +- exit ;; ++ GUESS=m68k-convergent-sysv ++ ;; + M680?0:D-NIX:5.3:*) +- echo m68k-diab-dnix +- exit ;; ++ GUESS=m68k-diab-dnix ++ ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) +@@ -1180,249 +1290,404 @@ EOF + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) +- echo m68k-unknown-lynxos"$UNAME_RELEASE" +- exit ;; ++ GUESS=m68k-unknown-lynxos$UNAME_RELEASE ++ ;; + mc68030:UNIX_System_V:4.*:*) +- echo m68k-atari-sysv4 +- exit ;; ++ GUESS=m68k-atari-sysv4 ++ ;; + TSUNAMI:LynxOS:2.*:*) +- echo sparc-unknown-lynxos"$UNAME_RELEASE" +- exit ;; ++ GUESS=sparc-unknown-lynxos$UNAME_RELEASE ++ ;; + rs6000:LynxOS:2.*:*) +- echo rs6000-unknown-lynxos"$UNAME_RELEASE" +- exit ;; ++ GUESS=rs6000-unknown-lynxos$UNAME_RELEASE ++ ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) +- echo powerpc-unknown-lynxos"$UNAME_RELEASE" +- exit ;; ++ GUESS=powerpc-unknown-lynxos$UNAME_RELEASE ++ ;; + SM[BE]S:UNIX_SV:*:*) +- echo mips-dde-sysv"$UNAME_RELEASE" +- exit ;; ++ GUESS=mips-dde-sysv$UNAME_RELEASE ++ ;; + RM*:ReliantUNIX-*:*:*) +- echo mips-sni-sysv4 +- exit ;; ++ GUESS=mips-sni-sysv4 ++ ;; + RM*:SINIX-*:*:*) +- echo mips-sni-sysv4 +- exit ;; ++ GUESS=mips-sni-sysv4 ++ ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` +- echo "$UNAME_MACHINE"-sni-sysv4 ++ GUESS=$UNAME_MACHINE-sni-sysv4 + else +- echo ns32k-sni-sysv ++ GUESS=ns32k-sni-sysv + fi +- exit ;; ++ ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says +- echo i586-unisys-sysv4 +- exit ;; ++ GUESS=i586-unisys-sysv4 ++ ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm +- echo hppa1.1-stratus-sysv4 +- exit ;; ++ GUESS=hppa1.1-stratus-sysv4 ++ ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. +- echo i860-stratus-sysv4 +- exit ;; ++ GUESS=i860-stratus-sysv4 ++ ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. +- echo "$UNAME_MACHINE"-stratus-vos +- exit ;; ++ GUESS=$UNAME_MACHINE-stratus-vos ++ ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. +- echo hppa1.1-stratus-vos +- exit ;; ++ GUESS=hppa1.1-stratus-vos ++ ;; + mc68*:A/UX:*:*) +- echo m68k-apple-aux"$UNAME_RELEASE" +- exit ;; ++ GUESS=m68k-apple-aux$UNAME_RELEASE ++ ;; + news*:NEWS-OS:6*:*) +- echo mips-sony-newsos6 +- exit ;; ++ GUESS=mips-sony-newsos6 ++ ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) +- if [ -d /usr/nec ]; then +- echo mips-nec-sysv"$UNAME_RELEASE" ++ if test -d /usr/nec; then ++ GUESS=mips-nec-sysv$UNAME_RELEASE + else +- echo mips-unknown-sysv"$UNAME_RELEASE" ++ GUESS=mips-unknown-sysv$UNAME_RELEASE + fi +- exit ;; ++ ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. +- echo powerpc-be-beos +- exit ;; ++ GUESS=powerpc-be-beos ++ ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. +- echo powerpc-apple-beos +- exit ;; ++ GUESS=powerpc-apple-beos ++ ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. +- echo i586-pc-beos +- exit ;; ++ GUESS=i586-pc-beos ++ ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. +- echo i586-pc-haiku +- exit ;; ++ GUESS=i586-pc-haiku ++ ;; + x86_64:Haiku:*:*) +- echo x86_64-unknown-haiku +- exit ;; ++ GUESS=x86_64-unknown-haiku ++ ;; + SX-4:SUPER-UX:*:*) +- echo sx4-nec-superux"$UNAME_RELEASE" +- exit ;; ++ GUESS=sx4-nec-superux$UNAME_RELEASE ++ ;; + SX-5:SUPER-UX:*:*) +- echo sx5-nec-superux"$UNAME_RELEASE" +- exit ;; ++ GUESS=sx5-nec-superux$UNAME_RELEASE ++ ;; + SX-6:SUPER-UX:*:*) +- echo sx6-nec-superux"$UNAME_RELEASE" +- exit ;; ++ GUESS=sx6-nec-superux$UNAME_RELEASE ++ ;; + SX-7:SUPER-UX:*:*) +- echo sx7-nec-superux"$UNAME_RELEASE" +- exit ;; ++ GUESS=sx7-nec-superux$UNAME_RELEASE ++ ;; + SX-8:SUPER-UX:*:*) +- echo sx8-nec-superux"$UNAME_RELEASE" +- exit ;; ++ GUESS=sx8-nec-superux$UNAME_RELEASE ++ ;; + SX-8R:SUPER-UX:*:*) +- echo sx8r-nec-superux"$UNAME_RELEASE" +- exit ;; ++ GUESS=sx8r-nec-superux$UNAME_RELEASE ++ ;; + SX-ACE:SUPER-UX:*:*) +- echo sxace-nec-superux"$UNAME_RELEASE" +- exit ;; ++ GUESS=sxace-nec-superux$UNAME_RELEASE ++ ;; + Power*:Rhapsody:*:*) +- echo powerpc-apple-rhapsody"$UNAME_RELEASE" +- exit ;; ++ GUESS=powerpc-apple-rhapsody$UNAME_RELEASE ++ ;; + *:Rhapsody:*:*) +- echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_MACHINE-apple-rhapsody$UNAME_RELEASE ++ ;; ++ arm64:Darwin:*:*) ++ GUESS=aarch64-apple-darwin$UNAME_RELEASE ++ ;; + *:Darwin:*:*) +- UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown +- eval "$set_cc_for_build" +- if test "$UNAME_PROCESSOR" = unknown ; then +- UNAME_PROCESSOR=powerpc ++ UNAME_PROCESSOR=`uname -p` ++ case $UNAME_PROCESSOR in ++ unknown) UNAME_PROCESSOR=powerpc ;; ++ esac ++ if command -v xcode-select > /dev/null 2> /dev/null && \ ++ ! xcode-select --print-path > /dev/null 2> /dev/null ; then ++ # Avoid executing cc if there is no toolchain installed as ++ # cc will be a stub that puts up a graphical alert ++ # prompting the user to install developer tools. ++ CC_FOR_BUILD=no_compiler_found ++ else ++ set_cc_for_build + fi +- if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then +- if [ "$CC_FOR_BUILD" != no_compiler_found ]; then +- if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ +- (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ +- grep IS_64BIT_ARCH >/dev/null +- then +- case $UNAME_PROCESSOR in +- i386) UNAME_PROCESSOR=x86_64 ;; +- powerpc) UNAME_PROCESSOR=powerpc64 ;; +- esac +- fi +- # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc +- if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ +- (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ +- grep IS_PPC >/dev/null +- then +- UNAME_PROCESSOR=powerpc +- fi ++ if test "$CC_FOR_BUILD" != no_compiler_found; then ++ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ ++ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ ++ grep IS_64BIT_ARCH >/dev/null ++ then ++ case $UNAME_PROCESSOR in ++ i386) UNAME_PROCESSOR=x86_64 ;; ++ powerpc) UNAME_PROCESSOR=powerpc64 ;; ++ esac ++ fi ++ # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc ++ if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ ++ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ ++ grep IS_PPC >/dev/null ++ then ++ UNAME_PROCESSOR=powerpc + fi + elif test "$UNAME_PROCESSOR" = i386 ; then +- # Avoid executing cc on OS X 10.9, as it ships with a stub +- # that puts up a graphical alert prompting to install +- # developer tools. Any system running Mac OS X 10.7 or +- # later (Darwin 11 and later) is required to have a 64-bit +- # processor. This is not true of the ARM version of Darwin +- # that Apple uses in portable devices. +- UNAME_PROCESSOR=x86_64 ++ # uname -m returns i386 or x86_64 ++ UNAME_PROCESSOR=$UNAME_MACHINE + fi +- echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_PROCESSOR-apple-darwin$UNAME_RELEASE ++ ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = x86; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi +- echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_PROCESSOR-$UNAME_MACHINE-nto-qnx$UNAME_RELEASE ++ ;; + *:QNX:*:4*) +- echo i386-pc-qnx +- exit ;; ++ GUESS=i386-pc-qnx ++ ;; + NEO-*:NONSTOP_KERNEL:*:*) +- echo neo-tandem-nsk"$UNAME_RELEASE" +- exit ;; ++ GUESS=neo-tandem-nsk$UNAME_RELEASE ++ ;; + NSE-*:NONSTOP_KERNEL:*:*) +- echo nse-tandem-nsk"$UNAME_RELEASE" +- exit ;; ++ GUESS=nse-tandem-nsk$UNAME_RELEASE ++ ;; + NSR-*:NONSTOP_KERNEL:*:*) +- echo nsr-tandem-nsk"$UNAME_RELEASE" +- exit ;; ++ GUESS=nsr-tandem-nsk$UNAME_RELEASE ++ ;; + NSV-*:NONSTOP_KERNEL:*:*) +- echo nsv-tandem-nsk"$UNAME_RELEASE" +- exit ;; ++ GUESS=nsv-tandem-nsk$UNAME_RELEASE ++ ;; + NSX-*:NONSTOP_KERNEL:*:*) +- echo nsx-tandem-nsk"$UNAME_RELEASE" +- exit ;; ++ GUESS=nsx-tandem-nsk$UNAME_RELEASE ++ ;; + *:NonStop-UX:*:*) +- echo mips-compaq-nonstopux +- exit ;; ++ GUESS=mips-compaq-nonstopux ++ ;; + BS2000:POSIX*:*:*) +- echo bs2000-siemens-sysv +- exit ;; ++ GUESS=bs2000-siemens-sysv ++ ;; + DS/*:UNIX_System_V:*:*) +- echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" +- exit ;; ++ GUESS=$UNAME_MACHINE-$UNAME_SYSTEM-$UNAME_RELEASE ++ ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. +- if test "$cputype" = 386; then ++ if test "${cputype-}" = 386; then + UNAME_MACHINE=i386 +- else +- UNAME_MACHINE="$cputype" ++ elif test "x${cputype-}" != x; then ++ UNAME_MACHINE=$cputype + fi +- echo "$UNAME_MACHINE"-unknown-plan9 +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-plan9 ++ ;; + *:TOPS-10:*:*) +- echo pdp10-unknown-tops10 +- exit ;; ++ GUESS=pdp10-unknown-tops10 ++ ;; + *:TENEX:*:*) +- echo pdp10-unknown-tenex +- exit ;; ++ GUESS=pdp10-unknown-tenex ++ ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) +- echo pdp10-dec-tops20 +- exit ;; ++ GUESS=pdp10-dec-tops20 ++ ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) +- echo pdp10-xkl-tops20 +- exit ;; ++ GUESS=pdp10-xkl-tops20 ++ ;; + *:TOPS-20:*:*) +- echo pdp10-unknown-tops20 +- exit ;; ++ GUESS=pdp10-unknown-tops20 ++ ;; + *:ITS:*:*) +- echo pdp10-unknown-its +- exit ;; ++ GUESS=pdp10-unknown-its ++ ;; + SEI:*:*:SEIUX) +- echo mips-sei-seiux"$UNAME_RELEASE" +- exit ;; ++ GUESS=mips-sei-seiux$UNAME_RELEASE ++ ;; + *:DragonFly:*:*) +- echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" +- exit ;; ++ DRAGONFLY_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` ++ GUESS=$UNAME_MACHINE-unknown-dragonfly$DRAGONFLY_REL ++ ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` +- case "$UNAME_MACHINE" in +- A*) echo alpha-dec-vms ; exit ;; +- I*) echo ia64-dec-vms ; exit ;; +- V*) echo vax-dec-vms ; exit ;; ++ case $UNAME_MACHINE in ++ A*) GUESS=alpha-dec-vms ;; ++ I*) GUESS=ia64-dec-vms ;; ++ V*) GUESS=vax-dec-vms ;; + esac ;; + *:XENIX:*:SysV) +- echo i386-pc-xenix +- exit ;; ++ GUESS=i386-pc-xenix ++ ;; + i*86:skyos:*:*) +- echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" +- exit ;; ++ SKYOS_REL=`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'` ++ GUESS=$UNAME_MACHINE-pc-skyos$SKYOS_REL ++ ;; + i*86:rdos:*:*) +- echo "$UNAME_MACHINE"-pc-rdos +- exit ;; +- i*86:AROS:*:*) +- echo "$UNAME_MACHINE"-pc-aros +- exit ;; ++ GUESS=$UNAME_MACHINE-pc-rdos ++ ;; ++ i*86:Fiwix:*:*) ++ GUESS=$UNAME_MACHINE-pc-fiwix ++ ;; ++ *:AROS:*:*) ++ GUESS=$UNAME_MACHINE-unknown-aros ++ ;; + x86_64:VMkernel:*:*) +- echo "$UNAME_MACHINE"-unknown-esx +- exit ;; ++ GUESS=$UNAME_MACHINE-unknown-esx ++ ;; + amd64:Isilon\ OneFS:*:*) +- echo x86_64-unknown-onefs +- exit ;; ++ GUESS=x86_64-unknown-onefs ++ ;; ++ *:Unleashed:*:*) ++ GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE ++ ;; + esac + ++# Do we have a guess based on uname results? ++if test "x$GUESS" != x; then ++ echo "$GUESS" ++ exit ++fi ++ ++# No uname command or uname output not recognized. ++set_cc_for_build ++cat > "$dummy.c" < ++#include ++#endif ++#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) ++#if defined (vax) || defined (__vax) || defined (__vax__) || defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) ++#include ++#if defined(_SIZE_T_) || defined(SIGLOST) ++#include ++#endif ++#endif ++#endif ++main () ++{ ++#if defined (sony) ++#if defined (MIPSEB) ++ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, ++ I don't know.... */ ++ printf ("mips-sony-bsd\n"); exit (0); ++#else ++#include ++ printf ("m68k-sony-newsos%s\n", ++#ifdef NEWSOS4 ++ "4" ++#else ++ "" ++#endif ++ ); exit (0); ++#endif ++#endif ++ ++#if defined (NeXT) ++#if !defined (__ARCHITECTURE__) ++#define __ARCHITECTURE__ "m68k" ++#endif ++ int version; ++ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; ++ if (version < 4) ++ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); ++ else ++ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); ++ exit (0); ++#endif ++ ++#if defined (MULTIMAX) || defined (n16) ++#if defined (UMAXV) ++ printf ("ns32k-encore-sysv\n"); exit (0); ++#else ++#if defined (CMU) ++ printf ("ns32k-encore-mach\n"); exit (0); ++#else ++ printf ("ns32k-encore-bsd\n"); exit (0); ++#endif ++#endif ++#endif ++ ++#if defined (__386BSD__) ++ printf ("i386-pc-bsd\n"); exit (0); ++#endif ++ ++#if defined (sequent) ++#if defined (i386) ++ printf ("i386-sequent-dynix\n"); exit (0); ++#endif ++#if defined (ns32000) ++ printf ("ns32k-sequent-dynix\n"); exit (0); ++#endif ++#endif ++ ++#if defined (_SEQUENT_) ++ struct utsname un; ++ ++ uname(&un); ++ if (strncmp(un.version, "V2", 2) == 0) { ++ printf ("i386-sequent-ptx2\n"); exit (0); ++ } ++ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ ++ printf ("i386-sequent-ptx1\n"); exit (0); ++ } ++ printf ("i386-sequent-ptx\n"); exit (0); ++#endif ++ ++#if defined (vax) ++#if !defined (ultrix) ++#include ++#if defined (BSD) ++#if BSD == 43 ++ printf ("vax-dec-bsd4.3\n"); exit (0); ++#else ++#if BSD == 199006 ++ printf ("vax-dec-bsd4.3reno\n"); exit (0); ++#else ++ printf ("vax-dec-bsd\n"); exit (0); ++#endif ++#endif ++#else ++ printf ("vax-dec-bsd\n"); exit (0); ++#endif ++#else ++#if defined(_SIZE_T_) || defined(SIGLOST) ++ struct utsname un; ++ uname (&un); ++ printf ("vax-dec-ultrix%s\n", un.release); exit (0); ++#else ++ printf ("vax-dec-ultrix\n"); exit (0); ++#endif ++#endif ++#endif ++#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) ++#if defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) ++#if defined(_SIZE_T_) || defined(SIGLOST) ++ struct utsname *un; ++ uname (&un); ++ printf ("mips-dec-ultrix%s\n", un.release); exit (0); ++#else ++ printf ("mips-dec-ultrix\n"); exit (0); ++#endif ++#endif ++#endif ++ ++#if defined (alliant) && defined (i860) ++ printf ("i860-alliant-bsd\n"); exit (0); ++#endif ++ ++ exit (1); ++} ++EOF ++ ++$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`"$dummy"` && ++ { echo "$SYSTEM_NAME"; exit; } ++ ++# Apollos put the system type in the environment. ++test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; } ++ + echo "$0: unable to guess system type" >&2 + +-case "$UNAME_MACHINE:$UNAME_SYSTEM" in ++case $UNAME_MACHINE:$UNAME_SYSTEM in + mips:Linux | mips64:Linux) + # If we got here on MIPS GNU/Linux, output extra information. + cat >&2 <&2 <&2 + exit 1 ;; + + *local*) +@@ -110,1223 +119,1186 @@ case $# in + exit 1;; + esac + +-# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +-# Here we must recognize all the valid KERNEL-OS combinations. +-maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +-case $maybe_os in +- nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ +- linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ +- knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ +- kopensolaris*-gnu* | cloudabi*-eabi* | \ +- storm-chaos* | os2-emx* | rtmk-nova*) +- os=-$maybe_os +- basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` +- ;; +- android-linux) +- os=-linux-android +- basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown +- ;; +- *) +- basic_machine=`echo "$1" | sed 's/-[^-]*$//'` +- if [ "$basic_machine" != "$1" ] +- then os=`echo "$1" | sed 's/.*-/-/'` +- else os=; fi +- ;; +-esac ++# Split fields of configuration type ++# shellcheck disable=SC2162 ++saved_IFS=$IFS ++IFS="-" read field1 field2 field3 field4 <&2 ++ exit 1 + ;; +- -lynx*) +- os=-lynxos ++ *-*-*-*) ++ basic_machine=$field1-$field2 ++ basic_os=$field3-$field4 + ;; +- -ptx*) +- basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'` ++ *-*-*) ++ # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two ++ # parts ++ maybe_os=$field2-$field3 ++ case $maybe_os in ++ nto-qnx* | linux-* | uclinux-uclibc* \ ++ | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ ++ | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ ++ | storm-chaos* | os2-emx* | rtmk-nova*) ++ basic_machine=$field1 ++ basic_os=$maybe_os ++ ;; ++ android-linux) ++ basic_machine=$field1-unknown ++ basic_os=linux-android ++ ;; ++ *) ++ basic_machine=$field1-$field2 ++ basic_os=$field3 ++ ;; ++ esac + ;; +- -psos*) +- os=-psos ++ *-*) ++ # A lone config we happen to match not fitting any pattern ++ case $field1-$field2 in ++ decstation-3100) ++ basic_machine=mips-dec ++ basic_os= ++ ;; ++ *-*) ++ # Second component is usually, but not always the OS ++ case $field2 in ++ # Prevent following clause from handling this valid os ++ sun*os*) ++ basic_machine=$field1 ++ basic_os=$field2 ++ ;; ++ zephyr*) ++ basic_machine=$field1-unknown ++ basic_os=$field2 ++ ;; ++ # Manufacturers ++ dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ ++ | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \ ++ | unicom* | ibm* | next | hp | isi* | apollo | altos* \ ++ | convergent* | ncr* | news | 32* | 3600* | 3100* \ ++ | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \ ++ | ultra | tti* | harris | dolphin | highlevel | gould \ ++ | cbm | ns | masscomp | apple | axis | knuth | cray \ ++ | microblaze* | sim | cisco \ ++ | oki | wec | wrs | winbond) ++ basic_machine=$field1-$field2 ++ basic_os= ++ ;; ++ *) ++ basic_machine=$field1 ++ basic_os=$field2 ++ ;; ++ esac ++ ;; ++ esac + ;; +- -mint | -mint[0-9]*) +- basic_machine=m68k-atari +- os=-mint ++ *) ++ # Convert single-component short-hands not valid as part of ++ # multi-component configurations. ++ case $field1 in ++ 386bsd) ++ basic_machine=i386-pc ++ basic_os=bsd ++ ;; ++ a29khif) ++ basic_machine=a29k-amd ++ basic_os=udi ++ ;; ++ adobe68k) ++ basic_machine=m68010-adobe ++ basic_os=scout ++ ;; ++ alliant) ++ basic_machine=fx80-alliant ++ basic_os= ++ ;; ++ altos | altos3068) ++ basic_machine=m68k-altos ++ basic_os= ++ ;; ++ am29k) ++ basic_machine=a29k-none ++ basic_os=bsd ++ ;; ++ amdahl) ++ basic_machine=580-amdahl ++ basic_os=sysv ++ ;; ++ amiga) ++ basic_machine=m68k-unknown ++ basic_os= ++ ;; ++ amigaos | amigados) ++ basic_machine=m68k-unknown ++ basic_os=amigaos ++ ;; ++ amigaunix | amix) ++ basic_machine=m68k-unknown ++ basic_os=sysv4 ++ ;; ++ apollo68) ++ basic_machine=m68k-apollo ++ basic_os=sysv ++ ;; ++ apollo68bsd) ++ basic_machine=m68k-apollo ++ basic_os=bsd ++ ;; ++ aros) ++ basic_machine=i386-pc ++ basic_os=aros ++ ;; ++ aux) ++ basic_machine=m68k-apple ++ basic_os=aux ++ ;; ++ balance) ++ basic_machine=ns32k-sequent ++ basic_os=dynix ++ ;; ++ blackfin) ++ basic_machine=bfin-unknown ++ basic_os=linux ++ ;; ++ cegcc) ++ basic_machine=arm-unknown ++ basic_os=cegcc ++ ;; ++ convex-c1) ++ basic_machine=c1-convex ++ basic_os=bsd ++ ;; ++ convex-c2) ++ basic_machine=c2-convex ++ basic_os=bsd ++ ;; ++ convex-c32) ++ basic_machine=c32-convex ++ basic_os=bsd ++ ;; ++ convex-c34) ++ basic_machine=c34-convex ++ basic_os=bsd ++ ;; ++ convex-c38) ++ basic_machine=c38-convex ++ basic_os=bsd ++ ;; ++ cray) ++ basic_machine=j90-cray ++ basic_os=unicos ++ ;; ++ crds | unos) ++ basic_machine=m68k-crds ++ basic_os= ++ ;; ++ da30) ++ basic_machine=m68k-da30 ++ basic_os= ++ ;; ++ decstation | pmax | pmin | dec3100 | decstatn) ++ basic_machine=mips-dec ++ basic_os= ++ ;; ++ delta88) ++ basic_machine=m88k-motorola ++ basic_os=sysv3 ++ ;; ++ dicos) ++ basic_machine=i686-pc ++ basic_os=dicos ++ ;; ++ djgpp) ++ basic_machine=i586-pc ++ basic_os=msdosdjgpp ++ ;; ++ ebmon29k) ++ basic_machine=a29k-amd ++ basic_os=ebmon ++ ;; ++ es1800 | OSE68k | ose68k | ose | OSE) ++ basic_machine=m68k-ericsson ++ basic_os=ose ++ ;; ++ gmicro) ++ basic_machine=tron-gmicro ++ basic_os=sysv ++ ;; ++ go32) ++ basic_machine=i386-pc ++ basic_os=go32 ++ ;; ++ h8300hms) ++ basic_machine=h8300-hitachi ++ basic_os=hms ++ ;; ++ h8300xray) ++ basic_machine=h8300-hitachi ++ basic_os=xray ++ ;; ++ h8500hms) ++ basic_machine=h8500-hitachi ++ basic_os=hms ++ ;; ++ harris) ++ basic_machine=m88k-harris ++ basic_os=sysv3 ++ ;; ++ hp300 | hp300hpux) ++ basic_machine=m68k-hp ++ basic_os=hpux ++ ;; ++ hp300bsd) ++ basic_machine=m68k-hp ++ basic_os=bsd ++ ;; ++ hppaosf) ++ basic_machine=hppa1.1-hp ++ basic_os=osf ++ ;; ++ hppro) ++ basic_machine=hppa1.1-hp ++ basic_os=proelf ++ ;; ++ i386mach) ++ basic_machine=i386-mach ++ basic_os=mach ++ ;; ++ isi68 | isi) ++ basic_machine=m68k-isi ++ basic_os=sysv ++ ;; ++ m68knommu) ++ basic_machine=m68k-unknown ++ basic_os=linux ++ ;; ++ magnum | m3230) ++ basic_machine=mips-mips ++ basic_os=sysv ++ ;; ++ merlin) ++ basic_machine=ns32k-utek ++ basic_os=sysv ++ ;; ++ mingw64) ++ basic_machine=x86_64-pc ++ basic_os=mingw64 ++ ;; ++ mingw32) ++ basic_machine=i686-pc ++ basic_os=mingw32 ++ ;; ++ mingw32ce) ++ basic_machine=arm-unknown ++ basic_os=mingw32ce ++ ;; ++ monitor) ++ basic_machine=m68k-rom68k ++ basic_os=coff ++ ;; ++ morphos) ++ basic_machine=powerpc-unknown ++ basic_os=morphos ++ ;; ++ moxiebox) ++ basic_machine=moxie-unknown ++ basic_os=moxiebox ++ ;; ++ msdos) ++ basic_machine=i386-pc ++ basic_os=msdos ++ ;; ++ msys) ++ basic_machine=i686-pc ++ basic_os=msys ++ ;; ++ mvs) ++ basic_machine=i370-ibm ++ basic_os=mvs ++ ;; ++ nacl) ++ basic_machine=le32-unknown ++ basic_os=nacl ++ ;; ++ ncr3000) ++ basic_machine=i486-ncr ++ basic_os=sysv4 ++ ;; ++ netbsd386) ++ basic_machine=i386-pc ++ basic_os=netbsd ++ ;; ++ netwinder) ++ basic_machine=armv4l-rebel ++ basic_os=linux ++ ;; ++ news | news700 | news800 | news900) ++ basic_machine=m68k-sony ++ basic_os=newsos ++ ;; ++ news1000) ++ basic_machine=m68030-sony ++ basic_os=newsos ++ ;; ++ necv70) ++ basic_machine=v70-nec ++ basic_os=sysv ++ ;; ++ nh3000) ++ basic_machine=m68k-harris ++ basic_os=cxux ++ ;; ++ nh[45]000) ++ basic_machine=m88k-harris ++ basic_os=cxux ++ ;; ++ nindy960) ++ basic_machine=i960-intel ++ basic_os=nindy ++ ;; ++ mon960) ++ basic_machine=i960-intel ++ basic_os=mon960 ++ ;; ++ nonstopux) ++ basic_machine=mips-compaq ++ basic_os=nonstopux ++ ;; ++ os400) ++ basic_machine=powerpc-ibm ++ basic_os=os400 ++ ;; ++ OSE68000 | ose68000) ++ basic_machine=m68000-ericsson ++ basic_os=ose ++ ;; ++ os68k) ++ basic_machine=m68k-none ++ basic_os=os68k ++ ;; ++ paragon) ++ basic_machine=i860-intel ++ basic_os=osf ++ ;; ++ parisc) ++ basic_machine=hppa-unknown ++ basic_os=linux ++ ;; ++ psp) ++ basic_machine=mipsallegrexel-sony ++ basic_os=psp ++ ;; ++ pw32) ++ basic_machine=i586-unknown ++ basic_os=pw32 ++ ;; ++ rdos | rdos64) ++ basic_machine=x86_64-pc ++ basic_os=rdos ++ ;; ++ rdos32) ++ basic_machine=i386-pc ++ basic_os=rdos ++ ;; ++ rom68k) ++ basic_machine=m68k-rom68k ++ basic_os=coff ++ ;; ++ sa29200) ++ basic_machine=a29k-amd ++ basic_os=udi ++ ;; ++ sei) ++ basic_machine=mips-sei ++ basic_os=seiux ++ ;; ++ sequent) ++ basic_machine=i386-sequent ++ basic_os= ++ ;; ++ sps7) ++ basic_machine=m68k-bull ++ basic_os=sysv2 ++ ;; ++ st2000) ++ basic_machine=m68k-tandem ++ basic_os= ++ ;; ++ stratus) ++ basic_machine=i860-stratus ++ basic_os=sysv4 ++ ;; ++ sun2) ++ basic_machine=m68000-sun ++ basic_os= ++ ;; ++ sun2os3) ++ basic_machine=m68000-sun ++ basic_os=sunos3 ++ ;; ++ sun2os4) ++ basic_machine=m68000-sun ++ basic_os=sunos4 ++ ;; ++ sun3) ++ basic_machine=m68k-sun ++ basic_os= ++ ;; ++ sun3os3) ++ basic_machine=m68k-sun ++ basic_os=sunos3 ++ ;; ++ sun3os4) ++ basic_machine=m68k-sun ++ basic_os=sunos4 ++ ;; ++ sun4) ++ basic_machine=sparc-sun ++ basic_os= ++ ;; ++ sun4os3) ++ basic_machine=sparc-sun ++ basic_os=sunos3 ++ ;; ++ sun4os4) ++ basic_machine=sparc-sun ++ basic_os=sunos4 ++ ;; ++ sun4sol2) ++ basic_machine=sparc-sun ++ basic_os=solaris2 ++ ;; ++ sun386 | sun386i | roadrunner) ++ basic_machine=i386-sun ++ basic_os= ++ ;; ++ sv1) ++ basic_machine=sv1-cray ++ basic_os=unicos ++ ;; ++ symmetry) ++ basic_machine=i386-sequent ++ basic_os=dynix ++ ;; ++ t3e) ++ basic_machine=alphaev5-cray ++ basic_os=unicos ++ ;; ++ t90) ++ basic_machine=t90-cray ++ basic_os=unicos ++ ;; ++ toad1) ++ basic_machine=pdp10-xkl ++ basic_os=tops20 ++ ;; ++ tpf) ++ basic_machine=s390x-ibm ++ basic_os=tpf ++ ;; ++ udi29k) ++ basic_machine=a29k-amd ++ basic_os=udi ++ ;; ++ ultra3) ++ basic_machine=a29k-nyu ++ basic_os=sym1 ++ ;; ++ v810 | necv810) ++ basic_machine=v810-nec ++ basic_os=none ++ ;; ++ vaxv) ++ basic_machine=vax-dec ++ basic_os=sysv ++ ;; ++ vms) ++ basic_machine=vax-dec ++ basic_os=vms ++ ;; ++ vsta) ++ basic_machine=i386-pc ++ basic_os=vsta ++ ;; ++ vxworks960) ++ basic_machine=i960-wrs ++ basic_os=vxworks ++ ;; ++ vxworks68) ++ basic_machine=m68k-wrs ++ basic_os=vxworks ++ ;; ++ vxworks29k) ++ basic_machine=a29k-wrs ++ basic_os=vxworks ++ ;; ++ xbox) ++ basic_machine=i686-pc ++ basic_os=mingw32 ++ ;; ++ ymp) ++ basic_machine=ymp-cray ++ basic_os=unicos ++ ;; ++ *) ++ basic_machine=$1 ++ basic_os= ++ ;; ++ esac + ;; + esac + +-# Decode aliases for certain CPU-COMPANY combinations. ++# Decode 1-component or ad-hoc basic machines + case $basic_machine in +- # Recognize the basic CPU types without company name. +- # Some are omitted here because they have special meanings below. +- 1750a | 580 \ +- | a29k \ +- | aarch64 | aarch64_be \ +- | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ +- | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ +- | am33_2.0 \ +- | arc | arceb \ +- | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ +- | avr | avr32 \ +- | ba \ +- | be32 | be64 \ +- | bfin \ +- | c4x | c8051 | clipper \ +- | d10v | d30v | dlx | dsp16xx \ +- | e2k | epiphany \ +- | fido | fr30 | frv | ft32 \ +- | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ +- | hexagon \ +- | i370 | i860 | i960 | ia16 | ia64 \ +- | ip2k | iq2000 \ +- | k1om \ +- | le32 | le64 \ +- | lm32 \ +- | m32c | m32r | m32rle | m68000 | m68k | m88k \ +- | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ +- | mips | mipsbe | mipseb | mipsel | mipsle \ +- | mips16 \ +- | mips64 | mips64el \ +- | mips64octeon | mips64octeonel \ +- | mips64orion | mips64orionel \ +- | mips64r5900 | mips64r5900el \ +- | mips64vr | mips64vrel \ +- | mips64vr4100 | mips64vr4100el \ +- | mips64vr4300 | mips64vr4300el \ +- | mips64vr5000 | mips64vr5000el \ +- | mips64vr5900 | mips64vr5900el \ +- | mipsisa32 | mipsisa32el \ +- | mipsisa32r2 | mipsisa32r2el \ +- | mipsisa32r6 | mipsisa32r6el \ +- | mipsisa64 | mipsisa64el \ +- | mipsisa64r2 | mipsisa64r2el \ +- | mipsisa64r6 | mipsisa64r6el \ +- | mipsisa64sb1 | mipsisa64sb1el \ +- | mipsisa64sr71k | mipsisa64sr71kel \ +- | mipsr5900 | mipsr5900el \ +- | mipstx39 | mipstx39el \ +- | mn10200 | mn10300 \ +- | moxie \ +- | mt \ +- | msp430 \ +- | nds32 | nds32le | nds32be \ +- | nios | nios2 | nios2eb | nios2el \ +- | ns16k | ns32k \ +- | open8 | or1k | or1knd | or32 \ +- | pdp10 | pj | pjl \ +- | powerpc | powerpc64 | powerpc64le | powerpcle \ +- | pru \ +- | pyramid \ +- | riscv32 | riscv64 \ +- | rl78 | rx \ +- | score \ +- | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ +- | sh64 | sh64le \ +- | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ +- | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ +- | spu \ +- | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ +- | ubicom32 \ +- | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ +- | visium \ +- | wasm32 \ +- | x86 | xc16x | xstormy16 | xtensa \ +- | z8k | z80) +- basic_machine=$basic_machine-unknown +- ;; +- c54x) +- basic_machine=tic54x-unknown +- ;; +- c55x) +- basic_machine=tic55x-unknown +- ;; +- c6x) +- basic_machine=tic6x-unknown +- ;; +- leon|leon[3-9]) +- basic_machine=sparc-$basic_machine +- ;; +- m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) +- basic_machine=$basic_machine-unknown +- os=-none ++ # Here we handle the default manufacturer of certain CPU types. It is in ++ # some cases the only manufacturer, in others, it is the most popular. ++ w89k) ++ cpu=hppa1.1 ++ vendor=winbond + ;; +- m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65) ++ op50n) ++ cpu=hppa1.1 ++ vendor=oki + ;; +- ms1) +- basic_machine=mt-unknown ++ op60c) ++ cpu=hppa1.1 ++ vendor=oki + ;; +- +- strongarm | thumb | xscale) +- basic_machine=arm-unknown ++ ibm*) ++ cpu=i370 ++ vendor=ibm + ;; +- xgate) +- basic_machine=$basic_machine-unknown +- os=-none ++ orion105) ++ cpu=clipper ++ vendor=highlevel + ;; +- xscaleeb) +- basic_machine=armeb-unknown ++ mac | mpw | mac-mpw) ++ cpu=m68k ++ vendor=apple + ;; +- +- xscaleel) +- basic_machine=armel-unknown ++ pmac | pmac-mpw) ++ cpu=powerpc ++ vendor=apple + ;; + +- # We use `pc' rather than `unknown' +- # because (1) that's what they normally are, and +- # (2) the word "unknown" tends to confuse beginning users. +- i*86 | x86_64) +- basic_machine=$basic_machine-pc +- ;; +- # Object if more than one company name word. +- *-*-*) +- echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 +- exit 1 +- ;; +- # Recognize the basic CPU types with company name. +- 580-* \ +- | a29k-* \ +- | aarch64-* | aarch64_be-* \ +- | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ +- | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ +- | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ +- | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ +- | avr-* | avr32-* \ +- | ba-* \ +- | be32-* | be64-* \ +- | bfin-* | bs2000-* \ +- | c[123]* | c30-* | [cjt]90-* | c4x-* \ +- | c8051-* | clipper-* | craynv-* | cydra-* \ +- | d10v-* | d30v-* | dlx-* \ +- | e2k-* | elxsi-* \ +- | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ +- | h8300-* | h8500-* \ +- | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ +- | hexagon-* \ +- | i*86-* | i860-* | i960-* | ia16-* | ia64-* \ +- | ip2k-* | iq2000-* \ +- | k1om-* \ +- | le32-* | le64-* \ +- | lm32-* \ +- | m32c-* | m32r-* | m32rle-* \ +- | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ +- | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ +- | microblaze-* | microblazeel-* \ +- | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ +- | mips16-* \ +- | mips64-* | mips64el-* \ +- | mips64octeon-* | mips64octeonel-* \ +- | mips64orion-* | mips64orionel-* \ +- | mips64r5900-* | mips64r5900el-* \ +- | mips64vr-* | mips64vrel-* \ +- | mips64vr4100-* | mips64vr4100el-* \ +- | mips64vr4300-* | mips64vr4300el-* \ +- | mips64vr5000-* | mips64vr5000el-* \ +- | mips64vr5900-* | mips64vr5900el-* \ +- | mipsisa32-* | mipsisa32el-* \ +- | mipsisa32r2-* | mipsisa32r2el-* \ +- | mipsisa32r6-* | mipsisa32r6el-* \ +- | mipsisa64-* | mipsisa64el-* \ +- | mipsisa64r2-* | mipsisa64r2el-* \ +- | mipsisa64r6-* | mipsisa64r6el-* \ +- | mipsisa64sb1-* | mipsisa64sb1el-* \ +- | mipsisa64sr71k-* | mipsisa64sr71kel-* \ +- | mipsr5900-* | mipsr5900el-* \ +- | mipstx39-* | mipstx39el-* \ +- | mmix-* \ +- | mt-* \ +- | msp430-* \ +- | nds32-* | nds32le-* | nds32be-* \ +- | nios-* | nios2-* | nios2eb-* | nios2el-* \ +- | none-* | np1-* | ns16k-* | ns32k-* \ +- | open8-* \ +- | or1k*-* \ +- | orion-* \ +- | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ +- | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ +- | pru-* \ +- | pyramid-* \ +- | riscv32-* | riscv64-* \ +- | rl78-* | romp-* | rs6000-* | rx-* \ +- | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ +- | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ +- | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ +- | sparclite-* \ +- | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ +- | tahoe-* \ +- | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ +- | tile*-* \ +- | tron-* \ +- | ubicom32-* \ +- | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ +- | vax-* \ +- | visium-* \ +- | wasm32-* \ +- | we32k-* \ +- | x86-* | x86_64-* | xc16x-* | xps100-* \ +- | xstormy16-* | xtensa*-* \ +- | ymp-* \ +- | z8k-* | z80-*) +- ;; +- # Recognize the basic CPU types without company name, with glob match. +- xtensa*) +- basic_machine=$basic_machine-unknown +- ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. +- 386bsd) +- basic_machine=i386-pc +- os=-bsd +- ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) +- basic_machine=m68000-att ++ cpu=m68000 ++ vendor=att + ;; + 3b*) +- basic_machine=we32k-att +- ;; +- a29khif) +- basic_machine=a29k-amd +- os=-udi +- ;; +- abacus) +- basic_machine=abacus-unknown +- ;; +- adobe68k) +- basic_machine=m68010-adobe +- os=-scout +- ;; +- alliant | fx80) +- basic_machine=fx80-alliant +- ;; +- altos | altos3068) +- basic_machine=m68k-altos +- ;; +- am29k) +- basic_machine=a29k-none +- os=-bsd +- ;; +- amd64) +- basic_machine=x86_64-pc +- ;; +- amd64-*) +- basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- ;; +- amdahl) +- basic_machine=580-amdahl +- os=-sysv +- ;; +- amiga | amiga-*) +- basic_machine=m68k-unknown +- ;; +- amigaos | amigados) +- basic_machine=m68k-unknown +- os=-amigaos +- ;; +- amigaunix | amix) +- basic_machine=m68k-unknown +- os=-sysv4 +- ;; +- apollo68) +- basic_machine=m68k-apollo +- os=-sysv +- ;; +- apollo68bsd) +- basic_machine=m68k-apollo +- os=-bsd +- ;; +- aros) +- basic_machine=i386-pc +- os=-aros +- ;; +- asmjs) +- basic_machine=asmjs-unknown +- ;; +- aux) +- basic_machine=m68k-apple +- os=-aux +- ;; +- balance) +- basic_machine=ns32k-sequent +- os=-dynix +- ;; +- blackfin) +- basic_machine=bfin-unknown +- os=-linux +- ;; +- blackfin-*) +- basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- os=-linux ++ cpu=we32k ++ vendor=att + ;; + bluegene*) +- basic_machine=powerpc-ibm +- os=-cnk +- ;; +- c54x-*) +- basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- ;; +- c55x-*) +- basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- ;; +- c6x-*) +- basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- ;; +- c90) +- basic_machine=c90-cray +- os=-unicos +- ;; +- cegcc) +- basic_machine=arm-unknown +- os=-cegcc +- ;; +- convex-c1) +- basic_machine=c1-convex +- os=-bsd +- ;; +- convex-c2) +- basic_machine=c2-convex +- os=-bsd +- ;; +- convex-c32) +- basic_machine=c32-convex +- os=-bsd +- ;; +- convex-c34) +- basic_machine=c34-convex +- os=-bsd +- ;; +- convex-c38) +- basic_machine=c38-convex +- os=-bsd +- ;; +- cray | j90) +- basic_machine=j90-cray +- os=-unicos +- ;; +- craynv) +- basic_machine=craynv-cray +- os=-unicosmp +- ;; +- cr16 | cr16-*) +- basic_machine=cr16-unknown +- os=-elf +- ;; +- crds | unos) +- basic_machine=m68k-crds +- ;; +- crisv32 | crisv32-* | etraxfs*) +- basic_machine=crisv32-axis +- ;; +- cris | cris-* | etrax*) +- basic_machine=cris-axis +- ;; +- crx) +- basic_machine=crx-unknown +- os=-elf +- ;; +- da30 | da30-*) +- basic_machine=m68k-da30 +- ;; +- decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) +- basic_machine=mips-dec ++ cpu=powerpc ++ vendor=ibm ++ basic_os=cnk + ;; + decsystem10* | dec10*) +- basic_machine=pdp10-dec +- os=-tops10 ++ cpu=pdp10 ++ vendor=dec ++ basic_os=tops10 + ;; + decsystem20* | dec20*) +- basic_machine=pdp10-dec +- os=-tops20 ++ cpu=pdp10 ++ vendor=dec ++ basic_os=tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) +- basic_machine=m68k-motorola +- ;; +- delta88) +- basic_machine=m88k-motorola +- os=-sysv3 +- ;; +- dicos) +- basic_machine=i686-pc +- os=-dicos +- ;; +- djgpp) +- basic_machine=i586-pc +- os=-msdosdjgpp +- ;; +- dpx20 | dpx20-*) +- basic_machine=rs6000-bull +- os=-bosx ++ cpu=m68k ++ vendor=motorola + ;; + dpx2*) +- basic_machine=m68k-bull +- os=-sysv3 +- ;; +- e500v[12]) +- basic_machine=powerpc-unknown +- os=$os"spe" +- ;; +- e500v[12]-*) +- basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- os=$os"spe" +- ;; +- ebmon29k) +- basic_machine=a29k-amd +- os=-ebmon +- ;; +- elxsi) +- basic_machine=elxsi-elxsi +- os=-bsd ++ cpu=m68k ++ vendor=bull ++ basic_os=sysv3 + ;; + encore | umax | mmax) +- basic_machine=ns32k-encore ++ cpu=ns32k ++ vendor=encore + ;; +- es1800 | OSE68k | ose68k | ose | OSE) +- basic_machine=m68k-ericsson +- os=-ose ++ elxsi) ++ cpu=elxsi ++ vendor=elxsi ++ basic_os=${basic_os:-bsd} + ;; + fx2800) +- basic_machine=i860-alliant ++ cpu=i860 ++ vendor=alliant + ;; + genix) +- basic_machine=ns32k-ns +- ;; +- gmicro) +- basic_machine=tron-gmicro +- os=-sysv +- ;; +- go32) +- basic_machine=i386-pc +- os=-go32 ++ cpu=ns32k ++ vendor=ns + ;; + h3050r* | hiux*) +- basic_machine=hppa1.1-hitachi +- os=-hiuxwe2 +- ;; +- h8300hms) +- basic_machine=h8300-hitachi +- os=-hms +- ;; +- h8300xray) +- basic_machine=h8300-hitachi +- os=-xray +- ;; +- h8500hms) +- basic_machine=h8500-hitachi +- os=-hms +- ;; +- harris) +- basic_machine=m88k-harris +- os=-sysv3 +- ;; +- hp300-*) +- basic_machine=m68k-hp +- ;; +- hp300bsd) +- basic_machine=m68k-hp +- os=-bsd +- ;; +- hp300hpux) +- basic_machine=m68k-hp +- os=-hpux ++ cpu=hppa1.1 ++ vendor=hitachi ++ basic_os=hiuxwe2 + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) +- basic_machine=hppa1.0-hp ++ cpu=hppa1.0 ++ vendor=hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) +- basic_machine=m68000-hp ++ cpu=m68000 ++ vendor=hp + ;; + hp9k3[2-9][0-9]) +- basic_machine=m68k-hp ++ cpu=m68k ++ vendor=hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) +- basic_machine=hppa1.0-hp ++ cpu=hppa1.0 ++ vendor=hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) +- basic_machine=hppa1.1-hp ++ cpu=hppa1.1 ++ vendor=hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp +- basic_machine=hppa1.1-hp ++ cpu=hppa1.1 ++ vendor=hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp +- basic_machine=hppa1.1-hp ++ cpu=hppa1.1 ++ vendor=hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) +- basic_machine=hppa1.1-hp ++ cpu=hppa1.1 ++ vendor=hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) +- basic_machine=hppa1.0-hp +- ;; +- hppaosf) +- basic_machine=hppa1.1-hp +- os=-osf +- ;; +- hppro) +- basic_machine=hppa1.1-hp +- os=-proelf +- ;; +- i370-ibm* | ibm*) +- basic_machine=i370-ibm ++ cpu=hppa1.0 ++ vendor=hp + ;; + i*86v32) +- basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` +- os=-sysv32 ++ cpu=`echo "$1" | sed -e 's/86.*/86/'` ++ vendor=pc ++ basic_os=sysv32 + ;; + i*86v4*) +- basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` +- os=-sysv4 ++ cpu=`echo "$1" | sed -e 's/86.*/86/'` ++ vendor=pc ++ basic_os=sysv4 + ;; + i*86v) +- basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` +- os=-sysv ++ cpu=`echo "$1" | sed -e 's/86.*/86/'` ++ vendor=pc ++ basic_os=sysv + ;; + i*86sol2) +- basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` +- os=-solaris2 +- ;; +- i386mach) +- basic_machine=i386-mach +- os=-mach ++ cpu=`echo "$1" | sed -e 's/86.*/86/'` ++ vendor=pc ++ basic_os=solaris2 + ;; +- vsta) +- basic_machine=i386-unknown +- os=-vsta ++ j90 | j90-cray) ++ cpu=j90 ++ vendor=cray ++ basic_os=${basic_os:-unicos} + ;; + iris | iris4d) +- basic_machine=mips-sgi +- case $os in +- -irix*) ++ cpu=mips ++ vendor=sgi ++ case $basic_os in ++ irix*) + ;; + *) +- os=-irix4 ++ basic_os=irix4 + ;; + esac + ;; +- isi68 | isi) +- basic_machine=m68k-isi +- os=-sysv +- ;; +- leon-*|leon[3-9]-*) +- basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'` +- ;; +- m68knommu) +- basic_machine=m68k-unknown +- os=-linux +- ;; +- m68knommu-*) +- basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- os=-linux +- ;; +- magnum | m3230) +- basic_machine=mips-mips +- os=-sysv +- ;; +- merlin) +- basic_machine=ns32k-utek +- os=-sysv +- ;; +- microblaze*) +- basic_machine=microblaze-xilinx +- ;; +- mingw64) +- basic_machine=x86_64-pc +- os=-mingw64 +- ;; +- mingw32) +- basic_machine=i686-pc +- os=-mingw32 +- ;; +- mingw32ce) +- basic_machine=arm-unknown +- os=-mingw32ce +- ;; + miniframe) +- basic_machine=m68000-convergent +- ;; +- *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) +- basic_machine=m68k-atari +- os=-mint +- ;; +- mips3*-*) +- basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'` +- ;; +- mips3*) +- basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown +- ;; +- monitor) +- basic_machine=m68k-rom68k +- os=-coff +- ;; +- morphos) +- basic_machine=powerpc-unknown +- os=-morphos +- ;; +- moxiebox) +- basic_machine=moxie-unknown +- os=-moxiebox ++ cpu=m68000 ++ vendor=convergent + ;; +- msdos) +- basic_machine=i386-pc +- os=-msdos +- ;; +- ms1-*) +- basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'` +- ;; +- msys) +- basic_machine=i686-pc +- os=-msys +- ;; +- mvs) +- basic_machine=i370-ibm +- os=-mvs +- ;; +- nacl) +- basic_machine=le32-unknown +- os=-nacl +- ;; +- ncr3000) +- basic_machine=i486-ncr +- os=-sysv4 +- ;; +- netbsd386) +- basic_machine=i386-unknown +- os=-netbsd +- ;; +- netwinder) +- basic_machine=armv4l-rebel +- os=-linux +- ;; +- news | news700 | news800 | news900) +- basic_machine=m68k-sony +- os=-newsos +- ;; +- news1000) +- basic_machine=m68030-sony +- os=-newsos ++ *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*) ++ cpu=m68k ++ vendor=atari ++ basic_os=mint + ;; + news-3600 | risc-news) +- basic_machine=mips-sony +- os=-newsos +- ;; +- necv70) +- basic_machine=v70-nec +- os=-sysv ++ cpu=mips ++ vendor=sony ++ basic_os=newsos + ;; + next | m*-next) +- basic_machine=m68k-next +- case $os in +- -nextstep* ) ++ cpu=m68k ++ vendor=next ++ case $basic_os in ++ openstep*) ++ ;; ++ nextstep*) + ;; +- -ns2*) +- os=-nextstep2 ++ ns2*) ++ basic_os=nextstep2 + ;; + *) +- os=-nextstep3 ++ basic_os=nextstep3 + ;; + esac + ;; +- nh3000) +- basic_machine=m68k-harris +- os=-cxux +- ;; +- nh[45]000) +- basic_machine=m88k-harris +- os=-cxux +- ;; +- nindy960) +- basic_machine=i960-intel +- os=-nindy +- ;; +- mon960) +- basic_machine=i960-intel +- os=-mon960 +- ;; +- nonstopux) +- basic_machine=mips-compaq +- os=-nonstopux +- ;; + np1) +- basic_machine=np1-gould +- ;; +- neo-tandem) +- basic_machine=neo-tandem +- ;; +- nse-tandem) +- basic_machine=nse-tandem +- ;; +- nsr-tandem) +- basic_machine=nsr-tandem +- ;; +- nsv-tandem) +- basic_machine=nsv-tandem +- ;; +- nsx-tandem) +- basic_machine=nsx-tandem ++ cpu=np1 ++ vendor=gould + ;; + op50n-* | op60c-*) +- basic_machine=hppa1.1-oki +- os=-proelf +- ;; +- openrisc | openrisc-*) +- basic_machine=or32-unknown +- ;; +- os400) +- basic_machine=powerpc-ibm +- os=-os400 +- ;; +- OSE68000 | ose68000) +- basic_machine=m68000-ericsson +- os=-ose +- ;; +- os68k) +- basic_machine=m68k-none +- os=-os68k ++ cpu=hppa1.1 ++ vendor=oki ++ basic_os=proelf + ;; + pa-hitachi) +- basic_machine=hppa1.1-hitachi +- os=-hiuxwe2 +- ;; +- paragon) +- basic_machine=i860-intel +- os=-osf +- ;; +- parisc) +- basic_machine=hppa-unknown +- os=-linux +- ;; +- parisc-*) +- basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- os=-linux ++ cpu=hppa1.1 ++ vendor=hitachi ++ basic_os=hiuxwe2 + ;; + pbd) +- basic_machine=sparc-tti ++ cpu=sparc ++ vendor=tti + ;; + pbb) +- basic_machine=m68k-tti +- ;; +- pc532 | pc532-*) +- basic_machine=ns32k-pc532 +- ;; +- pc98) +- basic_machine=i386-pc ++ cpu=m68k ++ vendor=tti + ;; +- pc98-*) +- basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- ;; +- pentium | p5 | k5 | k6 | nexgen | viac3) +- basic_machine=i586-pc +- ;; +- pentiumpro | p6 | 6x86 | athlon | athlon_*) +- basic_machine=i686-pc +- ;; +- pentiumii | pentium2 | pentiumiii | pentium3) +- basic_machine=i686-pc +- ;; +- pentium4) +- basic_machine=i786-pc +- ;; +- pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) +- basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- ;; +- pentiumpro-* | p6-* | 6x86-* | athlon-*) +- basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- ;; +- pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) +- basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- ;; +- pentium4-*) +- basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'` ++ pc532) ++ cpu=ns32k ++ vendor=pc532 + ;; + pn) +- basic_machine=pn-gould +- ;; +- power) basic_machine=power-ibm +- ;; +- ppc | ppcbe) basic_machine=powerpc-unknown ++ cpu=pn ++ vendor=gould + ;; +- ppc-* | ppcbe-*) +- basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` +- ;; +- ppcle | powerpclittle) +- basic_machine=powerpcle-unknown ++ power) ++ cpu=power ++ vendor=ibm + ;; +- ppcle-* | powerpclittle-*) +- basic_machine=powerpcle-`echo "$basic_machine" | sed 's/^[^-]*-//'` ++ ps2) ++ cpu=i386 ++ vendor=ibm + ;; +- ppc64) basic_machine=powerpc64-unknown ++ rm[46]00) ++ cpu=mips ++ vendor=siemens + ;; +- ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'` ++ rtpc | rtpc-*) ++ cpu=romp ++ vendor=ibm + ;; +- ppc64le | powerpc64little) +- basic_machine=powerpc64le-unknown ++ sde) ++ cpu=mipsisa32 ++ vendor=sde ++ basic_os=${basic_os:-elf} + ;; +- ppc64le-* | powerpc64little-*) +- basic_machine=powerpc64le-`echo "$basic_machine" | sed 's/^[^-]*-//'` ++ simso-wrs) ++ cpu=sparclite ++ vendor=wrs ++ basic_os=vxworks + ;; +- ps2) +- basic_machine=i386-ibm ++ tower | tower-32) ++ cpu=m68k ++ vendor=ncr + ;; +- pw32) +- basic_machine=i586-unknown +- os=-pw32 ++ vpp*|vx|vx-*) ++ cpu=f301 ++ vendor=fujitsu + ;; +- rdos | rdos64) +- basic_machine=x86_64-pc +- os=-rdos ++ w65) ++ cpu=w65 ++ vendor=wdc + ;; +- rdos32) +- basic_machine=i386-pc +- os=-rdos ++ w89k-*) ++ cpu=hppa1.1 ++ vendor=winbond ++ basic_os=proelf + ;; +- rom68k) +- basic_machine=m68k-rom68k +- os=-coff ++ none) ++ cpu=none ++ vendor=none + ;; +- rm[46]00) +- basic_machine=mips-siemens ++ leon|leon[3-9]) ++ cpu=sparc ++ vendor=$basic_machine + ;; +- rtpc | rtpc-*) +- basic_machine=romp-ibm ++ leon-*|leon[3-9]-*) ++ cpu=sparc ++ vendor=`echo "$basic_machine" | sed 's/-.*//'` + ;; +- s390 | s390-*) +- basic_machine=s390-ibm ++ ++ *-*) ++ # shellcheck disable=SC2162 ++ saved_IFS=$IFS ++ IFS="-" read cpu vendor <&2 +- exit 1 ++ # Recognize the canonical CPU types that are allowed with any ++ # company name. ++ case $cpu in ++ 1750a | 580 \ ++ | a29k \ ++ | aarch64 | aarch64_be \ ++ | abacus \ ++ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \ ++ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \ ++ | alphapca5[67] | alpha64pca5[67] \ ++ | am33_2.0 \ ++ | amdgcn \ ++ | arc | arceb | arc32 | arc64 \ ++ | arm | arm[lb]e | arme[lb] | armv* \ ++ | avr | avr32 \ ++ | asmjs \ ++ | ba \ ++ | be32 | be64 \ ++ | bfin | bpf | bs2000 \ ++ | c[123]* | c30 | [cjt]90 | c4x \ ++ | c8051 | clipper | craynv | csky | cydra \ ++ | d10v | d30v | dlx | dsp16xx \ ++ | e2k | elxsi | epiphany \ ++ | f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \ ++ | h8300 | h8500 \ ++ | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ ++ | hexagon \ ++ | i370 | i*86 | i860 | i960 | ia16 | ia64 \ ++ | ip2k | iq2000 \ ++ | k1om \ ++ | le32 | le64 \ ++ | lm32 \ ++ | loongarch32 | loongarch64 | loongarchx32 \ ++ | m32c | m32r | m32rle \ ++ | m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \ ++ | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \ ++ | m88110 | m88k | maxq | mb | mcore | mep | metag \ ++ | microblaze | microblazeel \ ++ | mips | mipsbe | mipseb | mipsel | mipsle \ ++ | mips16 \ ++ | mips64 | mips64eb | mips64el \ ++ | mips64octeon | mips64octeonel \ ++ | mips64orion | mips64orionel \ ++ | mips64r5900 | mips64r5900el \ ++ | mips64vr | mips64vrel \ ++ | mips64vr4100 | mips64vr4100el \ ++ | mips64vr4300 | mips64vr4300el \ ++ | mips64vr5000 | mips64vr5000el \ ++ | mips64vr5900 | mips64vr5900el \ ++ | mipsisa32 | mipsisa32el \ ++ | mipsisa32r2 | mipsisa32r2el \ ++ | mipsisa32r3 | mipsisa32r3el \ ++ | mipsisa32r5 | mipsisa32r5el \ ++ | mipsisa32r6 | mipsisa32r6el \ ++ | mipsisa64 | mipsisa64el \ ++ | mipsisa64r2 | mipsisa64r2el \ ++ | mipsisa64r3 | mipsisa64r3el \ ++ | mipsisa64r5 | mipsisa64r5el \ ++ | mipsisa64r6 | mipsisa64r6el \ ++ | mipsisa64sb1 | mipsisa64sb1el \ ++ | mipsisa64sr71k | mipsisa64sr71kel \ ++ | mipsr5900 | mipsr5900el \ ++ | mipstx39 | mipstx39el \ ++ | mmix \ ++ | mn10200 | mn10300 \ ++ | moxie \ ++ | mt \ ++ | msp430 \ ++ | nds32 | nds32le | nds32be \ ++ | nfp \ ++ | nios | nios2 | nios2eb | nios2el \ ++ | none | np1 | ns16k | ns32k | nvptx \ ++ | open8 \ ++ | or1k* \ ++ | or32 \ ++ | orion \ ++ | picochip \ ++ | pdp10 | pdp11 | pj | pjl | pn | power \ ++ | powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \ ++ | pru \ ++ | pyramid \ ++ | riscv | riscv32 | riscv32be | riscv64 | riscv64be \ ++ | rl78 | romp | rs6000 | rx \ ++ | s390 | s390x \ ++ | score \ ++ | sh | shl \ ++ | sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \ ++ | sh[1234]e[lb] | sh[12345][lb]e | sh[23]ele | sh64 | sh64le \ ++ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \ ++ | sparclite \ ++ | sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \ ++ | spu \ ++ | tahoe \ ++ | thumbv7* \ ++ | tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \ ++ | tron \ ++ | ubicom32 \ ++ | v70 | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \ ++ | vax \ ++ | visium \ ++ | w65 \ ++ | wasm32 | wasm64 \ ++ | we32k \ ++ | x86 | x86_64 | xc16x | xgate | xps100 \ ++ | xstormy16 | xtensa* \ ++ | ymp \ ++ | z8k | z80) ++ ;; ++ ++ *) ++ echo Invalid configuration \`"$1"\': machine \`"$cpu-$vendor"\' not recognized 1>&2 ++ exit 1 ++ ;; ++ esac + ;; + esac + + # Here we canonicalize certain aliases for manufacturers. +-case $basic_machine in +- *-digital*) +- basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'` ++case $vendor in ++ digital*) ++ vendor=dec + ;; +- *-commodore*) +- basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'` ++ commodore*) ++ vendor=cbm + ;; + *) + ;; +@@ -1334,203 +1306,215 @@ esac + + # Decode manufacturer-specific aliases for certain operating systems. + +-if [ x"$os" != x"" ] ++if test x$basic_os != x + then ++ ++# First recognize some ad-hoc cases, or perhaps split kernel-os, or else just ++# set os. ++case $basic_os in ++ gnu/linux*) ++ kernel=linux ++ os=`echo "$basic_os" | sed -e 's|gnu/linux|gnu|'` ++ ;; ++ os2-emx) ++ kernel=os2 ++ os=`echo "$basic_os" | sed -e 's|os2-emx|emx|'` ++ ;; ++ nto-qnx*) ++ kernel=nto ++ os=`echo "$basic_os" | sed -e 's|nto-qnx|qnx|'` ++ ;; ++ *-*) ++ # shellcheck disable=SC2162 ++ saved_IFS=$IFS ++ IFS="-" read kernel os <&2 +- exit 1 ++ # No normalization, but not necessarily accepted, that comes below. + ;; + esac ++ + else + + # Here we handle the default operating systems that come with various machines. +@@ -1543,258 +1527,363 @@ else + # will signal an error saying that MANUFACTURER isn't an operating + # system, and we'll never get to this point. + +-case $basic_machine in ++kernel= ++case $cpu-$vendor in + score-*) +- os=-elf ++ os=elf + ;; + spu-*) +- os=-elf ++ os=elf + ;; + *-acorn) +- os=-riscix1.2 ++ os=riscix1.2 + ;; + arm*-rebel) +- os=-linux ++ kernel=linux ++ os=gnu + ;; + arm*-semi) +- os=-aout ++ os=aout + ;; + c4x-* | tic4x-*) +- os=-coff ++ os=coff + ;; + c8051-*) +- os=-elf ++ os=elf ++ ;; ++ clipper-intergraph) ++ os=clix + ;; + hexagon-*) +- os=-elf ++ os=elf + ;; + tic54x-*) +- os=-coff ++ os=coff + ;; + tic55x-*) +- os=-coff ++ os=coff + ;; + tic6x-*) +- os=-coff ++ os=coff + ;; + # This must come before the *-dec entry. + pdp10-*) +- os=-tops20 ++ os=tops20 + ;; + pdp11-*) +- os=-none ++ os=none + ;; + *-dec | vax-*) +- os=-ultrix4.2 ++ os=ultrix4.2 + ;; + m68*-apollo) +- os=-domain ++ os=domain + ;; + i386-sun) +- os=-sunos4.0.2 ++ os=sunos4.0.2 + ;; + m68000-sun) +- os=-sunos3 ++ os=sunos3 + ;; + m68*-cisco) +- os=-aout ++ os=aout + ;; + mep-*) +- os=-elf ++ os=elf + ;; + mips*-cisco) +- os=-elf ++ os=elf + ;; + mips*-*) +- os=-elf ++ os=elf + ;; + or32-*) +- os=-coff ++ os=coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. +- os=-sysv3 ++ os=sysv3 + ;; + sparc-* | *-sun) +- os=-sunos4.1.1 ++ os=sunos4.1.1 + ;; + pru-*) +- os=-elf ++ os=elf + ;; + *-be) +- os=-beos ++ os=beos + ;; + *-ibm) +- os=-aix ++ os=aix + ;; + *-knuth) +- os=-mmixware ++ os=mmixware + ;; + *-wec) +- os=-proelf ++ os=proelf + ;; + *-winbond) +- os=-proelf ++ os=proelf + ;; + *-oki) +- os=-proelf ++ os=proelf + ;; + *-hp) +- os=-hpux ++ os=hpux + ;; + *-hitachi) +- os=-hiux ++ os=hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) +- os=-sysv ++ os=sysv + ;; + *-cbm) +- os=-amigaos ++ os=amigaos + ;; + *-dg) +- os=-dgux ++ os=dgux + ;; + *-dolphin) +- os=-sysv3 ++ os=sysv3 + ;; + m68k-ccur) +- os=-rtu ++ os=rtu + ;; + m88k-omron*) +- os=-luna ++ os=luna + ;; + *-next) +- os=-nextstep ++ os=nextstep + ;; + *-sequent) +- os=-ptx ++ os=ptx + ;; + *-crds) +- os=-unos ++ os=unos + ;; + *-ns) +- os=-genix ++ os=genix + ;; + i370-*) +- os=-mvs ++ os=mvs + ;; + *-gould) +- os=-sysv ++ os=sysv + ;; + *-highlevel) +- os=-bsd ++ os=bsd + ;; + *-encore) +- os=-bsd ++ os=bsd + ;; + *-sgi) +- os=-irix ++ os=irix + ;; + *-siemens) +- os=-sysv4 ++ os=sysv4 + ;; + *-masscomp) +- os=-rtu ++ os=rtu + ;; + f30[01]-fujitsu | f700-fujitsu) +- os=-uxpv ++ os=uxpv + ;; + *-rom68k) +- os=-coff ++ os=coff + ;; + *-*bug) +- os=-coff ++ os=coff + ;; + *-apple) +- os=-macos ++ os=macos + ;; + *-atari*) +- os=-mint ++ os=mint ++ ;; ++ *-wrs) ++ os=vxworks + ;; + *) +- os=-none ++ os=none + ;; + esac ++ + fi + ++# Now, validate our (potentially fixed-up) OS. ++case $os in ++ # Sometimes we do "kernel-libc", so those need to count as OSes. ++ musl* | newlib* | relibc* | uclibc*) ++ ;; ++ # Likewise for "kernel-abi" ++ eabi* | gnueabi*) ++ ;; ++ # VxWorks passes extra cpu info in the 4th filed. ++ simlinux | simwindows | spe) ++ ;; ++ # Now accept the basic system types. ++ # The portable systems comes first. ++ # Each alternative MUST end in a * to match a version number. ++ gnu* | android* | bsd* | mach* | minix* | genix* | ultrix* | irix* \ ++ | *vms* | esix* | aix* | cnk* | sunos | sunos[34]* \ ++ | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ ++ | sym* | plan9* | psp* | sim* | xray* | os68k* | v88r* \ ++ | hiux* | abug | nacl* | netware* | windows* \ ++ | os9* | macos* | osx* | ios* \ ++ | mpw* | magic* | mmixware* | mon960* | lnews* \ ++ | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \ ++ | aos* | aros* | cloudabi* | sortix* | twizzler* \ ++ | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \ ++ | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \ ++ | mirbsd* | netbsd* | dicos* | openedition* | ose* \ ++ | bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \ ++ | ekkobsd* | freebsd* | riscix* | lynxos* | os400* \ ++ | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \ ++ | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \ ++ | udi* | lites* | ieee* | go32* | aux* | hcos* \ ++ | chorusrdb* | cegcc* | glidix* | serenity* \ ++ | cygwin* | msys* | pe* | moss* | proelf* | rtems* \ ++ | midipix* | mingw32* | mingw64* | mint* \ ++ | uxpv* | beos* | mpeix* | udk* | moxiebox* \ ++ | interix* | uwin* | mks* | rhapsody* | darwin* \ ++ | openstep* | oskit* | conix* | pw32* | nonstopux* \ ++ | storm-chaos* | tops10* | tenex* | tops20* | its* \ ++ | os2* | vos* | palmos* | uclinux* | nucleus* | morphos* \ ++ | scout* | superux* | sysv* | rtmk* | tpf* | windiss* \ ++ | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \ ++ | skyos* | haiku* | rdos* | toppers* | drops* | es* \ ++ | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ ++ | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \ ++ | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \ ++ | fiwix* ) ++ ;; ++ # This one is extra strict with allowed versions ++ sco3.2v2 | sco3.2v[4-9]* | sco5v6*) ++ # Don't forget version if it is 3.2v4 or newer. ++ ;; ++ none) ++ ;; ++ *) ++ echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2 ++ exit 1 ++ ;; ++esac ++ ++# As a final step for OS-related things, validate the OS-kernel combination ++# (given a valid OS), if there is a kernel. ++case $kernel-$os in ++ linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \ ++ | linux-musl* | linux-relibc* | linux-uclibc* ) ++ ;; ++ uclinux-uclibc* ) ++ ;; ++ -dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* ) ++ # These are just libc implementations, not actual OSes, and thus ++ # require a kernel. ++ echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2 ++ exit 1 ++ ;; ++ kfreebsd*-gnu* | kopensolaris*-gnu*) ++ ;; ++ vxworks-simlinux | vxworks-simwindows | vxworks-spe) ++ ;; ++ nto-qnx*) ++ ;; ++ os2-emx) ++ ;; ++ *-eabi* | *-gnueabi*) ++ ;; ++ -*) ++ # Blank kernel with real OS is always fine. ++ ;; ++ *-*) ++ echo "Invalid configuration \`$1': Kernel \`$kernel' not known to work with OS \`$os'." 1>&2 ++ exit 1 ++ ;; ++esac ++ + # Here we handle the case where we know the os, and the CPU type, but not the + # manufacturer. We pick the logical manufacturer. +-vendor=unknown +-case $basic_machine in +- *-unknown) +- case $os in +- -riscix*) ++case $vendor in ++ unknown) ++ case $cpu-$os in ++ *-riscix*) + vendor=acorn + ;; +- -sunos*) ++ *-sunos*) + vendor=sun + ;; +- -cnk*|-aix*) ++ *-cnk* | *-aix*) + vendor=ibm + ;; +- -beos*) ++ *-beos*) + vendor=be + ;; +- -hpux*) ++ *-hpux*) + vendor=hp + ;; +- -mpeix*) ++ *-mpeix*) + vendor=hp + ;; +- -hiux*) ++ *-hiux*) + vendor=hitachi + ;; +- -unos*) ++ *-unos*) + vendor=crds + ;; +- -dgux*) ++ *-dgux*) + vendor=dg + ;; +- -luna*) ++ *-luna*) + vendor=omron + ;; +- -genix*) ++ *-genix*) + vendor=ns + ;; +- -mvs* | -opened*) ++ *-clix*) ++ vendor=intergraph ++ ;; ++ *-mvs* | *-opened*) ++ vendor=ibm ++ ;; ++ *-os400*) + vendor=ibm + ;; +- -os400*) ++ s390-* | s390x-*) + vendor=ibm + ;; +- -ptx*) ++ *-ptx*) + vendor=sequent + ;; +- -tpf*) ++ *-tpf*) + vendor=ibm + ;; +- -vxsim* | -vxworks* | -windiss*) ++ *-vxsim* | *-vxworks* | *-windiss*) + vendor=wrs + ;; +- -aux*) ++ *-aux*) + vendor=apple + ;; +- -hms*) ++ *-hms*) + vendor=hitachi + ;; +- -mpw* | -macos*) ++ *-mpw* | *-macos*) + vendor=apple + ;; +- -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) ++ *-*mint | *-mint[0-9]* | *-*MiNT | *-MiNT[0-9]*) + vendor=atari + ;; +- -vos*) ++ *-vos*) + vendor=stratus + ;; + esac +- basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"` + ;; + esac + +-echo "$basic_machine$os" ++echo "$cpu-$vendor-${kernel:+$kernel-}$os" + exit + + # Local variables: +-# eval: (add-hook 'write-file-functions 'time-stamp) ++# eval: (add-hook 'before-save-hook 'time-stamp) + # time-stamp-start: "timestamp='" + # time-stamp-format: "%:y-%02m-%02d" + # time-stamp-end: "'" +diff --git a/configure b/configure +index 4ea8031..acdc317 100755 +--- a/configure ++++ b/configure +@@ -1,9 +1,10 @@ + #! /bin/sh + # Guess values for system-dependent variables and create Makefiles. +-# Generated by GNU Autoconf 2.69 for tpm2-tools 5.5. ++# Generated by GNU Autoconf 2.71 for tpm2-tools 5.7. + # + # +-# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. ++# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, ++# Inc. + # + # + # This configure script is free software; the Free Software Foundation +@@ -14,14 +15,16 @@ + + # Be more Bourne compatible + DUALCASE=1; export DUALCASE # for MKS sh +-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : ++as_nop=: ++if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 ++then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +-else ++else $as_nop + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( +@@ -31,46 +34,46 @@ esac + fi + + ++ ++# Reset variables that may have inherited troublesome values from ++# the environment. ++ ++# IFS needs to be set, to space, tab, and newline, in precisely that order. ++# (If _AS_PATH_WALK were called with IFS unset, it would have the ++# side effect of setting IFS to empty, thus disabling word splitting.) ++# Quoting is to prevent editors from complaining about space-tab. + as_nl=' + ' + export as_nl +-# Printing a long string crashes Solaris 7 /usr/bin/printf. +-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +-# Prefer a ksh shell builtin over an external printf program on Solaris, +-# but without wasting forks for bash or zsh. +-if test -z "$BASH_VERSION$ZSH_VERSION" \ +- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then +- as_echo='print -r --' +- as_echo_n='print -rn --' +-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then +- as_echo='printf %s\n' +- as_echo_n='printf %s' +-else +- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then +- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' +- as_echo_n='/usr/ucb/echo -n' +- else +- as_echo_body='eval expr "X$1" : "X\\(.*\\)"' +- as_echo_n_body='eval +- arg=$1; +- case $arg in #( +- *"$as_nl"*) +- expr "X$arg" : "X\\(.*\\)$as_nl"; +- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; +- esac; +- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" +- ' +- export as_echo_n_body +- as_echo_n='sh -c $as_echo_n_body as_echo' +- fi +- export as_echo_body +- as_echo='sh -c $as_echo_body as_echo' +-fi ++IFS=" "" $as_nl" ++ ++PS1='$ ' ++PS2='> ' ++PS4='+ ' ++ ++# Ensure predictable behavior from utilities with locale-dependent output. ++LC_ALL=C ++export LC_ALL ++LANGUAGE=C ++export LANGUAGE ++ ++# We cannot yet rely on "unset" to work, but we need these variables ++# to be unset--not just set to an empty or harmless value--now, to ++# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct ++# also avoids known problems related to "unset" and subshell syntax ++# in other old shells (e.g. bash 2.01 and pdksh 5.2.14). ++for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH ++do eval test \${$as_var+y} \ ++ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : ++done ++ ++# Ensure that fds 0, 1, and 2 are open. ++if (exec 3>&0) 2>/dev/null; then :; else exec 0&1) 2>/dev/null; then :; else exec 1>/dev/null; fi ++if (exec 3>&2) ; then :; else exec 2>/dev/null; fi + + # The user is always right. +-if test "${PATH_SEPARATOR+set}" != set; then ++if ${PATH_SEPARATOR+false} :; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || +@@ -79,13 +82,6 @@ if test "${PATH_SEPARATOR+set}" != set; then + fi + + +-# IFS +-# We need space, tab and new line, in precisely that order. Quoting is +-# there to prevent editors from complaining about space-tab. +-# (If _AS_PATH_WALK were called with IFS unset, it would disable word +-# splitting by setting IFS to empty value.) +-IFS=" "" $as_nl" +- + # Find who we are. Look in the path if we contain no directory separator. + as_myself= + case $0 in #(( +@@ -94,8 +90,12 @@ case $0 in #(( + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac ++ test -r "$as_dir$0" && as_myself=$as_dir$0 && break + done + IFS=$as_save_IFS + +@@ -107,30 +107,10 @@ if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then +- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 ++ printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 + fi + +-# Unset variables that we do not need and which cause bugs (e.g. in +-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +-# suppresses any "Segmentation fault" message there. '((' could +-# trigger a bug in pdksh 5.2.14. +-for as_var in BASH_ENV ENV MAIL MAILPATH +-do eval test x\${$as_var+set} = xset \ +- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +-done +-PS1='$ ' +-PS2='> ' +-PS4='+ ' +- +-# NLS nuisances. +-LC_ALL=C +-export LC_ALL +-LANGUAGE=C +-export LANGUAGE +- +-# CDPATH. +-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + # Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. +@@ -152,20 +132,22 @@ esac + exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} + # Admittedly, this is quite paranoid, since all the known shells bail + # out after a failed `exec'. +-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +-as_fn_exit 255 ++printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 ++exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} + if test "x$CONFIG_SHELL" = x; then +- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : ++ as_bourne_compatible="as_nop=: ++if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 ++then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +-else ++else \$as_nop + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( +@@ -185,12 +167,15 @@ as_fn_success || { exitcode=1; echo as_fn_success failed.; } + as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } + as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } + as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +-if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : ++if ( set x; as_fn_ret_success y && test x = \"\$1\" ) ++then : + +-else ++else \$as_nop + exitcode=1; echo positional parameters were not saved. + fi + test x\$exitcode = x0 || exit 1 ++blah=\$(echo \$(echo blah)) ++test x\"\$blah\" = xblah || exit 1 + test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO +@@ -205,30 +190,38 @@ test -x / || exit 1" + test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ + || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1 + test \$(( 1 + 1 )) = 2 || exit 1" +- if (eval "$as_required") 2>/dev/null; then : ++ if (eval "$as_required") 2>/dev/null ++then : + as_have_required=yes +-else ++else $as_nop + as_have_required=no + fi +- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : ++ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null ++then : + +-else ++else $as_nop + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + as_found=false + for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. +- as_shell=$as_dir/$as_base ++ as_shell=$as_dir$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && +- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : ++ as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null ++then : + CONFIG_SHELL=$as_shell as_have_required=yes +- if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : ++ if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null ++then : + break 2 + fi + fi +@@ -236,14 +229,21 @@ fi + esac + as_found=false + done +-$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && +- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : +- CONFIG_SHELL=$SHELL as_have_required=yes +-fi; } + IFS=$as_save_IFS ++if $as_found ++then : + ++else $as_nop ++ if { test -f "$SHELL" || test -f "$SHELL.exe"; } && ++ as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null ++then : ++ CONFIG_SHELL=$SHELL as_have_required=yes ++fi ++fi + +- if test "x$CONFIG_SHELL" != x; then : ++ ++ if test "x$CONFIG_SHELL" != x ++then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a + # neutralization value for shells without unset; and this also +@@ -261,18 +261,19 @@ esac + exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} + # Admittedly, this is quite paranoid, since all the known shells bail + # out after a failed `exec'. +-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 ++printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 + exit 255 + fi + +- if test x$as_have_required = xno; then : +- $as_echo "$0: This script requires a shell more modern than all" +- $as_echo "$0: the shells that I found on your system." +- if test x${ZSH_VERSION+set} = xset ; then +- $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" +- $as_echo "$0: be upgraded to zsh 4.3.4 or later." ++ if test x$as_have_required = xno ++then : ++ printf "%s\n" "$0: This script requires a shell more modern than all" ++ printf "%s\n" "$0: the shells that I found on your system." ++ if test ${ZSH_VERSION+y} ; then ++ printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should" ++ printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later." + else +- $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, ++ printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system, + $0: including any error possibly output before this + $0: message. Then install a modern shell, or manually run + $0: the script under such a shell if you do have one." +@@ -299,6 +300,7 @@ as_fn_unset () + } + as_unset=as_fn_unset + ++ + # as_fn_set_status STATUS + # ----------------------- + # Set $? to STATUS, without forking. +@@ -316,6 +318,14 @@ as_fn_exit () + as_fn_set_status $1 + exit $1 + } # as_fn_exit ++# as_fn_nop ++# --------- ++# Do nothing but, unlike ":", preserve the value of $?. ++as_fn_nop () ++{ ++ return $? ++} ++as_nop=as_fn_nop + + # as_fn_mkdir_p + # ------------- +@@ -330,7 +340,7 @@ as_fn_mkdir_p () + as_dirs= + while :; do + case $as_dir in #( +- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( ++ *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" +@@ -339,7 +349,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +-$as_echo X"$as_dir" | ++printf "%s\n" X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q +@@ -378,12 +388,13 @@ as_fn_executable_p () + # advantage of any shell optimizations that allow amortized linear growth over + # repeated appends, instead of the typical quadratic growth present in naive + # implementations. +-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : ++if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null ++then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +-else ++else $as_nop + as_fn_append () + { + eval $1=\$$1\$2 +@@ -395,18 +406,27 @@ fi # as_fn_append + # Perform arithmetic evaluation on the ARGs, and store the result in the + # global $as_val. Take advantage of shells that can avoid forks. The arguments + # must be portable across $(()) and expr. +-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : ++if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null ++then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +-else ++else $as_nop + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } + fi # as_fn_arith + ++# as_fn_nop ++# --------- ++# Do nothing but, unlike ":", preserve the value of $?. ++as_fn_nop () ++{ ++ return $? ++} ++as_nop=as_fn_nop + + # as_fn_error STATUS ERROR [LINENO LOG_FD] + # ---------------------------------------- +@@ -418,9 +438,9 @@ as_fn_error () + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack +- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi +- $as_echo "$as_me: error: $2" >&2 ++ printf "%s\n" "$as_me: error: $2" >&2 + as_fn_exit $as_status + } # as_fn_error + +@@ -447,7 +467,7 @@ as_me=`$as_basename -- "$0" || + $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +-$as_echo X/"$0" | ++printf "%s\n" X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q +@@ -491,7 +511,7 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || +- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } ++ { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall +@@ -505,6 +525,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits + exit + } + ++ ++# Determine whether it's possible to make 'echo' print without a newline. ++# These variables are no longer used directly by Autoconf, but are AC_SUBSTed ++# for compatibility with existing Makefiles. + ECHO_C= ECHO_N= ECHO_T= + case `echo -n x` in #((((( + -n*) +@@ -518,6 +542,13 @@ case `echo -n x` in #((((( + ECHO_N='-n';; + esac + ++# For backward compatibility with old third-party macros, we provide ++# the shell variables $as_echo and $as_echo_n. New code should use ++# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. ++as_echo='printf %s\n' ++as_echo_n='printf %s' ++ ++ + rm -f conf$$ conf$$.exe conf$$.file + if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +@@ -587,47 +618,43 @@ MAKEFLAGS= + # Identity of this package. + PACKAGE_NAME='tpm2-tools' + PACKAGE_TARNAME='tpm2-tools' +-PACKAGE_VERSION='5.5' +-PACKAGE_STRING='tpm2-tools 5.5' ++PACKAGE_VERSION='5.7' ++PACKAGE_STRING='tpm2-tools 5.7' + PACKAGE_BUGREPORT='' + PACKAGE_URL='' + + # Factoring default headers for most tests. + ac_includes_default="\ +-#include +-#ifdef HAVE_SYS_TYPES_H +-# include ++#include ++#ifdef HAVE_STDIO_H ++# include + #endif +-#ifdef HAVE_SYS_STAT_H +-# include +-#endif +-#ifdef STDC_HEADERS ++#ifdef HAVE_STDLIB_H + # include +-# include +-#else +-# ifdef HAVE_STDLIB_H +-# include +-# endif + #endif + #ifdef HAVE_STRING_H +-# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +-# include +-# endif + # include + #endif +-#ifdef HAVE_STRINGS_H +-# include +-#endif + #ifdef HAVE_INTTYPES_H + # include + #endif + #ifdef HAVE_STDINT_H + # include + #endif ++#ifdef HAVE_STRINGS_H ++# include ++#endif ++#ifdef HAVE_SYS_TYPES_H ++# include ++#endif ++#ifdef HAVE_SYS_STAT_H ++# include ++#endif + #ifdef HAVE_UNISTD_H + # include + #endif" + ++ac_header_c_list= + ac_subst_vars='am__EXEEXT_FALSE + am__EXEEXT_TRUE + LTLIBOBJS +@@ -646,9 +673,9 @@ pkgpyexecdir + pyexecdir + pkgpythondir + pythondir +-PYTHON_PLATFORM + PYTHON_EXEC_PREFIX + PYTHON_PREFIX ++PYTHON_PLATFORM + PYTHON_VERSION + PYTHON + BASH_SHELL +@@ -668,6 +695,8 @@ LIBDL_LDFLAGS + tpmsim + bashcompdir + with_bashcompdir ++HAVE_EFIVAR_H_FALSE ++HAVE_EFIVAR_H_TRUE + EFIVAR_LIBS + EFIVAR_CFLAGS + CURL_LIBS +@@ -724,6 +753,9 @@ AM_BACKSLASH + AM_DEFAULT_VERBOSITY + AM_DEFAULT_V + AM_V ++CSCOPE ++ETAGS ++CTAGS + am__fastdepCC_FALSE + am__fastdepCC_TRUE + CCDEPMODE +@@ -754,7 +786,6 @@ am__isrc + INSTALL_DATA + INSTALL_SCRIPT + INSTALL_PROGRAM +-CPP + LT_SYS_LIBRARY_PATH + OTOOL64 + OTOOL +@@ -856,6 +887,9 @@ with_bashcompdir + with_tpmsim + enable_unit + enable_persistent ++with_python_sys_prefix ++with_python_prefix ++with_python_exec_prefix + enable_dlclose + enable_hardening + ' +@@ -868,7 +902,6 @@ LDFLAGS + LIBS + CPPFLAGS + LT_SYS_LIBRARY_PATH +-CPP + PKG_CONFIG + PKG_CONFIG_PATH + PKG_CONFIG_LIBDIR +@@ -968,8 +1001,6 @@ do + *) ac_optarg=yes ;; + esac + +- # Accept the important Cygnus configure options, so we can diagnose typos. +- + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; +@@ -1010,9 +1041,9 @@ do + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && +- as_fn_error $? "invalid feature name: $ac_useropt" ++ as_fn_error $? "invalid feature name: \`$ac_useropt'" + ac_useropt_orig=$ac_useropt +- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` ++ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" + "enable_$ac_useropt" +@@ -1036,9 +1067,9 @@ do + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && +- as_fn_error $? "invalid feature name: $ac_useropt" ++ as_fn_error $? "invalid feature name: \`$ac_useropt'" + ac_useropt_orig=$ac_useropt +- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` ++ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" + "enable_$ac_useropt" +@@ -1249,9 +1280,9 @@ do + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && +- as_fn_error $? "invalid package name: $ac_useropt" ++ as_fn_error $? "invalid package name: \`$ac_useropt'" + ac_useropt_orig=$ac_useropt +- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` ++ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" + "with_$ac_useropt" +@@ -1265,9 +1296,9 @@ do + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && +- as_fn_error $? "invalid package name: $ac_useropt" ++ as_fn_error $? "invalid package name: \`$ac_useropt'" + ac_useropt_orig=$ac_useropt +- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` ++ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" + "with_$ac_useropt" +@@ -1311,9 +1342,9 @@ Try \`$0 --help' for more information" + + *) + # FIXME: should be removed in autoconf 3.0. +- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 ++ printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && +- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 ++ printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + +@@ -1329,7 +1360,7 @@ if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; +- *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; ++ *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac + fi + +@@ -1393,7 +1424,7 @@ $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +-$as_echo X"$as_myself" | ++printf "%s\n" X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q +@@ -1450,7 +1481,7 @@ if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +-\`configure' configures tpm2-tools 5.5 to adapt to many kinds of systems. ++\`configure' configures tpm2-tools 5.7 to adapt to many kinds of systems. + + Usage: $0 [OPTION]... [VAR=VALUE]... + +@@ -1521,7 +1552,7 @@ fi + + if test -n "$ac_init_help"; then + case $ac_init_help in +- short | recursive ) echo "Configuration of tpm2-tools 5.5:";; ++ short | recursive ) echo "Configuration of tpm2-tools 5.7:";; + esac + cat <<\_ACEOF + +@@ -1567,6 +1598,11 @@ Optional Packages: + path. Default auto detect + --with-bashcompdir=DIR directory for bash completions + --with-tpmsim=BIN simulator used for testing ++ --with-python-sys-prefix ++ use Python's sys.prefix and sys.exec_prefix values ++ --with-python_prefix override the default PYTHON_PREFIX ++ --with-python_exec_prefix ++ override the default PYTHON_EXEC_PREFIX + + Some influential environment variables: + CC C compiler command +@@ -1578,7 +1614,6 @@ Some influential environment variables: + you have headers in a nonstandard directory + LT_SYS_LIBRARY_PATH + User-defined run-time library search path. +- CPP C preprocessor + PKG_CONFIG path to pkg-config utility + PKG_CONFIG_PATH + directories to add to pkg-config's search path +@@ -1655,9 +1690,9 @@ if test "$ac_init_help" = "recursive"; then + case "$ac_dir" in + .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) +- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` ++ ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. +- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` ++ ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; +@@ -1685,7 +1720,8 @@ esac + ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } +- # Check for guested configure. ++ # Check for configure.gnu first; this name is used for a wrapper for ++ # Metaconfig's "Configure" on case-insensitive file systems. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive +@@ -1693,7 +1729,7 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else +- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 ++ printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +@@ -1702,10 +1738,10 @@ fi + test -n "$ac_init_help" && exit $ac_status + if $ac_init_version; then + cat <<\_ACEOF +-tpm2-tools configure 5.5 +-generated by GNU Autoconf 2.69 ++tpm2-tools configure 5.7 ++generated by GNU Autoconf 2.71 + +-Copyright (C) 2012 Free Software Foundation, Inc. ++Copyright (C) 2021 Free Software Foundation, Inc. + This configure script is free software; the Free Software Foundation + gives unlimited permission to copy, distribute and modify it. + _ACEOF +@@ -1722,14 +1758,14 @@ fi + ac_fn_c_try_compile () + { + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack +- rm -f conftest.$ac_objext ++ rm -f conftest.$ac_objext conftest.beam + if { { ac_try="$ac_compile" + case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; + esac + eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +-$as_echo "$ac_try_echo"; } >&5 ++printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then +@@ -1737,14 +1773,15 @@ $as_echo "$ac_try_echo"; } >&5 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err +- } && test -s conftest.$ac_objext; then : ++ } && test -s conftest.$ac_objext ++then : + ac_retval=0 +-else +- $as_echo "$as_me: failed program was:" >&5 ++else $as_nop ++ printf "%s\n" "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +@@ -1760,14 +1797,14 @@ fi + ac_fn_c_try_link () + { + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack +- rm -f conftest.$ac_objext conftest$ac_exeext ++ rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext + if { { ac_try="$ac_link" + case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; + esac + eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +-$as_echo "$ac_try_echo"; } >&5 ++printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then +@@ -1775,17 +1812,18 @@ $as_echo "$ac_try_echo"; } >&5 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext +- }; then : ++ } ++then : + ac_retval=0 +-else +- $as_echo "$as_me: failed program was:" >&5 ++else $as_nop ++ printf "%s\n" "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +@@ -1807,120 +1845,44 @@ fi + ac_fn_c_check_header_compile () + { + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +-$as_echo_n "checking for $2... " >&6; } +-if eval \${$3+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 ++printf %s "checking for $2... " >&6; } ++if eval test \${$3+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + $4 + #include <$2> + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + eval "$3=yes" +-else ++else $as_nop + eval "$3=no" + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + fi + eval ac_res=\$$3 +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +-$as_echo "$ac_res" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 ++printf "%s\n" "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + + } # ac_fn_c_check_header_compile + +-# ac_fn_c_try_cpp LINENO +-# ---------------------- +-# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +-ac_fn_c_try_cpp () +-{ +- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack +- if { { ac_try="$ac_cpp conftest.$ac_ext" +-case "(($ac_try" in +- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; +- *) ac_try_echo=$ac_try;; +-esac +-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +-$as_echo "$ac_try_echo"; } >&5 +- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err +- ac_status=$? +- if test -s conftest.err; then +- grep -v '^ *+' conftest.err >conftest.er1 +- cat conftest.er1 >&5 +- mv -f conftest.er1 conftest.err +- fi +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; } > conftest.i && { +- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || +- test ! -s conftest.err +- }; then : +- ac_retval=0 +-else +- $as_echo "$as_me: failed program was:" >&5 +-sed 's/^/| /' conftest.$ac_ext >&5 +- +- ac_retval=1 +-fi +- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno +- as_fn_set_status $ac_retval +- +-} # ac_fn_c_try_cpp +- +-# ac_fn_c_try_run LINENO +-# ---------------------- +-# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +-# that executables *can* be run. +-ac_fn_c_try_run () +-{ +- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack +- if { { ac_try="$ac_link" +-case "(($ac_try" in +- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; +- *) ac_try_echo=$ac_try;; +-esac +-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +-$as_echo "$ac_try_echo"; } >&5 +- (eval "$ac_link") 2>&5 +- ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' +- { { case "(($ac_try" in +- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; +- *) ac_try_echo=$ac_try;; +-esac +-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +-$as_echo "$ac_try_echo"; } >&5 +- (eval "$ac_try") 2>&5 +- ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; }; }; then : +- ac_retval=0 +-else +- $as_echo "$as_me: program exited with status $ac_status" >&5 +- $as_echo "$as_me: failed program was:" >&5 +-sed 's/^/| /' conftest.$ac_ext >&5 +- +- ac_retval=$ac_status +-fi +- rm -rf conftest.dSYM conftest_ipa8_conftest.oo +- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno +- as_fn_set_status $ac_retval +- +-} # ac_fn_c_try_run +- + # ac_fn_c_check_func LINENO FUNC VAR + # ---------------------------------- + # Tests whether FUNC exists, setting the cache variable VAR accordingly + ac_fn_c_check_func () + { + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +-$as_echo_n "checking for $2... " >&6; } +-if eval \${$3+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 ++printf %s "checking for $2... " >&6; } ++if eval test \${$3+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + /* Define $2 to an innocuous variant, in case declares $2. +@@ -1928,16 +1890,9 @@ else + #define $2 innocuous_$2 + + /* System header to define __stub macros and hopefully few prototypes, +- which can conflict with char $2 (); below. +- Prefer to if __STDC__ is defined, since +- exists even on freestanding compilers. */ +- +-#ifdef __STDC__ +-# include +-#else +-# include +-#endif ++ which can conflict with char $2 (); below. */ + ++#include + #undef $2 + + /* Override any GCC internal prototype to avoid an error. +@@ -1955,35 +1910,56 @@ choke me + #endif + + int +-main () ++main (void) + { + return $2 (); + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + eval "$3=yes" +-else ++else $as_nop + eval "$3=no" + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + fi + eval ac_res=\$$3 +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +-$as_echo "$ac_res" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 ++printf "%s\n" "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + + } # ac_fn_c_check_func ++ac_configure_args_raw= ++for ac_arg ++do ++ case $ac_arg in ++ *\'*) ++ ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; ++ esac ++ as_fn_append ac_configure_args_raw " '$ac_arg'" ++done ++ ++case $ac_configure_args_raw in ++ *$as_nl*) ++ ac_safe_unquote= ;; ++ *) ++ ac_unsafe_z='|&;<>()$`\\"*?[ '' ' # This string ends in space, tab. ++ ac_unsafe_a="$ac_unsafe_z#~" ++ ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g" ++ ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;; ++esac ++ + cat >config.log <<_ACEOF + This file contains any messages produced by compilers while + running configure, to aid debugging if configure makes a mistake. + +-It was created by tpm2-tools $as_me 5.5, which was +-generated by GNU Autoconf 2.69. Invocation command line was ++It was created by tpm2-tools $as_me 5.7, which was ++generated by GNU Autoconf 2.71. Invocation command line was + +- $ $0 $@ ++ $ $0$ac_configure_args_raw + + _ACEOF + exec 5>>config.log +@@ -2016,8 +1992,12 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- $as_echo "PATH: $as_dir" ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac ++ printf "%s\n" "PATH: $as_dir" + done + IFS=$as_save_IFS + +@@ -2052,7 +2032,7 @@ do + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) +- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; ++ ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; +@@ -2087,11 +2067,13 @@ done + # WARNING: Use '\'' to represent an apostrophe within the trap. + # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. + trap 'exit_status=$? ++ # Sanitize IFS. ++ IFS=" "" $as_nl" + # Save into config.log some information that might help in debugging. + { + echo + +- $as_echo "## ---------------- ## ++ printf "%s\n" "## ---------------- ## + ## Cache variables. ## + ## ---------------- ##" + echo +@@ -2102,8 +2084,8 @@ trap 'exit_status=$? + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( +- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; ++ *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 ++printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( +@@ -2127,7 +2109,7 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + ) + echo + +- $as_echo "## ----------------- ## ++ printf "%s\n" "## ----------------- ## + ## Output variables. ## + ## ----------------- ##" + echo +@@ -2135,14 +2117,14 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + do + eval ac_val=\$$ac_var + case $ac_val in +- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; ++ *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac +- $as_echo "$ac_var='\''$ac_val'\''" ++ printf "%s\n" "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then +- $as_echo "## ------------------- ## ++ printf "%s\n" "## ------------------- ## + ## File substitutions. ## + ## ------------------- ##" + echo +@@ -2150,15 +2132,15 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + do + eval ac_val=\$$ac_var + case $ac_val in +- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; ++ *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac +- $as_echo "$ac_var='\''$ac_val'\''" ++ printf "%s\n" "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then +- $as_echo "## ----------- ## ++ printf "%s\n" "## ----------- ## + ## confdefs.h. ## + ## ----------- ##" + echo +@@ -2166,8 +2148,8 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + echo + fi + test "$ac_signal" != 0 && +- $as_echo "$as_me: caught signal $ac_signal" +- $as_echo "$as_me: exit $exit_status" ++ printf "%s\n" "$as_me: caught signal $ac_signal" ++ printf "%s\n" "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && +@@ -2181,63 +2163,48 @@ ac_signal=0 + # confdefs.h avoids OS command line length limits that DEFS can exceed. + rm -f -r conftest* confdefs.h + +-$as_echo "/* confdefs.h */" > confdefs.h ++printf "%s\n" "/* confdefs.h */" > confdefs.h + + # Predefined preprocessor variables. + +-cat >>confdefs.h <<_ACEOF +-#define PACKAGE_NAME "$PACKAGE_NAME" +-_ACEOF ++printf "%s\n" "#define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h + +-cat >>confdefs.h <<_ACEOF +-#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +-_ACEOF ++printf "%s\n" "#define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h + +-cat >>confdefs.h <<_ACEOF +-#define PACKAGE_VERSION "$PACKAGE_VERSION" +-_ACEOF ++printf "%s\n" "#define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h + +-cat >>confdefs.h <<_ACEOF +-#define PACKAGE_STRING "$PACKAGE_STRING" +-_ACEOF ++printf "%s\n" "#define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h + +-cat >>confdefs.h <<_ACEOF +-#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +-_ACEOF ++printf "%s\n" "#define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h + +-cat >>confdefs.h <<_ACEOF +-#define PACKAGE_URL "$PACKAGE_URL" +-_ACEOF ++printf "%s\n" "#define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h + + + # Let the site file select an alternate cache file if it wants to. + # Prefer an explicitly selected file to automatically selected ones. +-ac_site_file1=NONE +-ac_site_file2=NONE + if test -n "$CONFIG_SITE"; then +- # We do not want a PATH search for config.site. +- case $CONFIG_SITE in #(( +- -*) ac_site_file1=./$CONFIG_SITE;; +- */*) ac_site_file1=$CONFIG_SITE;; +- *) ac_site_file1=./$CONFIG_SITE;; +- esac ++ ac_site_files="$CONFIG_SITE" + elif test "x$prefix" != xNONE; then +- ac_site_file1=$prefix/share/config.site +- ac_site_file2=$prefix/etc/config.site ++ ac_site_files="$prefix/share/config.site $prefix/etc/config.site" + else +- ac_site_file1=$ac_default_prefix/share/config.site +- ac_site_file2=$ac_default_prefix/etc/config.site ++ ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +-for ac_site_file in "$ac_site_file1" "$ac_site_file2" ++ ++for ac_site_file in $ac_site_files + do +- test "x$ac_site_file" = xNONE && continue +- if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +-$as_echo "$as_me: loading site script $ac_site_file" >&6;} ++ case $ac_site_file in #( ++ */*) : ++ ;; #( ++ *) : ++ ac_site_file=./$ac_site_file ;; ++esac ++ if test -f "$ac_site_file" && test -r "$ac_site_file"; then ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 ++printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ +- || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "failed to load site script $ac_site_file + See \`config.log' for more details" "$LINENO" 5; } + fi +@@ -2247,19 +2214,434 @@ if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +-$as_echo "$as_me: loading cache $cache_file" >&6;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 ++printf "%s\n" "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +-$as_echo "$as_me: creating cache $cache_file" >&6;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 ++printf "%s\n" "$as_me: creating cache $cache_file" >&6;} + >$cache_file + fi + ++# Test code for whether the C compiler supports C89 (global declarations) ++ac_c_conftest_c89_globals=' ++/* Does the compiler advertise C89 conformance? ++ Do not test the value of __STDC__, because some compilers set it to 0 ++ while being otherwise adequately conformant. */ ++#if !defined __STDC__ ++# error "Compiler does not advertise C89 conformance" ++#endif ++ ++#include ++#include ++struct stat; ++/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */ ++struct buf { int x; }; ++struct buf * (*rcsopen) (struct buf *, struct stat *, int); ++static char *e (p, i) ++ char **p; ++ int i; ++{ ++ return p[i]; ++} ++static char *f (char * (*g) (char **, int), char **p, ...) ++{ ++ char *s; ++ va_list v; ++ va_start (v,p); ++ s = g (p, va_arg (v,int)); ++ va_end (v); ++ return s; ++} ++ ++/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has ++ function prototypes and stuff, but not \xHH hex character constants. ++ These do not provoke an error unfortunately, instead are silently treated ++ as an "x". The following induces an error, until -std is added to get ++ proper ANSI mode. Curiously \x00 != x always comes out true, for an ++ array size at least. It is necessary to write \x00 == 0 to get something ++ that is true only with -std. */ ++int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1]; ++ ++/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters ++ inside strings and character constants. */ ++#define FOO(x) '\''x'\'' ++int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1]; ++ ++int test (int i, double x); ++struct s1 {int (*f) (int a);}; ++struct s2 {int (*f) (double a);}; ++int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int), ++ int, int);' ++ ++# Test code for whether the C compiler supports C89 (body of main). ++ac_c_conftest_c89_main=' ++ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]); ++' ++ ++# Test code for whether the C compiler supports C99 (global declarations) ++ac_c_conftest_c99_globals=' ++// Does the compiler advertise C99 conformance? ++#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L ++# error "Compiler does not advertise C99 conformance" ++#endif ++ ++#include ++extern int puts (const char *); ++extern int printf (const char *, ...); ++extern int dprintf (int, const char *, ...); ++extern void *malloc (size_t); ++ ++// Check varargs macros. These examples are taken from C99 6.10.3.5. ++// dprintf is used instead of fprintf to avoid needing to declare ++// FILE and stderr. ++#define debug(...) dprintf (2, __VA_ARGS__) ++#define showlist(...) puts (#__VA_ARGS__) ++#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__)) ++static void ++test_varargs_macros (void) ++{ ++ int x = 1234; ++ int y = 5678; ++ debug ("Flag"); ++ debug ("X = %d\n", x); ++ showlist (The first, second, and third items.); ++ report (x>y, "x is %d but y is %d", x, y); ++} ++ ++// Check long long types. ++#define BIG64 18446744073709551615ull ++#define BIG32 4294967295ul ++#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0) ++#if !BIG_OK ++ #error "your preprocessor is broken" ++#endif ++#if BIG_OK ++#else ++ #error "your preprocessor is broken" ++#endif ++static long long int bignum = -9223372036854775807LL; ++static unsigned long long int ubignum = BIG64; ++ ++struct incomplete_array ++{ ++ int datasize; ++ double data[]; ++}; ++ ++struct named_init { ++ int number; ++ const wchar_t *name; ++ double average; ++}; ++ ++typedef const char *ccp; ++ ++static inline int ++test_restrict (ccp restrict text) ++{ ++ // See if C++-style comments work. ++ // Iterate through items via the restricted pointer. ++ // Also check for declarations in for loops. ++ for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i) ++ continue; ++ return 0; ++} ++ ++// Check varargs and va_copy. ++static bool ++test_varargs (const char *format, ...) ++{ ++ va_list args; ++ va_start (args, format); ++ va_list args_copy; ++ va_copy (args_copy, args); ++ ++ const char *str = ""; ++ int number = 0; ++ float fnumber = 0; ++ ++ while (*format) ++ { ++ switch (*format++) ++ { ++ case '\''s'\'': // string ++ str = va_arg (args_copy, const char *); ++ break; ++ case '\''d'\'': // int ++ number = va_arg (args_copy, int); ++ break; ++ case '\''f'\'': // float ++ fnumber = va_arg (args_copy, double); ++ break; ++ default: ++ break; ++ } ++ } ++ va_end (args_copy); ++ va_end (args); ++ ++ return *str && number && fnumber; ++} ++' ++ ++# Test code for whether the C compiler supports C99 (body of main). ++ac_c_conftest_c99_main=' ++ // Check bool. ++ _Bool success = false; ++ success |= (argc != 0); ++ ++ // Check restrict. ++ if (test_restrict ("String literal") == 0) ++ success = true; ++ char *restrict newvar = "Another string"; ++ ++ // Check varargs. ++ success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234); ++ test_varargs_macros (); ++ ++ // Check flexible array members. ++ struct incomplete_array *ia = ++ malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); ++ ia->datasize = 10; ++ for (int i = 0; i < ia->datasize; ++i) ++ ia->data[i] = i * 1.234; ++ ++ // Check named initializers. ++ struct named_init ni = { ++ .number = 34, ++ .name = L"Test wide string", ++ .average = 543.34343, ++ }; ++ ++ ni.number = 58; ++ ++ int dynamic_array[ni.number]; ++ dynamic_array[0] = argv[0][0]; ++ dynamic_array[ni.number - 1] = 543; ++ ++ // work around unused variable warnings ++ ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\'' ++ || dynamic_array[ni.number - 1] != 543); ++' ++ ++# Test code for whether the C compiler supports C11 (global declarations) ++ac_c_conftest_c11_globals=' ++// Does the compiler advertise C11 conformance? ++#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L ++# error "Compiler does not advertise C11 conformance" ++#endif ++ ++// Check _Alignas. ++char _Alignas (double) aligned_as_double; ++char _Alignas (0) no_special_alignment; ++extern char aligned_as_int; ++char _Alignas (0) _Alignas (int) aligned_as_int; ++ ++// Check _Alignof. ++enum ++{ ++ int_alignment = _Alignof (int), ++ int_array_alignment = _Alignof (int[100]), ++ char_alignment = _Alignof (char) ++}; ++_Static_assert (0 < -_Alignof (int), "_Alignof is signed"); ++ ++// Check _Noreturn. ++int _Noreturn does_not_return (void) { for (;;) continue; } ++ ++// Check _Static_assert. ++struct test_static_assert ++{ ++ int x; ++ _Static_assert (sizeof (int) <= sizeof (long int), ++ "_Static_assert does not work in struct"); ++ long int y; ++}; ++ ++// Check UTF-8 literals. ++#define u8 syntax error! ++char const utf8_literal[] = u8"happens to be ASCII" "another string"; ++ ++// Check duplicate typedefs. ++typedef long *long_ptr; ++typedef long int *long_ptr; ++typedef long_ptr long_ptr; ++ ++// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1. ++struct anonymous ++{ ++ union { ++ struct { int i; int j; }; ++ struct { int k; long int l; } w; ++ }; ++ int m; ++} v1; ++' ++ ++# Test code for whether the C compiler supports C11 (body of main). ++ac_c_conftest_c11_main=' ++ _Static_assert ((offsetof (struct anonymous, i) ++ == offsetof (struct anonymous, w.k)), ++ "Anonymous union alignment botch"); ++ v1.i = 2; ++ v1.w.k = 5; ++ ok |= v1.i != 5; ++' ++ ++# Test code for whether the C compiler supports C11 (complete). ++ac_c_conftest_c11_program="${ac_c_conftest_c89_globals} ++${ac_c_conftest_c99_globals} ++${ac_c_conftest_c11_globals} ++ ++int ++main (int argc, char **argv) ++{ ++ int ok = 0; ++ ${ac_c_conftest_c89_main} ++ ${ac_c_conftest_c99_main} ++ ${ac_c_conftest_c11_main} ++ return ok; ++} ++" ++ ++# Test code for whether the C compiler supports C99 (complete). ++ac_c_conftest_c99_program="${ac_c_conftest_c89_globals} ++${ac_c_conftest_c99_globals} ++ ++int ++main (int argc, char **argv) ++{ ++ int ok = 0; ++ ${ac_c_conftest_c89_main} ++ ${ac_c_conftest_c99_main} ++ return ok; ++} ++" ++ ++# Test code for whether the C compiler supports C89 (complete). ++ac_c_conftest_c89_program="${ac_c_conftest_c89_globals} ++ ++int ++main (int argc, char **argv) ++{ ++ int ok = 0; ++ ${ac_c_conftest_c89_main} ++ return ok; ++} ++" ++ ++as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H" ++as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H" ++as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H" ++as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H" ++as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H" ++as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H" ++as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H" ++as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H" ++as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H" ++ ++# Auxiliary files required by this configure script. ++ac_aux_files="missing install-sh config.guess config.sub ltmain.sh compile" ++ ++# Locations in which to look for auxiliary files. ++ac_aux_dir_candidates="${srcdir}${PATH_SEPARATOR}${srcdir}/..${PATH_SEPARATOR}${srcdir}/../.." ++ ++# Search for a directory containing all of the required auxiliary files, ++# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates. ++# If we don't find one directory that contains all the files we need, ++# we report the set of missing files from the *first* directory in ++# $ac_aux_dir_candidates and give up. ++ac_missing_aux_files="" ++ac_first_candidate=: ++printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5 ++as_save_IFS=$IFS; IFS=$PATH_SEPARATOR ++as_found=false ++for as_dir in $ac_aux_dir_candidates ++do ++ IFS=$as_save_IFS ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac ++ as_found=: ++ ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5 ++ ac_aux_dir_found=yes ++ ac_install_sh= ++ for ac_aux in $ac_aux_files ++ do ++ # As a special case, if "install-sh" is required, that requirement ++ # can be satisfied by any of "install-sh", "install.sh", or "shtool", ++ # and $ac_install_sh is set appropriately for whichever one is found. ++ if test x"$ac_aux" = x"install-sh" ++ then ++ if test -f "${as_dir}install-sh"; then ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5 ++ ac_install_sh="${as_dir}install-sh -c" ++ elif test -f "${as_dir}install.sh"; then ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5 ++ ac_install_sh="${as_dir}install.sh -c" ++ elif test -f "${as_dir}shtool"; then ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5 ++ ac_install_sh="${as_dir}shtool install -c" ++ else ++ ac_aux_dir_found=no ++ if $ac_first_candidate; then ++ ac_missing_aux_files="${ac_missing_aux_files} install-sh" ++ else ++ break ++ fi ++ fi ++ else ++ if test -f "${as_dir}${ac_aux}"; then ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5 ++ else ++ ac_aux_dir_found=no ++ if $ac_first_candidate; then ++ ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}" ++ else ++ break ++ fi ++ fi ++ fi ++ done ++ if test "$ac_aux_dir_found" = yes; then ++ ac_aux_dir="$as_dir" ++ break ++ fi ++ ac_first_candidate=false ++ ++ as_found=false ++done ++IFS=$as_save_IFS ++if $as_found ++then : ++ ++else $as_nop ++ as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5 ++fi ++ ++ ++# These three variables are undocumented and unsupported, ++# and are intended to be withdrawn in a future Autoconf release. ++# They can cause serious problems if a builder's source tree is in a directory ++# whose full name contains unusual characters. ++if test -f "${ac_aux_dir}config.guess"; then ++ ac_config_guess="$SHELL ${ac_aux_dir}config.guess" ++fi ++if test -f "${ac_aux_dir}config.sub"; then ++ ac_config_sub="$SHELL ${ac_aux_dir}config.sub" ++fi ++if test -f "$ac_aux_dir/configure"; then ++ ac_configure="$SHELL ${ac_aux_dir}configure" ++fi ++ + # Check that the precious variables saved in the cache have kept the same + # value. + ac_cache_corrupted=false +@@ -2270,12 +2652,12 @@ for ac_var in $ac_precious_vars; do + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) +- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +-$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 ++printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) +- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +-$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 ++printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) +@@ -2284,24 +2666,24 @@ $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +-$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 ++printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +-$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 ++printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi +- { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +-$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} +- { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +-$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 ++printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 ++printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in +- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; ++ *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in +@@ -2311,11 +2693,12 @@ $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi + done + if $ac_cache_corrupted; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +- { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +-$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} +- as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 ++printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;} ++ as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file' ++ and start over" "$LINENO" 5 + fi + ## -------------------- ## + ## Main body of script. ## +@@ -2347,14 +2730,15 @@ esac + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable debugging" >&5 +-$as_echo_n "checking whether to enable debugging... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to enable debugging" >&5 ++printf %s "checking whether to enable debugging... " >&6; } + + ax_enable_debug_default=info + ax_enable_debug_is_release=$ax_is_release + + # If this is a release, override the default. +- if test "$ax_enable_debug_is_release" = "yes"; then : ++ if test "$ax_enable_debug_is_release" = "yes" ++then : + ax_enable_debug_default="no" + fi + +@@ -2362,15 +2746,17 @@ fi + + + # Check whether --enable-debug was given. +-if test "${enable_debug+set}" = set; then : ++if test ${enable_debug+y} ++then : + enableval=$enable_debug; +-else ++else $as_nop + enable_debug=$ax_enable_debug_default + fi + + + # empty mean debug yes +- if test "x$enable_debug" = "x"; then : ++ if test "x$enable_debug" = "x" ++then : + enable_debug="yes" + fi + +@@ -2378,8 +2764,8 @@ fi + case $enable_debug in #( + yes) : + +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + CFLAGS="${CFLAGS} -g -O0" + CXXFLAGS="${CXXFLAGS} -g -O0" + FFLAGS="${FFLAGS} -g -O0" +@@ -2388,8 +2774,8 @@ $as_echo "yes" >&6; } + ;; #( + info) : + +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: info" >&5 +-$as_echo "info" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: info" >&5 ++printf "%s\n" "info" >&6; } + CFLAGS="${CFLAGS} -g" + CXXFLAGS="${CXXFLAGS} -g" + FFLAGS="${FFLAGS} -g" +@@ -2398,8 +2784,8 @@ $as_echo "info" >&6; } + ;; #( + profile) : + +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: profile" >&5 +-$as_echo "profile" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: profile" >&5 ++printf "%s\n" "profile" >&6; } + CFLAGS="${CFLAGS} -g -pg" + CXXFLAGS="${CXXFLAGS} -g -pg" + FFLAGS="${FFLAGS} -g -pg" +@@ -2409,36 +2795,51 @@ $as_echo "profile" >&6; } + ;; #( + *) : + +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- if test "x${CFLAGS+set}" != "xset"; then : ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ if test "x${CFLAGS+set}" != "xset" ++then : + CFLAGS="" + fi +- if test "x${CXXFLAGS+set}" != "xset"; then : ++ if test "x${CXXFLAGS+set}" != "xset" ++then : + CXXFLAGS="" + fi +- if test "x${FFLAGS+set}" != "xset"; then : ++ if test "x${FFLAGS+set}" != "xset" ++then : + FFLAGS="" + fi +- if test "x${FCFLAGS+set}" != "xset"; then : ++ if test "x${FCFLAGS+set}" != "xset" ++then : + FCFLAGS="" + fi +- if test "x${OBJCFLAGS+set}" != "xset"; then : ++ if test "x${OBJCFLAGS+set}" != "xset" ++then : + OBJCFLAGS="" + fi + ;; + esac + +- if test "x$enable_debug" = "xyes"; then : ++ if test "x$enable_debug" = "xyes" ++then : + +-else ++else $as_nop + +-$as_echo "#define NDEBUG 1" >>confdefs.h ++printf "%s\n" "#define NDEBUG 1" >>confdefs.h + + fi + ax_enable_debug=$enable_debug + + ++ ++ ++ ++ ++ ++ ++ ++ ++ + ac_ext=c + ac_cpp='$CPP $CPPFLAGS' + ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +@@ -2447,11 +2848,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. + set dummy ${ac_tool_prefix}gcc; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_CC+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_CC+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. + else +@@ -2459,11 +2861,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -2474,11 +2880,11 @@ fi + fi + CC=$ac_cv_prog_CC + if test -n "$CC"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +-$as_echo "$CC" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 ++printf "%s\n" "$CC" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -2487,11 +2893,12 @@ if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. + set dummy gcc; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_CC+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_CC+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. + else +@@ -2499,11 +2906,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -2514,11 +2925,11 @@ fi + fi + ac_ct_CC=$ac_cv_prog_ac_ct_CC + if test -n "$ac_ct_CC"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +-$as_echo "$ac_ct_CC" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 ++printf "%s\n" "$ac_ct_CC" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_CC" = x; then +@@ -2526,8 +2937,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + CC=$ac_ct_CC +@@ -2540,11 +2951,12 @@ if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. + set dummy ${ac_tool_prefix}cc; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_CC+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_CC+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. + else +@@ -2552,11 +2964,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -2567,11 +2983,11 @@ fi + fi + CC=$ac_cv_prog_CC + if test -n "$CC"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +-$as_echo "$CC" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 ++printf "%s\n" "$CC" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -2580,11 +2996,12 @@ fi + if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. + set dummy cc; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_CC+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_CC+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. + else +@@ -2593,15 +3010,19 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then +- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ++ if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -2617,18 +3038,18 @@ if test $ac_prog_rejected = yes; then + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift +- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" ++ ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@" + fi + fi + fi + fi + CC=$ac_cv_prog_CC + if test -n "$CC"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +-$as_echo "$CC" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 ++printf "%s\n" "$CC" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -2639,11 +3060,12 @@ if test -z "$CC"; then + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. + set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_CC+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_CC+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. + else +@@ -2651,11 +3073,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -2666,11 +3092,11 @@ fi + fi + CC=$ac_cv_prog_CC + if test -n "$CC"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +-$as_echo "$CC" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 ++printf "%s\n" "$CC" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -2683,11 +3109,12 @@ if test -z "$CC"; then + do + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_CC+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_CC+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. + else +@@ -2695,11 +3122,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -2710,11 +3141,11 @@ fi + fi + ac_ct_CC=$ac_cv_prog_ac_ct_CC + if test -n "$ac_ct_CC"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +-$as_echo "$ac_ct_CC" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 ++printf "%s\n" "$ac_ct_CC" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -2726,34 +3157,138 @@ done + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++ac_tool_warned=yes ;; ++esac ++ CC=$ac_ct_CC ++ fi ++fi ++ ++fi ++if test -z "$CC"; then ++ if test -n "$ac_tool_prefix"; then ++ # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args. ++set dummy ${ac_tool_prefix}clang; ac_word=$2 ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_CC+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ if test -n "$CC"; then ++ ac_cv_prog_CC="$CC" # Let the user override the test. ++else ++as_save_IFS=$IFS; IFS=$PATH_SEPARATOR ++for as_dir in $PATH ++do ++ IFS=$as_save_IFS ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac ++ for ac_exec_ext in '' $ac_executable_extensions; do ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ++ ac_cv_prog_CC="${ac_tool_prefix}clang" ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 ++ break 2 ++ fi ++done ++ done ++IFS=$as_save_IFS ++ ++fi ++fi ++CC=$ac_cv_prog_CC ++if test -n "$CC"; then ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 ++printf "%s\n" "$CC" >&6; } ++else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++fi ++ ++ ++fi ++if test -z "$ac_cv_prog_CC"; then ++ ac_ct_CC=$CC ++ # Extract the first word of "clang", so it can be a program name with args. ++set dummy clang; ac_word=$2 ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_CC+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ if test -n "$ac_ct_CC"; then ++ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. ++else ++as_save_IFS=$IFS; IFS=$PATH_SEPARATOR ++for as_dir in $PATH ++do ++ IFS=$as_save_IFS ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac ++ for ac_exec_ext in '' $ac_executable_extensions; do ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ++ ac_cv_prog_ac_ct_CC="clang" ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 ++ break 2 ++ fi ++done ++ done ++IFS=$as_save_IFS ++ ++fi ++fi ++ac_ct_CC=$ac_cv_prog_ac_ct_CC ++if test -n "$ac_ct_CC"; then ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 ++printf "%s\n" "$ac_ct_CC" >&6; } ++else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++fi ++ ++ if test "x$ac_ct_CC" = x; then ++ CC="" ++ else ++ case $cross_compiling:$ac_tool_warned in ++yes:) ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + CC=$ac_ct_CC + fi ++else ++ CC="$ac_cv_prog_CC" + fi + + fi + + +-test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "no acceptable C compiler found in \$PATH + See \`config.log' for more details" "$LINENO" 5; } + + # Provide some information about the compiler. +-$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 ++printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 + set X $ac_compile + ac_compiler=$2 +-for ac_option in --version -v -V -qversion; do ++for ac_option in --version -v -V -qversion -version; do + { { ac_try="$ac_compiler $ac_option >&5" + case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; + esac + eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +-$as_echo "$ac_try_echo"; } >&5 ++printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then +@@ -2763,7 +3298,7 @@ $as_echo "$ac_try_echo"; } >&5 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + done + +@@ -2771,7 +3306,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; +@@ -2783,9 +3318,9 @@ ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" + # Try to create an executable without -o first, disregard a.out. + # It will help us diagnose broken compilers, and finding out an intuition + # of exeext. +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +-$as_echo_n "checking whether the C compiler works... " >&6; } +-ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 ++printf %s "checking whether the C compiler works... " >&6; } ++ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + + # The possible output files: + ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" +@@ -2806,11 +3341,12 @@ case "(($ac_try" in + *) ac_try_echo=$ac_try;; + esac + eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +-$as_echo "$ac_try_echo"; } >&5 ++printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; }; then : ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ test $ac_status = 0; } ++then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. + # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' + # in a Makefile. We should not override ac_cv_exeext if it was cached, +@@ -2827,7 +3363,7 @@ do + # certainly right. + break;; + *.* ) +- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; ++ if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi +@@ -2843,44 +3379,46 @@ do + done + test "$ac_cv_exeext" = no && ac_cv_exeext= + +-else ++else $as_nop + ac_file='' + fi +-if test -z "$ac_file"; then : +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-$as_echo "$as_me: failed program was:" >&5 ++if test -z "$ac_file" ++then : ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++printf "%s\n" "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 + +-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error 77 "C compiler cannot create executables + See \`config.log' for more details" "$LINENO" 5; } +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +-fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +-$as_echo_n "checking for C compiler default output file name... " >&6; } +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +-$as_echo "$ac_file" >&6; } ++else $as_nop ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } ++fi ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 ++printf %s "checking for C compiler default output file name... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 ++printf "%s\n" "$ac_file" >&6; } + ac_exeext=$ac_cv_exeext + + rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out + ac_clean_files=$ac_clean_files_save +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +-$as_echo_n "checking for suffix of executables... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 ++printf %s "checking for suffix of executables... " >&6; } + if { { ac_try="$ac_link" + case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; + esac + eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +-$as_echo "$ac_try_echo"; } >&5 ++printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; }; then : ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ test $ac_status = 0; } ++then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) + # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will + # work properly (i.e., refer to `conftest.exe'), while it won't with +@@ -2894,15 +3432,15 @@ for ac_file in conftest.exe conftest conftest.*; do + * ) break;; + esac + done +-else +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++else $as_nop ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "cannot compute suffix of executables: cannot compile and link + See \`config.log' for more details" "$LINENO" 5; } + fi + rm -f conftest conftest$ac_cv_exeext +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +-$as_echo "$ac_cv_exeext" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 ++printf "%s\n" "$ac_cv_exeext" >&6; } + + rm -f conftest.$ac_ext + EXEEXT=$ac_cv_exeext +@@ -2911,7 +3449,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + #include + int +-main () ++main (void) + { + FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; +@@ -2923,8 +3461,8 @@ _ACEOF + ac_clean_files="$ac_clean_files conftest.out" + # Check that the compiler produces executables we can run. If not, either + # the compiler is broken, or we cross compile. +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +-$as_echo_n "checking whether we are cross compiling... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 ++printf %s "checking whether we are cross compiling... " >&6; } + if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" + case "(($ac_try" in +@@ -2932,10 +3470,10 @@ case "(($ac_try" in + *) ac_try_echo=$ac_try;; + esac + eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +-$as_echo "$ac_try_echo"; } >&5 ++printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in +@@ -2943,39 +3481,40 @@ $as_echo "$ac_try_echo"; } >&5 + *) ac_try_echo=$ac_try;; + esac + eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +-$as_echo "$ac_try_echo"; } >&5 ++printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +-as_fn_error $? "cannot run C compiled programs. ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} ++as_fn_error 77 "cannot run C compiled programs. + If you meant to cross compile, use \`--host'. + See \`config.log' for more details" "$LINENO" 5; } + fi + fi + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +-$as_echo "$cross_compiling" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 ++printf "%s\n" "$cross_compiling" >&6; } + + rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out + ac_clean_files=$ac_clean_files_save +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +-$as_echo_n "checking for suffix of object files... " >&6; } +-if ${ac_cv_objext+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 ++printf %s "checking for suffix of object files... " >&6; } ++if test ${ac_cv_objext+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; +@@ -2989,11 +3528,12 @@ case "(($ac_try" in + *) ac_try_echo=$ac_try;; + esac + eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +-$as_echo "$ac_try_echo"; } >&5 ++printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; }; then : ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ test $ac_status = 0; } ++then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in +@@ -3002,31 +3542,32 @@ $as_echo "$ac_try_echo"; } >&5 + break;; + esac + done +-else +- $as_echo "$as_me: failed program was:" >&5 ++else $as_nop ++ printf "%s\n" "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 + +-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "cannot compute suffix of object files: cannot compile + See \`config.log' for more details" "$LINENO" 5; } + fi + rm -f conftest.$ac_cv_objext conftest.$ac_ext + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +-$as_echo "$ac_cv_objext" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 ++printf "%s\n" "$ac_cv_objext" >&6; } + OBJEXT=$ac_cv_objext + ac_objext=$OBJEXT +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +-$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +-if ${ac_cv_c_compiler_gnu+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5 ++printf %s "checking whether the compiler supports GNU C... " >&6; } ++if test ${ac_cv_c_compiler_gnu+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + + int +-main () ++main (void) + { + #ifndef __GNUC__ + choke me +@@ -3036,29 +3577,33 @@ main () + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ac_compiler_gnu=yes +-else ++else $as_nop + ac_compiler_gnu=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + ac_cv_c_compiler_gnu=$ac_compiler_gnu + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +-$as_echo "$ac_cv_c_compiler_gnu" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 ++printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } ++ac_compiler_gnu=$ac_cv_c_compiler_gnu ++ + if test $ac_compiler_gnu = yes; then + GCC=yes + else + GCC= + fi +-ac_test_CFLAGS=${CFLAGS+set} ++ac_test_CFLAGS=${CFLAGS+y} + ac_save_CFLAGS=$CFLAGS +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +-$as_echo_n "checking whether $CC accepts -g... " >&6; } +-if ${ac_cv_prog_cc_g+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 ++printf %s "checking whether $CC accepts -g... " >&6; } ++if test ${ac_cv_prog_cc_g+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no +@@ -3067,57 +3612,60 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ac_cv_prog_cc_g=yes +-else ++else $as_nop + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + +-else ++else $as_nop + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ac_cv_prog_cc_g=yes + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +-$as_echo "$ac_cv_prog_cc_g" >&6; } +-if test "$ac_test_CFLAGS" = set; then ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 ++printf "%s\n" "$ac_cv_prog_cc_g" >&6; } ++if test $ac_test_CFLAGS; then + CFLAGS=$ac_save_CFLAGS + elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then +@@ -3132,94 +3680,144 @@ else + CFLAGS= + fi + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +-$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +-if ${ac_cv_prog_cc_c89+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- ac_cv_prog_cc_c89=no ++ac_prog_cc_stdc=no ++if test x$ac_prog_cc_stdc = xno ++then : ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5 ++printf %s "checking for $CC option to enable C11 features... " >&6; } ++if test ${ac_cv_prog_cc_c11+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ ac_cv_prog_cc_c11=no + ac_save_CC=$CC + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ +-#include +-#include +-struct stat; +-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +-struct buf { int x; }; +-FILE * (*rcsopen) (struct buf *, struct stat *, int); +-static char *e (p, i) +- char **p; +- int i; +-{ +- return p[i]; +-} +-static char *f (char * (*g) (char **, int), char **p, ...) +-{ +- char *s; +- va_list v; +- va_start (v,p); +- s = g (p, va_arg (v,int)); +- va_end (v); +- return s; +-} +- +-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has +- function prototypes and stuff, but not '\xHH' hex character constants. +- These don't provoke an error unfortunately, instead are silently treated +- as 'x'. The following induces an error, until -std is added to get +- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an +- array size at least. It's necessary to write '\x00'==0 to get something +- that's true only with -std. */ +-int osf4_cc_array ['\x00' == 0 ? 1 : -1]; ++$ac_c_conftest_c11_program ++_ACEOF ++for ac_arg in '' -std=gnu11 ++do ++ CC="$ac_save_CC $ac_arg" ++ if ac_fn_c_try_compile "$LINENO" ++then : ++ ac_cv_prog_cc_c11=$ac_arg ++fi ++rm -f core conftest.err conftest.$ac_objext conftest.beam ++ test "x$ac_cv_prog_cc_c11" != "xno" && break ++done ++rm -f conftest.$ac_ext ++CC=$ac_save_CC ++fi + +-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters +- inside strings and character constants. */ +-#define FOO(x) 'x' +-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; ++if test "x$ac_cv_prog_cc_c11" = xno ++then : ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 ++printf "%s\n" "unsupported" >&6; } ++else $as_nop ++ if test "x$ac_cv_prog_cc_c11" = x ++then : ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 ++printf "%s\n" "none needed" >&6; } ++else $as_nop ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 ++printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } ++ CC="$CC $ac_cv_prog_cc_c11" ++fi ++ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 ++ ac_prog_cc_stdc=c11 ++fi ++fi ++if test x$ac_prog_cc_stdc = xno ++then : ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5 ++printf %s "checking for $CC option to enable C99 features... " >&6; } ++if test ${ac_cv_prog_cc_c99+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ ac_cv_prog_cc_c99=no ++ac_save_CC=$CC ++cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++$ac_c_conftest_c99_program ++_ACEOF ++for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99= ++do ++ CC="$ac_save_CC $ac_arg" ++ if ac_fn_c_try_compile "$LINENO" ++then : ++ ac_cv_prog_cc_c99=$ac_arg ++fi ++rm -f core conftest.err conftest.$ac_objext conftest.beam ++ test "x$ac_cv_prog_cc_c99" != "xno" && break ++done ++rm -f conftest.$ac_ext ++CC=$ac_save_CC ++fi + +-int test (int i, double x); +-struct s1 {int (*f) (int a);}; +-struct s2 {int (*f) (double a);}; +-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +-int argc; +-char **argv; +-int +-main () +-{ +-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; +- ; +- return 0; +-} ++if test "x$ac_cv_prog_cc_c99" = xno ++then : ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 ++printf "%s\n" "unsupported" >&6; } ++else $as_nop ++ if test "x$ac_cv_prog_cc_c99" = x ++then : ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 ++printf "%s\n" "none needed" >&6; } ++else $as_nop ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 ++printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } ++ CC="$CC $ac_cv_prog_cc_c99" ++fi ++ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 ++ ac_prog_cc_stdc=c99 ++fi ++fi ++if test x$ac_prog_cc_stdc = xno ++then : ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5 ++printf %s "checking for $CC option to enable C89 features... " >&6; } ++if test ${ac_cv_prog_cc_c89+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ ac_cv_prog_cc_c89=no ++ac_save_CC=$CC ++cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++$ac_c_conftest_c89_program + _ACEOF +-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ +- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" ++for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" + do + CC="$ac_save_CC $ac_arg" +- if ac_fn_c_try_compile "$LINENO"; then : ++ if ac_fn_c_try_compile "$LINENO" ++then : + ac_cv_prog_cc_c89=$ac_arg + fi +-rm -f core conftest.err conftest.$ac_objext ++rm -f core conftest.err conftest.$ac_objext conftest.beam + test "x$ac_cv_prog_cc_c89" != "xno" && break + done + rm -f conftest.$ac_ext + CC=$ac_save_CC +- + fi +-# AC_CACHE_VAL +-case "x$ac_cv_prog_cc_c89" in +- x) +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +-$as_echo "none needed" >&6; } ;; +- xno) +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +-$as_echo "unsupported" >&6; } ;; +- *) +- CC="$CC $ac_cv_prog_cc_c89" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +-$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +-esac +-if test "x$ac_cv_prog_cc_c89" != xno; then : + ++if test "x$ac_cv_prog_cc_c89" = xno ++then : ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 ++printf "%s\n" "unsupported" >&6; } ++else $as_nop ++ if test "x$ac_cv_prog_cc_c89" = x ++then : ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 ++printf "%s\n" "none needed" >&6; } ++else $as_nop ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 ++printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } ++ CC="$CC $ac_cv_prog_cc_c89" ++fi ++ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 ++ ac_prog_cc_stdc=c89 ++fi + fi + + ac_ext=c +@@ -3228,53 +3826,28 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' + ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' + ac_compiler_gnu=$ac_cv_c_compiler_gnu + +-ac_aux_dir= +-for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do +- if test -f "$ac_dir/install-sh"; then +- ac_aux_dir=$ac_dir +- ac_install_sh="$ac_aux_dir/install-sh -c" +- break +- elif test -f "$ac_dir/install.sh"; then +- ac_aux_dir=$ac_dir +- ac_install_sh="$ac_aux_dir/install.sh -c" +- break +- elif test -f "$ac_dir/shtool"; then +- ac_aux_dir=$ac_dir +- ac_install_sh="$ac_aux_dir/shtool install -c" +- break +- fi +-done +-if test -z "$ac_aux_dir"; then +- as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 +-fi +- +-# These three variables are undocumented and unsupported, +-# and are intended to be withdrawn in a future Autoconf release. +-# They can cause serious problems if a builder's source tree is in a directory +-# whose full name contains unusual characters. +-ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +-ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +-ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + + # Expand $ac_aux_dir to an absolute path. + am_aux_dir=`cd "$ac_aux_dir" && pwd` + +-ac_ext=c ++ ++ ac_ext=c + ac_cpp='$CPP $CPPFLAGS' + ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' + ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' + ac_compiler_gnu=$ac_cv_c_compiler_gnu +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5 +-$as_echo_n "checking whether $CC understands -c and -o together... " >&6; } +-if ${am_cv_prog_cc_c_o+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5 ++printf %s "checking whether $CC understands -c and -o together... " >&6; } ++if test ${am_cv_prog_cc_c_o+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; +@@ -3302,8 +3875,8 @@ _ACEOF + rm -f core conftest* + unset am_i + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 +-$as_echo "$am_cv_prog_cc_c_o" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 ++printf "%s\n" "$am_cv_prog_cc_c_o" >&6; } + if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. +@@ -3319,21 +3892,21 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ + ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +-$as_echo_n "checking whether ln -s works... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 ++printf %s "checking whether ln -s works... " >&6; } + LN_S=$as_ln_s + if test "$LN_S" = "ln -s"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +-$as_echo "no, using $LN_S" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 ++printf "%s\n" "no, using $LN_S" >&6; } + fi + + case `pwd` in + *\ * | *\ *) +- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 +-$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 ++printf "%s\n" "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; + esac + + +@@ -3353,28 +3926,32 @@ macro_revision='2.4.6' + + + ++ + ltmain=$ac_aux_dir/ltmain.sh + +-# Make sure we can run config.sub. +-$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || +- as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +-$as_echo_n "checking build system type... " >&6; } +-if ${ac_cv_build+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ ++ # Make sure we can run config.sub. ++$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 || ++ as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5 ++ ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 ++printf %s "checking build system type... " >&6; } ++if test ${ac_cv_build+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + ac_build_alias=$build_alias + test "x$ac_build_alias" = x && +- ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` ++ ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"` + test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +-ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || +- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 ++ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` || ++ as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5 + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +-$as_echo "$ac_cv_build" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 ++printf "%s\n" "$ac_cv_build" >&6; } + case $ac_cv_build in + *-*-*) ;; + *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +@@ -3393,21 +3970,22 @@ IFS=$ac_save_IFS + case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +-$as_echo_n "checking host system type... " >&6; } +-if ${ac_cv_host+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 ++printf %s "checking host system type... " >&6; } ++if test ${ac_cv_host+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build + else +- ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || +- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 ++ ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` || ++ as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5 + fi + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +-$as_echo "$ac_cv_host" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 ++printf "%s\n" "$ac_cv_host" >&6; } + case $ac_cv_host in + *-*-*) ;; + *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +@@ -3447,8 +4025,8 @@ ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 +-$as_echo_n "checking how to print strings... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 ++printf %s "checking how to print strings... " >&6; } + # Test print first, because it will be a builtin if present. + if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then +@@ -3474,12 +4052,12 @@ func_echo_all () + } + + case $ECHO in +- printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 +-$as_echo "printf" >&6; } ;; +- print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 +-$as_echo "print -r" >&6; } ;; +- *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 +-$as_echo "cat" >&6; } ;; ++ printf*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: printf" >&5 ++printf "%s\n" "printf" >&6; } ;; ++ print*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 ++printf "%s\n" "print -r" >&6; } ;; ++ *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cat" >&5 ++printf "%s\n" "cat" >&6; } ;; + esac + + +@@ -3495,11 +4073,12 @@ esac + + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +-$as_echo_n "checking for a sed that does not truncate output... " >&6; } +-if ${ac_cv_path_SED+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 ++printf %s "checking for a sed that does not truncate output... " >&6; } ++if test ${ac_cv_path_SED+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" +@@ -3513,10 +4092,15 @@ else + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- for ac_prog in sed gsed; do ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac ++ for ac_prog in sed gsed ++ do + for ac_exec_ext in '' $ac_executable_extensions; do +- ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" ++ ac_path_SED="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_SED" || continue + # Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +@@ -3525,13 +4109,13 @@ case `"$ac_path_SED" --version 2>&1` in + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; + *) + ac_count=0 +- $as_echo_n 0123456789 >"conftest.in" ++ printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" +- $as_echo '' >> "conftest.nl" ++ printf "%s\n" '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val +@@ -3559,8 +4143,8 @@ else + fi + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +-$as_echo "$ac_cv_path_SED" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 ++printf "%s\n" "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + +@@ -3577,11 +4161,12 @@ Xsed="$SED -e 1s/^X//" + + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +-$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +-if ${ac_cv_path_GREP+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 ++printf %s "checking for grep that handles long lines and -e... " >&6; } ++if test ${ac_cv_path_GREP+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST +@@ -3589,10 +4174,15 @@ else + for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- for ac_prog in grep ggrep; do ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac ++ for ac_prog in grep ggrep ++ do + for ac_exec_ext in '' $ac_executable_extensions; do +- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" ++ ac_path_GREP="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue + # Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +@@ -3601,13 +4191,13 @@ case `"$ac_path_GREP" --version 2>&1` in + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; + *) + ac_count=0 +- $as_echo_n 0123456789 >"conftest.in" ++ printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" +- $as_echo 'GREP' >> "conftest.nl" ++ printf "%s\n" 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val +@@ -3635,16 +4225,17 @@ else + fi + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +-$as_echo "$ac_cv_path_GREP" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 ++printf "%s\n" "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +-$as_echo_n "checking for egrep... " >&6; } +-if ${ac_cv_path_EGREP+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 ++printf %s "checking for egrep... " >&6; } ++if test ${ac_cv_path_EGREP+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else +@@ -3655,10 +4246,15 @@ else + for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- for ac_prog in egrep; do ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac ++ for ac_prog in egrep ++ do + for ac_exec_ext in '' $ac_executable_extensions; do +- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" ++ ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue + # Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +@@ -3667,13 +4263,13 @@ case `"$ac_path_EGREP" --version 2>&1` in + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; + *) + ac_count=0 +- $as_echo_n 0123456789 >"conftest.in" ++ printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" +- $as_echo 'EGREP' >> "conftest.nl" ++ printf "%s\n" 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val +@@ -3702,16 +4298,17 @@ fi + + fi + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +-$as_echo "$ac_cv_path_EGREP" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 ++printf "%s\n" "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 +-$as_echo_n "checking for fgrep... " >&6; } +-if ${ac_cv_path_FGREP+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 ++printf %s "checking for fgrep... " >&6; } ++if test ${ac_cv_path_FGREP+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 + then ac_cv_path_FGREP="$GREP -F" + else +@@ -3722,10 +4319,15 @@ else + for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- for ac_prog in fgrep; do ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac ++ for ac_prog in fgrep ++ do + for ac_exec_ext in '' $ac_executable_extensions; do +- ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" ++ ac_path_FGREP="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_FGREP" || continue + # Check for GNU ac_path_FGREP and select it if it is found. + # Check for GNU $ac_path_FGREP +@@ -3734,13 +4336,13 @@ case `"$ac_path_FGREP" --version 2>&1` in + ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; + *) + ac_count=0 +- $as_echo_n 0123456789 >"conftest.in" ++ printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" +- $as_echo 'FGREP' >> "conftest.nl" ++ printf "%s\n" 'FGREP' >> "conftest.nl" + "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val +@@ -3769,8 +4371,8 @@ fi + + fi + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 +-$as_echo "$ac_cv_path_FGREP" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 ++printf "%s\n" "$ac_cv_path_FGREP" >&6; } + FGREP="$ac_cv_path_FGREP" + + +@@ -3795,17 +4397,18 @@ test -z "$GREP" && GREP=grep + + + # Check whether --with-gnu-ld was given. +-if test "${with_gnu_ld+set}" = set; then : ++if test ${with_gnu_ld+y} ++then : + withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes +-else ++else $as_nop + with_gnu_ld=no + fi + + ac_prog=ld + if test yes = "$GCC"; then + # Check if gcc -print-prog-name=ld gives a path. +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +-$as_echo_n "checking for ld used by $CC... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 ++printf %s "checking for ld used by $CC... " >&6; } + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return, which upsets mingw +@@ -3834,15 +4437,16 @@ $as_echo_n "checking for ld used by $CC... " >&6; } + ;; + esac + elif test yes = "$with_gnu_ld"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +-$as_echo_n "checking for GNU ld... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 ++printf %s "checking for GNU ld... " >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +-$as_echo_n "checking for non-GNU ld... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 ++printf %s "checking for non-GNU ld... " >&6; } + fi +-if ${lt_cv_path_LD+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++if test ${lt_cv_path_LD+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -z "$LD"; then + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do +@@ -3871,18 +4475,19 @@ fi + + LD=$lt_cv_path_LD + if test -n "$LD"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 +-$as_echo "$LD" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 ++printf "%s\n" "$LD" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +-$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +-if ${lt_cv_prog_gnu_ld+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 ++printf %s "checking if the linker ($LD) is GNU ld... " >&6; } ++if test ${lt_cv_prog_gnu_ld+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + # I'd rather use --version here, but apparently some GNU lds only accept -v. + case `$LD -v 2>&1 &1 &5 +-$as_echo "$lt_cv_prog_gnu_ld" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5 ++printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; } + with_gnu_ld=$lt_cv_prog_gnu_ld + + +@@ -3905,11 +4510,12 @@ with_gnu_ld=$lt_cv_prog_gnu_ld + + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 +-$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } +-if ${lt_cv_path_NM+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 ++printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; } ++if test ${lt_cv_path_NM+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM=$NM +@@ -3959,8 +4565,8 @@ else + : ${lt_cv_path_NM=no} + fi + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 +-$as_echo "$lt_cv_path_NM" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 ++printf "%s\n" "$lt_cv_path_NM" >&6; } + if test no != "$lt_cv_path_NM"; then + NM=$lt_cv_path_NM + else +@@ -3973,11 +4579,12 @@ else + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. + set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_DUMPBIN+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_DUMPBIN+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$DUMPBIN"; then + ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. + else +@@ -3985,11 +4592,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -4000,11 +4611,11 @@ fi + fi + DUMPBIN=$ac_cv_prog_DUMPBIN + if test -n "$DUMPBIN"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 +-$as_echo "$DUMPBIN" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 ++printf "%s\n" "$DUMPBIN" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -4017,11 +4628,12 @@ if test -z "$DUMPBIN"; then + do + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_DUMPBIN+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_DUMPBIN"; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. + else +@@ -4029,11 +4641,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -4044,11 +4660,11 @@ fi + fi + ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN + if test -n "$ac_ct_DUMPBIN"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 +-$as_echo "$ac_ct_DUMPBIN" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 ++printf "%s\n" "$ac_ct_DUMPBIN" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -4060,8 +4676,8 @@ done + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + DUMPBIN=$ac_ct_DUMPBIN +@@ -4089,11 +4705,12 @@ test -z "$NM" && NM=nm + + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 +-$as_echo_n "checking the name lister ($NM) interface... " >&6; } +-if ${lt_cv_nm_interface+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 ++printf %s "checking the name lister ($NM) interface... " >&6; } ++if test ${lt_cv_nm_interface+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) +@@ -4109,15 +4726,16 @@ else + fi + rm -f conftest* + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 +-$as_echo "$lt_cv_nm_interface" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 ++printf "%s\n" "$lt_cv_nm_interface" >&6; } + + # find the maximum length of command line arguments +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 +-$as_echo_n "checking the maximum length of command line arguments... " >&6; } +-if ${lt_cv_sys_max_cmd_len+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 ++printf %s "checking the maximum length of command line arguments... " >&6; } ++if test ${lt_cv_sys_max_cmd_len+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + i=0 + teststring=ABCD + +@@ -4244,11 +4862,11 @@ else + fi + + if test -n "$lt_cv_sys_max_cmd_len"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 +-$as_echo "$lt_cv_sys_max_cmd_len" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 ++printf "%s\n" "$lt_cv_sys_max_cmd_len" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 +-$as_echo "none" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5 ++printf "%s\n" "none" >&6; } + fi + max_cmd_len=$lt_cv_sys_max_cmd_len + +@@ -4292,11 +4910,12 @@ esac + + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 +-$as_echo_n "checking how to convert $build file names to $host format... " >&6; } +-if ${lt_cv_to_host_file_cmd+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 ++printf %s "checking how to convert $build file names to $host format... " >&6; } ++if test ${lt_cv_to_host_file_cmd+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + case $host in + *-*-mingw* ) + case $build in +@@ -4332,18 +4951,19 @@ esac + fi + + to_host_file_cmd=$lt_cv_to_host_file_cmd +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 +-$as_echo "$lt_cv_to_host_file_cmd" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 ++printf "%s\n" "$lt_cv_to_host_file_cmd" >&6; } + + + + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 +-$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } +-if ${lt_cv_to_tool_file_cmd+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 ++printf %s "checking how to convert $build file names to toolchain format... " >&6; } ++if test ${lt_cv_to_tool_file_cmd+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + #assume ordinary cross tools, or native build. + lt_cv_to_tool_file_cmd=func_convert_file_noop + case $host in +@@ -4359,22 +4979,23 @@ esac + fi + + to_tool_file_cmd=$lt_cv_to_tool_file_cmd +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 +-$as_echo "$lt_cv_to_tool_file_cmd" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 ++printf "%s\n" "$lt_cv_to_tool_file_cmd" >&6; } + + + + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 +-$as_echo_n "checking for $LD option to reload object files... " >&6; } +-if ${lt_cv_ld_reload_flag+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 ++printf %s "checking for $LD option to reload object files... " >&6; } ++if test ${lt_cv_ld_reload_flag+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_ld_reload_flag='-r' + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 +-$as_echo "$lt_cv_ld_reload_flag" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 ++printf "%s\n" "$lt_cv_ld_reload_flag" >&6; } + reload_flag=$lt_cv_ld_reload_flag + case $reload_flag in + "" | " "*) ;; +@@ -4407,11 +5028,12 @@ esac + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. + set dummy ${ac_tool_prefix}objdump; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_OBJDUMP+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_OBJDUMP+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$OBJDUMP"; then + ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. + else +@@ -4419,11 +5041,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -4434,11 +5060,11 @@ fi + fi + OBJDUMP=$ac_cv_prog_OBJDUMP + if test -n "$OBJDUMP"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 +-$as_echo "$OBJDUMP" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 ++printf "%s\n" "$OBJDUMP" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -4447,11 +5073,12 @@ if test -z "$ac_cv_prog_OBJDUMP"; then + ac_ct_OBJDUMP=$OBJDUMP + # Extract the first word of "objdump", so it can be a program name with args. + set dummy objdump; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_OBJDUMP+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_OBJDUMP"; then + ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. + else +@@ -4459,11 +5086,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_OBJDUMP="objdump" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -4474,11 +5105,11 @@ fi + fi + ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP + if test -n "$ac_ct_OBJDUMP"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 +-$as_echo "$ac_ct_OBJDUMP" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 ++printf "%s\n" "$ac_ct_OBJDUMP" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_OBJDUMP" = x; then +@@ -4486,8 +5117,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + OBJDUMP=$ac_ct_OBJDUMP +@@ -4506,11 +5137,12 @@ test -z "$OBJDUMP" && OBJDUMP=objdump + + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 +-$as_echo_n "checking how to recognize dependent libraries... " >&6; } +-if ${lt_cv_deplibs_check_method+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 ++printf %s "checking how to recognize dependent libraries... " >&6; } ++if test ${lt_cv_deplibs_check_method+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_file_magic_cmd='$MAGIC_CMD' + lt_cv_file_magic_test_file= + lt_cv_deplibs_check_method='unknown' +@@ -4706,8 +5338,8 @@ os2*) + esac + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 +-$as_echo "$lt_cv_deplibs_check_method" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 ++printf "%s\n" "$lt_cv_deplibs_check_method" >&6; } + + file_magic_glob= + want_nocaseglob=no +@@ -4751,11 +5383,12 @@ test -z "$deplibs_check_method" && deplibs_check_method=unknown + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. + set dummy ${ac_tool_prefix}dlltool; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_DLLTOOL+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_DLLTOOL+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$DLLTOOL"; then + ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. + else +@@ -4763,11 +5396,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -4778,11 +5415,11 @@ fi + fi + DLLTOOL=$ac_cv_prog_DLLTOOL + if test -n "$DLLTOOL"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 +-$as_echo "$DLLTOOL" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 ++printf "%s\n" "$DLLTOOL" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -4791,11 +5428,12 @@ if test -z "$ac_cv_prog_DLLTOOL"; then + ac_ct_DLLTOOL=$DLLTOOL + # Extract the first word of "dlltool", so it can be a program name with args. + set dummy dlltool; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_DLLTOOL+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_DLLTOOL"; then + ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. + else +@@ -4803,11 +5441,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DLLTOOL="dlltool" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -4818,11 +5460,11 @@ fi + fi + ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL + if test -n "$ac_ct_DLLTOOL"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 +-$as_echo "$ac_ct_DLLTOOL" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 ++printf "%s\n" "$ac_ct_DLLTOOL" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_DLLTOOL" = x; then +@@ -4830,8 +5472,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + DLLTOOL=$ac_ct_DLLTOOL +@@ -4851,11 +5493,12 @@ test -z "$DLLTOOL" && DLLTOOL=dlltool + + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 +-$as_echo_n "checking how to associate runtime and link libraries... " >&6; } +-if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 ++printf %s "checking how to associate runtime and link libraries... " >&6; } ++if test ${lt_cv_sharedlib_from_linklib_cmd+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_sharedlib_from_linklib_cmd='unknown' + + case $host_os in +@@ -4878,8 +5521,8 @@ cygwin* | mingw* | pw32* | cegcc*) + esac + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 +-$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 ++printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; } + sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd + test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO + +@@ -4895,11 +5538,12 @@ if test -n "$ac_tool_prefix"; then + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. + set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_AR+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_AR+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. + else +@@ -4907,11 +5551,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -4922,11 +5570,11 @@ fi + fi + AR=$ac_cv_prog_AR + if test -n "$AR"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +-$as_echo "$AR" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 ++printf "%s\n" "$AR" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -4939,11 +5587,12 @@ if test -z "$AR"; then + do + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_AR+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_AR+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. + else +@@ -4951,11 +5600,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_AR="$ac_prog" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -4966,11 +5619,11 @@ fi + fi + ac_ct_AR=$ac_cv_prog_ac_ct_AR + if test -n "$ac_ct_AR"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +-$as_echo "$ac_ct_AR" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 ++printf "%s\n" "$ac_ct_AR" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -4982,8 +5635,8 @@ done + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + AR=$ac_ct_AR +@@ -5003,30 +5656,32 @@ fi + + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 +-$as_echo_n "checking for archiver @FILE support... " >&6; } +-if ${lt_cv_ar_at_file+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 ++printf %s "checking for archiver @FILE support... " >&6; } ++if test ${lt_cv_ar_at_file+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_ar_at_file=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + echo conftest.$ac_objext > conftest.lst + lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test 0 -eq "$ac_status"; then + # Ensure the archiver fails upon bogus file names. +@@ -5034,7 +5689,7 @@ if ac_fn_c_try_compile "$LINENO"; then : + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test 0 -ne "$ac_status"; then + lt_cv_ar_at_file=@ +@@ -5043,11 +5698,11 @@ if ac_fn_c_try_compile "$LINENO"; then : + rm -f conftest.* libconftest.a + + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 +-$as_echo "$lt_cv_ar_at_file" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 ++printf "%s\n" "$lt_cv_ar_at_file" >&6; } + + if test no = "$lt_cv_ar_at_file"; then + archiver_list_spec= +@@ -5064,11 +5719,12 @@ fi + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. + set dummy ${ac_tool_prefix}strip; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_STRIP+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_STRIP+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. + else +@@ -5076,11 +5732,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -5091,11 +5751,11 @@ fi + fi + STRIP=$ac_cv_prog_STRIP + if test -n "$STRIP"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +-$as_echo "$STRIP" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 ++printf "%s\n" "$STRIP" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -5104,11 +5764,12 @@ if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. + set dummy strip; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_STRIP+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_STRIP+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. + else +@@ -5116,11 +5777,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -5131,11 +5796,11 @@ fi + fi + ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP + if test -n "$ac_ct_STRIP"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +-$as_echo "$ac_ct_STRIP" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 ++printf "%s\n" "$ac_ct_STRIP" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_STRIP" = x; then +@@ -5143,8 +5808,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + STRIP=$ac_ct_STRIP +@@ -5163,11 +5828,12 @@ test -z "$STRIP" && STRIP=: + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. + set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_RANLIB+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_RANLIB+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. + else +@@ -5175,11 +5841,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -5190,11 +5860,11 @@ fi + fi + RANLIB=$ac_cv_prog_RANLIB + if test -n "$RANLIB"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +-$as_echo "$RANLIB" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 ++printf "%s\n" "$RANLIB" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -5203,11 +5873,12 @@ if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. + set dummy ranlib; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_RANLIB+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. + else +@@ -5215,11 +5886,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -5230,11 +5905,11 @@ fi + fi + ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB + if test -n "$ac_ct_RANLIB"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +-$as_echo "$ac_ct_RANLIB" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 ++printf "%s\n" "$ac_ct_RANLIB" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_RANLIB" = x; then +@@ -5242,8 +5917,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + RANLIB=$ac_ct_RANLIB +@@ -5307,11 +5982,12 @@ for ac_prog in gawk mawk nawk awk + do + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_AWK+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_AWK+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. + else +@@ -5319,11 +5995,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_AWK="$ac_prog" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -5334,11 +6014,11 @@ fi + fi + AWK=$ac_cv_prog_AWK + if test -n "$AWK"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +-$as_echo "$AWK" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 ++printf "%s\n" "$AWK" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -5374,11 +6054,12 @@ compiler=$CC + + + # Check for command to grab the raw symbol name followed by C symbol from nm. +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 +-$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } +-if ${lt_cv_sys_global_symbol_pipe+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 ++printf %s "checking command to parse $NM output from $compiler object... " >&6; } ++if test ${lt_cv_sys_global_symbol_pipe+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + # These are sane defaults that work on at least a few old systems. + # [They come from Ultrix. What could be older than Ultrix?!! ;)] +@@ -5530,7 +6211,7 @@ _LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + # Now try to grab the symbols. + nlist=conftest.nm +@@ -5603,7 +6284,7 @@ _LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest$ac_exeext; then + pipe_works=yes + fi +@@ -5638,11 +6319,11 @@ if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= + fi + if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +-$as_echo "failed" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5 ++printf "%s\n" "failed" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +-$as_echo "ok" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5 ++printf "%s\n" "ok" >&6; } + fi + + # Response file support. +@@ -5688,13 +6369,14 @@ fi + + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 +-$as_echo_n "checking for sysroot... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 ++printf %s "checking for sysroot... " >&6; } + + # Check whether --with-sysroot was given. +-if test "${with_sysroot+set}" = set; then : ++if test ${with_sysroot+y} ++then : + withval=$with_sysroot; +-else ++else $as_nop + with_sysroot=no + fi + +@@ -5712,24 +6394,25 @@ case $with_sysroot in #( + no|'') + ;; #( + *) +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 +-$as_echo "$with_sysroot" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 ++printf "%s\n" "$with_sysroot" >&6; } + as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 + ;; + esac + +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 +-$as_echo "${lt_sysroot:-no}" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 ++printf "%s\n" "${lt_sysroot:-no}" >&6; } + + + + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 +-$as_echo_n "checking for a working dd... " >&6; } +-if ${ac_cv_path_lt_DD+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 ++printf %s "checking for a working dd... " >&6; } ++if test ${ac_cv_path_lt_DD+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + printf 0123456789abcdef0123456789abcdef >conftest.i + cat conftest.i conftest.i >conftest2.i + : ${lt_DD:=$DD} +@@ -5740,10 +6423,15 @@ if test -z "$lt_DD"; then + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- for ac_prog in dd; do ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac ++ for ac_prog in dd ++ do + for ac_exec_ext in '' $ac_executable_extensions; do +- ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext" ++ ac_path_lt_DD="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_lt_DD" || continue + if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ +@@ -5763,15 +6451,16 @@ fi + + rm -f conftest.i conftest2.i conftest.out + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 +-$as_echo "$ac_cv_path_lt_DD" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 ++printf "%s\n" "$ac_cv_path_lt_DD" >&6; } + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 +-$as_echo_n "checking how to truncate binary pipes... " >&6; } +-if ${lt_cv_truncate_bin+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 ++printf %s "checking how to truncate binary pipes... " >&6; } ++if test ${lt_cv_truncate_bin+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + printf 0123456789abcdef0123456789abcdef >conftest.i + cat conftest.i conftest.i >conftest2.i + lt_cv_truncate_bin= +@@ -5782,8 +6471,8 @@ fi + rm -f conftest.i conftest2.i conftest.out + test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 +-$as_echo "$lt_cv_truncate_bin" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 ++printf "%s\n" "$lt_cv_truncate_bin" >&6; } + + + +@@ -5806,7 +6495,8 @@ func_cc_basename () + } + + # Check whether --enable-libtool-lock was given. +-if test "${enable_libtool_lock+set}" = set; then : ++if test ${enable_libtool_lock+y} ++then : + enableval=$enable_libtool_lock; + fi + +@@ -5822,7 +6512,7 @@ ia64-*-hpux*) + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) +@@ -5842,7 +6532,7 @@ ia64-*-hpux*) + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + if test yes = "$lt_cv_prog_gnu_ld"; then + case `/usr/bin/file conftest.$ac_objext` in +@@ -5880,7 +6570,7 @@ mips64*-*linux*) + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + emul=elf + case `/usr/bin/file conftest.$ac_objext` in +@@ -5921,7 +6611,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *32-bit*) +@@ -5984,11 +6674,12 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -belf" +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 +-$as_echo_n "checking whether the C compiler needs -belf... " >&6; } +-if ${lt_cv_cc_needs_belf+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 ++printf %s "checking whether the C compiler needs -belf... " >&6; } ++if test ${lt_cv_cc_needs_belf+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + ac_ext=c + ac_cpp='$CPP $CPPFLAGS' + ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +@@ -5999,19 +6690,20 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + lt_cv_cc_needs_belf=yes +-else ++else $as_nop + lt_cv_cc_needs_belf=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + ac_ext=c + ac_cpp='$CPP $CPPFLAGS' +@@ -6020,8 +6712,8 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ + ac_compiler_gnu=$ac_cv_c_compiler_gnu + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 +-$as_echo "$lt_cv_cc_needs_belf" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 ++printf "%s\n" "$lt_cv_cc_needs_belf" >&6; } + if test yes != "$lt_cv_cc_needs_belf"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS=$SAVE_CFLAGS +@@ -6034,7 +6726,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; } + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *64-bit*) +@@ -6071,11 +6763,12 @@ need_locks=$enable_libtool_lock + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. + set dummy ${ac_tool_prefix}mt; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_MANIFEST_TOOL+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$MANIFEST_TOOL"; then + ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. + else +@@ -6083,11 +6776,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -6098,11 +6795,11 @@ fi + fi + MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL + if test -n "$MANIFEST_TOOL"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 +-$as_echo "$MANIFEST_TOOL" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 ++printf "%s\n" "$MANIFEST_TOOL" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -6111,11 +6808,12 @@ if test -z "$ac_cv_prog_MANIFEST_TOOL"; then + ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL + # Extract the first word of "mt", so it can be a program name with args. + set dummy mt; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_MANIFEST_TOOL"; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. + else +@@ -6123,11 +6821,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -6138,11 +6840,11 @@ fi + fi + ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL + if test -n "$ac_ct_MANIFEST_TOOL"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 +-$as_echo "$ac_ct_MANIFEST_TOOL" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 ++printf "%s\n" "$ac_ct_MANIFEST_TOOL" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_MANIFEST_TOOL" = x; then +@@ -6150,8 +6852,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL +@@ -6161,11 +6863,12 @@ else + fi + + test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 +-$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } +-if ${lt_cv_path_mainfest_tool+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 ++printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } ++if test ${lt_cv_path_mainfest_tool+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_path_mainfest_tool=no + echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 + $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out +@@ -6175,8 +6878,8 @@ else + fi + rm -f conftest* + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 +-$as_echo "$lt_cv_path_mainfest_tool" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 ++printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; } + if test yes != "$lt_cv_path_mainfest_tool"; then + MANIFEST_TOOL=: + fi +@@ -6191,11 +6894,12 @@ fi + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. + set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_DSYMUTIL+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_DSYMUTIL+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$DSYMUTIL"; then + ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. + else +@@ -6203,11 +6907,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -6218,11 +6926,11 @@ fi + fi + DSYMUTIL=$ac_cv_prog_DSYMUTIL + if test -n "$DSYMUTIL"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 +-$as_echo "$DSYMUTIL" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 ++printf "%s\n" "$DSYMUTIL" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -6231,11 +6939,12 @@ if test -z "$ac_cv_prog_DSYMUTIL"; then + ac_ct_DSYMUTIL=$DSYMUTIL + # Extract the first word of "dsymutil", so it can be a program name with args. + set dummy dsymutil; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_DSYMUTIL+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_DSYMUTIL"; then + ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. + else +@@ -6243,11 +6952,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -6258,11 +6971,11 @@ fi + fi + ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL + if test -n "$ac_ct_DSYMUTIL"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 +-$as_echo "$ac_ct_DSYMUTIL" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 ++printf "%s\n" "$ac_ct_DSYMUTIL" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_DSYMUTIL" = x; then +@@ -6270,8 +6983,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + DSYMUTIL=$ac_ct_DSYMUTIL +@@ -6283,11 +6996,12 @@ fi + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. + set dummy ${ac_tool_prefix}nmedit; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_NMEDIT+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_NMEDIT+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$NMEDIT"; then + ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. + else +@@ -6295,11 +7009,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -6310,11 +7028,11 @@ fi + fi + NMEDIT=$ac_cv_prog_NMEDIT + if test -n "$NMEDIT"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 +-$as_echo "$NMEDIT" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 ++printf "%s\n" "$NMEDIT" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -6323,11 +7041,12 @@ if test -z "$ac_cv_prog_NMEDIT"; then + ac_ct_NMEDIT=$NMEDIT + # Extract the first word of "nmedit", so it can be a program name with args. + set dummy nmedit; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_NMEDIT+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_NMEDIT"; then + ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. + else +@@ -6335,11 +7054,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_NMEDIT="nmedit" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -6350,11 +7073,11 @@ fi + fi + ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT + if test -n "$ac_ct_NMEDIT"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 +-$as_echo "$ac_ct_NMEDIT" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 ++printf "%s\n" "$ac_ct_NMEDIT" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_NMEDIT" = x; then +@@ -6362,8 +7085,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + NMEDIT=$ac_ct_NMEDIT +@@ -6375,11 +7098,12 @@ fi + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. + set dummy ${ac_tool_prefix}lipo; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_LIPO+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_LIPO+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$LIPO"; then + ac_cv_prog_LIPO="$LIPO" # Let the user override the test. + else +@@ -6387,11 +7111,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_LIPO="${ac_tool_prefix}lipo" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -6402,11 +7130,11 @@ fi + fi + LIPO=$ac_cv_prog_LIPO + if test -n "$LIPO"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 +-$as_echo "$LIPO" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 ++printf "%s\n" "$LIPO" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -6415,11 +7143,12 @@ if test -z "$ac_cv_prog_LIPO"; then + ac_ct_LIPO=$LIPO + # Extract the first word of "lipo", so it can be a program name with args. + set dummy lipo; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_LIPO+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_LIPO+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_LIPO"; then + ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. + else +@@ -6427,11 +7156,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_LIPO="lipo" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -6442,11 +7175,11 @@ fi + fi + ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO + if test -n "$ac_ct_LIPO"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 +-$as_echo "$ac_ct_LIPO" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 ++printf "%s\n" "$ac_ct_LIPO" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_LIPO" = x; then +@@ -6454,8 +7187,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + LIPO=$ac_ct_LIPO +@@ -6467,11 +7200,12 @@ fi + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. + set dummy ${ac_tool_prefix}otool; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_OTOOL+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_OTOOL+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$OTOOL"; then + ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. + else +@@ -6479,11 +7213,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_OTOOL="${ac_tool_prefix}otool" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -6494,11 +7232,11 @@ fi + fi + OTOOL=$ac_cv_prog_OTOOL + if test -n "$OTOOL"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +-$as_echo "$OTOOL" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 ++printf "%s\n" "$OTOOL" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -6507,11 +7245,12 @@ if test -z "$ac_cv_prog_OTOOL"; then + ac_ct_OTOOL=$OTOOL + # Extract the first word of "otool", so it can be a program name with args. + set dummy otool; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_OTOOL+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_OTOOL"; then + ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. + else +@@ -6519,11 +7258,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_OTOOL="otool" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -6534,11 +7277,11 @@ fi + fi + ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL + if test -n "$ac_ct_OTOOL"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 +-$as_echo "$ac_ct_OTOOL" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 ++printf "%s\n" "$ac_ct_OTOOL" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_OTOOL" = x; then +@@ -6546,8 +7289,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + OTOOL=$ac_ct_OTOOL +@@ -6559,11 +7302,12 @@ fi + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. + set dummy ${ac_tool_prefix}otool64; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_OTOOL64+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_OTOOL64+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$OTOOL64"; then + ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. + else +@@ -6571,11 +7315,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -6586,11 +7334,11 @@ fi + fi + OTOOL64=$ac_cv_prog_OTOOL64 + if test -n "$OTOOL64"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 +-$as_echo "$OTOOL64" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 ++printf "%s\n" "$OTOOL64" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -6599,11 +7347,12 @@ if test -z "$ac_cv_prog_OTOOL64"; then + ac_ct_OTOOL64=$OTOOL64 + # Extract the first word of "otool64", so it can be a program name with args. + set dummy otool64; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_OTOOL64+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_OTOOL64"; then + ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. + else +@@ -6611,11 +7360,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_OTOOL64="otool64" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -6626,11 +7379,11 @@ fi + fi + ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 + if test -n "$ac_ct_OTOOL64"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 +-$as_echo "$ac_ct_OTOOL64" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 ++printf "%s\n" "$ac_ct_OTOOL64" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_OTOOL64" = x; then +@@ -6638,8 +7391,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + OTOOL64=$ac_ct_OTOOL64 +@@ -6674,11 +7427,12 @@ fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 +-$as_echo_n "checking for -single_module linker flag... " >&6; } +-if ${lt_cv_apple_cc_single_mod+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 ++printf %s "checking for -single_module linker flag... " >&6; } ++if test ${lt_cv_apple_cc_single_mod+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_apple_cc_single_mod=no + if test -z "$LT_MULTI_MODULE"; then + # By default we will add the -single_module flag. You can override +@@ -6707,14 +7461,15 @@ else + rm -f conftest.* + fi + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 +-$as_echo "$lt_cv_apple_cc_single_mod" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 ++printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; } + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 +-$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } +-if ${lt_cv_ld_exported_symbols_list+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 ++printf %s "checking for -exported_symbols_list linker flag... " >&6; } ++if test ${lt_cv_ld_exported_symbols_list+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym +@@ -6723,31 +7478,33 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + lt_cv_ld_exported_symbols_list=yes +-else ++else $as_nop + lt_cv_ld_exported_symbols_list=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 +-$as_echo "$lt_cv_ld_exported_symbols_list" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 ++printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; } + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 +-$as_echo_n "checking for -force_load linker flag... " >&6; } +-if ${lt_cv_ld_force_load+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 ++printf %s "checking for -force_load linker flag... " >&6; } ++if test ${lt_cv_ld_force_load+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF + int forced_loaded() { return 2;} +@@ -6759,374 +7516,131 @@ _LT_EOF + echo "$RANLIB libconftest.a" >&5 + $RANLIB libconftest.a 2>&5 + cat > conftest.c << _LT_EOF +-int main() { return 0;} +-_LT_EOF +- echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 +- $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err +- _lt_result=$? +- if test -s conftest.err && $GREP force_load conftest.err; then +- cat conftest.err >&5 +- elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then +- lt_cv_ld_force_load=yes +- else +- cat conftest.err >&5 +- fi +- rm -f conftest.err libconftest.a conftest conftest.c +- rm -rf conftest.dSYM +- +-fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 +-$as_echo "$lt_cv_ld_force_load" >&6; } +- case $host_os in +- rhapsody* | darwin1.[012]) +- _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; +- darwin1.*) +- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; +- darwin*) # darwin 5.x on +- # if running on 10.5 or later, the deployment target defaults +- # to the OS version, if on x86, and 10.4, the deployment +- # target defaults to 10.4. Don't you love it? +- case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in +- 10.0,*86*-darwin8*|10.0,*-darwin[91]*) +- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; +- 10.[012][,.]*) +- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; +- 10.*) +- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; +- esac +- ;; +- esac +- if test yes = "$lt_cv_apple_cc_single_mod"; then +- _lt_dar_single_mod='$single_module' +- fi +- if test yes = "$lt_cv_ld_exported_symbols_list"; then +- _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' +- else +- _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' +- fi +- if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then +- _lt_dsymutil='~$DSYMUTIL $lib || :' +- else +- _lt_dsymutil= +- fi +- ;; +- esac +- +-# func_munge_path_list VARIABLE PATH +-# ----------------------------------- +-# VARIABLE is name of variable containing _space_ separated list of +-# directories to be munged by the contents of PATH, which is string +-# having a format: +-# "DIR[:DIR]:" +-# string "DIR[ DIR]" will be prepended to VARIABLE +-# ":DIR[:DIR]" +-# string "DIR[ DIR]" will be appended to VARIABLE +-# "DIRP[:DIRP]::[DIRA:]DIRA" +-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +-# "DIRA[ DIRA]" will be appended to VARIABLE +-# "DIR[:DIR]" +-# VARIABLE will be replaced by "DIR[ DIR]" +-func_munge_path_list () +-{ +- case x$2 in +- x) +- ;; +- *:) +- eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" +- ;; +- x:*) +- eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" +- ;; +- *::*) +- eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" +- eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" +- ;; +- *) +- eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" +- ;; +- esac +-} +- +-ac_ext=c +-ac_cpp='$CPP $CPPFLAGS' +-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +-ac_compiler_gnu=$ac_cv_c_compiler_gnu +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +-$as_echo_n "checking how to run the C preprocessor... " >&6; } +-# On Suns, sometimes $CPP names a directory. +-if test -n "$CPP" && test -d "$CPP"; then +- CPP= +-fi +-if test -z "$CPP"; then +- if ${ac_cv_prog_CPP+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- # Double quotes because CPP needs to be expanded +- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" +- do +- ac_preproc_ok=false +-for ac_c_preproc_warn_flag in '' yes +-do +- # Use a header file that comes with gcc, so configuring glibc +- # with a fresh cross-compiler works. +- # Prefer to if __STDC__ is defined, since +- # exists even on freestanding compilers. +- # On the NeXT, cc -E runs the code through the compiler's parser, +- # not just through cpp. "Syntax error" is here to catch this case. +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-#ifdef __STDC__ +-# include +-#else +-# include +-#endif +- Syntax error +-_ACEOF +-if ac_fn_c_try_cpp "$LINENO"; then : +- +-else +- # Broken: fails on valid input. +-continue +-fi +-rm -f conftest.err conftest.i conftest.$ac_ext +- +- # OK, works on sane cases. Now check whether nonexistent headers +- # can be detected and how. +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-#include +-_ACEOF +-if ac_fn_c_try_cpp "$LINENO"; then : +- # Broken: success on invalid input. +-continue +-else +- # Passes both tests. +-ac_preproc_ok=: +-break +-fi +-rm -f conftest.err conftest.i conftest.$ac_ext +- +-done +-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +-rm -f conftest.i conftest.err conftest.$ac_ext +-if $ac_preproc_ok; then : +- break +-fi +- +- done +- ac_cv_prog_CPP=$CPP +- +-fi +- CPP=$ac_cv_prog_CPP +-else +- ac_cv_prog_CPP=$CPP +-fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +-$as_echo "$CPP" >&6; } +-ac_preproc_ok=false +-for ac_c_preproc_warn_flag in '' yes +-do +- # Use a header file that comes with gcc, so configuring glibc +- # with a fresh cross-compiler works. +- # Prefer to if __STDC__ is defined, since +- # exists even on freestanding compilers. +- # On the NeXT, cc -E runs the code through the compiler's parser, +- # not just through cpp. "Syntax error" is here to catch this case. +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-#ifdef __STDC__ +-# include +-#else +-# include +-#endif +- Syntax error +-_ACEOF +-if ac_fn_c_try_cpp "$LINENO"; then : +- +-else +- # Broken: fails on valid input. +-continue +-fi +-rm -f conftest.err conftest.i conftest.$ac_ext +- +- # OK, works on sane cases. Now check whether nonexistent headers +- # can be detected and how. +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-#include +-_ACEOF +-if ac_fn_c_try_cpp "$LINENO"; then : +- # Broken: success on invalid input. +-continue +-else +- # Passes both tests. +-ac_preproc_ok=: +-break +-fi +-rm -f conftest.err conftest.i conftest.$ac_ext +- +-done +-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +-rm -f conftest.i conftest.err conftest.$ac_ext +-if $ac_preproc_ok; then : +- +-else +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +-as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +-See \`config.log' for more details" "$LINENO" 5; } +-fi +- +-ac_ext=c +-ac_cpp='$CPP $CPPFLAGS' +-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +-ac_compiler_gnu=$ac_cv_c_compiler_gnu +- +- +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +-$as_echo_n "checking for ANSI C header files... " >&6; } +-if ${ac_cv_header_stdc+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-#include +-#include +-#include +-#include +- +-int +-main () +-{ +- +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : +- ac_cv_header_stdc=yes +-else +- ac_cv_header_stdc=no +-fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +- +-if test $ac_cv_header_stdc = yes; then +- # SunOS 4.x string.h does not declare mem*, contrary to ANSI. +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-#include +- +-_ACEOF +-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- $EGREP "memchr" >/dev/null 2>&1; then : +- +-else +- ac_cv_header_stdc=no +-fi +-rm -f conftest* ++int main() { return 0;} ++_LT_EOF ++ echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 ++ $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err ++ _lt_result=$? ++ if test -s conftest.err && $GREP force_load conftest.err; then ++ cat conftest.err >&5 ++ elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then ++ lt_cv_ld_force_load=yes ++ else ++ cat conftest.err >&5 ++ fi ++ rm -f conftest.err libconftest.a conftest conftest.c ++ rm -rf conftest.dSYM + + fi ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 ++printf "%s\n" "$lt_cv_ld_force_load" >&6; } ++ case $host_os in ++ rhapsody* | darwin1.[012]) ++ _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; ++ darwin1.*) ++ _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; ++ darwin*) # darwin 5.x on ++ # if running on 10.5 or later, the deployment target defaults ++ # to the OS version, if on x86, and 10.4, the deployment ++ # target defaults to 10.4. Don't you love it? ++ case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in ++ 10.0,*86*-darwin8*|10.0,*-darwin[912]*) ++ _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; ++ 10.[012][,.]*) ++ _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; ++ 10.*|11.*) ++ _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; ++ esac ++ ;; ++ esac ++ if test yes = "$lt_cv_apple_cc_single_mod"; then ++ _lt_dar_single_mod='$single_module' ++ fi ++ if test yes = "$lt_cv_ld_exported_symbols_list"; then ++ _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' ++ else ++ _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' ++ fi ++ if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then ++ _lt_dsymutil='~$DSYMUTIL $lib || :' ++ else ++ _lt_dsymutil= ++ fi ++ ;; ++ esac + +-if test $ac_cv_header_stdc = yes; then +- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-#include ++# func_munge_path_list VARIABLE PATH ++# ----------------------------------- ++# VARIABLE is name of variable containing _space_ separated list of ++# directories to be munged by the contents of PATH, which is string ++# having a format: ++# "DIR[:DIR]:" ++# string "DIR[ DIR]" will be prepended to VARIABLE ++# ":DIR[:DIR]" ++# string "DIR[ DIR]" will be appended to VARIABLE ++# "DIRP[:DIRP]::[DIRA:]DIRA" ++# string "DIRP[ DIRP]" will be prepended to VARIABLE and string ++# "DIRA[ DIRA]" will be appended to VARIABLE ++# "DIR[:DIR]" ++# VARIABLE will be replaced by "DIR[ DIR]" ++func_munge_path_list () ++{ ++ case x$2 in ++ x) ++ ;; ++ *:) ++ eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" ++ ;; ++ x:*) ++ eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" ++ ;; ++ *::*) ++ eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" ++ eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" ++ ;; ++ *) ++ eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" ++ ;; ++ esac ++} + +-_ACEOF +-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- $EGREP "free" >/dev/null 2>&1; then : ++ac_header= ac_cache= ++for ac_item in $ac_header_c_list ++do ++ if test $ac_cache; then ++ ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default" ++ if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then ++ printf "%s\n" "#define $ac_item 1" >> confdefs.h ++ fi ++ ac_header= ac_cache= ++ elif test $ac_header; then ++ ac_cache=$ac_item ++ else ++ ac_header=$ac_item ++ fi ++done + +-else +- ac_cv_header_stdc=no +-fi +-rm -f conftest* + +-fi + +-if test $ac_cv_header_stdc = yes; then +- # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. +- if test "$cross_compiling" = yes; then : +- : +-else +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-#include +-#include +-#if ((' ' & 0x0FF) == 0x020) +-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +-#else +-# define ISLOWER(c) \ +- (('a' <= (c) && (c) <= 'i') \ +- || ('j' <= (c) && (c) <= 'r') \ +- || ('s' <= (c) && (c) <= 'z')) +-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +-#endif + +-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +-int +-main () +-{ +- int i; +- for (i = 0; i < 256; i++) +- if (XOR (islower (i), ISLOWER (i)) +- || toupper (i) != TOUPPER (i)) +- return 2; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_run "$LINENO"; then : + +-else +- ac_cv_header_stdc=no +-fi +-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ +- conftest.$ac_objext conftest.beam conftest.$ac_ext +-fi + +-fi +-fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +-$as_echo "$ac_cv_header_stdc" >&6; } +-if test $ac_cv_header_stdc = yes; then + +-$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +-fi ++if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes ++then : + +-# On IRIX 5.3, sys/types and inttypes.h are conflicting. +-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ +- inttypes.h stdint.h unistd.h +-do : +- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +-ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +-" +-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : +- cat >>confdefs.h <<_ACEOF +-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +-_ACEOF ++printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h + + fi +- +-done +- +- +-for ac_header in dlfcn.h +-do : +- ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default ++ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default + " +-if test "x$ac_cv_header_dlfcn_h" = xyes; then : +- cat >>confdefs.h <<_ACEOF +-#define HAVE_DLFCN_H 1 +-_ACEOF ++if test "x$ac_cv_header_dlfcn_h" = xyes ++then : ++ printf "%s\n" "#define HAVE_DLFCN_H 1" >>confdefs.h + + fi + +-done +- + + + +@@ -7142,7 +7656,8 @@ done + + + # Check whether --enable-shared was given. +-if test "${enable_shared+set}" = set; then : ++if test ${enable_shared+y} ++then : + enableval=$enable_shared; p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; +@@ -7160,7 +7675,7 @@ if test "${enable_shared+set}" = set; then : + IFS=$lt_save_ifs + ;; + esac +-else ++else $as_nop + enable_shared=yes + fi + +@@ -7173,7 +7688,8 @@ fi + + + # Check whether --enable-static was given. +-if test "${enable_static+set}" = set; then : ++if test ${enable_static+y} ++then : + enableval=$enable_static; p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; +@@ -7191,7 +7707,7 @@ if test "${enable_static+set}" = set; then : + IFS=$lt_save_ifs + ;; + esac +-else ++else $as_nop + enable_static=yes + fi + +@@ -7205,7 +7721,8 @@ fi + + + # Check whether --with-pic was given. +-if test "${with_pic+set}" = set; then : ++if test ${with_pic+y} ++then : + withval=$with_pic; lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; +@@ -7222,7 +7739,7 @@ if test "${with_pic+set}" = set; then : + IFS=$lt_save_ifs + ;; + esac +-else ++else $as_nop + pic_mode=default + fi + +@@ -7234,7 +7751,8 @@ fi + + + # Check whether --enable-fast-install was given. +-if test "${enable_fast_install+set}" = set; then : ++if test ${enable_fast_install+y} ++then : + enableval=$enable_fast_install; p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; +@@ -7252,7 +7770,7 @@ if test "${enable_fast_install+set}" = set; then : + IFS=$lt_save_ifs + ;; + esac +-else ++else $as_nop + enable_fast_install=yes + fi + +@@ -7266,11 +7784,12 @@ fi + shared_archive_member_spec= + case $host,$enable_shared in + power*-*-aix[5-9]*,yes) +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 +-$as_echo_n "checking which variant of shared library versioning to provide... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 ++printf %s "checking which variant of shared library versioning to provide... " >&6; } + + # Check whether --with-aix-soname was given. +-if test "${with_aix_soname+set}" = set; then : ++if test ${with_aix_soname+y} ++then : + withval=$with_aix_soname; case $withval in + aix|svr4|both) + ;; +@@ -7279,18 +7798,19 @@ if test "${with_aix_soname+set}" = set; then : + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname +-else +- if ${lt_cv_with_aix_soname+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++else $as_nop ++ if test ${lt_cv_with_aix_soname+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_with_aix_soname=aix + fi + + with_aix_soname=$lt_cv_with_aix_soname + fi + +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 +-$as_echo "$with_aix_soname" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 ++printf "%s\n" "$with_aix_soname" >&6; } + if test aix != "$with_aix_soname"; then + # For the AIX way of multilib, we name the shared archive member + # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', +@@ -7372,11 +7892,12 @@ if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST + fi + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 +-$as_echo_n "checking for objdir... " >&6; } +-if ${lt_cv_objdir+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 ++printf %s "checking for objdir... " >&6; } ++if test ${lt_cv_objdir+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + rm -f .libs 2>/dev/null + mkdir .libs 2>/dev/null + if test -d .libs; then +@@ -7387,17 +7908,15 @@ else + fi + rmdir .libs 2>/dev/null + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 +-$as_echo "$lt_cv_objdir" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 ++printf "%s\n" "$lt_cv_objdir" >&6; } + objdir=$lt_cv_objdir + + + + + +-cat >>confdefs.h <<_ACEOF +-#define LT_OBJDIR "$lt_cv_objdir/" +-_ACEOF ++printf "%s\n" "#define LT_OBJDIR \"$lt_cv_objdir/\"" >>confdefs.h + + + +@@ -7443,11 +7962,12 @@ test -z "$MAGIC_CMD" && MAGIC_CMD=file + case $deplibs_check_method in + file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 +-$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } +-if ${lt_cv_path_MAGIC_CMD+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 ++printf %s "checking for ${ac_tool_prefix}file... " >&6; } ++if test ${lt_cv_path_MAGIC_CMD+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + case $MAGIC_CMD in + [\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. +@@ -7496,11 +8016,11 @@ fi + + MAGIC_CMD=$lt_cv_path_MAGIC_CMD + if test -n "$MAGIC_CMD"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +-$as_echo "$MAGIC_CMD" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 ++printf "%s\n" "$MAGIC_CMD" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -7509,11 +8029,12 @@ fi + + if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 +-$as_echo_n "checking for file... " >&6; } +-if ${lt_cv_path_MAGIC_CMD+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for file" >&5 ++printf %s "checking for file... " >&6; } ++if test ${lt_cv_path_MAGIC_CMD+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + case $MAGIC_CMD in + [\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. +@@ -7562,11 +8083,11 @@ fi + + MAGIC_CMD=$lt_cv_path_MAGIC_CMD + if test -n "$MAGIC_CMD"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +-$as_echo "$MAGIC_CMD" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 ++printf "%s\n" "$MAGIC_CMD" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -7651,11 +8172,12 @@ if test yes = "$GCC"; then + lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; + esac + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 +-$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } +-if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 ++printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } ++if test ${lt_cv_prog_compiler_rtti_exceptions+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_prog_compiler_rtti_exceptions=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext +@@ -7686,8 +8208,8 @@ else + $RM conftest* + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +-$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 ++printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; } + + if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then + lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" +@@ -8050,26 +8572,28 @@ case $host_os in + ;; + esac + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +-$as_echo_n "checking for $compiler option to produce PIC... " >&6; } +-if ${lt_cv_prog_compiler_pic+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 ++printf %s "checking for $compiler option to produce PIC... " >&6; } ++if test ${lt_cv_prog_compiler_pic+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_prog_compiler_pic=$lt_prog_compiler_pic + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 +-$as_echo "$lt_cv_prog_compiler_pic" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 ++printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; } + lt_prog_compiler_pic=$lt_cv_prog_compiler_pic + + # + # Check to make sure the PIC flag actually works. + # + if test -n "$lt_prog_compiler_pic"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +-$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } +-if ${lt_cv_prog_compiler_pic_works+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 ++printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } ++if test ${lt_cv_prog_compiler_pic_works+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_prog_compiler_pic_works=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext +@@ -8100,8 +8624,8 @@ else + $RM conftest* + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 +-$as_echo "$lt_cv_prog_compiler_pic_works" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 ++printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; } + + if test yes = "$lt_cv_prog_compiler_pic_works"; then + case $lt_prog_compiler_pic in +@@ -8129,11 +8653,12 @@ fi + # Check to make sure the static flag actually works. + # + wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +-$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +-if ${lt_cv_prog_compiler_static_works+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 ++printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } ++if test ${lt_cv_prog_compiler_static_works+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_prog_compiler_static_works=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" +@@ -8157,8 +8682,8 @@ else + LDFLAGS=$save_LDFLAGS + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 +-$as_echo "$lt_cv_prog_compiler_static_works" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 ++printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; } + + if test yes = "$lt_cv_prog_compiler_static_works"; then + : +@@ -8172,11 +8697,12 @@ fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +-$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +-if ${lt_cv_prog_compiler_c_o+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 ++printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; } ++if test ${lt_cv_prog_compiler_c_o+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest +@@ -8219,19 +8745,20 @@ else + $RM conftest* + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +-$as_echo "$lt_cv_prog_compiler_c_o" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 ++printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; } + + + + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +-$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +-if ${lt_cv_prog_compiler_c_o+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 ++printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; } ++if test ${lt_cv_prog_compiler_c_o+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest +@@ -8274,8 +8801,8 @@ else + $RM conftest* + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +-$as_echo "$lt_cv_prog_compiler_c_o" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 ++printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; } + + + +@@ -8283,19 +8810,19 @@ $as_echo "$lt_cv_prog_compiler_c_o" >&6; } + hard_links=nottested + if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then + # do not overwrite the value of need_locks provided by the user +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 +-$as_echo_n "checking if we can lock with hard links... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 ++printf %s "checking if we can lock with hard links... " >&6; } + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 +-$as_echo "$hard_links" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 ++printf "%s\n" "$hard_links" >&6; } + if test no = "$hard_links"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 +-$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 ++printf "%s\n" "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} + need_locks=warn + fi + else +@@ -8307,8 +8834,8 @@ fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +-$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 ++printf %s "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + + runpath_var= + allow_undefined_flag= +@@ -8866,21 +9393,23 @@ _LT_EOF + if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath + else +- if ${lt_cv_aix_libpath_+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ if test ${lt_cv_aix_libpath_+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { +@@ -8895,7 +9424,7 @@ if ac_fn_c_try_link "$LINENO"; then : + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=/usr/lib:/lib +@@ -8919,21 +9448,23 @@ fi + if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath + else +- if ${lt_cv_aix_libpath_+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ if test ${lt_cv_aix_libpath_+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { +@@ -8948,7 +9479,7 @@ if ac_fn_c_try_link "$LINENO"; then : + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=/usr/lib:/lib +@@ -9199,11 +9730,12 @@ fi + + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 +-$as_echo_n "checking if $CC understands -b... " >&6; } +-if ${lt_cv_prog_compiler__b+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 ++printf %s "checking if $CC understands -b... " >&6; } ++if test ${lt_cv_prog_compiler__b+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_prog_compiler__b=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -b" +@@ -9227,8 +9759,8 @@ else + LDFLAGS=$save_LDFLAGS + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 +-$as_echo "$lt_cv_prog_compiler__b" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 ++printf "%s\n" "$lt_cv_prog_compiler__b" >&6; } + + if test yes = "$lt_cv_prog_compiler__b"; then + archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' +@@ -9268,28 +9800,30 @@ fi + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + # This should be the same for all languages, so no per-tag cache variable. +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 +-$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } +-if ${lt_cv_irix_exported_symbol+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 ++printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&6; } ++if test ${lt_cv_irix_exported_symbol+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + int foo (void) { return 0; } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + lt_cv_irix_exported_symbol=yes +-else ++else $as_nop + lt_cv_irix_exported_symbol=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 +-$as_echo "$lt_cv_irix_exported_symbol" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 ++printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; } + if test yes = "$lt_cv_irix_exported_symbol"; then + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' + fi +@@ -9570,8 +10104,8 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } + fi + fi + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 +-$as_echo "$ld_shlibs" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 ++printf "%s\n" "$ld_shlibs" >&6; } + test no = "$ld_shlibs" && can_build_shared=no + + with_gnu_ld=$with_gnu_ld +@@ -9607,18 +10141,19 @@ x|xyes) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 +-$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } +-if ${lt_cv_archive_cmds_need_lc+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 ++printf %s "checking whether -lc should be explicitly linked in... " >&6; } ++if test ${lt_cv_archive_cmds_need_lc+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + $RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } 2>conftest.err; then + soname=conftest + lib=conftest +@@ -9636,7 +10171,7 @@ else + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 + (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + then + lt_cv_archive_cmds_need_lc=no +@@ -9650,8 +10185,8 @@ else + $RM conftest* + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 +-$as_echo "$lt_cv_archive_cmds_need_lc" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 ++printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; } + archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc + ;; + esac +@@ -9810,8 +10345,8 @@ esac + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 +-$as_echo_n "checking dynamic linker characteristics... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 ++printf %s "checking dynamic linker characteristics... " >&6; } + + if test yes = "$GCC"; then + case $host_os in +@@ -10372,9 +10907,10 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH +- if ${lt_cv_shlibpath_overrides_runpath+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ if test ${lt_cv_shlibpath_overrides_runpath+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir +@@ -10384,19 +10920,21 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : +- if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : ++if ac_fn_c_try_link "$LINENO" ++then : ++ if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null ++then : + lt_cv_shlibpath_overrides_runpath=yes + fi + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir +@@ -10640,8 +11178,8 @@ uts4*) + dynamic_linker=no + ;; + esac +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 +-$as_echo "$dynamic_linker" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 ++printf "%s\n" "$dynamic_linker" >&6; } + test no = "$dynamic_linker" && can_build_shared=no + + variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +@@ -10762,8 +11300,8 @@ configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 +-$as_echo_n "checking how to hardcode library paths into programs... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 ++printf %s "checking how to hardcode library paths into programs... " >&6; } + hardcode_action= + if test -n "$hardcode_libdir_flag_spec" || + test -n "$runpath_var" || +@@ -10787,8 +11325,8 @@ else + # directories. + hardcode_action=unsupported + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 +-$as_echo "$hardcode_action" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 ++printf "%s\n" "$hardcode_action" >&6; } + + if test relink = "$hardcode_action" || + test yes = "$inherit_rpath"; then +@@ -10832,11 +11370,12 @@ else + + darwin*) + # if libdl is installed we need to link against it +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +-$as_echo_n "checking for dlopen in -ldl... " >&6; } +-if ${ac_cv_lib_dl_dlopen+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 ++printf %s "checking for dlopen in -ldl... " >&6; } ++if test ${ac_cv_lib_dl_dlopen+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + ac_check_lib_save_LIBS=$LIBS + LIBS="-ldl $LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +@@ -10845,32 +11384,31 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +-#ifdef __cplusplus +-extern "C" +-#endif + char dlopen (); + int +-main () ++main (void) + { + return dlopen (); + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + ac_cv_lib_dl_dlopen=yes +-else ++else $as_nop + ac_cv_lib_dl_dlopen=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +-$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +-if test "x$ac_cv_lib_dl_dlopen" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 ++printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; } ++if test "x$ac_cv_lib_dl_dlopen" = xyes ++then : + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl +-else ++else $as_nop + + lt_cv_dlopen=dyld + lt_cv_dlopen_libs= +@@ -10890,14 +11428,16 @@ fi + + *) + ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" +-if test "x$ac_cv_func_shl_load" = xyes; then : ++if test "x$ac_cv_func_shl_load" = xyes ++then : + lt_cv_dlopen=shl_load +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +-$as_echo_n "checking for shl_load in -ldld... " >&6; } +-if ${ac_cv_lib_dld_shl_load+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++else $as_nop ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 ++printf %s "checking for shl_load in -ldld... " >&6; } ++if test ${ac_cv_lib_dld_shl_load+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + ac_check_lib_save_LIBS=$LIBS + LIBS="-ldld $LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +@@ -10906,41 +11446,42 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +-#ifdef __cplusplus +-extern "C" +-#endif + char shl_load (); + int +-main () ++main (void) + { + return shl_load (); + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + ac_cv_lib_dld_shl_load=yes +-else ++else $as_nop + ac_cv_lib_dld_shl_load=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 +-$as_echo "$ac_cv_lib_dld_shl_load" >&6; } +-if test "x$ac_cv_lib_dld_shl_load" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 ++printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; } ++if test "x$ac_cv_lib_dld_shl_load" = xyes ++then : + lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld +-else ++else $as_nop + ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +-if test "x$ac_cv_func_dlopen" = xyes; then : ++if test "x$ac_cv_func_dlopen" = xyes ++then : + lt_cv_dlopen=dlopen +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +-$as_echo_n "checking for dlopen in -ldl... " >&6; } +-if ${ac_cv_lib_dl_dlopen+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++else $as_nop ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 ++printf %s "checking for dlopen in -ldl... " >&6; } ++if test ${ac_cv_lib_dl_dlopen+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + ac_check_lib_save_LIBS=$LIBS + LIBS="-ldl $LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +@@ -10949,37 +11490,37 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +-#ifdef __cplusplus +-extern "C" +-#endif + char dlopen (); + int +-main () ++main (void) + { + return dlopen (); + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + ac_cv_lib_dl_dlopen=yes +-else ++else $as_nop + ac_cv_lib_dl_dlopen=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +-$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +-if test "x$ac_cv_lib_dl_dlopen" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 ++printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; } ++if test "x$ac_cv_lib_dl_dlopen" = xyes ++then : + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 +-$as_echo_n "checking for dlopen in -lsvld... " >&6; } +-if ${ac_cv_lib_svld_dlopen+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++else $as_nop ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 ++printf %s "checking for dlopen in -lsvld... " >&6; } ++if test ${ac_cv_lib_svld_dlopen+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + ac_check_lib_save_LIBS=$LIBS + LIBS="-lsvld $LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +@@ -10988,37 +11529,37 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +-#ifdef __cplusplus +-extern "C" +-#endif + char dlopen (); + int +-main () ++main (void) + { + return dlopen (); + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + ac_cv_lib_svld_dlopen=yes +-else ++else $as_nop + ac_cv_lib_svld_dlopen=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 +-$as_echo "$ac_cv_lib_svld_dlopen" >&6; } +-if test "x$ac_cv_lib_svld_dlopen" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 ++printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; } ++if test "x$ac_cv_lib_svld_dlopen" = xyes ++then : + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 +-$as_echo_n "checking for dld_link in -ldld... " >&6; } +-if ${ac_cv_lib_dld_dld_link+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++else $as_nop ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 ++printf %s "checking for dld_link in -ldld... " >&6; } ++if test ${ac_cv_lib_dld_dld_link+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + ac_check_lib_save_LIBS=$LIBS + LIBS="-ldld $LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +@@ -11027,30 +11568,29 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +-#ifdef __cplusplus +-extern "C" +-#endif + char dld_link (); + int +-main () ++main (void) + { + return dld_link (); + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + ac_cv_lib_dld_dld_link=yes +-else ++else $as_nop + ac_cv_lib_dld_dld_link=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 +-$as_echo "$ac_cv_lib_dld_dld_link" >&6; } +-if test "x$ac_cv_lib_dld_dld_link" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 ++printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; } ++if test "x$ac_cv_lib_dld_dld_link" = xyes ++then : + lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld + fi + +@@ -11089,11 +11629,12 @@ fi + save_LIBS=$LIBS + LIBS="$lt_cv_dlopen_libs $LIBS" + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 +-$as_echo_n "checking whether a program can dlopen itself... " >&6; } +-if ${lt_cv_dlopen_self+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 ++printf %s "checking whether a program can dlopen itself... " >&6; } ++if test ${lt_cv_dlopen_self+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test yes = "$cross_compiling"; then : + lt_cv_dlopen_self=cross + else +@@ -11172,7 +11713,7 @@ _LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? +@@ -11190,16 +11731,17 @@ rm -fr conftest* + + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 +-$as_echo "$lt_cv_dlopen_self" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 ++printf "%s\n" "$lt_cv_dlopen_self" >&6; } + + if test yes = "$lt_cv_dlopen_self"; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 +-$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } +-if ${lt_cv_dlopen_self_static+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 ++printf %s "checking whether a statically linked program can dlopen itself... " >&6; } ++if test ${lt_cv_dlopen_self_static+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test yes = "$cross_compiling"; then : + lt_cv_dlopen_self_static=cross + else +@@ -11278,7 +11820,7 @@ _LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? +@@ -11296,8 +11838,8 @@ rm -fr conftest* + + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 +-$as_echo "$lt_cv_dlopen_self_static" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 ++printf "%s\n" "$lt_cv_dlopen_self_static" >&6; } + fi + + CPPFLAGS=$save_CPPFLAGS +@@ -11335,13 +11877,13 @@ fi + + striplib= + old_striplib= +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 +-$as_echo_n "checking whether stripping libraries is possible... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 ++printf %s "checking whether stripping libraries is possible... " >&6; } + if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + else + # FIXME - insert some real tests, host_os isn't really good enough + case $host_os in +@@ -11349,16 +11891,16 @@ else + if test -n "$STRIP"; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + ;; + *) +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + ;; + esac + fi +@@ -11375,13 +11917,13 @@ fi + + + # Report what library types will actually be built +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 +-$as_echo_n "checking if libtool supports shared libraries... " >&6; } +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 +-$as_echo "$can_build_shared" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 ++printf %s "checking if libtool supports shared libraries... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 ++printf "%s\n" "$can_build_shared" >&6; } + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 +-$as_echo_n "checking whether to build shared libraries... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 ++printf %s "checking whether to build shared libraries... " >&6; } + test no = "$can_build_shared" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and +@@ -11405,15 +11947,15 @@ $as_echo_n "checking whether to build shared libraries... " >&6; } + fi + ;; + esac +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 +-$as_echo "$enable_shared" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 ++printf "%s\n" "$enable_shared" >&6; } + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 +-$as_echo_n "checking whether to build static libraries... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 ++printf %s "checking whether to build static libraries... " >&6; } + # Make sure either enable_shared or enable_static is yes. + test yes = "$enable_shared" || enable_static=yes +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 +-$as_echo "$enable_static" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 ++printf "%s\n" "$enable_static" >&6; } + + + +@@ -11451,7 +11993,8 @@ CC=$lt_save_CC + + am__api_version='1.16' + +-# Find a good install program. We prefer a C program (faster), ++ ++ # Find a good install program. We prefer a C program (faster), + # so one script is as good as another. But avoid the broken or + # incompatible versions: + # SysV /etc/install, /usr/sbin/install +@@ -11465,20 +12008,25 @@ am__api_version='1.16' + # OS/2's system install, which has a completely different semantic + # ./install, which can be erroneously created by make from ./install.sh. + # Reject install programs that cannot install multiple files. +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +-$as_echo_n "checking for a BSD-compatible install... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 ++printf %s "checking for a BSD-compatible install... " >&6; } + if test -z "$INSTALL"; then +-if ${ac_cv_path_install+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++if test ${ac_cv_path_install+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- # Account for people who put trailing slashes in PATH elements. +-case $as_dir/ in #(( +- ./ | .// | /[cC]/* | \ ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac ++ # Account for fact that we put trailing slashes in our PATH walk. ++case $as_dir in #(( ++ ./ | /[cC]/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ + /usr/ucb/* ) ;; +@@ -11488,13 +12036,13 @@ case $as_dir/ in #(( + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && +- grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then ++ grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && +- grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then ++ grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else +@@ -11502,12 +12050,12 @@ case $as_dir/ in #(( + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir +- if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && ++ if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then +- ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" ++ ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c" + break 3 + fi + fi +@@ -11523,7 +12071,7 @@ IFS=$as_save_IFS + rm -rf conftest.one conftest.two conftest.dir + + fi +- if test "${ac_cv_path_install+set}" = set; then ++ if test ${ac_cv_path_install+y}; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a +@@ -11533,8 +12081,8 @@ fi + INSTALL=$ac_install_sh + fi + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +-$as_echo "$INSTALL" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 ++printf "%s\n" "$INSTALL" >&6; } + + # Use test -z because SunOS4 sh mishandles braces in ${var-val}. + # It thinks the first close brace ends the variable substitution. +@@ -11544,8 +12092,8 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + + test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +-$as_echo_n "checking whether build environment is sane... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 ++printf %s "checking whether build environment is sane... " >&6; } + # Reject unsafe characters in $srcdir or the absolute working directory + # name. Accept space and tab only in the latter. + am_lf=' +@@ -11599,8 +12147,8 @@ else + as_fn_error $? "newly created file is older than distributed files! + Check your system clock" "$LINENO" 5 + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + # If we didn't sleep, we still need to ensure time stamps of config.status and + # generated files are strictly newer. + am_sleep_pid= +@@ -11619,23 +12167,19 @@ test "$program_suffix" != NONE && + # Double any \ or $. + # By default was `s,x,x', remove it if useless. + ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' +-program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` ++program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"` + +-if test x"${MISSING+set}" != xset; then +- case $am_aux_dir in +- *\ * | *\ *) +- MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; +- *) +- MISSING="\${SHELL} $am_aux_dir/missing" ;; +- esac ++ ++ if test x"${MISSING+set}" != xset; then ++ MISSING="\${SHELL} '$am_aux_dir/missing'" + fi + # Use eval to expand $SHELL + if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " + else + am_missing_run= +- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +-$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 ++printf "%s\n" "$as_me: WARNING: 'missing' script is too old or missing" >&2;} + fi + + if test x"${install_sh+set}" != xset; then +@@ -11655,11 +12199,12 @@ if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. + set dummy ${ac_tool_prefix}strip; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_STRIP+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_STRIP+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. + else +@@ -11667,11 +12212,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -11682,11 +12231,11 @@ fi + fi + STRIP=$ac_cv_prog_STRIP + if test -n "$STRIP"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +-$as_echo "$STRIP" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 ++printf "%s\n" "$STRIP" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -11695,11 +12244,12 @@ if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. + set dummy strip; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_STRIP+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_STRIP+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. + else +@@ -11707,11 +12257,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -11722,11 +12276,11 @@ fi + fi + ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP + if test -n "$ac_ct_STRIP"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +-$as_echo "$ac_ct_STRIP" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 ++printf "%s\n" "$ac_ct_STRIP" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_STRIP" = x; then +@@ -11734,8 +12288,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + STRIP=$ac_ct_STRIP +@@ -11747,25 +12301,31 @@ fi + fi + INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 +-$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } ++ ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a race-free mkdir -p" >&5 ++printf %s "checking for a race-free mkdir -p... " >&6; } + if test -z "$MKDIR_P"; then +- if ${ac_cv_path_mkdir+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ if test ${ac_cv_path_mkdir+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_prog in mkdir gmkdir; do + for ac_exec_ext in '' $ac_executable_extensions; do +- as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue +- case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( +- 'mkdir (GNU coreutils) '* | \ +- 'mkdir (coreutils) '* | \ ++ as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue ++ case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #( ++ 'mkdir ('*'coreutils) '* | \ ++ 'BusyBox '* | \ + 'mkdir (fileutils) '4.1*) +- ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext ++ ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext + break 3;; + esac + done +@@ -11776,7 +12336,7 @@ IFS=$as_save_IFS + fi + + test -d ./--version && rmdir ./--version +- if test "${ac_cv_path_mkdir+set}" = set; then ++ if test ${ac_cv_path_mkdir+y}; then + MKDIR_P="$ac_cv_path_mkdir -p" + else + # As a last resort, use the slow shell script. Don't cache a +@@ -11786,16 +12346,17 @@ fi + MKDIR_P="$ac_install_sh -d" + fi + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +-$as_echo "$MKDIR_P" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 ++printf "%s\n" "$MKDIR_P" >&6; } + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +-$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 ++printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } + set x ${MAKE-make} +-ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +-if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` ++if eval test \${ac_cv_prog_make_${ac_make}_set+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + cat >conftest.make <<\_ACEOF + SHELL = /bin/sh + all: +@@ -11811,12 +12372,12 @@ esac + rm -f conftest.make + fi + if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + SET_MAKE= + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" + fi + +@@ -11833,8 +12394,8 @@ DEPDIR="${am__leading_dot}deps" + + ac_config_commands="$ac_config_commands depfiles" + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5 +-$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5 ++printf %s "checking whether ${MAKE-make} supports the include directive... " >&6; } + cat > confinc.mk << 'END' + am__doit: + @echo this is the am__doit target >confinc.out +@@ -11870,11 +12431,12 @@ esac + fi + done + rm -f confinc.* confmf.* +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5 +-$as_echo "${_am_result}" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5 ++printf "%s\n" "${_am_result}" >&6; } + + # Check whether --enable-dependency-tracking was given. +-if test "${enable_dependency_tracking+set}" = set; then : ++if test ${enable_dependency_tracking+y} ++then : + enableval=$enable_dependency_tracking; + fi + +@@ -11893,7 +12455,8 @@ fi + + + # Check whether --enable-silent-rules was given. +-if test "${enable_silent_rules+set}" = set; then : ++if test ${enable_silent_rules+y} ++then : + enableval=$enable_silent_rules; + fi + +@@ -11903,12 +12466,13 @@ case $enable_silent_rules in # ((( + *) AM_DEFAULT_VERBOSITY=1;; + esac + am_make=${MAKE-make} +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +-$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +-if ${am_cv_make_support_nested_variables+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- if $as_echo 'TRUE=$(BAR$(V)) ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 ++printf %s "checking whether $am_make supports nested variables... " >&6; } ++if test ${am_cv_make_support_nested_variables+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ if printf "%s\n" 'TRUE=$(BAR$(V)) + BAR0=false + BAR1=true + V=1 +@@ -11920,8 +12484,8 @@ else + am_cv_make_support_nested_variables=no + fi + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +-$as_echo "$am_cv_make_support_nested_variables" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 ++printf "%s\n" "$am_cv_make_support_nested_variables" >&6; } + if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +@@ -11953,17 +12517,13 @@ fi + + # Define the identity of the package. + PACKAGE='tpm2-tools' +- VERSION='5.5' ++ VERSION='5.7' + + +-cat >>confdefs.h <<_ACEOF +-#define PACKAGE "$PACKAGE" +-_ACEOF ++printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h + + +-cat >>confdefs.h <<_ACEOF +-#define VERSION "$VERSION" +-_ACEOF ++printf "%s\n" "#define VERSION \"$VERSION\"" >>confdefs.h + + # Some tools Automake needs. + +@@ -12005,11 +12565,12 @@ am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' + + depcc="$CC" am_compiler_list= + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +-$as_echo_n "checking dependency style of $depcc... " >&6; } +-if ${am_cv_CC_dependencies_compiler_type+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 ++printf %s "checking dependency style of $depcc... " >&6; } ++if test ${am_cv_CC_dependencies_compiler_type+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For +@@ -12116,8 +12677,8 @@ else + fi + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +-$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 ++printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; } + CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if +@@ -12131,6 +12692,20 @@ else + fi + + ++# Variables for tags utilities; see am/tags.am ++if test -z "$CTAGS"; then ++ CTAGS=ctags ++fi ++ ++if test -z "$ETAGS"; then ++ ETAGS=etags ++fi ++ ++if test -z "$CSCOPE"; then ++ CSCOPE=cscope ++fi ++ ++ + + # POSIX will say in a future version that running "rm -f" with no argument + # is OK; and we want to be able to make that assumption in our Makefile +@@ -12176,7 +12751,8 @@ fi + + # enable "silent-rules" option by default + # Check whether --enable-silent-rules was given. +-if test "${enable_silent_rules+set}" = set; then : ++if test ${enable_silent_rules+y} ++then : + enableval=$enable_silent_rules; + fi + +@@ -12186,12 +12762,13 @@ case $enable_silent_rules in # ((( + *) AM_DEFAULT_VERBOSITY=0;; + esac + am_make=${MAKE-make} +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +-$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +-if ${am_cv_make_support_nested_variables+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- if $as_echo 'TRUE=$(BAR$(V)) ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 ++printf %s "checking whether $am_make supports nested variables... " >&6; } ++if test ${am_cv_make_support_nested_variables+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ if printf "%s\n" 'TRUE=$(BAR$(V)) + BAR0=false + BAR1=true + V=1 +@@ -12203,8 +12780,8 @@ else + am_cv_make_support_nested_variables=no + fi + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +-$as_echo "$am_cv_make_support_nested_variables" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 ++printf "%s\n" "$am_cv_make_support_nested_variables" >&6; } + if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +@@ -12231,19 +12808,21 @@ AM_BACKSLASH='\' + # allow to override gcov location + + # Check whether --with-gcov was given. +-if test "${with_gcov+set}" = set; then : ++if test ${with_gcov+y} ++then : + withval=$with_gcov; _AX_CODE_COVERAGE_GCOV_PROG_WITH=$with_gcov +-else ++else $as_nop + _AX_CODE_COVERAGE_GCOV_PROG_WITH=gcov + fi + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with code coverage support" >&5 +-$as_echo_n "checking whether to build with code coverage support... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build with code coverage support" >&5 ++printf %s "checking whether to build with code coverage support... " >&6; } + # Check whether --enable-code-coverage was given. +-if test "${enable_code_coverage+set}" = set; then : ++if test ${enable_code_coverage+y} ++then : + enableval=$enable_code_coverage; +-else ++else $as_nop + enable_code_coverage=no + fi + +@@ -12258,21 +12837,23 @@ fi + + CODE_COVERAGE_ENABLED=$enable_code_coverage + +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_code_coverage" >&5 +-$as_echo "$enable_code_coverage" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_code_coverage" >&5 ++printf "%s\n" "$enable_code_coverage" >&6; } + +- if test "x$enable_code_coverage" = xyes ; then : ++ if test "x$enable_code_coverage" = xyes ++then : + + + for ac_prog in gawk mawk nawk awk + do + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_AWK+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_AWK+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. + else +@@ -12280,11 +12861,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_AWK="$ac_prog" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -12295,22 +12880,23 @@ fi + fi + AWK=$ac_cv_prog_AWK + if test -n "$AWK"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +-$as_echo "$AWK" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 ++printf "%s\n" "$AWK" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + + test -n "$AWK" && break + done + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU make" >&5 +-$as_echo_n "checking for GNU make... " >&6; } +-if ${_cv_gnu_make_command+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU make" >&5 ++printf %s "checking for GNU make... " >&6; } ++if test ${_cv_gnu_make_command+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + _cv_gnu_make_command="" ; + for a in "$MAKE" make gmake gnumake ; do + if test -z "$a" ; then continue ; fi ; +@@ -12322,24 +12908,28 @@ else + fi + done ; + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_cv_gnu_make_command" >&5 +-$as_echo "$_cv_gnu_make_command" >&6; } +- if test "x$_cv_gnu_make_command" = x""; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $_cv_gnu_make_command" >&5 ++printf "%s\n" "$_cv_gnu_make_command" >&6; } ++ if test "x$_cv_gnu_make_command" = x"" ++then : + ifGNUmake="#" +-else ++else $as_nop + ifGNUmake="" + fi +- if test "x$_cv_gnu_make_command" = x""; then : ++ if test "x$_cv_gnu_make_command" = x"" ++then : + ifnGNUmake="" +-else +- ifGNUmake="#" ++else $as_nop ++ ifnGNUmake="#" + fi +- if test "x$_cv_gnu_make_command" = x""; then : ++ if test "x$_cv_gnu_make_command" = x"" ++then : + { ax_cv_gnu_make_command=; unset ax_cv_gnu_make_command;} +-else ++else $as_nop + ax_cv_gnu_make_command=${_cv_gnu_make_command} + fi +- if test "x$_cv_gnu_make_command" = x""; then : ++ if test "x$_cv_gnu_make_command" = x"" ++then : + as_fn_error $? "not using GNU make that is needed for coverage" "$LINENO" 5 + fi + +@@ -12350,11 +12940,12 @@ fi + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}$_AX_CODE_COVERAGE_GCOV_PROG_WITH", so it can be a program name with args. + set dummy ${ac_tool_prefix}$_AX_CODE_COVERAGE_GCOV_PROG_WITH; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_GCOV+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_GCOV+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$GCOV"; then + ac_cv_prog_GCOV="$GCOV" # Let the user override the test. + else +@@ -12362,11 +12953,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_GCOV="${ac_tool_prefix}$_AX_CODE_COVERAGE_GCOV_PROG_WITH" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -12377,11 +12972,11 @@ fi + fi + GCOV=$ac_cv_prog_GCOV + if test -n "$GCOV"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCOV" >&5 +-$as_echo "$GCOV" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GCOV" >&5 ++printf "%s\n" "$GCOV" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -12390,11 +12985,12 @@ if test -z "$ac_cv_prog_GCOV"; then + ac_ct_GCOV=$GCOV + # Extract the first word of "$_AX_CODE_COVERAGE_GCOV_PROG_WITH", so it can be a program name with args. + set dummy $_AX_CODE_COVERAGE_GCOV_PROG_WITH; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_ac_ct_GCOV+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_ac_ct_GCOV+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$ac_ct_GCOV"; then + ac_cv_prog_ac_ct_GCOV="$ac_ct_GCOV" # Let the user override the test. + else +@@ -12402,11 +12998,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_GCOV="$_AX_CODE_COVERAGE_GCOV_PROG_WITH" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -12417,11 +13017,11 @@ fi + fi + ac_ct_GCOV=$ac_cv_prog_ac_ct_GCOV + if test -n "$ac_ct_GCOV"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_GCOV" >&5 +-$as_echo "$ac_ct_GCOV" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_GCOV" >&5 ++printf "%s\n" "$ac_ct_GCOV" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_ct_GCOV" = x; then +@@ -12429,8 +13029,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + GCOV=$ac_ct_GCOV +@@ -12439,12 +13039,14 @@ else + GCOV="$ac_cv_prog_GCOV" + fi + +- if test "X$GCOV" = "X:"; then : ++ if test "X$GCOV" = "X:" ++then : + as_fn_error $? "gcov is needed to do coverage" "$LINENO" 5 + fi + + +- if test "$GCC" = "no" ; then : ++ if test "$GCC" = "no" ++then : + + as_fn_error $? "not compiling with gcc, which is required for gcov code coverage" "$LINENO" 5 + +@@ -12452,11 +13054,12 @@ fi + + # Extract the first word of "lcov", so it can be a program name with args. + set dummy lcov; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_LCOV+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_LCOV+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$LCOV"; then + ac_cv_prog_LCOV="$LCOV" # Let the user override the test. + else +@@ -12464,11 +13067,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_LCOV="lcov" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -12479,21 +13086,22 @@ fi + fi + LCOV=$ac_cv_prog_LCOV + if test -n "$LCOV"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LCOV" >&5 +-$as_echo "$LCOV" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LCOV" >&5 ++printf "%s\n" "$LCOV" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + + # Extract the first word of "genhtml", so it can be a program name with args. + set dummy genhtml; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_GENHTML+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_GENHTML+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$GENHTML"; then + ac_cv_prog_GENHTML="$GENHTML" # Let the user override the test. + else +@@ -12501,11 +13109,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_GENHTML="genhtml" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -12516,22 +13128,24 @@ fi + fi + GENHTML=$ac_cv_prog_GENHTML + if test -n "$GENHTML"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GENHTML" >&5 +-$as_echo "$GENHTML" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GENHTML" >&5 ++printf "%s\n" "$GENHTML" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + + +- if test x"$LCOV" = x ; then : ++ if test x"$LCOV" = x ++then : + + as_fn_error $? "To enable code coverage reporting you must have lcov installed" "$LINENO" 5 + + fi + +- if test x"$GENHTML" = x ; then : ++ if test x"$GENHTML" = x ++then : + + as_fn_error $? "Could not find genhtml from the lcov package" "$LINENO" 5 + +@@ -12584,11 +13198,12 @@ ac_config_headers="$ac_config_headers lib/config.h" + + # Extract the first word of "pandoc", so it can be a program name with args. + set dummy pandoc; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_PANDOC+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_PANDOC+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$PANDOC"; then + ac_cv_prog_PANDOC="$PANDOC" # Let the user override the test. + else +@@ -12596,11 +13211,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_PANDOC="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -12611,19 +13230,20 @@ fi + fi + PANDOC=$ac_cv_prog_PANDOC + if test -n "$PANDOC"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PANDOC" >&5 +-$as_echo "$PANDOC" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PANDOC" >&5 ++printf "%s\n" "$PANDOC" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +-if test "x${PANDOC}" = x"yes"; then : ++if test "x${PANDOC}" = x"yes" ++then : + +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Required executable pandoc not found, man pages will not be built" >&5 +-$as_echo "$as_me: WARNING: Required executable pandoc not found, man pages will not be built" >&2;} ++else $as_nop ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Required executable pandoc not found, man pages will not be built" >&5 ++printf "%s\n" "$as_me: WARNING: Required executable pandoc not found, man pages will not be built" >&2;} + fi + if test "x${PANDOC}" = "xyes"; then + HAVE_PANDOC_TRUE= +@@ -12643,9 +13263,10 @@ fi + + + # Check whether --enable-fapi was given. +-if test "${enable_fapi+set}" = set; then : ++if test ${enable_fapi+y} ++then : + enableval=$enable_fapi; +-else ++else $as_nop + enable_fapi=check + fi + +@@ -12660,11 +13281,12 @@ if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. + set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_path_PKG_CONFIG+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_path_PKG_CONFIG+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. +@@ -12674,11 +13296,15 @@ else + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then +- ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ++ ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext" ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -12690,11 +13316,11 @@ esac + fi + PKG_CONFIG=$ac_cv_path_PKG_CONFIG + if test -n "$PKG_CONFIG"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +-$as_echo "$PKG_CONFIG" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 ++printf "%s\n" "$PKG_CONFIG" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -12703,11 +13329,12 @@ if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. + set dummy pkg-config; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_path_ac_pt_PKG_CONFIG+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. +@@ -12717,11 +13344,15 @@ else + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then +- ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ++ ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext" ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -12733,11 +13364,11 @@ esac + fi + ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG + if test -n "$ac_pt_PKG_CONFIG"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +-$as_echo "$ac_pt_PKG_CONFIG" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 ++printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + if test "x$ac_pt_PKG_CONFIG" = x; then +@@ -12745,8 +13376,8 @@ fi + else + case $cross_compiling:$ac_tool_warned in + yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 ++printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} + ac_tool_warned=yes ;; + esac + PKG_CONFIG=$ac_pt_PKG_CONFIG +@@ -12758,31 +13389,32 @@ fi + fi + if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +-$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 ++printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + PKG_CONFIG="" + fi + fi +-if test "$enable_fapi" = yes -o "$enable_fapi" = check; then : ++if test "$enable_fapi" = yes -o "$enable_fapi" = check ++then : + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_FAPI" >&5 +-$as_echo_n "checking for TSS2_FAPI... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-fapi" >&5 ++printf %s "checking for tss2-fapi... " >&6; } + + if test -n "$TSS2_FAPI_CFLAGS"; then + pkg_cv_TSS2_FAPI_CFLAGS="$TSS2_FAPI_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-fapi\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-fapi\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-fapi") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_FAPI_CFLAGS=`$PKG_CONFIG --cflags "tss2-fapi" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -12796,10 +13428,10 @@ if test -n "$TSS2_FAPI_LIBS"; then + pkg_cv_TSS2_FAPI_LIBS="$TSS2_FAPI_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-fapi\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-fapi\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-fapi") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_FAPI_LIBS=`$PKG_CONFIG --libs "tss2-fapi" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -12813,8 +13445,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -12830,16 +13462,18 @@ fi + echo "$TSS2_FAPI_PKG_ERRORS" >&5 + + +- if test "$enable_fapi" = yes; then : ++ if test "$enable_fapi" = yes ++then : + as_fn_error $? "Required module tss2-fapi not found" "$LINENO" 5 + fi + enable_fapi=no + + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + +- if test "$enable_fapi" = yes; then : ++ if test "$enable_fapi" = yes ++then : + as_fn_error $? "Required module tss2-fapi not found" "$LINENO" 5 + fi + enable_fapi=no +@@ -12847,23 +13481,23 @@ fi + else + TSS2_FAPI_CFLAGS=$pkg_cv_TSS2_FAPI_CFLAGS + TSS2_FAPI_LIBS=$pkg_cv_TSS2_FAPI_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + enable_fapi=yes + fi + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_FAPI_3_0" >&5 +-$as_echo_n "checking for TSS2_FAPI_3_0... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-fapi >= 3.0" >&5 ++printf %s "checking for tss2-fapi >= 3.0... " >&6; } + + if test -n "$TSS2_FAPI_3_0_CFLAGS"; then + pkg_cv_TSS2_FAPI_3_0_CFLAGS="$TSS2_FAPI_3_0_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-fapi >= 3.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-fapi >= 3.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-fapi >= 3.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_FAPI_3_0_CFLAGS=`$PKG_CONFIG --cflags "tss2-fapi >= 3.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -12877,10 +13511,10 @@ if test -n "$TSS2_FAPI_3_0_LIBS"; then + pkg_cv_TSS2_FAPI_3_0_LIBS="$TSS2_FAPI_3_0_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-fapi >= 3.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-fapi >= 3.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-fapi >= 3.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_FAPI_3_0_LIBS=`$PKG_CONFIG --libs "tss2-fapi >= 3.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -12894,8 +13528,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -12912,16 +13546,16 @@ fi + + true + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + true + else + TSS2_FAPI_3_0_CFLAGS=$pkg_cv_TSS2_FAPI_3_0_CFLAGS + TSS2_FAPI_3_0_LIBS=$pkg_cv_TSS2_FAPI_3_0_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + +-$as_echo "#define FAPI_3_0 1" >>confdefs.h ++printf "%s\n" "#define FAPI_3_0 1" >>confdefs.h + + fi + +@@ -12937,17 +13571,17 @@ fi + + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_ESYS_4_0" >&5 +-$as_echo_n "checking for TSS2_ESYS_4_0... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-esys >= 4.0.0" >&5 ++printf %s "checking for tss2-esys >= 4.0.0... " >&6; } + + if test -n "$TSS2_ESYS_4_0_CFLAGS"; then + pkg_cv_TSS2_ESYS_4_0_CFLAGS="$TSS2_ESYS_4_0_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 4.0.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 4.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 4.0.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_4_0_CFLAGS=`$PKG_CONFIG --cflags "tss2-esys >= 4.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -12961,10 +13595,10 @@ if test -n "$TSS2_ESYS_4_0_LIBS"; then + pkg_cv_TSS2_ESYS_4_0_LIBS="$TSS2_ESYS_4_0_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 4.0.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 4.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 4.0.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_4_0_LIBS=`$PKG_CONFIG --libs "tss2-esys >= 4.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -12978,8 +13612,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -12996,17 +13630,17 @@ fi + + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_ESYS_3_0" >&5 +-$as_echo_n "checking for TSS2_ESYS_3_0... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-esys >= 3.0.0" >&5 ++printf %s "checking for tss2-esys >= 3.0.0... " >&6; } + + if test -n "$TSS2_ESYS_3_0_CFLAGS"; then + pkg_cv_TSS2_ESYS_3_0_CFLAGS="$TSS2_ESYS_3_0_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 3.0.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 3.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 3.0.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_3_0_CFLAGS=`$PKG_CONFIG --cflags "tss2-esys >= 3.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13020,10 +13654,10 @@ if test -n "$TSS2_ESYS_3_0_LIBS"; then + pkg_cv_TSS2_ESYS_3_0_LIBS="$TSS2_ESYS_3_0_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 3.0.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 3.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 3.0.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_3_0_LIBS=`$PKG_CONFIG --libs "tss2-esys >= 3.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13037,8 +13671,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -13055,17 +13689,17 @@ fi + + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_ESYS_2_3" >&5 +-$as_echo_n "checking for TSS2_ESYS_2_3... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-esys >= 2.4.0" >&5 ++printf %s "checking for tss2-esys >= 2.4.0... " >&6; } + + if test -n "$TSS2_ESYS_2_3_CFLAGS"; then + pkg_cv_TSS2_ESYS_2_3_CFLAGS="$TSS2_ESYS_2_3_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 2.4.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_2_3_CFLAGS=`$PKG_CONFIG --cflags "tss2-esys >= 2.4.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13079,10 +13713,10 @@ if test -n "$TSS2_ESYS_2_3_LIBS"; then + pkg_cv_TSS2_ESYS_2_3_LIBS="$TSS2_ESYS_2_3_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 2.4.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_2_3_LIBS=`$PKG_CONFIG --libs "tss2-esys >= 2.4.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13096,8 +13730,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -13123,10 +13757,10 @@ Alternatively, you may set the environment variables TSS2_ESYS_2_3_CFLAGS + and TSS2_ESYS_2_3_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details." "$LINENO" 5 + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full + path to pkg-config. +@@ -13140,10 +13774,10 @@ See \`config.log' for more details" "$LINENO" 5; } + else + TSS2_ESYS_2_3_CFLAGS=$pkg_cv_TSS2_ESYS_2_3_CFLAGS + TSS2_ESYS_2_3_LIBS=$pkg_cv_TSS2_ESYS_2_3_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + +-$as_echo "#define ESYS_2_3 1" >>confdefs.h ++printf "%s\n" "#define ESYS_2_3 1" >>confdefs.h + + TSS2_ESYS_CFLAGS=$TSS2_ESYS_2_3_CFLAGS + +@@ -13153,21 +13787,21 @@ $as_echo "#define ESYS_2_3 1" >>confdefs.h + fi + + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_ESYS_2_3" >&5 +-$as_echo_n "checking for TSS2_ESYS_2_3... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-esys >= 2.4.0" >&5 ++printf %s "checking for tss2-esys >= 2.4.0... " >&6; } + + if test -n "$TSS2_ESYS_2_3_CFLAGS"; then + pkg_cv_TSS2_ESYS_2_3_CFLAGS="$TSS2_ESYS_2_3_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 2.4.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_2_3_CFLAGS=`$PKG_CONFIG --cflags "tss2-esys >= 2.4.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13181,10 +13815,10 @@ if test -n "$TSS2_ESYS_2_3_LIBS"; then + pkg_cv_TSS2_ESYS_2_3_LIBS="$TSS2_ESYS_2_3_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 2.4.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_2_3_LIBS=`$PKG_CONFIG --libs "tss2-esys >= 2.4.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13198,8 +13832,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -13225,10 +13859,10 @@ Alternatively, you may set the environment variables TSS2_ESYS_2_3_CFLAGS + and TSS2_ESYS_2_3_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details." "$LINENO" 5 + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full + path to pkg-config. +@@ -13242,10 +13876,10 @@ See \`config.log' for more details" "$LINENO" 5; } + else + TSS2_ESYS_2_3_CFLAGS=$pkg_cv_TSS2_ESYS_2_3_CFLAGS + TSS2_ESYS_2_3_LIBS=$pkg_cv_TSS2_ESYS_2_3_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + +-$as_echo "#define ESYS_2_3 1" >>confdefs.h ++printf "%s\n" "#define ESYS_2_3 1" >>confdefs.h + + TSS2_ESYS_CFLAGS=$TSS2_ESYS_2_3_CFLAGS + +@@ -13257,10 +13891,10 @@ fi + else + TSS2_ESYS_3_0_CFLAGS=$pkg_cv_TSS2_ESYS_3_0_CFLAGS + TSS2_ESYS_3_0_LIBS=$pkg_cv_TSS2_ESYS_3_0_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + +-$as_echo "#define ESYS_3_0 1" >>confdefs.h ++printf "%s\n" "#define ESYS_3_0 1" >>confdefs.h + + TSS2_ESYS_CFLAGS=$TSS2_ESYS_3_0_CFLAGS + +@@ -13269,21 +13903,21 @@ $as_echo "#define ESYS_3_0 1" >>confdefs.h + fi + + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_ESYS_3_0" >&5 +-$as_echo_n "checking for TSS2_ESYS_3_0... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-esys >= 3.0.0" >&5 ++printf %s "checking for tss2-esys >= 3.0.0... " >&6; } + + if test -n "$TSS2_ESYS_3_0_CFLAGS"; then + pkg_cv_TSS2_ESYS_3_0_CFLAGS="$TSS2_ESYS_3_0_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 3.0.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 3.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 3.0.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_3_0_CFLAGS=`$PKG_CONFIG --cflags "tss2-esys >= 3.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13297,10 +13931,10 @@ if test -n "$TSS2_ESYS_3_0_LIBS"; then + pkg_cv_TSS2_ESYS_3_0_LIBS="$TSS2_ESYS_3_0_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 3.0.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 3.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 3.0.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_3_0_LIBS=`$PKG_CONFIG --libs "tss2-esys >= 3.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13314,8 +13948,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -13332,17 +13966,17 @@ fi + + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_ESYS_2_3" >&5 +-$as_echo_n "checking for TSS2_ESYS_2_3... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-esys >= 2.4.0" >&5 ++printf %s "checking for tss2-esys >= 2.4.0... " >&6; } + + if test -n "$TSS2_ESYS_2_3_CFLAGS"; then + pkg_cv_TSS2_ESYS_2_3_CFLAGS="$TSS2_ESYS_2_3_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 2.4.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_2_3_CFLAGS=`$PKG_CONFIG --cflags "tss2-esys >= 2.4.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13356,10 +13990,10 @@ if test -n "$TSS2_ESYS_2_3_LIBS"; then + pkg_cv_TSS2_ESYS_2_3_LIBS="$TSS2_ESYS_2_3_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 2.4.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_2_3_LIBS=`$PKG_CONFIG --libs "tss2-esys >= 2.4.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13373,8 +14007,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -13400,10 +14034,10 @@ Alternatively, you may set the environment variables TSS2_ESYS_2_3_CFLAGS + and TSS2_ESYS_2_3_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details." "$LINENO" 5 + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full + path to pkg-config. +@@ -13417,10 +14051,10 @@ See \`config.log' for more details" "$LINENO" 5; } + else + TSS2_ESYS_2_3_CFLAGS=$pkg_cv_TSS2_ESYS_2_3_CFLAGS + TSS2_ESYS_2_3_LIBS=$pkg_cv_TSS2_ESYS_2_3_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + +-$as_echo "#define ESYS_2_3 1" >>confdefs.h ++printf "%s\n" "#define ESYS_2_3 1" >>confdefs.h + + TSS2_ESYS_CFLAGS=$TSS2_ESYS_2_3_CFLAGS + +@@ -13430,21 +14064,21 @@ $as_echo "#define ESYS_2_3 1" >>confdefs.h + fi + + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_ESYS_2_3" >&5 +-$as_echo_n "checking for TSS2_ESYS_2_3... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-esys >= 2.4.0" >&5 ++printf %s "checking for tss2-esys >= 2.4.0... " >&6; } + + if test -n "$TSS2_ESYS_2_3_CFLAGS"; then + pkg_cv_TSS2_ESYS_2_3_CFLAGS="$TSS2_ESYS_2_3_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 2.4.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_2_3_CFLAGS=`$PKG_CONFIG --cflags "tss2-esys >= 2.4.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13458,10 +14092,10 @@ if test -n "$TSS2_ESYS_2_3_LIBS"; then + pkg_cv_TSS2_ESYS_2_3_LIBS="$TSS2_ESYS_2_3_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys >= 2.4.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-esys >= 2.4.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_ESYS_2_3_LIBS=`$PKG_CONFIG --libs "tss2-esys >= 2.4.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13475,8 +14109,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -13502,10 +14136,10 @@ Alternatively, you may set the environment variables TSS2_ESYS_2_3_CFLAGS + and TSS2_ESYS_2_3_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details." "$LINENO" 5 + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full + path to pkg-config. +@@ -13519,10 +14153,10 @@ See \`config.log' for more details" "$LINENO" 5; } + else + TSS2_ESYS_2_3_CFLAGS=$pkg_cv_TSS2_ESYS_2_3_CFLAGS + TSS2_ESYS_2_3_LIBS=$pkg_cv_TSS2_ESYS_2_3_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + +-$as_echo "#define ESYS_2_3 1" >>confdefs.h ++printf "%s\n" "#define ESYS_2_3 1" >>confdefs.h + + TSS2_ESYS_CFLAGS=$TSS2_ESYS_2_3_CFLAGS + +@@ -13534,10 +14168,10 @@ fi + else + TSS2_ESYS_3_0_CFLAGS=$pkg_cv_TSS2_ESYS_3_0_CFLAGS + TSS2_ESYS_3_0_LIBS=$pkg_cv_TSS2_ESYS_3_0_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + +-$as_echo "#define ESYS_3_0 1" >>confdefs.h ++printf "%s\n" "#define ESYS_3_0 1" >>confdefs.h + + TSS2_ESYS_CFLAGS=$TSS2_ESYS_3_0_CFLAGS + +@@ -13548,10 +14182,10 @@ fi + else + TSS2_ESYS_4_0_CFLAGS=$pkg_cv_TSS2_ESYS_4_0_CFLAGS + TSS2_ESYS_4_0_LIBS=$pkg_cv_TSS2_ESYS_4_0_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + +-$as_echo "#define ESYS_4_0 1" >>confdefs.h ++printf "%s\n" "#define ESYS_4_0 1" >>confdefs.h + + TSS2_ESYS_CFLAGS=$TSS2_ESYS_4_0_CFLAGS + +@@ -13571,17 +14205,17 @@ fi + + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_TCTILDR" >&5 +-$as_echo_n "checking for TSS2_TCTILDR... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-tctildr" >&5 ++printf %s "checking for tss2-tctildr... " >&6; } + + if test -n "$TSS2_TCTILDR_CFLAGS"; then + pkg_cv_TSS2_TCTILDR_CFLAGS="$TSS2_TCTILDR_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-tctildr\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-tctildr\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-tctildr") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_TCTILDR_CFLAGS=`$PKG_CONFIG --cflags "tss2-tctildr" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13595,10 +14229,10 @@ if test -n "$TSS2_TCTILDR_LIBS"; then + pkg_cv_TSS2_TCTILDR_LIBS="$TSS2_TCTILDR_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-tctildr\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-tctildr\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-tctildr") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_TCTILDR_LIBS=`$PKG_CONFIG --libs "tss2-tctildr" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13612,8 +14246,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -13639,10 +14273,10 @@ Alternatively, you may set the environment variables TSS2_TCTILDR_CFLAGS + and TSS2_TCTILDR_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details." "$LINENO" 5 + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full + path to pkg-config. +@@ -13656,23 +14290,23 @@ See \`config.log' for more details" "$LINENO" 5; } + else + TSS2_TCTILDR_CFLAGS=$pkg_cv_TSS2_TCTILDR_CFLAGS + TSS2_TCTILDR_LIBS=$pkg_cv_TSS2_TCTILDR_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + + fi + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_MU" >&5 +-$as_echo_n "checking for TSS2_MU... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-mu" >&5 ++printf %s "checking for tss2-mu... " >&6; } + + if test -n "$TSS2_MU_CFLAGS"; then + pkg_cv_TSS2_MU_CFLAGS="$TSS2_MU_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-mu\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-mu\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-mu") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_MU_CFLAGS=`$PKG_CONFIG --cflags "tss2-mu" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13686,10 +14320,10 @@ if test -n "$TSS2_MU_LIBS"; then + pkg_cv_TSS2_MU_LIBS="$TSS2_MU_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-mu\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-mu\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-mu") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_MU_LIBS=`$PKG_CONFIG --libs "tss2-mu" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13703,8 +14337,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -13730,10 +14364,10 @@ Alternatively, you may set the environment variables TSS2_MU_CFLAGS + and TSS2_MU_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details." "$LINENO" 5 + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full + path to pkg-config. +@@ -13747,23 +14381,23 @@ See \`config.log' for more details" "$LINENO" 5; } + else + TSS2_MU_CFLAGS=$pkg_cv_TSS2_MU_CFLAGS + TSS2_MU_LIBS=$pkg_cv_TSS2_MU_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + + fi + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_RC" >&5 +-$as_echo_n "checking for TSS2_RC... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-rc" >&5 ++printf %s "checking for tss2-rc... " >&6; } + + if test -n "$TSS2_RC_CFLAGS"; then + pkg_cv_TSS2_RC_CFLAGS="$TSS2_RC_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-rc\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-rc\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-rc") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_RC_CFLAGS=`$PKG_CONFIG --cflags "tss2-rc" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13777,10 +14411,10 @@ if test -n "$TSS2_RC_LIBS"; then + pkg_cv_TSS2_RC_LIBS="$TSS2_RC_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-rc\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-rc\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-rc") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_RC_LIBS=`$PKG_CONFIG --libs "tss2-rc" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13794,8 +14428,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -13821,10 +14455,10 @@ Alternatively, you may set the environment variables TSS2_RC_CFLAGS + and TSS2_RC_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details." "$LINENO" 5 + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full + path to pkg-config. +@@ -13838,23 +14472,23 @@ See \`config.log' for more details" "$LINENO" 5; } + else + TSS2_RC_CFLAGS=$pkg_cv_TSS2_RC_CFLAGS + TSS2_RC_LIBS=$pkg_cv_TSS2_RC_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + + fi + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TSS2_SYS" >&5 +-$as_echo_n "checking for TSS2_SYS... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tss2-sys" >&5 ++printf %s "checking for tss2-sys... " >&6; } + + if test -n "$TSS2_SYS_CFLAGS"; then + pkg_cv_TSS2_SYS_CFLAGS="$TSS2_SYS_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-sys\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-sys\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-sys") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_SYS_CFLAGS=`$PKG_CONFIG --cflags "tss2-sys" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13868,10 +14502,10 @@ if test -n "$TSS2_SYS_LIBS"; then + pkg_cv_TSS2_SYS_LIBS="$TSS2_SYS_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-sys\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-sys\""; } >&5 + ($PKG_CONFIG --exists --print-errors "tss2-sys") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_TSS2_SYS_LIBS=`$PKG_CONFIG --libs "tss2-sys" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13885,8 +14519,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -13912,10 +14546,10 @@ Alternatively, you may set the environment variables TSS2_SYS_CFLAGS + and TSS2_SYS_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details." "$LINENO" 5 + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full + path to pkg-config. +@@ -13929,23 +14563,23 @@ See \`config.log' for more details" "$LINENO" 5; } + else + TSS2_SYS_CFLAGS=$pkg_cv_TSS2_SYS_CFLAGS + TSS2_SYS_LIBS=$pkg_cv_TSS2_SYS_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + + fi + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO" >&5 +-$as_echo_n "checking for CRYPTO... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libcrypto >= 1.1.0" >&5 ++printf %s "checking for libcrypto >= 1.1.0... " >&6; } + + if test -n "$CRYPTO_CFLAGS"; then + pkg_cv_CRYPTO_CFLAGS="$CRYPTO_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto >= 1.1.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto >= 1.1.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcrypto >= 1.1.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CRYPTO_CFLAGS=`$PKG_CONFIG --cflags "libcrypto >= 1.1.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13959,10 +14593,10 @@ if test -n "$CRYPTO_LIBS"; then + pkg_cv_CRYPTO_LIBS="$CRYPTO_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto >= 1.1.0\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto >= 1.1.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcrypto >= 1.1.0") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CRYPTO_LIBS=`$PKG_CONFIG --libs "libcrypto >= 1.1.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -13976,8 +14610,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -14003,10 +14637,10 @@ Alternatively, you may set the environment variables CRYPTO_CFLAGS + and CRYPTO_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details." "$LINENO" 5 + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full + path to pkg-config. +@@ -14020,15 +14654,18 @@ See \`config.log' for more details" "$LINENO" 5; } + else + CRYPTO_CFLAGS=$pkg_cv_CRYPTO_CFLAGS + CRYPTO_LIBS=$pkg_cv_CRYPTO_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- +-fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_sm3 in -lcrypto" >&5 +-$as_echo_n "checking for EVP_sm3 in -lcrypto... " >&6; } +-if ${ac_cv_lib_crypto_EVP_sm3+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } ++ ++fi ++LIBS_save="${LIBS}" ++LIBS="${CRYPTO_LIBS} ${LIBS}" ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_sm3 in -lcrypto" >&5 ++printf %s "checking for EVP_sm3 in -lcrypto... " >&6; } ++if test ${ac_cv_lib_crypto_EVP_sm3+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + ac_check_lib_save_LIBS=$LIBS + LIBS="-lcrypto $LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +@@ -14037,41 +14674,41 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +-#ifdef __cplusplus +-extern "C" +-#endif + char EVP_sm3 (); + int +-main () ++main (void) + { + return EVP_sm3 (); + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + ac_cv_lib_crypto_EVP_sm3=yes +-else ++else $as_nop + ac_cv_lib_crypto_EVP_sm3=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_sm3" >&5 +-$as_echo "$ac_cv_lib_crypto_EVP_sm3" >&6; } +-if test "x$ac_cv_lib_crypto_EVP_sm3" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_sm3" >&5 ++printf "%s\n" "$ac_cv_lib_crypto_EVP_sm3" >&6; } ++if test "x$ac_cv_lib_crypto_EVP_sm3" = xyes ++then : + + +-$as_echo "#define HAVE_EVP_SM3 1" >>confdefs.h ++printf "%s\n" "#define HAVE_EVP_SM3 1" >>confdefs.h + + fi + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_sm4_cfb128 in -lcrypto" >&5 +-$as_echo_n "checking for EVP_sm4_cfb128 in -lcrypto... " >&6; } +-if ${ac_cv_lib_crypto_EVP_sm4_cfb128+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_sm4_cfb128 in -lcrypto" >&5 ++printf %s "checking for EVP_sm4_cfb128 in -lcrypto... " >&6; } ++if test ${ac_cv_lib_crypto_EVP_sm4_cfb128+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + ac_check_lib_save_LIBS=$LIBS + LIBS="-lcrypto $LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +@@ -14080,49 +14717,49 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +-#ifdef __cplusplus +-extern "C" +-#endif + char EVP_sm4_cfb128 (); + int +-main () ++main (void) + { + return EVP_sm4_cfb128 (); + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + ac_cv_lib_crypto_EVP_sm4_cfb128=yes +-else ++else $as_nop + ac_cv_lib_crypto_EVP_sm4_cfb128=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_sm4_cfb128" >&5 +-$as_echo "$ac_cv_lib_crypto_EVP_sm4_cfb128" >&6; } +-if test "x$ac_cv_lib_crypto_EVP_sm4_cfb128" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_sm4_cfb128" >&5 ++printf "%s\n" "$ac_cv_lib_crypto_EVP_sm4_cfb128" >&6; } ++if test "x$ac_cv_lib_crypto_EVP_sm4_cfb128" = xyes ++then : + + +-$as_echo "#define HAVE_EVP_SM4_CFB 1" >>confdefs.h ++printf "%s\n" "#define HAVE_EVP_SM4_CFB 1" >>confdefs.h + + fi + ++LIBS="${LIBS_save}" + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CURL" >&5 +-$as_echo_n "checking for CURL... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libcurl" >&5 ++printf %s "checking for libcurl... " >&6; } + + if test -n "$CURL_CFLAGS"; then + pkg_cv_CURL_CFLAGS="$CURL_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcurl\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcurl\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcurl") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CURL_CFLAGS=`$PKG_CONFIG --cflags "libcurl" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -14136,10 +14773,10 @@ if test -n "$CURL_LIBS"; then + pkg_cv_CURL_LIBS="$CURL_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcurl\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcurl\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcurl") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CURL_LIBS=`$PKG_CONFIG --libs "libcurl" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -14153,8 +14790,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -14180,10 +14817,10 @@ Alternatively, you may set the environment variables CURL_CFLAGS + and CURL_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details." "$LINENO" 5 + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full + path to pkg-config. +@@ -14197,8 +14834,8 @@ See \`config.log' for more details" "$LINENO" 5; } + else + CURL_CFLAGS=$pkg_cv_CURL_CFLAGS + CURL_LIBS=$pkg_cv_CURL_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + + fi + +@@ -14206,29 +14843,31 @@ fi + # auto detect if not specified via the --with-efivar option. + + # Check whether --with-efivar was given. +-if test "${with_efivar+set}" = set; then : ++if test ${with_efivar+y} ++then : + withval=$with_efivar; +-else ++else $as_nop + with_efivar=auto + + fi + + + # use the true program to avoid failing hard +-if test "x$with_efivar" == "xauto"; then : ++if test "x$with_efivar" = "xauto" ++then : + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EFIVAR" >&5 +-$as_echo_n "checking for EFIVAR... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for efivar" >&5 ++printf %s "checking for efivar... " >&6; } + + if test -n "$EFIVAR_CFLAGS"; then + pkg_cv_EFIVAR_CFLAGS="$EFIVAR_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"efivar\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"efivar\""; } >&5 + ($PKG_CONFIG --exists --print-errors "efivar") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_EFIVAR_CFLAGS=`$PKG_CONFIG --cflags "efivar" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -14242,10 +14881,10 @@ if test -n "$EFIVAR_LIBS"; then + pkg_cv_EFIVAR_LIBS="$EFIVAR_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"efivar\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"efivar\""; } >&5 + ($PKG_CONFIG --exists --print-errors "efivar") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_EFIVAR_LIBS=`$PKG_CONFIG --libs "efivar" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -14259,8 +14898,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -14277,30 +14916,42 @@ fi + + true + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + true + else + EFIVAR_CFLAGS=$pkg_cv_EFIVAR_CFLAGS + EFIVAR_LIBS=$pkg_cv_EFIVAR_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } ++ for ac_header in efivar/efivar.h ++do : ++ ac_fn_c_check_header_compile "$LINENO" "efivar/efivar.h" "ac_cv_header_efivar_efivar_h" "$ac_includes_default" ++if test "x$ac_cv_header_efivar_efivar_h" = xyes ++then : ++ printf "%s\n" "#define HAVE_EFIVAR_EFIVAR_H 1" >>confdefs.h ++ ++else $as_nop ++ true ++fi + ++done + fi +-elif test "x$with_efivar" == "xyes"; then : ++elif test "x$with_efivar" = "xyes" ++then : + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EFIVAR" >&5 +-$as_echo_n "checking for EFIVAR... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for efivar" >&5 ++printf %s "checking for efivar... " >&6; } + + if test -n "$EFIVAR_CFLAGS"; then + pkg_cv_EFIVAR_CFLAGS="$EFIVAR_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"efivar\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"efivar\""; } >&5 + ($PKG_CONFIG --exists --print-errors "efivar") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_EFIVAR_CFLAGS=`$PKG_CONFIG --cflags "efivar" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -14314,10 +14965,10 @@ if test -n "$EFIVAR_LIBS"; then + pkg_cv_EFIVAR_LIBS="$EFIVAR_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"efivar\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"efivar\""; } >&5 + ($PKG_CONFIG --exists --print-errors "efivar") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_EFIVAR_LIBS=`$PKG_CONFIG --libs "efivar" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -14331,8 +14982,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -14358,10 +15009,10 @@ Alternatively, you may set the environment variables EFIVAR_CFLAGS + and EFIVAR_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details." "$LINENO" 5 + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full + path to pkg-config. +@@ -14375,30 +15026,58 @@ See \`config.log' for more details" "$LINENO" 5; } + else + EFIVAR_CFLAGS=$pkg_cv_EFIVAR_CFLAGS + EFIVAR_LIBS=$pkg_cv_EFIVAR_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } ++ ac_fn_c_check_header_compile "$LINENO" "efivar/efivar.h" "ac_cv_header_efivar_efivar_h" "$ac_includes_default" ++if test "x$ac_cv_header_efivar_efivar_h" = xyes ++then : ++ printf "%s\n" "#define HAVE_EFIVAR_EFIVAR_H 1" >>confdefs.h ++ ++fi ++ ++fi ++fi + ++ for ac_header in efivar/efivar.h ++do : ++ ac_fn_c_check_header_compile "$LINENO" "efivar/efivar.h" "ac_cv_header_efivar_efivar_h" "$ac_includes_default" ++if test "x$ac_cv_header_efivar_efivar_h" = xyes ++then : ++ printf "%s\n" "#define HAVE_EFIVAR_EFIVAR_H 1" >>confdefs.h ++ efivar_h=yes ++else $as_nop ++ efivar = no + fi ++ ++done ++ if test "$efivar_h" = yes; then ++ HAVE_EFIVAR_H_TRUE= ++ HAVE_EFIVAR_H_FALSE='#' ++else ++ HAVE_EFIVAR_H_TRUE='#' ++ HAVE_EFIVAR_H_FALSE= + fi + ++ + # backwards compat with older pkg-config + # - pull in AC_DEFUN from pkg.m4 + + + + # Check whether --with-bashcompdir was given. +-if test "${with_bashcompdir+set}" = set; then : ++if test ${with_bashcompdir+y} ++then : + withval=$with_bashcompdir; +-else ++else $as_nop + + if test -n "$with_bashcompdir"; then + pkg_cv_with_bashcompdir="$with_bashcompdir" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"bash-completion\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"bash-completion\""; } >&5 + ($PKG_CONFIG --exists --print-errors "bash-completion") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_with_bashcompdir=`$PKG_CONFIG --variable="completionsdir" "bash-completion" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -14410,7 +15089,8 @@ fi + fi + with_bashcompdir=$pkg_cv_with_bashcompdir + +-if test "x$with_bashcompdir" = x""; then : ++if test "x$with_bashcompdir" = x"" ++then : + with_bashcompdir="${datarootdir}/bash-completion/completions" + fi + fi +@@ -14420,7 +15100,8 @@ bashcompdir=$with_bashcompdir + + + # Check whether --with-tpmsim was given. +-if test "${with_tpmsim+set}" = set; then : ++if test ${with_tpmsim+y} ++then : + withval=$with_tpmsim; + fi + +@@ -14442,9 +15123,10 @@ esac + + + # Check whether --enable-unit was given. +-if test "${enable_unit+set}" = set; then : ++if test ${enable_unit+y} ++then : + enableval=$enable_unit; +-else ++else $as_nop + enable_unit=no + fi + +@@ -14458,7 +15140,8 @@ fi + + + # Check whether --enable-persistent was given. +-if test "${enable_persistent+set}" = set; then : ++if test ${enable_persistent+y} ++then : + enableval=$enable_persistent; + fi + +@@ -14484,21 +15167,22 @@ case "${host_os}" in + ;; + esac + +-if test "x$enable_unit" != xno; then : ++if test "x$enable_unit" != xno ++then : + + + pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CMOCKA" >&5 +-$as_echo_n "checking for CMOCKA... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for cmocka" >&5 ++printf %s "checking for cmocka... " >&6; } + + if test -n "$CMOCKA_CFLAGS"; then + pkg_cv_CMOCKA_CFLAGS="$CMOCKA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka\""; } >&5 + ($PKG_CONFIG --exists --print-errors "cmocka") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CMOCKA_CFLAGS=`$PKG_CONFIG --cflags "cmocka" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -14512,10 +15196,10 @@ if test -n "$CMOCKA_LIBS"; then + pkg_cv_CMOCKA_LIBS="$CMOCKA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka\""; } >&5 ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka\""; } >&5 + ($PKG_CONFIG --exists --print-errors "cmocka") 2>&5 + ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CMOCKA_LIBS=`$PKG_CONFIG --libs "cmocka" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +@@ -14529,8 +15213,8 @@ fi + + + if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + + if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +@@ -14556,10 +15240,10 @@ Alternatively, you may set the environment variables CMOCKA_CFLAGS + and CMOCKA_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details." "$LINENO" 5 + elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full + path to pkg-config. +@@ -14573,18 +15257,19 @@ See \`config.log' for more details" "$LINENO" 5; } + else + CMOCKA_CFLAGS=$pkg_cv_CMOCKA_CFLAGS + CMOCKA_LIBS=$pkg_cv_CMOCKA_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } + + fi + + # Extract the first word of "tpm2-abrmd", so it can be a program name with args. + set dummy tpm2-abrmd; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_tpm2_abrmd+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_tpm2_abrmd+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$tpm2_abrmd"; then + ac_cv_prog_tpm2_abrmd="$tpm2_abrmd" # Let the user override the test. + else +@@ -14592,11 +15277,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_tpm2_abrmd="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -14608,31 +15297,34 @@ fi + fi + tpm2_abrmd=$ac_cv_prog_tpm2_abrmd + if test -n "$tpm2_abrmd"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tpm2_abrmd" >&5 +-$as_echo "$tpm2_abrmd" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tpm2_abrmd" >&5 ++printf "%s\n" "$tpm2_abrmd" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +- if test $tpm2_abrmd = yes; then : ++ if test $tpm2_abrmd = yes ++then : + TPM2_ABRMD=tpm2-abrmd +-else ++else $as_nop + as_fn_error $? "Required executable tpm2_abrmd not found, try setting PATH" "$LINENO" 5 + + fi + + +- if test -z "$tpmsim"; then : ++ if test -z "$tpmsim" ++then : + + # Extract the first word of "swtpm", so it can be a program name with args. + set dummy swtpm; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_swtpm+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_swtpm+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$swtpm"; then + ac_cv_prog_swtpm="$swtpm" # Let the user override the test. + else +@@ -14640,11 +15332,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_swtpm="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -14656,21 +15352,22 @@ fi + fi + swtpm=$ac_cv_prog_swtpm + if test -n "$swtpm"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $swtpm" >&5 +-$as_echo "$swtpm" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $swtpm" >&5 ++printf "%s\n" "$swtpm" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + + # Extract the first word of "tpm_server", so it can be a program name with args. + set dummy tpm_server; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_tpm_server+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_tpm_server+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$tpm_server"; then + ac_cv_prog_tpm_server="$tpm_server" # Let the user override the test. + else +@@ -14678,11 +15375,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_tpm_server="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -14694,33 +15395,36 @@ fi + fi + tpm_server=$ac_cv_prog_tpm_server + if test -n "$tpm_server"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tpm_server" >&5 +-$as_echo "$tpm_server" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tpm_server" >&5 ++printf "%s\n" "$tpm_server" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +- if test $swtpm = yes; then : ++ if test $swtpm = yes ++then : + TPM2_SIM=swtpm +-else +- if test $tpm_server = yes; then : ++else $as_nop ++ if test $tpm_server = yes ++then : + TPM2_SIM=tpm_server +-else ++else $as_nop + as_fn_error $? "Required executables swtpm or tpm_server not found, try setting PATH" "$LINENO" 5 + fi + fi + +-else ++else $as_nop + + # Extract the first word of "$tpmsim", so it can be a program name with args. + set dummy $tpmsim; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_HAS_TPM2_SIM+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_HAS_TPM2_SIM+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$HAS_TPM2_SIM"; then + ac_cv_prog_HAS_TPM2_SIM="$HAS_TPM2_SIM" # Let the user override the test. + else +@@ -14728,11 +15432,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_HAS_TPM2_SIM="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -14744,17 +15452,18 @@ fi + fi + HAS_TPM2_SIM=$ac_cv_prog_HAS_TPM2_SIM + if test -n "$HAS_TPM2_SIM"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $HAS_TPM2_SIM" >&5 +-$as_echo "$HAS_TPM2_SIM" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $HAS_TPM2_SIM" >&5 ++printf "%s\n" "$HAS_TPM2_SIM" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +- if test "$HAS_TPM2_SIM" = yes; then : ++ if test "$HAS_TPM2_SIM" = yes ++then : + TPM2_SIM=$tpmsim +-else ++else $as_nop + as_fn_error $? "Required executable $tpmsim not found, system tests require a tpm simulator shell!" "$LINENO" 5 + + fi +@@ -14765,11 +15474,12 @@ fi + + # Extract the first word of "bash", so it can be a program name with args. + set dummy bash; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_BASH_SHELL+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_BASH_SHELL+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$BASH_SHELL"; then + ac_cv_prog_BASH_SHELL="$BASH_SHELL" # Let the user override the test. + else +@@ -14777,11 +15487,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_BASH_SHELL="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -14793,15 +15507,16 @@ fi + fi + BASH_SHELL=$ac_cv_prog_BASH_SHELL + if test -n "$BASH_SHELL"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $BASH_SHELL" >&5 +-$as_echo "$BASH_SHELL" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $BASH_SHELL" >&5 ++printf "%s\n" "$BASH_SHELL" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +- if test $BASH_SHELL = no; then : ++ if test $BASH_SHELL = no ++then : + as_fn_error $? "Required executable bash not found, system tests require a bash shell!" "$LINENO" 5 + fi + +@@ -14813,15 +15528,16 @@ fi + + # Find any Python interpreter. + if test -z "$PYTHON"; then +- for ac_prog in python python2 python3 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 ++ for ac_prog in python python2 python3 python3.11 python3.10 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 + do + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_path_PYTHON+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_path_PYTHON+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + case $PYTHON in + [\\/]* | ?:[\\/]*) + ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. +@@ -14831,11 +15547,15 @@ else + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then +- ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ++ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext" ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -14847,11 +15567,11 @@ esac + fi + PYTHON=$ac_cv_path_PYTHON + if test -n "$PYTHON"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 +-$as_echo "$PYTHON" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 ++printf "%s\n" "$PYTHON" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +@@ -14864,43 +15584,173 @@ test -n "$PYTHON" || PYTHON=":" + + + if test "$PYTHON" = :; then +- as_fn_error $? "Required executable python not found, some system tests will fail!" "$LINENO" 5 ++ as_fn_error $? "Required executable python not found, some system tests will fail!" "$LINENO" 5 + + else + +- +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5 +-$as_echo_n "checking for $am_display_PYTHON version... " >&6; } +-if ${am_cv_python_version+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"` ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5 ++printf %s "checking for $am_display_PYTHON version... " >&6; } ++if test ${am_cv_python_version+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[:2])"` + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 +-$as_echo "$am_cv_python_version" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 ++printf "%s\n" "$am_cv_python_version" >&6; } + PYTHON_VERSION=$am_cv_python_version + + ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5 ++printf %s "checking for $am_display_PYTHON platform... " >&6; } ++if test ${am_cv_python_platform+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` ++fi ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 ++printf "%s\n" "$am_cv_python_platform" >&6; } ++ PYTHON_PLATFORM=$am_cv_python_platform + +- PYTHON_PREFIX='${prefix}' +- +- PYTHON_EXEC_PREFIX='${exec_prefix}' + ++ if test "x$prefix" = xNONE; then ++ am__usable_prefix=$ac_default_prefix ++ else ++ am__usable_prefix=$prefix ++ fi + ++ # Allow user to request using sys.* values from Python, ++ # instead of the GNU $prefix values. ++ ++# Check whether --with-python-sys-prefix was given. ++if test ${with_python_sys_prefix+y} ++then : ++ withval=$with_python_sys_prefix; am_use_python_sys=: ++else $as_nop ++ am_use_python_sys=false ++fi ++ ++ ++ # Allow user to override whatever the default Python prefix is. ++ ++# Check whether --with-python_prefix was given. ++if test ${with_python_prefix+y} ++then : ++ withval=$with_python_prefix; am_python_prefix_subst=$withval ++ am_cv_python_prefix=$withval ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON prefix" >&5 ++printf %s "checking for explicit $am_display_PYTHON prefix... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5 ++printf "%s\n" "$am_cv_python_prefix" >&6; } ++else $as_nop ++ ++ if $am_use_python_sys; then ++ # using python sys.prefix value, not GNU ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON prefix" >&5 ++printf %s "checking for python default $am_display_PYTHON prefix... " >&6; } ++if test ${am_cv_python_prefix+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"` ++fi ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5 ++printf "%s\n" "$am_cv_python_prefix" >&6; } ++ ++ case $am_cv_python_prefix in ++ $am__usable_prefix*) ++ am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'` ++ am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"` ++ ;; ++ *) ++ am_python_prefix_subst=$am_cv_python_prefix ++ ;; ++ esac ++ else # using GNU prefix value, not python sys.prefix ++ am_python_prefix_subst='${prefix}' ++ am_python_prefix=$am_python_prefix_subst ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON prefix" >&5 ++printf %s "checking for GNU default $am_display_PYTHON prefix... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_prefix" >&5 ++printf "%s\n" "$am_python_prefix" >&6; } ++ fi ++fi + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5 +-$as_echo_n "checking for $am_display_PYTHON platform... " >&6; } +-if ${am_cv_python_platform+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` ++ # Substituting python_prefix_subst value. ++ PYTHON_PREFIX=$am_python_prefix_subst ++ ++ ++ # emacs-page Now do it all over again for Python exec_prefix, but with yet ++ # another conditional: fall back to regular prefix if that was specified. ++ ++# Check whether --with-python_exec_prefix was given. ++if test ${with_python_exec_prefix+y} ++then : ++ withval=$with_python_exec_prefix; am_python_exec_prefix_subst=$withval ++ am_cv_python_exec_prefix=$withval ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON exec_prefix" >&5 ++printf %s "checking for explicit $am_display_PYTHON exec_prefix... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5 ++printf "%s\n" "$am_cv_python_exec_prefix" >&6; } ++else $as_nop ++ ++ # no explicit --with-python_exec_prefix, but if ++ # --with-python_prefix was given, use its value for python_exec_prefix too. ++ if test -n "$with_python_prefix" ++then : ++ am_python_exec_prefix_subst=$with_python_prefix ++ am_cv_python_exec_prefix=$with_python_prefix ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python_prefix-given $am_display_PYTHON exec_prefix" >&5 ++printf %s "checking for python_prefix-given $am_display_PYTHON exec_prefix... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5 ++printf "%s\n" "$am_cv_python_exec_prefix" >&6; } ++else $as_nop ++ ++ # Set am__usable_exec_prefix whether using GNU or Python values, ++ # since we use that variable for pyexecdir. ++ if test "x$exec_prefix" = xNONE; then ++ am__usable_exec_prefix=$am__usable_prefix ++ else ++ am__usable_exec_prefix=$exec_prefix ++ fi ++ # ++ if $am_use_python_sys; then # using python sys.exec_prefix, not GNU ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON exec_prefix" >&5 ++printf %s "checking for python default $am_display_PYTHON exec_prefix... " >&6; } ++if test ${am_cv_python_exec_prefix+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"` ++fi ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5 ++printf "%s\n" "$am_cv_python_exec_prefix" >&6; } ++ case $am_cv_python_exec_prefix in ++ $am__usable_exec_prefix*) ++ am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'` ++ am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"` ++ ;; ++ *) ++ am_python_exec_prefix_subst=$am_cv_python_exec_prefix ++ ;; ++ esac ++ else # using GNU $exec_prefix, not python sys.exec_prefix ++ am_python_exec_prefix_subst='${exec_prefix}' ++ am_python_exec_prefix=$am_python_exec_prefix_subst ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON exec_prefix" >&5 ++printf %s "checking for GNU default $am_display_PYTHON exec_prefix... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_exec_prefix" >&5 ++printf "%s\n" "$am_python_exec_prefix" >&6; } ++ fi ++fi + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 +-$as_echo "$am_cv_python_platform" >&6; } +- PYTHON_PLATFORM=$am_cv_python_platform + ++ # Substituting python_exec_prefix_subst. ++ PYTHON_EXEC_PREFIX=$am_python_exec_prefix_subst + +- # Just factor out some code duplication. ++ ++ # Factor out some code duplication into this shell variable. + am_python_setup_sysconfig="\ + import sys + # Prefer sysconfig over distutils.sysconfig, for better compatibility +@@ -14921,117 +15771,129 @@ except ImportError: + pass" + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 +-$as_echo_n "checking for $am_display_PYTHON script directory... " >&6; } +-if ${am_cv_python_pythondir+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- if test "x$prefix" = xNONE +- then +- am_py_prefix=$ac_default_prefix +- else +- am_py_prefix=$prefix +- fi +- am_cv_python_pythondir=`$PYTHON -c " ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory (pythondir)" >&5 ++printf %s "checking for $am_display_PYTHON script directory (pythondir)... " >&6; } ++if test ${am_cv_python_pythondir+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ if test "x$am_cv_python_prefix" = x; then ++ am_py_prefix=$am__usable_prefix ++ else ++ am_py_prefix=$am_cv_python_prefix ++ fi ++ am_cv_python_pythondir=`$PYTHON -c " + $am_python_setup_sysconfig + if can_use_sysconfig: +- sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) ++ if hasattr(sysconfig, 'get_default_scheme'): ++ scheme = sysconfig.get_default_scheme() ++ else: ++ scheme = sysconfig._get_default_scheme() ++ if scheme == 'posix_local': ++ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/ ++ scheme = 'posix_prefix' ++ sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'}) + else: +- from distutils import sysconfig +- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') ++ from distutils import sysconfig ++ sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') + sys.stdout.write(sitedir)"` +- case $am_cv_python_pythondir in +- $am_py_prefix*) +- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` +- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` +- ;; +- *) +- case $am_py_prefix in +- /usr|/System*) ;; +- *) +- am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages +- ;; +- esac +- ;; ++ # ++ case $am_cv_python_pythondir in ++ $am_py_prefix*) ++ am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` ++ am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"` ++ ;; ++ *) ++ case $am_py_prefix in ++ /usr|/System*) ;; ++ *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages" ++ ;; + esac ++ ;; ++ esac + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 +-$as_echo "$am_cv_python_pythondir" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 ++printf "%s\n" "$am_cv_python_pythondir" >&6; } + pythondir=$am_cv_python_pythondir + + +- +- pkgpythondir=\${pythondir}/$PACKAGE ++ pkgpythondir=\${pythondir}/$PACKAGE + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5 +-$as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; } +-if ${am_cv_python_pyexecdir+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- if test "x$exec_prefix" = xNONE +- then +- am_py_exec_prefix=$am_py_prefix +- else +- am_py_exec_prefix=$exec_prefix +- fi +- am_cv_python_pyexecdir=`$PYTHON -c " ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory (pyexecdir)" >&5 ++printf %s "checking for $am_display_PYTHON extension module directory (pyexecdir)... " >&6; } ++if test ${am_cv_python_pyexecdir+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ if test "x$am_cv_python_exec_prefix" = x; then ++ am_py_exec_prefix=$am__usable_exec_prefix ++ else ++ am_py_exec_prefix=$am_cv_python_exec_prefix ++ fi ++ am_cv_python_pyexecdir=`$PYTHON -c " + $am_python_setup_sysconfig + if can_use_sysconfig: +- sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) ++ if hasattr(sysconfig, 'get_default_scheme'): ++ scheme = sysconfig.get_default_scheme() ++ else: ++ scheme = sysconfig._get_default_scheme() ++ if scheme == 'posix_local': ++ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/ ++ scheme = 'posix_prefix' ++ sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'}) + else: +- from distutils import sysconfig +- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') ++ from distutils import sysconfig ++ sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix') + sys.stdout.write(sitedir)"` +- case $am_cv_python_pyexecdir in +- $am_py_exec_prefix*) +- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` +- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` +- ;; +- *) +- case $am_py_exec_prefix in +- /usr|/System*) ;; +- *) +- am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages +- ;; +- esac +- ;; ++ # ++ case $am_cv_python_pyexecdir in ++ $am_py_exec_prefix*) ++ am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` ++ am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"` ++ ;; ++ *) ++ case $am_py_exec_prefix in ++ /usr|/System*) ;; ++ *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages" ++ ;; + esac ++ ;; ++ esac + + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 +-$as_echo "$am_cv_python_pyexecdir" >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 ++printf "%s\n" "$am_cv_python_pyexecdir" >&6; } + pyexecdir=$am_cv_python_pyexecdir + + +- +- pkgpyexecdir=\${pyexecdir}/$PACKAGE ++ pkgpyexecdir=\${pyexecdir}/$PACKAGE + + + + fi + + +- +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for module yaml in $PYTHON" >&5 +-$as_echo_n "checking for module yaml in $PYTHON... " >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for module yaml in $PYTHON" >&5 ++printf %s "checking for module yaml in $PYTHON... " >&6; } + echo "import yaml" | $PYTHON - 2>/dev/null + if test $? -ne 0 ; then + as_fn_error $? "not found" "$LINENO" 5 + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 +-$as_echo "found" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: found" >&5 ++printf "%s\n" "found" >&6; } + fi + + + # Extract the first word of "xxd", so it can be a program name with args. + set dummy xxd; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_XXD+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_XXD+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$XXD"; then + ac_cv_prog_XXD="$XXD" # Let the user override the test. + else +@@ -15039,11 +15901,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_XXD="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -15055,25 +15921,28 @@ fi + fi + XXD=$ac_cv_prog_XXD + if test -n "$XXD"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XXD" >&5 +-$as_echo "$XXD" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $XXD" >&5 ++printf "%s\n" "$XXD" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +- if test $XXD = no; then : ++ if test $XXD = no ++then : + as_fn_error $? "Required executable xxd not found, some system tests will fail!" "$LINENO" 5 + fi +- if test "$HOSTOS" = "Linux"; then : ++ if test "$HOSTOS" = "Linux" ++then : + # Extract the first word of "ss", so it can be a program name with args. + set dummy ss; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_SS+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_SS+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$SS"; then + ac_cv_prog_SS="$SS" # Let the user override the test. + else +@@ -15081,11 +15950,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_SS="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -15097,22 +15970,23 @@ fi + fi + SS=$ac_cv_prog_SS + if test -n "$SS"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SS" >&5 +-$as_echo "$SS" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SS" >&5 ++printf "%s\n" "$SS" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +-else ++else $as_nop + # Extract the first word of "sockstat", so it can be a program name with args. + set dummy sockstat; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_SS+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_SS+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$SS"; then + ac_cv_prog_SS="$SS" # Let the user override the test. + else +@@ -15120,11 +15994,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_SS="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -15136,26 +16014,28 @@ fi + fi + SS=$ac_cv_prog_SS + if test -n "$SS"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SS" >&5 +-$as_echo "$SS" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SS" >&5 ++printf "%s\n" "$SS" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + + fi +- if test $SS = no; then : ++ if test $SS = no ++then : + as_fn_error $? "Required executable ss/sockstat not found, some system tests will fail!" "$LINENO" 5 + fi + + # Extract the first word of "shasum", so it can be a program name with args. + set dummy shasum; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_SHASUM+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_SHASUM+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$SHASUM"; then + ac_cv_prog_SHASUM="$SHASUM" # Let the user override the test. + else +@@ -15163,11 +16043,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_SHASUM="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -15179,25 +16063,27 @@ fi + fi + SHASUM=$ac_cv_prog_SHASUM + if test -n "$SHASUM"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SHASUM" >&5 +-$as_echo "$SHASUM" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SHASUM" >&5 ++printf "%s\n" "$SHASUM" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +- if test $SHASUM = no; then : ++ if test $SHASUM = no ++then : + as_fn_error $? "Required executable shasum not found, some system tests will fail!" "$LINENO" 5 + fi + + # Extract the first word of "mktemp", so it can be a program name with args. + set dummy mktemp; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_MKTEMP+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_MKTEMP+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$MKTEMP"; then + ac_cv_prog_MKTEMP="$MKTEMP" # Let the user override the test. + else +@@ -15205,11 +16091,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_MKTEMP="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -15221,25 +16111,27 @@ fi + fi + MKTEMP=$ac_cv_prog_MKTEMP + if test -n "$MKTEMP"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKTEMP" >&5 +-$as_echo "$MKTEMP" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKTEMP" >&5 ++printf "%s\n" "$MKTEMP" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +- if test $MKTEMP = no; then : ++ if test $MKTEMP = no ++then : + as_fn_error $? "Required executable mktemp not found, some system tests will fail!" "$LINENO" 5 + fi + + # Extract the first word of "expect", so it can be a program name with args. + set dummy expect; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_EXPECT+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_EXPECT+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$EXPECT"; then + ac_cv_prog_EXPECT="$EXPECT" # Let the user override the test. + else +@@ -15247,11 +16139,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_EXPECT="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -15263,25 +16159,27 @@ fi + fi + EXPECT=$ac_cv_prog_EXPECT + if test -n "$EXPECT"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $EXPECT" >&5 +-$as_echo "$EXPECT" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $EXPECT" >&5 ++printf "%s\n" "$EXPECT" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +- if test $EXPECT = no; then : ++ if test $EXPECT = no ++then : + as_fn_error $? "Required executable expect not found, some system tests will fail!" "$LINENO" 5 + fi + + # Extract the first word of "openssl", so it can be a program name with args. + set dummy openssl; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_OPENSSL+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_OPENSSL+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$OPENSSL"; then + ac_cv_prog_OPENSSL="$OPENSSL" # Let the user override the test. + else +@@ -15289,11 +16187,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_OPENSSL="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -15305,25 +16207,27 @@ fi + fi + OPENSSL=$ac_cv_prog_OPENSSL + if test -n "$OPENSSL"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OPENSSL" >&5 +-$as_echo "$OPENSSL" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OPENSSL" >&5 ++printf "%s\n" "$OPENSSL" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +- if test $OPENSSL = no; then : ++ if test $OPENSSL = no ++then : + as_fn_error $? "Required executable openssl not found, some system tests will fail!" "$LINENO" 5 + fi + + # Extract the first word of "wc", so it can be a program name with args. + set dummy wc; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_WC+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++printf %s "checking for $ac_word... " >&6; } ++if test ${ac_cv_prog_WC+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + if test -n "$WC"; then + ac_cv_prog_WC="$WC" # Let the user override the test. + else +@@ -15331,11 +16235,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac + for ac_exec_ext in '' $ac_executable_extensions; do +- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ++ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_WC="yes" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi + done +@@ -15347,15 +16255,16 @@ fi + fi + WC=$ac_cv_prog_WC + if test -n "$WC"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $WC" >&5 +-$as_echo "$WC" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $WC" >&5 ++printf "%s\n" "$WC" >&6; } + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } + fi + + +- if test $WC = no; then : ++ if test $WC = no ++then : + as_fn_error $? "Required executable wc not found, some system tests will fail!" "$LINENO" 5 + fi + +@@ -15373,18 +16282,20 @@ fi + fi + + # Check whether --enable-dlclose was given. +-if test "${enable_dlclose+set}" = set; then : ++if test ${enable_dlclose+y} ++then : + enableval=$enable_dlclose; +-$as_echo "#define DISABLE_DLCLOSE 1" >>confdefs.h ++printf "%s\n" "#define DISABLE_DLCLOSE 1" >>confdefs.h + + + fi + + + # Check whether --enable-hardening was given. +-if test "${enable_hardening+set}" = set; then : ++if test ${enable_hardening+y} ++then : + enableval=$enable_hardening; +-else ++else $as_nop + enable_hardening="yes" + fi + +@@ -15392,7 +16303,8 @@ fi + # Good information on adding flags, and dealing with compilers can be found here: + # https://github.com/zcash/zcash/issues/1832 + # https://github.com/kmcallister/autoharden/ +-if test x"$enable_hardening" != x"no"; then : ++if test x"$enable_hardening" != x"no" ++then : + + + +@@ -15402,11 +16314,12 @@ if test x"$enable_hardening" != x"no"; then : + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wall" >&5 +-$as_echo_n "checking whether C compiler accepts -Wall... " >&6; } +-if ${ax_cv_check_cflags___Wall+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wall" >&5 ++printf %s "checking whether C compiler accepts -Wall... " >&6; } ++if test ${ax_cv_check_cflags___Wall+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Wall" +@@ -15414,37 +16327,40 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___Wall=yes +-else ++else $as_nop + ax_cv_check_cflags___Wall=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wall" >&5 +-$as_echo "$ax_cv_check_cflags___Wall" >&6; } +-if test "x$ax_cv_check_cflags___Wall" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wall" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Wall" >&6; } ++if test "x$ax_cv_check_cflags___Wall" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -Wall" +-else ++else $as_nop + as_fn_error $? "Cannot enable -Wall, consider configuring with --disable-hardening" "$LINENO" 5 + + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wextra" >&5 +-$as_echo_n "checking whether C compiler accepts -Wextra... " >&6; } +-if ${ax_cv_check_cflags___Wextra+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wextra" >&5 ++printf %s "checking whether C compiler accepts -Wextra... " >&6; } ++if test ${ax_cv_check_cflags___Wextra+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Wextra" +@@ -15452,38 +16368,42 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___Wextra=yes +-else ++else $as_nop + ax_cv_check_cflags___Wextra=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wextra" >&5 +-$as_echo "$ax_cv_check_cflags___Wextra" >&6; } +-if test "x$ax_cv_check_cflags___Wextra" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wextra" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Wextra" >&6; } ++if test "x$ax_cv_check_cflags___Wextra" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -Wextra" +-else ++else $as_nop + as_fn_error $? "Cannot enable -Wextra, consider configuring with --disable-hardening" "$LINENO" 5 + + fi + + +- if test "x$ax_is_release" = "xno"; then : ++ if test "x$ax_is_release" = "xno" ++then : + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Werror" >&5 +-$as_echo_n "checking whether C compiler accepts -Werror... " >&6; } +-if ${ax_cv_check_cflags___Werror+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Werror" >&5 ++printf %s "checking whether C compiler accepts -Werror... " >&6; } ++if test ${ax_cv_check_cflags___Werror+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Werror" +@@ -15491,26 +16411,28 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___Werror=yes +-else ++else $as_nop + ax_cv_check_cflags___Werror=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Werror" >&5 +-$as_echo "$ax_cv_check_cflags___Werror" >&6; } +-if test "x$ax_cv_check_cflags___Werror" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Werror" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Werror" >&6; } ++if test "x$ax_cv_check_cflags___Werror" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -Werror" +-else ++else $as_nop + as_fn_error $? "Cannot enable -Werror, consider configuring with --disable-hardening" "$LINENO" 5 + + fi +@@ -15519,11 +16441,12 @@ fi + fi + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wformat" >&5 +-$as_echo_n "checking whether C compiler accepts -Wformat... " >&6; } +-if ${ax_cv_check_cflags___Wformat+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wformat" >&5 ++printf %s "checking whether C compiler accepts -Wformat... " >&6; } ++if test ${ax_cv_check_cflags___Wformat+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Wformat" +@@ -15531,37 +16454,40 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___Wformat=yes +-else ++else $as_nop + ax_cv_check_cflags___Wformat=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wformat" >&5 +-$as_echo "$ax_cv_check_cflags___Wformat" >&6; } +-if test "x$ax_cv_check_cflags___Wformat" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wformat" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Wformat" >&6; } ++if test "x$ax_cv_check_cflags___Wformat" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -Wformat" +-else ++else $as_nop + as_fn_error $? "Cannot enable -Wformat, consider configuring with --disable-hardening" "$LINENO" 5 + + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wformat-security" >&5 +-$as_echo_n "checking whether C compiler accepts -Wformat-security... " >&6; } +-if ${ax_cv_check_cflags___Wformat_security+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wformat-security" >&5 ++printf %s "checking whether C compiler accepts -Wformat-security... " >&6; } ++if test ${ax_cv_check_cflags___Wformat_security+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Wformat-security" +@@ -15569,37 +16495,40 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___Wformat_security=yes +-else ++else $as_nop + ax_cv_check_cflags___Wformat_security=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wformat_security" >&5 +-$as_echo "$ax_cv_check_cflags___Wformat_security" >&6; } +-if test "x$ax_cv_check_cflags___Wformat_security" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wformat_security" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Wformat_security" >&6; } ++if test "x$ax_cv_check_cflags___Wformat_security" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -Wformat-security" +-else ++else $as_nop + as_fn_error $? "Cannot enable -Wformat-security, consider configuring with --disable-hardening" "$LINENO" 5 + + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wstack-protector" >&5 +-$as_echo_n "checking whether C compiler accepts -Wstack-protector... " >&6; } +-if ${ax_cv_check_cflags___Wstack_protector+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wstack-protector" >&5 ++printf %s "checking whether C compiler accepts -Wstack-protector... " >&6; } ++if test ${ax_cv_check_cflags___Wstack_protector+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Wstack-protector" +@@ -15607,37 +16536,40 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___Wstack_protector=yes +-else ++else $as_nop + ax_cv_check_cflags___Wstack_protector=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wstack_protector" >&5 +-$as_echo "$ax_cv_check_cflags___Wstack_protector" >&6; } +-if test "x$ax_cv_check_cflags___Wstack_protector" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wstack_protector" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Wstack_protector" >&6; } ++if test "x$ax_cv_check_cflags___Wstack_protector" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -Wstack-protector" +-else ++else $as_nop + as_fn_error $? "Cannot enable -Wstack-protector, consider configuring with --disable-hardening" "$LINENO" 5 + + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-all" >&5 +-$as_echo_n "checking whether C compiler accepts -fstack-protector-all... " >&6; } +-if ${ax_cv_check_cflags___fstack_protector_all+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-all" >&5 ++printf %s "checking whether C compiler accepts -fstack-protector-all... " >&6; } ++if test ${ax_cv_check_cflags___fstack_protector_all+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -fstack-protector-all" +@@ -15645,37 +16577,40 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___fstack_protector_all=yes +-else ++else $as_nop + ax_cv_check_cflags___fstack_protector_all=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_all" >&5 +-$as_echo "$ax_cv_check_cflags___fstack_protector_all" >&6; } +-if test "x$ax_cv_check_cflags___fstack_protector_all" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_all" >&5 ++printf "%s\n" "$ax_cv_check_cflags___fstack_protector_all" >&6; } ++if test "x$ax_cv_check_cflags___fstack_protector_all" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -fstack-protector-all" +-else ++else $as_nop + as_fn_error $? "Cannot enable -fstack-protector-all, consider configuring with --disable-hardening" "$LINENO" 5 + + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wstrict-overflow=5" >&5 +-$as_echo_n "checking whether C compiler accepts -Wstrict-overflow=5... " >&6; } +-if ${ax_cv_check_cflags___Wstrict_overflow_5+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wstrict-overflow=5" >&5 ++printf %s "checking whether C compiler accepts -Wstrict-overflow=5... " >&6; } ++if test ${ax_cv_check_cflags___Wstrict_overflow_5+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Wstrict-overflow=5" +@@ -15683,26 +16618,28 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___Wstrict_overflow_5=yes +-else ++else $as_nop + ax_cv_check_cflags___Wstrict_overflow_5=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wstrict_overflow_5" >&5 +-$as_echo "$ax_cv_check_cflags___Wstrict_overflow_5" >&6; } +-if test "x$ax_cv_check_cflags___Wstrict_overflow_5" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wstrict_overflow_5" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Wstrict_overflow_5" >&6; } ++if test "x$ax_cv_check_cflags___Wstrict_overflow_5" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -Wstrict-overflow=5" +-else ++else $as_nop + as_fn_error $? "Cannot enable -Wstrict-overflow=5, consider configuring with --disable-hardening" "$LINENO" 5 + + fi +@@ -15710,11 +16647,12 @@ fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -O2" >&5 +-$as_echo_n "checking whether C compiler accepts -O2... " >&6; } +-if ${ax_cv_check_cflags___O2+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -O2" >&5 ++printf %s "checking whether C compiler accepts -O2... " >&6; } ++if test ${ax_cv_check_cflags___O2+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -O2" +@@ -15722,70 +16660,146 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___O2=yes +-else ++else $as_nop + ax_cv_check_cflags___O2=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___O2" >&5 +-$as_echo "$ax_cv_check_cflags___O2" >&6; } +-if test "x$ax_cv_check_cflags___O2" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___O2" >&5 ++printf "%s\n" "$ax_cv_check_cflags___O2" >&6; } ++if test "x$ax_cv_check_cflags___O2" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -O2" +-else ++else $as_nop + as_fn_error $? "Cannot enable -O2, consider configuring with --disable-hardening" "$LINENO" 5 + + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS" >&5 +-$as_echo_n "checking whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS... " >&6; } ++ ac_save_cflags=$CFLAGS ++ ac_cwerror_flag=yes ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Werror" >&5 ++printf %s "checking whether C compiler accepts -Werror... " >&6; } ++if test ${ax_cv_check_cflags___Werror+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop ++ ++ ax_check_save_flags=$CFLAGS ++ CFLAGS="$CFLAGS -Werror" ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++ ++int ++main (void) ++{ ++ ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_compile "$LINENO" ++then : ++ ax_cv_check_cflags___Werror=yes ++else $as_nop ++ ax_cv_check_cflags___Werror=no ++fi ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ++ CFLAGS=$ax_check_save_flags ++fi ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Werror" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Werror" >&6; } ++if test "x$ax_cv_check_cflags___Werror" = xyes ++then : ++ CFLAGS="$CFLAGS -Werror" ++else $as_nop ++ : ++fi ++ ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS" >&5 ++printf %s "checking whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + + +- int main() { ++int ++main (void) ++{ ++ + #ifndef _FORTIFY_SOURCE + return 0; + #else + this_is_an_error; + #endif ++ ++ ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_link "$LINENO" ++then : ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++ ++ ++ #define _FORTIFY_SOURCE 2 ++ #include ++ int main() { ++ char *s = " "; ++ strcpy(s, "x"); ++ return strlen(s)-1; + } + + + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++printf "%s\n" "yes" >&6; } ++ CFLAGS=$ac_save_cflags ++ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" + +-else ++else $as_nop + +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ CFLAGS=$ac_save_cflags + + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext ++else $as_nop + ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++printf "%s\n" "no" >&6; } ++ CFLAGS=$ac_save_cflags + ++fi ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ ++ conftest$ac_exeext conftest.$ac_ext + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIC" >&5 +-$as_echo_n "checking whether C compiler accepts -fPIC... " >&6; } +-if ${ax_cv_check_cflags___fPIC+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ ++ ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIC" >&5 ++printf %s "checking whether C compiler accepts -fPIC... " >&6; } ++if test ${ax_cv_check_cflags___fPIC+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -fPIC" +@@ -15793,37 +16807,40 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___fPIC=yes +-else ++else $as_nop + ax_cv_check_cflags___fPIC=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fPIC" >&5 +-$as_echo "$ax_cv_check_cflags___fPIC" >&6; } +-if test "x$ax_cv_check_cflags___fPIC" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fPIC" >&5 ++printf "%s\n" "$ax_cv_check_cflags___fPIC" >&6; } ++if test "x$ax_cv_check_cflags___fPIC" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -fPIC" +-else ++else $as_nop + as_fn_error $? "Cannot enable -fPIC, consider configuring with --disable-hardening" "$LINENO" 5 + + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -shared" >&5 +-$as_echo_n "checking whether the linker accepts -shared... " >&6; } +-if ${ax_cv_check_ldflags___shared+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -shared" >&5 ++printf %s "checking whether the linker accepts -shared... " >&6; } ++if test ${ax_cv_check_ldflags___shared+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -shared" +@@ -15831,27 +16848,29 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + ax_cv_check_ldflags___shared=yes +-else ++else $as_nop + ax_cv_check_ldflags___shared=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___shared" >&5 +-$as_echo "$ax_cv_check_ldflags___shared" >&6; } +-if test "x$ax_cv_check_ldflags___shared" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___shared" >&5 ++printf "%s\n" "$ax_cv_check_ldflags___shared" >&6; } ++if test "x$ax_cv_check_ldflags___shared" = xyes ++then : + EXTRA_LDFLAGS="$EXTRA_LDFLAGS -shared" +-else ++else $as_nop + as_fn_error $? "Cannot enable -shared, consider configuring with --disable-hardening" "$LINENO" 5 + + fi +@@ -15859,11 +16878,12 @@ fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIE" >&5 +-$as_echo_n "checking whether C compiler accepts -fPIE... " >&6; } +-if ${ax_cv_check_cflags___fPIE+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIE" >&5 ++printf %s "checking whether C compiler accepts -fPIE... " >&6; } ++if test ${ax_cv_check_cflags___fPIE+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -fPIE" +@@ -15871,37 +16891,40 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___fPIE=yes +-else ++else $as_nop + ax_cv_check_cflags___fPIE=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fPIE" >&5 +-$as_echo "$ax_cv_check_cflags___fPIE" >&6; } +-if test "x$ax_cv_check_cflags___fPIE" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fPIE" >&5 ++printf "%s\n" "$ax_cv_check_cflags___fPIE" >&6; } ++if test "x$ax_cv_check_cflags___fPIE" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -fPIE" +-else ++else $as_nop + as_fn_error $? "Cannot enable -fPIE, consider configuring with --disable-hardening" "$LINENO" 5 + + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -pie" >&5 +-$as_echo_n "checking whether the linker accepts -pie... " >&6; } +-if ${ax_cv_check_ldflags___pie+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -pie" >&5 ++printf %s "checking whether the linker accepts -pie... " >&6; } ++if test ${ax_cv_check_ldflags___pie+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -pie" +@@ -15909,27 +16932,29 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + ax_cv_check_ldflags___pie=yes +-else ++else $as_nop + ax_cv_check_ldflags___pie=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___pie" >&5 +-$as_echo "$ax_cv_check_ldflags___pie" >&6; } +-if test "x$ax_cv_check_ldflags___pie" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___pie" >&5 ++printf "%s\n" "$ax_cv_check_ldflags___pie" >&6; } ++if test "x$ax_cv_check_ldflags___pie" = xyes ++then : + EXTRA_LDFLAGS="$EXTRA_LDFLAGS -pie" +-else ++else $as_nop + as_fn_error $? "Cannot enable -pie, consider configuring with --disable-hardening" "$LINENO" 5 + + fi +@@ -15937,11 +16962,12 @@ fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5 +-$as_echo_n "checking whether the linker accepts -Wl,-z,relro... " >&6; } +-if ${ax_cv_check_ldflags___Wl__z_relro+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,relro" >&5 ++printf %s "checking whether the linker accepts -Wl,-z,relro... " >&6; } ++if test ${ax_cv_check_ldflags___Wl__z_relro+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,-z,relro" +@@ -15949,38 +16975,41 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + ax_cv_check_ldflags___Wl__z_relro=yes +-else ++else $as_nop + ax_cv_check_ldflags___Wl__z_relro=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_relro" >&5 +-$as_echo "$ax_cv_check_ldflags___Wl__z_relro" >&6; } +-if test "x$ax_cv_check_ldflags___Wl__z_relro" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_relro" >&5 ++printf "%s\n" "$ax_cv_check_ldflags___Wl__z_relro" >&6; } ++if test "x$ax_cv_check_ldflags___Wl__z_relro" = xyes ++then : + EXTRA_LDFLAGS="$EXTRA_LDFLAGS -Wl,-z,relro" +-else ++else $as_nop + as_fn_error $? "Cannot enable -Wl,-z,relro, consider configuring with --disable-hardening" "$LINENO" 5 + + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,now" >&5 +-$as_echo_n "checking whether the linker accepts -Wl,-z,now... " >&6; } +-if ${ax_cv_check_ldflags___Wl__z_now+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,now" >&5 ++printf %s "checking whether the linker accepts -Wl,-z,now... " >&6; } ++if test ${ax_cv_check_ldflags___Wl__z_now+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,-z,now" +@@ -15988,27 +17017,29 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + ax_cv_check_ldflags___Wl__z_now=yes +-else ++else $as_nop + ax_cv_check_ldflags___Wl__z_now=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_now" >&5 +-$as_echo "$ax_cv_check_ldflags___Wl__z_now" >&6; } +-if test "x$ax_cv_check_ldflags___Wl__z_now" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_now" >&5 ++printf "%s\n" "$ax_cv_check_ldflags___Wl__z_now" >&6; } ++if test "x$ax_cv_check_ldflags___Wl__z_now" = xyes ++then : + EXTRA_LDFLAGS="$EXTRA_LDFLAGS -Wl,-z,now" +-else ++else $as_nop + as_fn_error $? "Cannot enable -Wl,-z,now, consider configuring with --disable-hardening" "$LINENO" 5 + + fi +@@ -16016,12 +17047,12 @@ fi + + + +-else ++else $as_nop + +- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Compiling with --disable-hardening is dangerous! ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Compiling with --disable-hardening is dangerous! + you should consider fixing the configure script compiler flags + and submitting patches upstream!" >&5 +-$as_echo "$as_me: WARNING: Compiling with --disable-hardening is dangerous! ++printf "%s\n" "$as_me: WARNING: Compiling with --disable-hardening is dangerous! + you should consider fixing the configure script compiler flags + and submitting patches upstream!" >&2;} + +@@ -16031,11 +17062,12 @@ fi + + # -D_GNU_SOURCE is required for execvpe() in options.c + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -D_GNU_SOURCE" >&5 +-$as_echo_n "checking whether C compiler accepts -D_GNU_SOURCE... " >&6; } +-if ${ax_cv_check_cflags___D_GNU_SOURCE+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -D_GNU_SOURCE" >&5 ++printf %s "checking whether C compiler accepts -D_GNU_SOURCE... " >&6; } ++if test ${ax_cv_check_cflags___D_GNU_SOURCE+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -D_GNU_SOURCE" +@@ -16043,26 +17075,28 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___D_GNU_SOURCE=yes +-else ++else $as_nop + ax_cv_check_cflags___D_GNU_SOURCE=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___D_GNU_SOURCE" >&5 +-$as_echo "$ax_cv_check_cflags___D_GNU_SOURCE" >&6; } +-if test "x$ax_cv_check_cflags___D_GNU_SOURCE" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___D_GNU_SOURCE" >&5 ++printf "%s\n" "$ax_cv_check_cflags___D_GNU_SOURCE" >&6; } ++if test "x$ax_cv_check_cflags___D_GNU_SOURCE" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -D_GNU_SOURCE" +-else ++else $as_nop + as_fn_error $? "Cannot enable -D_GNU_SOURCE" "$LINENO" 5 + + fi +@@ -16071,11 +17105,12 @@ fi + + # Enable gnu99 mode, since we use some of these features. + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -std=gnu99" >&5 +-$as_echo_n "checking whether C compiler accepts -std=gnu99... " >&6; } +-if ${ax_cv_check_cflags___std_gnu99+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -std=gnu99" >&5 ++printf %s "checking whether C compiler accepts -std=gnu99... " >&6; } ++if test ${ax_cv_check_cflags___std_gnu99+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -std=gnu99" +@@ -16083,26 +17118,28 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___std_gnu99=yes +-else ++else $as_nop + ax_cv_check_cflags___std_gnu99=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___std_gnu99" >&5 +-$as_echo "$ax_cv_check_cflags___std_gnu99" >&6; } +-if test "x$ax_cv_check_cflags___std_gnu99" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___std_gnu99" >&5 ++printf "%s\n" "$ax_cv_check_cflags___std_gnu99" >&6; } ++if test "x$ax_cv_check_cflags___std_gnu99" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -std=gnu99" +-else ++else $as_nop + as_fn_error $? "Cannot enable -std=gnu99" "$LINENO" 5 + + fi +@@ -16112,13 +17149,15 @@ fi + # Best attempt compiler options that are on newer versions of GCC that + # we can't widely enforce without killing other peoples builds. + # Works with gcc only. Needs to be disabled on BSD and clang +-if test "$HOSTOS" = "Linux"; then : ++if test "$HOSTOS" = "Linux" ++then : + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wstringop-overflow=4" >&5 +-$as_echo_n "checking whether C compiler accepts -Wstringop-overflow=4... " >&6; } +-if ${ax_cv_check_cflags___Wstringop_overflow_4+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wstringop-overflow=4" >&5 ++printf %s "checking whether C compiler accepts -Wstringop-overflow=4... " >&6; } ++if test ${ax_cv_check_cflags___Wstringop_overflow_4+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Wstringop-overflow=4" +@@ -16126,36 +17165,39 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___Wstringop_overflow_4=yes +-else ++else $as_nop + ax_cv_check_cflags___Wstringop_overflow_4=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wstringop_overflow_4" >&5 +-$as_echo "$ax_cv_check_cflags___Wstringop_overflow_4" >&6; } +-if test "x$ax_cv_check_cflags___Wstringop_overflow_4" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wstringop_overflow_4" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Wstringop_overflow_4" >&6; } ++if test "x$ax_cv_check_cflags___Wstringop_overflow_4" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -Wstringop-overflow=4" +-else ++else $as_nop + : + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wstringop-truncation" >&5 +-$as_echo_n "checking whether C compiler accepts -Wstringop-truncation... " >&6; } +-if ${ax_cv_check_cflags___Wstringop_truncation+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wstringop-truncation" >&5 ++printf %s "checking whether C compiler accepts -Wstringop-truncation... " >&6; } ++if test ${ax_cv_check_cflags___Wstringop_truncation+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Wstringop-truncation" +@@ -16163,36 +17205,39 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___Wstringop_truncation=yes +-else ++else $as_nop + ax_cv_check_cflags___Wstringop_truncation=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wstringop_truncation" >&5 +-$as_echo "$ax_cv_check_cflags___Wstringop_truncation" >&6; } +-if test "x$ax_cv_check_cflags___Wstringop_truncation" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wstringop_truncation" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Wstringop_truncation" >&6; } ++if test "x$ax_cv_check_cflags___Wstringop_truncation" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -Wstringop-truncation" +-else ++else $as_nop + : + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wduplicated-branches" >&5 +-$as_echo_n "checking whether C compiler accepts -Wduplicated-branches... " >&6; } +-if ${ax_cv_check_cflags___Wduplicated_branches+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wduplicated-branches" >&5 ++printf %s "checking whether C compiler accepts -Wduplicated-branches... " >&6; } ++if test ${ax_cv_check_cflags___Wduplicated_branches+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Wduplicated-branches" +@@ -16200,36 +17245,39 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___Wduplicated_branches=yes +-else ++else $as_nop + ax_cv_check_cflags___Wduplicated_branches=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wduplicated_branches" >&5 +-$as_echo "$ax_cv_check_cflags___Wduplicated_branches" >&6; } +-if test "x$ax_cv_check_cflags___Wduplicated_branches" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wduplicated_branches" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Wduplicated_branches" >&6; } ++if test "x$ax_cv_check_cflags___Wduplicated_branches" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -Wduplicated-branches" +-else ++else $as_nop + : + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wduplicated-cond" >&5 +-$as_echo_n "checking whether C compiler accepts -Wduplicated-cond... " >&6; } +-if ${ax_cv_check_cflags___Wduplicated_cond+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wduplicated-cond" >&5 ++printf %s "checking whether C compiler accepts -Wduplicated-cond... " >&6; } ++if test ${ax_cv_check_cflags___Wduplicated_cond+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Wduplicated-cond" +@@ -16237,36 +17285,39 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___Wduplicated_cond=yes +-else ++else $as_nop + ax_cv_check_cflags___Wduplicated_cond=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wduplicated_cond" >&5 +-$as_echo "$ax_cv_check_cflags___Wduplicated_cond" >&6; } +-if test "x$ax_cv_check_cflags___Wduplicated_cond" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wduplicated_cond" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Wduplicated_cond" >&6; } ++if test "x$ax_cv_check_cflags___Wduplicated_cond" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -Wduplicated-cond" +-else ++else $as_nop + : + fi + + + +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wbool-compare" >&5 +-$as_echo_n "checking whether C compiler accepts -Wbool-compare... " >&6; } +-if ${ax_cv_check_cflags___Wbool_compare+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wbool-compare" >&5 ++printf %s "checking whether C compiler accepts -Wbool-compare... " >&6; } ++if test ${ax_cv_check_cflags___Wbool_compare+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Wbool-compare" +@@ -16274,26 +17325,28 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___Wbool_compare=yes +-else ++else $as_nop + ax_cv_check_cflags___Wbool_compare=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wbool_compare" >&5 +-$as_echo "$ax_cv_check_cflags___Wbool_compare" >&6; } +-if test "x$ax_cv_check_cflags___Wbool_compare" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Wbool_compare" >&5 ++printf "%s\n" "$ax_cv_check_cflags___Wbool_compare" >&6; } ++if test "x$ax_cv_check_cflags___Wbool_compare" = xyes ++then : + EXTRA_CFLAGS="$EXTRA_CFLAGS -Wbool-compare" +-else ++else $as_nop + : + fi + +@@ -16302,11 +17355,12 @@ fi + + # Best attempt, strip unused stuff from the binary to reduce size. + # Rather than nesting these and making them ugly just use a counter. +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fdata-sections" >&5 +-$as_echo_n "checking whether C compiler accepts -fdata-sections... " >&6; } +-if ${ax_cv_check_cflags___fdata_sections+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fdata-sections" >&5 ++printf %s "checking whether C compiler accepts -fdata-sections... " >&6; } ++if test ${ax_cv_check_cflags___fdata_sections+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -fdata-sections" +@@ -16314,34 +17368,37 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___fdata_sections=yes +-else ++else $as_nop + ax_cv_check_cflags___fdata_sections=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fdata_sections" >&5 +-$as_echo "$ax_cv_check_cflags___fdata_sections" >&6; } +-if test "x$ax_cv_check_cflags___fdata_sections" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fdata_sections" >&5 ++printf "%s\n" "$ax_cv_check_cflags___fdata_sections" >&6; } ++if test "x$ax_cv_check_cflags___fdata_sections" = xyes ++then : + strip="${strip}y" +-else ++else $as_nop + : + fi + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -ffunction-sections" >&5 +-$as_echo_n "checking whether C compiler accepts -ffunction-sections... " >&6; } +-if ${ax_cv_check_cflags___ffunction_sections+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -ffunction-sections" >&5 ++printf %s "checking whether C compiler accepts -ffunction-sections... " >&6; } ++if test ${ax_cv_check_cflags___ffunction_sections+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -ffunction-sections" +@@ -16349,34 +17406,37 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : ++if ac_fn_c_try_compile "$LINENO" ++then : + ax_cv_check_cflags___ffunction_sections=yes +-else ++else $as_nop + ax_cv_check_cflags___ffunction_sections=no + fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___ffunction_sections" >&5 +-$as_echo "$ax_cv_check_cflags___ffunction_sections" >&6; } +-if test "x$ax_cv_check_cflags___ffunction_sections" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___ffunction_sections" >&5 ++printf "%s\n" "$ax_cv_check_cflags___ffunction_sections" >&6; } ++if test "x$ax_cv_check_cflags___ffunction_sections" = xyes ++then : + strip="${strip}y" +-else ++else $as_nop + : + fi + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,--gc-sections" >&5 +-$as_echo_n "checking whether the linker accepts -Wl,--gc-sections... " >&6; } +-if ${ax_cv_check_ldflags___Wl___gc_sections+:} false; then : +- $as_echo_n "(cached) " >&6 +-else ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,--gc-sections" >&5 ++printf %s "checking whether the linker accepts -Wl,--gc-sections... " >&6; } ++if test ${ax_cv_check_ldflags___Wl___gc_sections+y} ++then : ++ printf %s "(cached) " >&6 ++else $as_nop + + ax_check_save_flags=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,--gc-sections" +@@ -16384,39 +17444,42 @@ else + /* end confdefs.h. */ + + int +-main () ++main (void) + { + + ; + return 0; + } + _ACEOF +-if ac_fn_c_try_link "$LINENO"; then : ++if ac_fn_c_try_link "$LINENO" ++then : + ax_cv_check_ldflags___Wl___gc_sections=yes +-else ++else $as_nop + ax_cv_check_ldflags___Wl___gc_sections=no + fi +-rm -f core conftest.err conftest.$ac_objext \ ++rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$ax_check_save_flags + fi +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl___gc_sections" >&5 +-$as_echo "$ax_cv_check_ldflags___Wl___gc_sections" >&6; } +-if test "x$ax_cv_check_ldflags___Wl___gc_sections" = xyes; then : ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl___gc_sections" >&5 ++printf "%s\n" "$ax_cv_check_ldflags___Wl___gc_sections" >&6; } ++if test "x$ax_cv_check_ldflags___Wl___gc_sections" = xyes ++then : + strip="${strip}y" +-else ++else $as_nop + : + fi + + +-if test x"$strip" = x"yyy"; then : ++if test x"$strip" = x"yyy" ++then : + + EXTRA_CFLAGS="$EXTRA_CFLAGS -fdata-sections -ffunction-sections" + EXTRA_LDFLAGS="$EXTRA_LDFLAGS -Wl,--gc-sections" + +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: Not using compiler options to reduce binary size!" >&5 +-$as_echo "$as_me: Not using compiler options to reduce binary size!" >&6;} ++else $as_nop ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Not using compiler options to reduce binary size!" >&5 ++printf "%s\n" "$as_me: Not using compiler options to reduce binary size!" >&6;} + + fi + +@@ -16451,8 +17514,8 @@ _ACEOF + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( +- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; ++ *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 ++printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( +@@ -16482,15 +17545,15 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + /^ac_cv_env_/b end + t clear + :clear +- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ ++ s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache + if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +-$as_echo "$as_me: updating cache $cache_file" >&6;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 ++printf "%s\n" "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else +@@ -16504,8 +17567,8 @@ $as_echo "$as_me: updating cache $cache_file" >&6;} + fi + fi + else +- { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +-$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 ++printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;} + fi + fi + rm -f confcache +@@ -16522,7 +17585,7 @@ U= + for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' +- ac_i=`$as_echo "$ac_i" | sed "$ac_script"` ++ ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" +@@ -16533,14 +17596,14 @@ LIBOBJS=$ac_libobjs + LTLIBOBJS=$ac_ltlibobjs + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 +-$as_echo_n "checking that generated files are newer than configure... " >&6; } ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 ++printf %s "checking that generated files are newer than configure... " >&6; } + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 +-$as_echo "done" >&6; } ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5 ++printf "%s\n" "done" >&6; } + if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + as_fn_error $? "conditional \"AMDEP\" was never defined. + Usually this means the macro was only invoked conditionally." "$LINENO" 5 +@@ -16581,6 +17644,10 @@ if test -z "${HAVE_ESYS_4_0_TRUE}" && test -z "${HAVE_ESYS_4_0_FALSE}"; then + as_fn_error $? "conditional \"HAVE_ESYS_4_0\" was never defined. + Usually this means the macro was only invoked conditionally." "$LINENO" 5 + fi ++if test -z "${HAVE_EFIVAR_H_TRUE}" && test -z "${HAVE_EFIVAR_H_FALSE}"; then ++ as_fn_error $? "conditional \"HAVE_EFIVAR_H\" was never defined. ++Usually this means the macro was only invoked conditionally." "$LINENO" 5 ++fi + if test -z "${UNIT_TRUE}" && test -z "${UNIT_FALSE}"; then + as_fn_error $? "conditional \"UNIT\" was never defined. + Usually this means the macro was only invoked conditionally." "$LINENO" 5 +@@ -16594,8 +17661,8 @@ fi + ac_write_fail=0 + ac_clean_files_save=$ac_clean_files + ac_clean_files="$ac_clean_files $CONFIG_STATUS" +-{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +-$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 ++printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;} + as_write_fail=0 + cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 + #! $SHELL +@@ -16618,14 +17685,16 @@ cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 + + # Be more Bourne compatible + DUALCASE=1; export DUALCASE # for MKS sh +-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : ++as_nop=: ++if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 ++then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +-else ++else $as_nop + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( +@@ -16635,46 +17704,46 @@ esac + fi + + ++ ++# Reset variables that may have inherited troublesome values from ++# the environment. ++ ++# IFS needs to be set, to space, tab, and newline, in precisely that order. ++# (If _AS_PATH_WALK were called with IFS unset, it would have the ++# side effect of setting IFS to empty, thus disabling word splitting.) ++# Quoting is to prevent editors from complaining about space-tab. + as_nl=' + ' + export as_nl +-# Printing a long string crashes Solaris 7 /usr/bin/printf. +-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +-# Prefer a ksh shell builtin over an external printf program on Solaris, +-# but without wasting forks for bash or zsh. +-if test -z "$BASH_VERSION$ZSH_VERSION" \ +- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then +- as_echo='print -r --' +- as_echo_n='print -rn --' +-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then +- as_echo='printf %s\n' +- as_echo_n='printf %s' +-else +- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then +- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' +- as_echo_n='/usr/ucb/echo -n' +- else +- as_echo_body='eval expr "X$1" : "X\\(.*\\)"' +- as_echo_n_body='eval +- arg=$1; +- case $arg in #( +- *"$as_nl"*) +- expr "X$arg" : "X\\(.*\\)$as_nl"; +- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; +- esac; +- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" +- ' +- export as_echo_n_body +- as_echo_n='sh -c $as_echo_n_body as_echo' +- fi +- export as_echo_body +- as_echo='sh -c $as_echo_body as_echo' +-fi ++IFS=" "" $as_nl" ++ ++PS1='$ ' ++PS2='> ' ++PS4='+ ' ++ ++# Ensure predictable behavior from utilities with locale-dependent output. ++LC_ALL=C ++export LC_ALL ++LANGUAGE=C ++export LANGUAGE ++ ++# We cannot yet rely on "unset" to work, but we need these variables ++# to be unset--not just set to an empty or harmless value--now, to ++# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct ++# also avoids known problems related to "unset" and subshell syntax ++# in other old shells (e.g. bash 2.01 and pdksh 5.2.14). ++for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH ++do eval test \${$as_var+y} \ ++ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : ++done ++ ++# Ensure that fds 0, 1, and 2 are open. ++if (exec 3>&0) 2>/dev/null; then :; else exec 0&1) 2>/dev/null; then :; else exec 1>/dev/null; fi ++if (exec 3>&2) ; then :; else exec 2>/dev/null; fi + + # The user is always right. +-if test "${PATH_SEPARATOR+set}" != set; then ++if ${PATH_SEPARATOR+false} :; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || +@@ -16683,13 +17752,6 @@ if test "${PATH_SEPARATOR+set}" != set; then + fi + + +-# IFS +-# We need space, tab and new line, in precisely that order. Quoting is +-# there to prevent editors from complaining about space-tab. +-# (If _AS_PATH_WALK were called with IFS unset, it would disable word +-# splitting by setting IFS to empty value.) +-IFS=" "" $as_nl" +- + # Find who we are. Look in the path if we contain no directory separator. + as_myself= + case $0 in #(( +@@ -16698,8 +17760,12 @@ case $0 in #(( + for as_dir in $PATH + do + IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break ++ case $as_dir in #((( ++ '') as_dir=./ ;; ++ */) ;; ++ *) as_dir=$as_dir/ ;; ++ esac ++ test -r "$as_dir$0" && as_myself=$as_dir$0 && break + done + IFS=$as_save_IFS + +@@ -16711,30 +17777,10 @@ if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then +- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 ++ printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 + fi + +-# Unset variables that we do not need and which cause bugs (e.g. in +-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +-# suppresses any "Segmentation fault" message there. '((' could +-# trigger a bug in pdksh 5.2.14. +-for as_var in BASH_ENV ENV MAIL MAILPATH +-do eval test x\${$as_var+set} = xset \ +- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +-done +-PS1='$ ' +-PS2='> ' +-PS4='+ ' +- +-# NLS nuisances. +-LC_ALL=C +-export LC_ALL +-LANGUAGE=C +-export LANGUAGE +- +-# CDPATH. +-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + + # as_fn_error STATUS ERROR [LINENO LOG_FD] +@@ -16747,13 +17793,14 @@ as_fn_error () + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack +- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 ++ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi +- $as_echo "$as_me: error: $2" >&2 ++ printf "%s\n" "$as_me: error: $2" >&2 + as_fn_exit $as_status + } # as_fn_error + + ++ + # as_fn_set_status STATUS + # ----------------------- + # Set $? to STATUS, without forking. +@@ -16780,18 +17827,20 @@ as_fn_unset () + { eval $1=; unset $1;} + } + as_unset=as_fn_unset ++ + # as_fn_append VAR VALUE + # ---------------------- + # Append the text in VALUE to the end of the definition contained in VAR. Take + # advantage of any shell optimizations that allow amortized linear growth over + # repeated appends, instead of the typical quadratic growth present in naive + # implementations. +-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : ++if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null ++then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +-else ++else $as_nop + as_fn_append () + { + eval $1=\$$1\$2 +@@ -16803,12 +17852,13 @@ fi # as_fn_append + # Perform arithmetic evaluation on the ARGs, and store the result in the + # global $as_val. Take advantage of shells that can avoid forks. The arguments + # must be portable across $(()) and expr. +-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : ++if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null ++then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +-else ++else $as_nop + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` +@@ -16839,7 +17889,7 @@ as_me=`$as_basename -- "$0" || + $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +-$as_echo X/"$0" | ++printf "%s\n" X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q +@@ -16861,6 +17911,10 @@ as_cr_Letters=$as_cr_letters$as_cr_LETTERS + as_cr_digits='0123456789' + as_cr_alnum=$as_cr_Letters$as_cr_digits + ++ ++# Determine whether it's possible to make 'echo' print without a newline. ++# These variables are no longer used directly by Autoconf, but are AC_SUBSTed ++# for compatibility with existing Makefiles. + ECHO_C= ECHO_N= ECHO_T= + case `echo -n x` in #((((( + -n*) +@@ -16874,6 +17928,12 @@ case `echo -n x` in #((((( + ECHO_N='-n';; + esac + ++# For backward compatibility with old third-party macros, we provide ++# the shell variables $as_echo and $as_echo_n. New code should use ++# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. ++as_echo='printf %s\n' ++as_echo_n='printf %s' ++ + rm -f conf$$ conf$$.exe conf$$.file + if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +@@ -16915,7 +17975,7 @@ as_fn_mkdir_p () + as_dirs= + while :; do + case $as_dir in #( +- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( ++ *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" +@@ -16924,7 +17984,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +-$as_echo X"$as_dir" | ++printf "%s\n" X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q +@@ -16986,8 +18046,8 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + # report actual input values of CONFIG_FILES etc. instead of their + # values after options handling. + ac_log=" +-This file was extended by tpm2-tools $as_me 5.5, which was +-generated by GNU Autoconf 2.69. Invocation command line was ++This file was extended by tpm2-tools $as_me 5.7, which was ++generated by GNU Autoconf 2.71. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS +@@ -17049,14 +18109,16 @@ $config_commands + Report bugs to the package provider." + + _ACEOF ++ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"` ++ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"` + cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +-ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ++ac_cs_config='$ac_cs_config_escaped' + ac_cs_version="\\ +-tpm2-tools config.status 5.5 +-configured by $0, generated by GNU Autoconf 2.69, ++tpm2-tools config.status 5.7 ++configured by $0, generated by GNU Autoconf 2.71, + with options \\"\$ac_cs_config\\" + +-Copyright (C) 2012 Free Software Foundation, Inc. ++Copyright (C) 2021 Free Software Foundation, Inc. + This config.status script is free software; the Free Software Foundation + gives unlimited permission to copy, distribute and modify it." + +@@ -17096,15 +18158,15 @@ do + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) +- $as_echo "$ac_cs_version"; exit ;; ++ printf "%s\n" "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) +- $as_echo "$ac_cs_config"; exit ;; ++ printf "%s\n" "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in +- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; ++ *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" +@@ -17112,7 +18174,7 @@ do + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in +- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; ++ *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; +@@ -17121,7 +18183,7 @@ do + as_fn_error $? "ambiguous option: \`$1' + Try \`$0 --help' for more information.";; + --help | --hel | -h ) +- $as_echo "$ac_cs_usage"; exit ;; ++ printf "%s\n" "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; +@@ -17149,7 +18211,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift +- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 ++ \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +@@ -17163,7 +18225,7 @@ exec 5>>config.log + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX + ## Running $as_me. ## + _ASBOX +- $as_echo "$ac_log" ++ printf "%s\n" "$ac_log" + } >&5 + + _ACEOF +@@ -17479,9 +18541,9 @@ done + # We use the long form for the default assignment because of an extremely + # bizarre bug on SunOS 4.1.3. + if $ac_need_defaults; then +- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files +- test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers +- test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands ++ test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files ++ test ${CONFIG_HEADERS+y} || CONFIG_HEADERS=$config_headers ++ test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands + fi + + # Have a temporary directory for convenience. Make it in the build tree +@@ -17817,7 +18879,7 @@ do + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac +- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac ++ case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + +@@ -17825,17 +18887,17 @@ do + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` +- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' ++ printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" +- { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +-$as_echo "$as_me: creating $ac_file" >&6;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 ++printf "%s\n" "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) +- ac_sed_conf_input=`$as_echo "$configure_input" | ++ ac_sed_conf_input=`printf "%s\n" "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac +@@ -17852,7 +18914,7 @@ $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +-$as_echo X"$ac_file" | ++printf "%s\n" X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q +@@ -17876,9 +18938,9 @@ $as_echo X"$ac_file" | + case "$ac_dir" in + .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) +- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` ++ ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. +- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` ++ ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; +@@ -17940,8 +19002,8 @@ ac_sed_dataroot=' + case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in + *datarootdir*) ac_datarootdir_seen=yes;; + *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) +- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +-$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 ++printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} + _ACEOF + cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' +@@ -17985,9 +19047,9 @@ test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && +- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' + which seems to be undefined. Please make sure it is defined" >&5 +-$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' ++printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' + which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" +@@ -18003,20 +19065,20 @@ which seems to be undefined. Please make sure it is defined" >&2;} + # + if test x"$ac_file" != x-; then + { +- $as_echo "/* $configure_input */" \ ++ printf "%s\n" "/* $configure_input */" >&1 \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +-$as_echo "$as_me: $ac_file is unchanged" >&6;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 ++printf "%s\n" "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else +- $as_echo "/* $configure_input */" \ ++ printf "%s\n" "/* $configure_input */" >&1 \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi +@@ -18036,7 +19098,7 @@ $as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$_am_arg" : 'X\(//\)[^/]' \| \ + X"$_am_arg" : 'X\(//\)$' \| \ + X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || +-$as_echo X"$_am_arg" | ++printf "%s\n" X"$_am_arg" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q +@@ -18056,8 +19118,8 @@ $as_echo X"$_am_arg" | + s/.*/./; q'`/stamp-h$_am_stamp_count + ;; + +- :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +-$as_echo "$as_me: executing $ac_file commands" >&6;} ++ :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 ++printf "%s\n" "$as_me: executing $ac_file commands" >&6;} + ;; + esac + +@@ -18590,6 +19652,7 @@ _LT_EOF + esac + + ++ + ltmain=$ac_aux_dir/ltmain.sh + + +@@ -18625,7 +19688,7 @@ esac + for am_mf + do + # Strip MF so we end up with the name of the file. +- am_mf=`$as_echo "$am_mf" | sed -e 's/:.*$//'` ++ am_mf=`printf "%s\n" "$am_mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line +@@ -18637,7 +19700,7 @@ $as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$am_mf" : 'X\(//\)[^/]' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +-$as_echo X"$am_mf" | ++printf "%s\n" X"$am_mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q +@@ -18659,7 +19722,7 @@ $as_echo X"$am_mf" | + $as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +-$as_echo X/"$am_mf" | ++printf "%s\n" X/"$am_mf" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q +@@ -18684,10 +19747,12 @@ $as_echo X/"$am_mf" | + (exit $ac_status); } || am_rc=$? + done + if test $am_rc -ne 0; then +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} ++ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 ++printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + as_fn_error $? "Something went wrong bootstrapping makefile fragments +- for automatic dependency tracking. Try re-running configure with the ++ for automatic dependency tracking. If GNU make was not used, consider ++ re-running the configure script with MAKE=\"gmake\" (or whatever is ++ necessary). You can also try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking). + See \`config.log' for more details" "$LINENO" 5; } +@@ -18733,20 +19798,21 @@ if test "$no_create" != yes; then + $ac_cs_success || as_fn_exit 1 + fi + if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +-$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} ++ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 ++printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} + fi + + +-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ++{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: + - $PACKAGE_NAME: $VERSION + - Man pages: ${PANDOC:-no} + - Unit tests: $enable_unit + $unit_test_tool_report + " >&5 +-$as_echo " ++printf "%s\n" " + - $PACKAGE_NAME: $VERSION + - Man pages: ${PANDOC:-no} + - Unit tests: $enable_unit + $unit_test_tool_report + " >&6; } ++ +diff --git a/configure.ac b/configure.ac +index f02d975..8f87dd6 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -74,12 +74,15 @@ PKG_CHECK_MODULES([TSS2_MU], [tss2-mu]) + PKG_CHECK_MODULES([TSS2_RC], [tss2-rc]) + PKG_CHECK_MODULES([TSS2_SYS], [tss2-sys]) + PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.1.0]) ++LIBS_save="${LIBS}" ++LIBS="${CRYPTO_LIBS} ${LIBS}" + AC_CHECK_LIB(crypto, [EVP_sm3], [ + AC_DEFINE([HAVE_EVP_SM3], [1], [Support EVP_sm3 in openssl])], + []) + AC_CHECK_LIB(crypto, [EVP_sm4_cfb128], [ + AC_DEFINE([HAVE_EVP_SM4_CFB], [1], [Support EVP_sm4_cfb in openssl])], + []) ++LIBS="${LIBS_save}" + PKG_CHECK_MODULES([CURL], [libcurl]) + + # pretty print of devicepath if efivar library is present +@@ -91,12 +94,15 @@ AC_ARG_WITH([efivar], + ) + + # use the true program to avoid failing hard +-AS_IF([test "x$with_efivar" == "xauto"], +- [PKG_CHECK_MODULES([EFIVAR], [efivar],,[true])], +- [test "x$with_efivar" == "xyes"], +- [PKG_CHECK_MODULES([EFIVAR], [efivar])], ++AS_IF([test "x$with_efivar" = "xauto"], ++ [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h], , [true])], [true])], ++ [test "x$with_efivar" = "xyes"], ++ [PKG_CHECK_MODULES([EFIVAR], [efivar], [AC_CHECK_HEADERS([efivar/efivar.h])])], + ) + ++AC_CHECK_HEADERS([efivar/efivar.h],[efivar_h=yes ], [efivar = no ]) ++AM_CONDITIONAL([HAVE_EFIVAR_H], [test "$efivar_h" = yes]) ++ + # backwards compat with older pkg-config + # - pull in AC_DEFUN from pkg.m4 + m4_ifndef([PKG_CHECK_VAR], [ +diff --git a/depcomp b/depcomp +index 65cbf70..715e343 100755 +--- a/depcomp ++++ b/depcomp +@@ -3,7 +3,7 @@ + + scriptversion=2018-03-07.03; # UTC + +-# Copyright (C) 1999-2018 Free Software Foundation, Inc. ++# Copyright (C) 1999-2021 Free Software Foundation, Inc. + + # This program is free software; you can redistribute it and/or modify + # it under the terms of the GNU General Public License as published by +diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md +index 57b309f..3c99f63 100644 +--- a/docs/CHANGELOG.md ++++ b/docs/CHANGELOG.md +@@ -4,6 +4,116 @@ All notable changes to this project will be documented in this file. + + Starting with release 5.4, The format is based on [Keep a Changelog](http://keepachangelog.com/). + ++## 5.7 - 2024-04-26 ++### Security ++- Fixed CVE-2024-29038 ++- Fixed CVE-2024-29039 ++ ++### Fixed ++- Fix eventlog test ++- Fix issues with reading NV indexes ++- Fix context save error on tpm2_create ++- tpm2_sessionconfig: fix handling of `--disable-continue session` so that the subsequent command will not fail ++ when attempting to context save a flushed session. ++- detection of functions within libcrypto when CRYPTO_LIBS is set and system has install libcrypto. ++- tpm2_send: fix EOF detection on input stream. ++- tpm2_policy.c fix compilation error caused by format directive for size_t on 32 bit systems. ++- tpm2_nvread: fix input handling no nv index. ++- Auth file: Ensure 0-termination when reading auths from a file. ++- configure.ac: fix bashisms. configure scripts need to be runnable with a POSIX-compliant /bin/sh. ++- cirrus.yml fix tss compilation with libtpms for FreeBSD. ++- tpm2_tool.c Fix missing include for basename to enable compilation on netbsd. ++- options: fix TCTI handling to avoid failures for commands that should work with no options. ++- tpm2_getekcertificate.c Fix leak. ek_uri was not freed if get_ek_server_address failed. ++ ++### Added ++- Add the possibility for autoflush (environment variable "TPM2TOOLS_AUTOFLUSH", or -R option) ++ ++### Removed ++- Testing on Ubuntu 18.04 as it's near EOL (May 2023).m2_policy.c fix compilation error caused by format directive for size_t on 32 bit systems. ++- tpm2_nvread: fix input handling no nv index. ++ ++## 5.6 - 2023-11-08 ++ ++ - Add safe directory in config ++ ++## 5.6-rc0 - 2023-09-26 ++ ++ * tpm2_eventlog: ++ - add H-CRTM event support ++ - add support of efivar versions less than 38 ++ - Add support to check for efivar/efivar.h manually ++ - Minor formatting fixes ++ - tpm2_eventlog: add support for replay with different StartupLocality ++ - Fix pcr extension for EV_NO_ACTION ++ - Extend test of yaml string representation ++ - Use helper for printing a string dump ++ - Fix upper bound on unique data size ++ - Fix YAML string formatting ++ ++ * tpm2_policy: ++ - Add support for parsing forward seal TPM values ++ - Use forward seal values in creating policies ++ - Move dgst_size in evaluate_populate_pcr_digests() ++ - Allow more than 8 PCRs for sealing ++ - Move dgst_size in evaluate_populate_pcr_digests ++ - Allow more than 8 PCRs for sealing ++ - Make __wrap_Esys_PCR_Read() more dynamic to enable testing more PCRs ++ ++ * tpm2_encryptdecrypt: Fix pkcs7 padding stripping ++ ++ * tpm2_duplicate: ++ - Support -a option for attributes ++ - Add --key-algorithm option ++ ++ * tpm2_encodeobject: Use the correct -O option instead of -C ++ ++ * tpm2_unseal: Add qualifier static to enhance the privacy of unseal function ++ ++ * tpm2_sign: ++ - Remove -m option which was added mistakenly ++ - Revert sm2 sign and verifysignature ++ ++ * tpm2_createek: ++ - Correct man page example ++ - Fix usage of nonce ++ - Fix integrating nonce ++ ++ * tpm2_clear: add more details about the action ++ ++ * tpm2_startauthsession: allow the file attribute for policy authorization. ++ ++ * tpm2_getekcertificate: Add AMD EK support ++ ++ * tpm2_ecdhzgen: Add public-key parameter ++ ++ * tpm2_nvreadpublic: Prevent free of unallocated pointers on failure ++ ++ * Bug-fixes: ++ ++ * The readthedocs build failed with module 'jinja2' has no attribute 'contextfilter' ++ a requirement file was added to fix this problem ++ ++ * An error caused by the flags -flto -_FORTIFY_SOURCE=3 in kdfa implementation. ++ This error can be avoided by switching off the optimization with pragma ++ ++ * Changed wrong function name of "Esys_Load" to "Esys_Load" ++ ++ * Function names beginning with Esys_ are wrongly written as Eys_ ++ ++ * Reading and writing a serialized persistent ESYS_TR handles ++ ++ * cirrus-ci update image-family to freebsd-13-2 from 13-1 ++ ++ * misc: ++ - Change the default Python version to Python3 in the helper's code ++ ++ - Skip test which uses the sign operator for comparison in abrmd_policynv.sh ++ ++ - tools/tr_encode: Add a tool that can encode serialized ESYS_TR for persistent handles ++ from the TPM2B_PUBLIC and the raw persistent TPM2_HANDLE ++ ++ + ## 5.5 - 2022-02-13 + + ### Added +@@ -51,7 +161,7 @@ Starting with release 5.4, The format is based on [Keep a Changelog](http://keep + * tpm2_policyauthorize: + - Added option **--cphash** to output the cpHash for the command + TPM2_CC_PolicyAuthorize. +- ++ + * tpm2_print: + - Support printing serialized ESYS_TR's + +@@ -106,18 +216,18 @@ Starting with release 5.4, The format is based on [Keep a Changelog](http://keep + + * tpm2_import: fix an issue where openssl load function resets a specified + scheme with TPM2_ALG_NULL. +- ++ + * tpm2_sign, tpm2_verifysignature: fixes for sm2 signing and verification. +- ++ + * Support alternative ECC curves for which default EK templates exist + (NIST_P256, NIST_P384, NIST_P521, and SM2_P256). +- ++ + * tools/misc/tpm2_checkquote: add sm2 verification of signature. + + * tpm2_startauthsession: + - Added option **-G**, **--key-algorithm=ALGORITHM** to specify the + symmetric algorithm used in parameter encryption/decryption. +- ++ + * tpm2_certify: + - Added option **\--scheme**=_ALGORITHM_ for supporting signature schemes. + Signing schemes should follow the "formatting standards", see section +@@ -264,7 +374,7 @@ Starting with release 5.4, The format is based on [Keep a Changelog](http://keep + * tpm2_pcrreset: + - Added option **--cphash** to output the cpHash for the command + TPM2_CC_PCR_Reset. +- ++ + * tpm2_pcrread: + - Added option **--cphash** to output the cpHash for the command + TPM2_CC_PCR_Read. +@@ -272,7 +382,7 @@ Starting with release 5.4, The format is based on [Keep a Changelog](http://keep + * tpm2_pcrevent: + - Added option **--cphash** to output the cpHash for the command + TPM2_CC_PCR_Event. +- ++ + * tpm2_pcrallocate: + - Added option **--cphash** to output the cpHash for the command + TPM2_CC_PCR_Allocate. +@@ -299,11 +409,11 @@ Starting with release 5.4, The format is based on [Keep a Changelog](http://keep + * tpm2_ecephemeral: + - Added option **--cphash** to output the cpHash for the command + TPM2_CC_EC_Ephemeral. +- ++ + * tpm2_ecdhzgen: + - Added option **--cphash** to output the cpHash for the command + TPM2_CC_ECDH_ZGen. +- ++ + * tpm2_load: + - Added capability to load pem files in TSS2-Private-Key format for + interoperability with tpm2-tss-engine, tpm2-openssl provider, +@@ -340,7 +450,7 @@ Starting with release 5.4, The format is based on [Keep a Changelog](http://keep + - Added option **\--with-policydelete** when calculating cpHash with + **\--tcti=none** there is no way to know if the attribute + TPMA_NV_POLICYDELETE has been set from the NV index name alone. +- ++ + * tpm2_nvreadlock: + - Added option **\--rphash**=_FILE_ to specify file path to record the + hash of the response parameters. This is commonly termed as rpHash. +@@ -852,7 +962,7 @@ Starting with release 5.4, The format is based on [Keep a Changelog](http://keep + * Default hash algorithm is now sha256. Prior versions claimed sha1, but were + inconsistent in choice. Best practice is to specify the hash algorithm to + avoid suprises. +- ++ + * tpm2_tools and tss2_tools are now a busybox style commandlet. Ie + tpm2\_getrandom becomes tpm2 getrandom. make install will install symlinks + to the old tool names and the tpm2 commandlet will interogate argv[0] for +diff --git a/docs/MAINTAINERS.md b/docs/MAINTAINERS.md +index 7f64aa7..2693058 100644 +--- a/docs/MAINTAINERS.md ++++ b/docs/MAINTAINERS.md +@@ -1,5 +1,5 @@ + ## Maintainers +- ++* Ajay Kishore + * Juergen Repp + * Andreas Fuchs + * William Roberts +diff --git a/docs/RELEASE.md b/docs/RELEASE.md +index fdae85f..721796e 100644 +--- a/docs/RELEASE.md ++++ b/docs/RELEASE.md +@@ -136,10 +136,15 @@ Version tags after v1.1.0 shall be signed. + Valid known public keys can be reached by + referencing the annotated tags listed below: + +-- william-roberts-pub +-- javier-martinez-pub +-- joshua-lock-pub +-- idesai-pub ++| Tag | Fingerprint | ++| ------------- | ------------- | ++| idesai-pub | [6313e6dc41aafc315a8760a414986f6944b1f72b](https://keys.openpgp.org/vks/v1/by-fingerprint/6313E6DC41AAFC315A8760A414986F6944B1F72B) | ++| william-roberts-pub | [5b482b8e3e19da7c978e1d016de2e9078e1f50c1](https://keys.openpgp.org/vks/v1/by-fingerprint/5B482B8E3E19DA7C978E1D016DE2E9078E1F50C1)| ++| javier-martinez-pub | [D75ED7AA24E50CD645C6F457C751E590D63F3D69](https://keys.openpgp.org/vks/v1/by-fingerprint/D75ED7AA24E50CD645C6F457C751E590D63F3D69)| ++| joshua-lock-pub | [5BEC526CE3A61CAF07E7A7DA49BCAE5443FFFC34](https://keys.openpgp.org/vks/v1/by-fingerprint/5BEC526CE3A61CAF07E7A7DA49BCAE5443FFFC34)| ++| ajay-kish-pub |[6f72a30eea41b9b548570ad20d0db2b265493e29](http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6f72a30eea41b9b548570ad20d0db2b265493e29)| ++| juergen-repp-pub |[7A8F470DA9C8B2CACED1DBAAF1B152D9441A2563](https://keys.openpgp.org/vks/v1/by-fingerprint/7A8F470DA9C8B2CACED1DBAAF1B152D9441A2563)| ++| andreas-fuchs-pub |[D533275B0123D0A679F51FF48F4F9A45D7FFEE74](https://keys.openpgp.org/vks/v1/by-fingerprint/D533275B0123D0A679F51FF48F4F9A45D7FFEE74)| + + or via a PGP public keyring server like: + - http://keyserver.pgp.com/vkd/GetWelcomeScreen.event +diff --git a/install-sh b/install-sh +index 8175c64..ec298b5 100755 +--- a/install-sh ++++ b/install-sh +@@ -1,7 +1,7 @@ + #!/bin/sh + # install - install a program, script, or datafile + +-scriptversion=2018-03-11.20; # UTC ++scriptversion=2020-11-14.01; # UTC + + # This originates from X11R5 (mit/util/scripts/install.sh), which was + # later released in X11R6 (xc/config/util/install.sh) with the +@@ -69,6 +69,11 @@ posix_mkdir= + # Desired mode of installed file. + mode=0755 + ++# Create dirs (including intermediate dirs) using mode 755. ++# This is like GNU 'install' as of coreutils 8.32 (2020). ++mkdir_umask=22 ++ ++backupsuffix= + chgrpcmd= + chmodcmd=$chmodprog + chowncmd= +@@ -99,18 +104,28 @@ Options: + --version display version info and exit. + + -c (ignored) +- -C install only if different (preserve the last data modification time) ++ -C install only if different (preserve data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. ++ -p pass -p to $cpprog. + -s $stripprog installed files. ++ -S SUFFIX attempt to back up existing files, with suffix SUFFIX. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + + Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG ++ ++By default, rm is invoked with -f; when overridden with RMPROG, ++it's up to you to specify -f if you want it. ++ ++If -S is not specified, no backups are attempted. ++ ++Email bug reports to bug-automake@gnu.org. ++Automake home page: https://www.gnu.org/software/automake/ + " + + while test $# -ne 0; do +@@ -137,8 +152,13 @@ while test $# -ne 0; do + -o) chowncmd="$chownprog $2" + shift;; + ++ -p) cpprog="$cpprog -p";; ++ + -s) stripcmd=$stripprog;; + ++ -S) backupsuffix="$2" ++ shift;; ++ + -t) + is_target_a_directory=always + dst_arg=$2 +@@ -255,6 +275,10 @@ do + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? ++ # Don't chown directories that already exist. ++ if test $dstdir_status = 0; then ++ chowncmd="" ++ fi + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command +@@ -301,22 +325,6 @@ do + if test $dstdir_status != 0; then + case $posix_mkdir in + '') +- # Create intermediate dirs using mode 755 as modified by the umask. +- # This is like FreeBSD 'install' as of 1997-10-28. +- umask=`umask` +- case $stripcmd.$umask in +- # Optimize common cases. +- *[2367][2367]) mkdir_umask=$umask;; +- .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; +- +- *[0-7]) +- mkdir_umask=`expr $umask + 22 \ +- - $umask % 100 % 40 + $umask % 20 \ +- - $umask % 10 % 4 + $umask % 2 +- `;; +- *) mkdir_umask=$umask,go-w;; +- esac +- + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then +@@ -326,52 +334,49 @@ do + fi + + posix_mkdir=false +- case $umask in +- *[123567][0-7][0-7]) +- # POSIX mkdir -p sets u+wx bits regardless of umask, which +- # is incompatible with FreeBSD 'install' when (umask & 300) != 0. +- ;; +- *) +- # Note that $RANDOM variable is not portable (e.g. dash); Use it +- # here however when possible just to lower collision chance. +- tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ +- +- trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0 +- +- # Because "mkdir -p" follows existing symlinks and we likely work +- # directly in world-writeable /tmp, make sure that the '$tmpdir' +- # directory is successfully created first before we actually test +- # 'mkdir -p' feature. +- if (umask $mkdir_umask && +- $mkdirprog $mkdir_mode "$tmpdir" && +- exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 +- then +- if test -z "$dir_arg" || { +- # Check for POSIX incompatibilities with -m. +- # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or +- # other-writable bit of parent directory when it shouldn't. +- # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. +- test_tmpdir="$tmpdir/a" +- ls_ld_tmpdir=`ls -ld "$test_tmpdir"` +- case $ls_ld_tmpdir in +- d????-?r-*) different_mode=700;; +- d????-?--*) different_mode=755;; +- *) false;; +- esac && +- $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { +- ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` +- test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" +- } +- } +- then posix_mkdir=: +- fi +- rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" +- else +- # Remove any dirs left behind by ancient mkdir implementations. +- rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null +- fi +- trap '' 0;; +- esac;; ++ # The $RANDOM variable is not portable (e.g., dash). Use it ++ # here however when possible just to lower collision chance. ++ tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ ++ ++ trap ' ++ ret=$? ++ rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null ++ exit $ret ++ ' 0 ++ ++ # Because "mkdir -p" follows existing symlinks and we likely work ++ # directly in world-writeable /tmp, make sure that the '$tmpdir' ++ # directory is successfully created first before we actually test ++ # 'mkdir -p'. ++ if (umask $mkdir_umask && ++ $mkdirprog $mkdir_mode "$tmpdir" && ++ exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 ++ then ++ if test -z "$dir_arg" || { ++ # Check for POSIX incompatibilities with -m. ++ # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or ++ # other-writable bit of parent directory when it shouldn't. ++ # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ++ test_tmpdir="$tmpdir/a" ++ ls_ld_tmpdir=`ls -ld "$test_tmpdir"` ++ case $ls_ld_tmpdir in ++ d????-?r-*) different_mode=700;; ++ d????-?--*) different_mode=755;; ++ *) false;; ++ esac && ++ $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { ++ ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` ++ test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" ++ } ++ } ++ then posix_mkdir=: ++ fi ++ rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" ++ else ++ # Remove any dirs left behind by ancient mkdir implementations. ++ rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null ++ fi ++ trap '' 0;; + esac + + if +@@ -382,7 +387,7 @@ do + then : + else + +- # The umask is ridiculous, or mkdir does not conform to POSIX, ++ # mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + +@@ -411,7 +416,7 @@ do + prefixes= + else + if $posix_mkdir; then +- (umask=$mkdir_umask && ++ (umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 +@@ -451,7 +456,18 @@ do + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. +- (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && ++ (umask $cp_umask && ++ { test -z "$stripcmd" || { ++ # Create $dsttmp read-write so that cp doesn't create it read-only, ++ # which would cause strip to fail. ++ if test -z "$doit"; then ++ : >"$dsttmp" # No need to fork-exec 'touch'. ++ else ++ $doit touch "$dsttmp" ++ fi ++ } ++ } && ++ $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # +@@ -477,6 +493,13 @@ do + then + rm -f "$dsttmp" + else ++ # If $backupsuffix is set, and the file being installed ++ # already exists, attempt a backup. Don't worry if it fails, ++ # e.g., if mv doesn't support -f. ++ if test -n "$backupsuffix" && test -f "$dst"; then ++ $doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null ++ fi ++ + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + +@@ -491,9 +514,9 @@ do + # file should still install successfully. + { + test ! -f "$dst" || +- $doit $rmcmd -f "$dst" 2>/dev/null || ++ $doit $rmcmd "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && +- { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } ++ { $doit $rmcmd "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 +diff --git a/lib/config.h.in b/lib/config.h.in +index a39de75..6e9095d 100644 +--- a/lib/config.h.in ++++ b/lib/config.h.in +@@ -19,6 +19,9 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_DLFCN_H + ++/* Define to 1 if you have the header file. */ ++#undef HAVE_EFIVAR_EFIVAR_H ++ + /* Support EVP_sm3 in openssl */ + #undef HAVE_EVP_SM3 + +@@ -28,12 +31,12 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_INTTYPES_H + +-/* Define to 1 if you have the header file. */ +-#undef HAVE_MEMORY_H +- + /* Define to 1 if you have the header file. */ + #undef HAVE_STDINT_H + ++/* Define to 1 if you have the header file. */ ++#undef HAVE_STDIO_H ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_STDLIB_H + +@@ -79,7 +82,9 @@ + /* Define to the version of this package. */ + #undef PACKAGE_VERSION + +-/* Define to 1 if you have the ANSI C header files. */ ++/* Define to 1 if all of the C90 standard headers exist (not just the ones ++ required in a freestanding environment). This macro is provided for ++ backward compatibility; new code need not use it. */ + #undef STDC_HEADERS + + /* Version number of package */ +diff --git a/lib/efi_event.h b/lib/efi_event.h +index cc2ffc9..e1b2955 100644 +--- a/lib/efi_event.h ++++ b/lib/efi_event.h +@@ -45,6 +45,7 @@ + #define EV_EFI_HANDOFF_TABLES2 EV_EFI_EVENT_BASE + 0xb + #define EV_EFI_VARIABLE_BOOT2 EV_EFI_EVENT_BASE + 0xc + ++#define EV_EFI_HCRTM_EVENT EV_EFI_EVENT_BASE + 0x10 + #define EV_EFI_VARIABLE_AUTHORITY EV_EFI_EVENT_BASE + 0xe0 + + #ifndef PACKED +diff --git a/lib/files.c b/lib/files.c +index ca09dcd..6828770 100644 +--- a/lib/files.c ++++ b/lib/files.c +@@ -45,7 +45,7 @@ static const UINT32 MAGIC = 0xBADCC0DE; + * @return + * True on success, False otherwise. + */ +-static bool writex(FILE *f, UINT8 *data, size_t size) { ++static bool writex(FILE *f, const UINT8 *data, size_t size) { + + size_t wrote = 0; + size_t index = 0; +@@ -273,11 +273,11 @@ out: + } + + tool_rc files_save_tpm_context_to_file(ESYS_CONTEXT *ectx, ESYS_TR handle, +- FILE *stream) { ++ FILE *stream, bool autoflush) { + + TPMS_CONTEXT *context = NULL; + +- tool_rc rc = tpm2_context_save(ectx, handle, &context); ++ tool_rc rc = tpm2_context_save(ectx, handle, autoflush, &context); + if (rc != tool_rc_success) { + return rc; + } +@@ -288,7 +288,7 @@ tool_rc files_save_tpm_context_to_file(ESYS_CONTEXT *ectx, ESYS_TR handle, + } + + tool_rc files_save_tpm_context_to_path(ESYS_CONTEXT *context, ESYS_TR handle, +- const char *path) { ++ const char *path, bool autoflush) { + + FILE *f = fopen(path, "w+b"); + if (!f) { +@@ -297,7 +297,7 @@ tool_rc files_save_tpm_context_to_path(ESYS_CONTEXT *context, ESYS_TR handle, + return tool_rc_general_error; + } + +- tool_rc rc = files_save_tpm_context_to_file(context, handle, f); ++ tool_rc rc = files_save_tpm_context_to_file(context, handle, f, autoflush); + fclose(f); + return rc; + } +@@ -574,7 +574,7 @@ bool files_read_bytes_chunk(FILE *out, UINT8 bytes[], size_t len, size_t *read_l + return (chunk_len == len); + } + +-bool files_write_bytes(FILE *out, uint8_t bytes[], size_t len) { ++bool files_write_bytes(FILE *out, const uint8_t *bytes, size_t len) { + + BAIL_ON_NULL("FILE", out); + BAIL_ON_NULL("bytes", bytes); +@@ -802,19 +802,18 @@ tool_rc files_tpm2b_attest_to_tpms_attest(TPM2B_ATTEST *quoted, TPMS_ATTEST *att + return tool_rc_success; + } + +-tool_rc files_load_unique_data(const char *file_path, +-TPM2B_PUBLIC *public_data) { +- ++tool_rc files_load_unique_data(const char *file_path, TPM2B_PUBLIC *public_data) { + /* +- * TPM2_MAX_RSA_KEY_BYTES which expands to 512 bytes is the maximum unique +- * size for RSA and other key types. ++ * When loading from a file_path (as opposed to stdin), we are ++ * reading the raw TPMU_PUBLIC_ID union contents, aka the ++ * whole publicArea.unique field. + * +- * Additionally this may still prove to be a bigger value than what has been +- * implemented in a TPM. For example the value of MAX_RSA_KEY_BYTES is 256 +- * for ibmSimulator as specified in implementation.h ++ * When loading from stdin, we're reading a subset of the ++ * TPMU_PUBLIC_ID union fields, varying according to the ++ * key type. + */ +- UINT16 unique_size = TPM2_MAX_RSA_KEY_BYTES; +- uint8_t file_data[TPM2_MAX_RSA_KEY_BYTES]; ++ UINT16 unique_size = sizeof(public_data->publicArea.unique); ++ uint8_t file_data[sizeof(public_data->publicArea.unique)]; + bool result = files_load_bytes_from_buffer_or_file_or_stdin(NULL, + file_path, &unique_size, file_data); + if (!result) { +@@ -833,6 +832,10 @@ TPM2B_PUBLIC *public_data) { + + /* Unstructured stdin unique data paired with a RSA object */ + if (public_data->publicArea.type == TPM2_ALG_RSA) { ++ if (unique_size > TPM2_MAX_RSA_KEY_BYTES) { ++ LOG_ERR("Unique data too big for RSA object's allowed unique size"); ++ return tool_rc_general_error; ++ } + public_data->publicArea.unique.rsa.size = unique_size; + memcpy(&public_data->publicArea.unique.rsa.buffer, file_data, + unique_size); +diff --git a/lib/files.h b/lib/files.h +index b241126..3ade0f6 100644 +--- a/lib/files.h ++++ b/lib/files.h +@@ -84,12 +84,14 @@ bool files_save_bytes_to_file(const char *path, UINT8 *buf, UINT16 size); + * The object handle for the object to save. + * @param path + * The output path of the file. ++ * @param autoflush ++ * Flush the tpm object after context save. + * + * @return + * tool_rc indicating status. + */ + tool_rc files_save_tpm_context_to_path(ESYS_CONTEXT *context, ESYS_TR handle, +- const char *path); ++ const char *pathm, bool autoflush); + + /** + * Like files_save_tpm_context_to_path() but saves a tpm session to a FILE stream. +@@ -99,11 +101,13 @@ tool_rc files_save_tpm_context_to_path(ESYS_CONTEXT *context, ESYS_TR handle, + * The object handle for the object to save. + * @param stream + * The FILE stream to save too. ++ * @param autoflush ++ * Flush the tpm object after context save. + * @return + * tool_rc indicating status. + */ + tool_rc files_save_tpm_context_to_file(ESYS_CONTEXT *context, ESYS_TR handle, +- FILE *stream); ++ FILE *stream, bool autoflush); + + /** + * Loads a ESAPI TPM object context from disk or an ESAPI serialized ESYS_TR object. +@@ -534,7 +538,7 @@ bool files_write_64(FILE *out, UINT64 data); + * @return + * True on success, False otherwise. + */ +-bool files_write_bytes(FILE *out, UINT8 data[], size_t size); ++bool files_write_bytes(FILE *out, const UINT8 *data, size_t size); + + /** + * Reads a 16 bit value from a file converting from big endian to host +diff --git a/lib/object.c b/lib/object.c +index 0615071..1d6cd42 100644 +--- a/lib/object.c ++++ b/lib/object.c +@@ -257,7 +257,7 @@ tool_rc tpm2_util_object_fetch_priv_pub_from_tpk(const char *objectstr, + LOG_ERR("Error deserializing TSS Privkey Object"); + goto ret; + } +- ++ + rc = Tss2_MU_TPM2B_PUBLIC_Unmarshal(tpk->pubkey->data, pub_len, + NULL, pub); + if (rc != tool_rc_success) { +@@ -336,7 +336,18 @@ static tool_rc tpm2_util_object_do_ctx_file(ESYS_CONTEXT *ctx, + /* assign a dummy transient handle */ + outobject->handle = TPM2_TRANSIENT_FIRST; + outobject->path = objectstr; +- return files_load_tpm_context_from_file(ctx, &outobject->tr_handle, f); ++ tool_rc rc = files_load_tpm_context_from_file(ctx, &outobject->tr_handle, f); ++ if (rc != tool_rc_success) { ++ return rc; ++ } ++ ++ TSS2_RC rval = Esys_TR_GetTpmHandle(ctx, outobject->tr_handle, &outobject->handle); ++ if (rval != TPM2_RC_SUCCESS) { ++ LOG_ERR("Failed to acquire SAPI handle"); ++ return tool_rc_general_error; ++ } ++ ++ return tool_rc_success; + } + + static tool_rc tpm2_util_object_load2(ESYS_CONTEXT *ctx, const char *objectstr, +diff --git a/lib/pcr.c b/lib/pcr.c +index 02fa0b7..9aa5fbf 100644 +--- a/lib/pcr.c ++++ b/lib/pcr.c +@@ -33,7 +33,7 @@ bool pcr_get_id(const char *arg, UINT32 *pcr_id) { + } + + static bool pcr_parse_list(const char *str, size_t len, +- TPMS_PCR_SELECTION *pcr_select) { ++ TPMS_PCR_SELECTION *pcr_select, tpm2_forward *forward) { + char buf[4]; + const char *current_string; + int current_length; +@@ -54,7 +54,7 @@ static bool pcr_parse_list(const char *str, size_t len, + pcr_select->pcrSelect[2] = 0xff; + return true; + } +- ++ + if (!strncmp(str, "none", 4)) { + pcr_select->pcrSelect[0] = 0x00; + pcr_select->pcrSelect[1] = 0x00; +@@ -63,6 +63,12 @@ static bool pcr_parse_list(const char *str, size_t len, + } + + do { ++ char dgst_buf[sizeof(TPMU_HA) * 2 + 1]; ++ const char *dgst;; ++ int dgst_len = 0; ++ UINT16 dgst_size; ++ int pcr_len; ++ + current_string = str; + str = memchr(current_string, ',', len); + if (str) { +@@ -74,24 +80,60 @@ static bool pcr_parse_list(const char *str, size_t len, + len = 0; + } + +- if ((size_t) current_length > sizeof(buf) - 1) { ++ dgst = memchr(current_string, '=', current_length); ++ if (dgst && ((str == NULL) || (str && dgst < str))) { ++ pcr_len = dgst - current_string; ++ dgst++; ++ if (str) { ++ dgst_len = str - dgst - 1; ++ } else { ++ dgst_len = current_length - pcr_len - 1; ++ } ++ } else { ++ dgst = NULL; ++ pcr_len = current_length; ++ } ++ ++ if ((size_t) pcr_len > sizeof(buf) - 1) { + return false; + } + +- snprintf(buf, current_length + 1, "%s", current_string); ++ snprintf(buf, pcr_len + 1, "%s", current_string); + + if (!pcr_get_id(buf, &pcr)) { + return false; + } + + pcr_select->pcrSelect[pcr / 8] |= (1 << (pcr % 8)); ++ if (dgst && !forward) { ++ return false; ++ } ++ ++ if (dgst) { ++ if (strncmp(dgst, "0x", 2) == 0) { ++ dgst += 2; ++ dgst_len -= 2; ++ } ++ ++ dgst_size = tpm2_alg_util_get_hash_size(pcr_select->hash); ++ if (dgst_size * 2 != dgst_len) { ++ return false; ++ } ++ ++ snprintf(dgst_buf, sizeof(dgst_buf), "%.*s", dgst_len, dgst); ++ if (tpm2_util_hex_to_byte_structure(dgst_buf, &dgst_size, ++ (BYTE *)&forward->pcrs[pcr]) != 0) { ++ return false; ++ } ++ forward->pcr_selection.pcrSelect[pcr / 8] |= (1 << (pcr % 8)); ++ } + } while (str); + + return true; + } + + static bool pcr_parse_selection(const char *str, size_t len, +- TPMS_PCR_SELECTION *pcr_select) { ++ TPMS_PCR_SELECTION *pcr_select, tpm2_forward *forward) { + const char *left_string; + char buf[9]; + +@@ -116,13 +158,18 @@ static bool pcr_parse_selection(const char *str, size_t len, + return false; + } + ++ if (forward) { ++ forward->pcr_selection.hash = pcr_select->hash; ++ } ++ + left_string++; + + if ((size_t) (left_string - str) >= len) { + return false; + } + +- if (!pcr_parse_list(left_string, str + len - left_string, pcr_select)) { ++ if (!pcr_parse_list(left_string, str + len - left_string, pcr_select, ++ forward)) { + return false; + } + +@@ -418,7 +465,8 @@ bool pcr_print_pcr_selections(TPML_PCR_SELECTION *pcr_selections) { + return true; + } + +-bool pcr_parse_selections(const char *arg, TPML_PCR_SELECTION *pcr_select) { ++bool pcr_parse_selections(const char *arg, TPML_PCR_SELECTION *pcr_select, ++ tpm2_forwards *forwards) { + const char *left_string = arg; + const char *current_string = arg; + int current_length = 0; +@@ -428,6 +476,9 @@ bool pcr_parse_selections(const char *arg, TPML_PCR_SELECTION *pcr_select) { + } + + pcr_select->count = 0; ++ if (forwards) { ++ forwards->count = 0; ++ } + + do { + current_string = left_string; +@@ -440,10 +491,14 @@ bool pcr_parse_selections(const char *arg, TPML_PCR_SELECTION *pcr_select) { + current_length = strlen(current_string); + + if (!pcr_parse_selection(current_string, current_length, +- &pcr_select->pcrSelections[pcr_select->count])) ++ &pcr_select->pcrSelections[pcr_select->count], ++ forwards ? &forwards->bank[forwards->count] : NULL)) + return false; + + pcr_select->count++; ++ if (forwards) { ++ forwards->count++; ++ } + } while (left_string); + + if (pcr_select->count == 0) { +diff --git a/lib/pcr.h b/lib/pcr.h +index bd76116..c584c7d 100644 +--- a/lib/pcr.h ++++ b/lib/pcr.h +@@ -23,6 +23,16 @@ struct tpm2_pcrs { + TPML_DIGEST pcr_values[TPM2_MAX_PCRS]; + }; + ++typedef struct tpm2_forward { ++ TPMS_PCR_SELECTION pcr_selection; ++ TPMU_HA pcrs[TPM2_MAX_PCRS]; ++} tpm2_forward; ++ ++typedef struct tpm2_forwards { ++ size_t count; ++ struct tpm2_forward bank[TPM2_NUM_PCR_BANKS]; ++} tpm2_forwards; ++ + /** + * Echo out all PCR banks according to g_pcrSelection & g_pcrs->. + * @param pcrSelect +@@ -90,7 +100,8 @@ bool pcr_fwrite_values(const TPML_PCR_SELECTION *pcr_select, + bool pcr_fwrite_serialized(const TPML_PCR_SELECTION *pcr_select, + const tpm2_pcrs *pcrs, FILE *output_file); + +-bool pcr_parse_selections(const char *arg, TPML_PCR_SELECTION *pcr_selections); ++bool pcr_parse_selections(const char *arg, TPML_PCR_SELECTION *pcr_selections, ++ tpm2_forwards *forwards); + + tool_rc pcr_get_banks(ESYS_CONTEXT *esys_context, + TPMS_CAPABILITY_DATA *capability_data, tpm2_algorithm *algs); +diff --git a/lib/tpm2.c b/lib/tpm2.c +index 93b2322..6098f7a 100644 +--- a/lib/tpm2.c ++++ b/lib/tpm2.c +@@ -313,14 +313,30 @@ tpm2_nvread_skip_esapi_call: + } + + tool_rc tpm2_context_save(ESYS_CONTEXT *esys_context, ESYS_TR save_handle, +- TPMS_CONTEXT **context) { ++ bool autoflush, TPMS_CONTEXT **context) { + + TSS2_RC rval = Esys_ContextSave(esys_context, save_handle, context); ++ TPM2_HANDLE tpm_handle; + if (rval != TSS2_RC_SUCCESS) { + LOG_PERR(Esys_ContextSave, rval); + return tool_rc_from_tpm(rval); + } + ++ if (autoflush || tpm2_util_env_yes(TPM2TOOLS_ENV_AUTOFLUSH)) { ++ rval = Esys_TR_GetTpmHandle(esys_context, save_handle, &tpm_handle); ++ if (rval != TSS2_RC_SUCCESS) { ++ LOG_PERR(Esys_TR_GetTpmHandle, rval); ++ return tool_rc_from_tpm(rval); ++ } ++ if ((tpm_handle & TPM2_HR_RANGE_MASK) == TPM2_HR_TRANSIENT) { ++ TSS2_RC rval = Esys_FlushContext(esys_context, save_handle); ++ if (rval != TPM2_RC_SUCCESS) { ++ LOG_PERR(Eys_ContextFlush, rval); ++ return false; ++ } ++ } ++ } ++ + return tool_rc_success; + } + +@@ -500,7 +516,7 @@ tool_rc tpm2_policy_restart(ESYS_CONTEXT *esys_context, ESYS_TR session_handle, + LOG_ERR("Failed to acquire SAPI handle"); + return tool_rc_general_error; + } +- ++ + TPM2B_NAME name1 = { 0 }; + name1.size = sizeof(TPM2_HANDLE); + rval = Tss2_MU_TPM2_HANDLE_Marshal(sapi_policy_session, name1.name, +@@ -641,7 +657,7 @@ tool_rc tpm2_pcr_read(ESYS_CONTEXT *esys_context, ESYS_TR shandle1, + + goto tpm2_pcrread_skip_esapi_call; + } +- ++ + rval = Esys_PCR_Read(esys_context, shandle1, shandle2, shandle3, + pcr_selection_in, pcr_update_counter, pcr_selection_out, pcr_values); + if (rval != TSS2_RC_SUCCESS) { +@@ -2395,7 +2411,7 @@ tpm2_certify_free_name1: + signingkey_session_handle, shandle3, qualifying_data, scheme, + certify_info, signature); + if (rval != TPM2_RC_SUCCESS) { +- LOG_PERR(Eys_Certify, rval); ++ LOG_PERR(Esys_Certify, rval); + rc = tool_rc_from_tpm(rval); + + return rc; +@@ -2537,7 +2553,7 @@ tpm2_load_free_name1: + parent_object_session_handle, ESYS_TR_NONE, ESYS_TR_NONE, in_private, + in_public, object_handle); + if (rval != TPM2_RC_SUCCESS) { +- LOG_PERR(Eys_Load, rval); ++ LOG_PERR(Esys_Load, rval); + return tool_rc_from_tpm(rval); + } + +@@ -4445,7 +4461,7 @@ tpm2_sign_free_name1: + signingkey_obj_session_handle, ESYS_TR_NONE, ESYS_TR_NONE, digest, + in_scheme, validation, signature); + if (rval != TPM2_RC_SUCCESS) { +- LOG_PERR(Eys_Sign, rval); ++ LOG_PERR(Esys_Sign, rval); + rc = tool_rc_from_tpm(rval); + return rc; + } +@@ -5609,7 +5625,7 @@ tool_rc tpm2_ecephemeral(ESYS_CONTEXT *esys_context, TPMI_ECC_CURVE curve_id, + LOG_PERR(Tss2_Sys_EC_Ephemeral_Prepare, rval); + return tool_rc_general_error; + } +- ++ + rc = tpm2_sapi_getcphash(sys_context, NULL, NULL, NULL, + parameter_hash_algorithm, cp_hash); + /* +@@ -5617,8 +5633,8 @@ tool_rc tpm2_ecephemeral(ESYS_CONTEXT *esys_context, TPMI_ECC_CURVE curve_id, + */ + goto tpm2_ecephemeral_skip_esapi_call; + } +- +- ++ ++ + rval = Esys_EC_Ephemeral(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, + ESYS_TR_NONE, curve_id, Q, counter); + if (rval != TSS2_RC_SUCCESS) { +diff --git a/lib/tpm2.h b/lib/tpm2.h +index 52a8956..67940c0 100644 +--- a/lib/tpm2.h ++++ b/lib/tpm2.h +@@ -41,7 +41,7 @@ tool_rc tpm2_nv_read(ESYS_CONTEXT *esys_context, + TPMI_ALG_HASH parameter_hash_algorithm, ESYS_TR shandle2, ESYS_TR shandle3); + + tool_rc tpm2_context_save(ESYS_CONTEXT *esys_context, ESYS_TR save_handle, +- TPMS_CONTEXT **context); ++ bool autoflush, TPMS_CONTEXT **context); + + tool_rc tpm2_context_load(ESYS_CONTEXT *esys_context, + const TPMS_CONTEXT *context, ESYS_TR *loaded_handle); +diff --git a/lib/tpm2_auth_util.c b/lib/tpm2_auth_util.c +index 857d8b8..8fe6425 100644 +--- a/lib/tpm2_auth_util.c ++++ b/lib/tpm2_auth_util.c +@@ -7,6 +7,7 @@ + #include + #include + #include ++#include + + #include "files.h" + #include "log.h" +@@ -32,6 +33,14 @@ + #define PCR_PREFIX "pcr:" + #define PCR_PREFIX_LEN sizeof(PCR_PREFIX) - 1 + ++static struct termios old; ++ ++/* When the program is interrupted during callbacks, ++ * restore the old termios state (with ICANON and ECHO) */ ++static void signal_termio_restore(__attribute__((unused)) int signumber) { ++ tcsetattr (STDIN_FILENO, TCSANOW, &old); ++} ++ + static bool handle_hex_password(const char *password, TPM2B_AUTH *auth) { + + /* if it is hex, then skip the prefix */ +@@ -48,6 +57,88 @@ static bool handle_hex_password(const char *password, TPM2B_AUTH *auth) { + return true; + } + ++bool handle_password(const char *password, TPM2B_AUTH *auth); ++ ++static tool_rc get_auth_for_file_param(const char* password, TPM2B_AUTH *auth) { ++ const char* path = password; ++ size_t size = (sizeof(auth->buffer) * 2) + HEX_PREFIX_LEN + 2; ++ bool is_a_tty = isatty(STDIN_FILENO); ++ ++ /* Allocating one extra byte for \0 termination safety */ ++ UINT8 *buffer = calloc(1, size + 1); ++ if (!buffer) { ++ LOG_ERR("oom"); ++ return tool_rc_general_error; ++ } ++ buffer[size] = '\0'; ++ ++ if (path) { ++ path = strcmp("-", path) ? path : NULL; ++ } ++ if (!is_a_tty || path) { ++ UINT16 fsize = size - 1; ++ bool ret = files_load_bytes_from_buffer_or_file_or_stdin(NULL, path, ++ &fsize, buffer); ++ if (!ret) { ++ free(buffer); ++ return tool_rc_general_error; ++ } ++ size = fsize; ++ ++ } else { ++ /* ++ * It is a TTY and we're reading from stdin. ++ * Prompt the user for the password with echoing ++ * disabled. ++ */ ++ struct termios new; ++ tcgetattr (STDIN_FILENO, &old); ++ new = old; ++ new.c_lflag &= ~(ICANON | ECHO); ++ struct sigaction signal_action; ++ memset (&signal_action, 0, sizeof signal_action); ++ signal_action.sa_handler = signal_termio_restore; ++ sigaction (SIGTERM, &signal_action, NULL); ++ sigaction (SIGINT, &signal_action, NULL); ++ tcsetattr (STDIN_FILENO, TCSANOW, &new); ++ ++ printf("Enter Password: "); ++ fflush(stdout); ++ ++ ssize_t read = getline((char **)&buffer, &size, stdin); ++ ++ tcsetattr (STDIN_FILENO, TCSANOW, &old); ++ signal_action.sa_handler = SIG_DFL; ++ sigaction (SIGTERM, &signal_action, NULL); ++ sigaction (SIGINT, &signal_action, NULL); ++ ++ if (read < 0) { ++ LOG_ERR("Could not get stdin, error: \"%s\"", strerror(errno)); ++ free(buffer); ++ return tool_rc_general_error; ++ } ++ size = read; ++ } ++ ++ /* bash here strings and many commands add a trailing newline, if its stdin, kill the newline */ ++ size_t i; ++ for (i = size; i >= 1; i -= 1) { ++ if (buffer[i - 1] == '\n' || buffer[i - 1] == '\r') { ++ buffer[i - 1] = '\0'; ++ } else { ++ break; ++ } ++ } ++ /* from here the buffer has been populated with the password */ ++ bool ret = handle_password((char *) buffer, auth); ++ if (!ret) { ++ free(buffer); ++ return tool_rc_general_error; ++ } ++ free(buffer); ++ return tool_rc_success; ++} ++ + bool handle_str_password(const char *password, TPM2B_AUTH *auth) { + + /* str may or may not have the str: prefix */ +@@ -72,7 +163,18 @@ bool handle_str_password(const char *password, TPM2B_AUTH *auth) { + return true; + } + +-static bool handle_password(const char *password, TPM2B_AUTH *auth) { ++bool handle_password(const char *password, TPM2B_AUTH *auth) { ++ ++ bool is_file = !strncmp(password, FILE_PREFIX, FILE_PREFIX_LEN); ++ ++ if (is_file) { ++ tool_rc rc = get_auth_for_file_param(password + FILE_PREFIX_LEN, auth); ++ if (rc != tool_rc_success) { ++ LOG_ERR("get password"); ++ return false; ++ } ++ return true; ++ } + + bool is_hex = !strncmp(password, HEX_PREFIX, HEX_PREFIX_LEN); + if (is_hex) { +@@ -246,7 +348,7 @@ static tool_rc handle_pcr(ESYS_CONTEXT *ectx, const char *policy, + goto out; + } + +- ret = pcr_parse_selections(pcr_str, &pcrs); ++ ret = pcr_parse_selections(pcr_str, &pcrs, NULL); + if (!ret) { + goto out; + } +@@ -299,7 +401,7 @@ static tool_rc handle_pcr(ESYS_CONTEXT *ectx, const char *policy, + goto out; + } + +- tmp_rc = tpm2_policy_build_pcr(ectx, s, raw_path, &pcrs, NULL); ++ tmp_rc = tpm2_policy_build_pcr(ectx, s, raw_path, &pcrs, NULL, NULL); + if (tmp_rc != tool_rc_success) { + tpm2_session_close(&s); + rc = tmp_rc; +@@ -315,96 +417,19 @@ out: + return rc; + } + +-static tool_rc console_display_echo_control(bool echo) { +- +- struct termios console; +- int rc = tcgetattr(STDIN_FILENO, &console); +- if (rc) { +- return tool_rc_general_error; +- } +- +- if (echo) { +- console.c_lflag |= ECHO; +- } else { +- console.c_lflag &= ~((tcflag_t) ECHO); +- } +- +- rc = tcsetattr(STDIN_FILENO, TCSANOW, &console); +- if (rc) { +- return tool_rc_general_error; +- } +- +- return tool_rc_success; +-} +- + static tool_rc handle_file(ESYS_CONTEXT *ectx, const char *path, + tpm2_session **session) { + + path += FILE_PREFIX_LEN; + path = strcmp("-", path) ? path : NULL; +- + TPM2B_AUTH auth = { 0 }; + +- UINT8 buffer[(sizeof(auth.buffer) * 2) + HEX_PREFIX_LEN + 1] = { 0 }; +- +- /* +- * If path is set or stdin is not a TTY, then read +- * from a path. Note: that "file:" will still go this +- * path and fail as path "" is not valid. +- */ +- bool is_a_tty = isatty(STDIN_FILENO); +- if (!is_a_tty || path) { +- +- UINT16 size = sizeof(buffer) - 1; +- +- bool ret = files_load_bytes_from_buffer_or_file_or_stdin(NULL, path, +- &size, buffer); +- if (!ret) { +- return tool_rc_general_error; +- } ++ tool_rc rc = get_auth_for_file_param(path, &auth); + +- /* bash here strings and many commands add a trailing newline, if its stdin, kill the newline */ +- if (!path && buffer[size - 1] == '\n') { +- buffer[size - 1] = '\0'; +- } +- +- /* +- * It is a TTY and we're reading from stdin. +- * Prompt the user for the password with echoing +- * disabled. +- */ +- } else { +- +- tool_rc rc = console_display_echo_control(false); +- if (rc != tool_rc_success) { +- return rc; +- } +- +- printf("Enter Password: "); +- fflush(stdout); +- +- char *b = (char *) buffer; +- size_t size = sizeof(buffer) - 1; +- +- ssize_t read = getline(&b, &size, stdin); +- if (read < 0) { +- LOG_ERR("Could not get stdin, error: \"%s\"", strerror(errno)); +- } +- +- b[read - 1] = '\0'; +- +- rc = console_display_echo_control(true); +- if (rc != tool_rc_success || read < 0) { +- return tool_rc_general_error; +- } +- } +- +- /* from here the buffer has been populated with the password */ +- bool ret = handle_password((char *) buffer, &auth); +- if (!ret) { +- return tool_rc_general_error; ++ if (rc != tool_rc_success) { ++ LOG_ERR("get password"); ++ return rc; + } +- + return start_hmac_session(ectx, &auth, session); + } + +diff --git a/lib/tpm2_auth_util.h b/lib/tpm2_auth_util.h +index 61744ee..afe0131 100644 +--- a/lib/tpm2_auth_util.h ++++ b/lib/tpm2_auth_util.h +@@ -72,6 +72,6 @@ tool_rc tpm2_auth_util_get_shandle(ESYS_CONTEXT *ectx, ESYS_TR for_auth, + * @return + * Boolean indicating the success of the operation. + */ +-bool handle_str_password(const char *password, TPM2B_AUTH *auth); ++bool handle_password(const char *password, TPM2B_AUTH *auth); + + #endif /* SRC_PASSWORD_UTIL_H_ */ +diff --git a/lib/tpm2_eventlog.c b/lib/tpm2_eventlog.c +index 1b59eee..141f480 100644 +--- a/lib/tpm2_eventlog.c ++++ b/lib/tpm2_eventlog.c +@@ -11,7 +11,7 @@ + #include "tpm2_openssl.h" + + bool digest2_accumulator_callback(TCG_DIGEST2 const *digest, size_t size, +- void *data){ ++ void *data) { + + if (digest == NULL || data == NULL) { + LOG_ERR("neither parameter may be NULL"); +@@ -30,7 +30,8 @@ bool digest2_accumulator_callback(TCG_DIGEST2 const *digest, size_t size, + * hold the digest. The size of the digest is passed to the callback in the + * 'size' parameter. + */ +-bool foreach_digest2(tpm2_eventlog_context *ctx, unsigned pcr_index, TCG_DIGEST2 const *digest, size_t count, size_t size) { ++bool foreach_digest2(tpm2_eventlog_context *ctx, UINT32 eventType, unsigned pcr_index, ++ TCG_DIGEST2 const *digest, size_t count, size_t size, uint8_t locality) { + + if (digest == NULL) { + LOG_ERR("digest cannot be NULL"); +@@ -80,7 +81,15 @@ bool foreach_digest2(tpm2_eventlog_context *ctx, unsigned pcr_index, TCG_DIGEST2 + LOG_WARN("PCR%d algorithm %d unsupported", pcr_index, alg); + } + +- if (pcr && !tpm2_openssl_pcr_extend(alg, pcr, digest->Digest, alg_size)) { ++ if (eventType == EV_EFI_HCRTM_EVENT && pcr && pcr_index == 0) { ++ /* Trusted Platform Module Library Part 1 section 34.3 */ ++ pcr[alg_size - 1] = 0x04; ++ } else if (eventType == EV_NO_ACTION && pcr && pcr_index == 0 && locality > 0 ) { ++ pcr[alg_size - 1] = locality; ++ } ++ ++ if (eventType != EV_NO_ACTION && pcr && ++ !tpm2_openssl_pcr_extend(alg, pcr, digest->Digest, alg_size)) { + LOG_ERR("PCR%d extend failed", pcr_index); + return false; + } +@@ -156,6 +165,19 @@ bool parse_event2body(TCG_EVENT2 const *event, UINT32 type) { + /* what about the device path? */ + } + break; ++ /* TCG PC Client Platform Firmware Profile Specification Level 00 Version 1.05 Revision 23 section 10.4.1 */ ++ case EV_EFI_HCRTM_EVENT: ++ { ++ const char hcrtm_data[] = "HCRTM"; ++ size_t len = strlen(hcrtm_data); ++ BYTE *data = (BYTE *)event->Event; ++ if (event->EventSize != len || ++ strncmp((const char *)data, hcrtm_data, len)) { ++ LOG_ERR("HCRTM Event Data MUST be the string: \"%s\"", hcrtm_data); ++ return false; ++ } ++ } ++ break; + } + + return true; +@@ -179,9 +201,10 @@ bool parse_event2(TCG_EVENT_HEADER2 const *eventhdr, size_t buf_size, + .data = digests_size, + .digest2_cb = digest2_accumulator_callback, + }; +- ret = foreach_digest2(&ctx, eventhdr->PCRIndex, ++ ret = foreach_digest2(&ctx, eventhdr->EventType, ++ eventhdr->PCRIndex, + eventhdr->Digests, eventhdr->DigestCount, +- buf_size - sizeof(*eventhdr)); ++ buf_size - sizeof(*eventhdr), 0); + if (ret != true) { + return false; + } +@@ -216,7 +239,7 @@ bool parse_sha1_log_event(tpm2_eventlog_context *ctx, TCG_EVENT const *event, si + *event_size = sizeof(*event); + + pcr = ctx->sha1_pcrs[ event->pcrIndex]; +- if (pcr) { ++ if (event->eventType != EV_NO_ACTION && pcr) { + tpm2_openssl_pcr_extend(TPM2_ALG_SHA1, pcr, &event->digest[0], 20); + ctx->sha1_used |= (1 << event->pcrIndex); + } +@@ -427,6 +450,7 @@ bool foreach_event2(tpm2_eventlog_context *ctx, TCG_EVENT_HEADER2 const *eventhd + TCG_EVENT_HEADER2 const *eventhdr; + size_t event_size; + bool ret; ++ bool found_hcrtm = false; + + for (eventhdr = eventhdr_start, event_size = 0; + size > 0; +@@ -434,6 +458,7 @@ bool foreach_event2(tpm2_eventlog_context *ctx, TCG_EVENT_HEADER2 const *eventhd + size -= event_size) { + + size_t digests_size = 0; ++ uint8_t locality = 0; + + ret = parse_event2(eventhdr, size, &event_size, &digests_size); + if (!ret) { +@@ -442,6 +467,26 @@ bool foreach_event2(tpm2_eventlog_context *ctx, TCG_EVENT_HEADER2 const *eventhd + + TCG_EVENT2 *event = (TCG_EVENT2*)((uintptr_t)eventhdr->Digests + digests_size); + ++ if (eventhdr->EventType == EV_EFI_HCRTM_EVENT && eventhdr->PCRIndex == 0) { ++ found_hcrtm = true; ++ } ++ ++ /* Handle StartupLocality in replay for PCR0 */ ++ if (!found_hcrtm && eventhdr->EventType == EV_NO_ACTION && eventhdr->PCRIndex == 0) { ++ if (event_size < sizeof(EV_NO_ACTION_STRUCT)) { ++ LOG_ERR("EventSize is too small\n"); ++ return false; ++ } ++ ++ EV_NO_ACTION_STRUCT *locality_event = (EV_NO_ACTION_STRUCT*)event->Event; ++ ++ if (memcmp(locality_event->Signature, STARTUP_LOCALITY_SIGNATURE, ++ sizeof(STARTUP_LOCALITY_SIGNATURE)) == 0) { ++ locality = locality_event->Cases.StartupLocality; ++ } ++ } ++ ++ + /* event header callback */ + if (ctx->event2hdr_cb != NULL) { + ret = ctx->event2hdr_cb(eventhdr, event_size, ctx->data); +@@ -451,7 +496,8 @@ bool foreach_event2(tpm2_eventlog_context *ctx, TCG_EVENT_HEADER2 const *eventhd + } + + /* digest callback foreach digest */ +- ret = foreach_digest2(ctx, eventhdr->PCRIndex, eventhdr->Digests, eventhdr->DigestCount, digests_size); ++ ret = foreach_digest2(ctx, eventhdr->EventType, eventhdr->PCRIndex, ++ eventhdr->Digests, eventhdr->DigestCount, digests_size, locality); + if (ret != true) { + return false; + } +diff --git a/lib/tpm2_eventlog.h b/lib/tpm2_eventlog.h +index 2a91ed6..0af8970 100644 +--- a/lib/tpm2_eventlog.h ++++ b/lib/tpm2_eventlog.h +@@ -44,8 +44,8 @@ bool digest2_accumulator_callback(TCG_DIGEST2 const *digest, size_t size, + void *data); + + bool parse_event2body(TCG_EVENT2 const *event, UINT32 type); +-bool foreach_digest2(tpm2_eventlog_context *ctx, unsigned pcr_index, +- TCG_DIGEST2 const *event_hdr, size_t count, size_t size); ++bool foreach_digest2(tpm2_eventlog_context *ctx, UINT32 eventType, unsigned pcr_index, ++ TCG_DIGEST2 const *event_hdr, size_t count, size_t size, uint8_t locality); + bool parse_event2(TCG_EVENT_HEADER2 const *eventhdr, size_t buf_size, + size_t *event_size, size_t *digests_size); + bool foreach_event2(tpm2_eventlog_context *ctx, TCG_EVENT_HEADER2 const *eventhdr_start, size_t size); +diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c +index f4f21bd..957f26e 100644 +--- a/lib/tpm2_eventlog_yaml.c ++++ b/lib/tpm2_eventlog_yaml.c +@@ -116,6 +116,8 @@ char const *eventtype_to_string (UINT32 event_type) { + return "EV_EFI_HANDOFF_TABLES2"; + case EV_EFI_VARIABLE_BOOT2: + return "EV_EFI_VARIABLE_BOOT2"; ++ case EV_EFI_HCRTM_EVENT: ++ return "EV_EFI_HCRTM_EVENT"; + case EV_EFI_VARIABLE_AUTHORITY: + return "EV_EFI_VARIABLE_AUTHORITY"; + default: +@@ -255,6 +257,18 @@ static bool yaml_uefi_post_code(const TCG_EVENT2* const event) { + } + return true; + } ++ ++static bool yaml_uefi_hcrtm(const TCG_EVENT2* const event) { ++ ++ const size_t len = event->EventSize; ++ ++ const char* const data = (const char *) event->Event; ++ tpm2_tool_output(" Event: |-\n" ++ " %.*s\n", (int) len, data); ++ ++ return true; ++} ++ + /* + * Parses Device Path field using the efivar library if present, otherwise, + * print the field in raw byte format +@@ -276,8 +290,9 @@ char *yaml_devicepath(BYTE* dp, UINT64 dp_len) { + LOG_ERR("failed to allocate memory: %s\n", strerror(errno)); + return NULL; + } +- +- ret = efidp_format_device_path((unsigned char *)text_path, ++ ++ /* The void* cast is a hack to support efivar versions < 38 */ ++ ret = efidp_format_device_path((void *)text_path, + text_path_len, (const_efidp)dp, dp_len); + if (ret < 0) { + free(text_path); +@@ -296,9 +311,9 @@ char *yaml_devicepath(BYTE* dp, UINT64 dp_len) { + * + * We need to emit YAML with some rules: + * +- * - No leading ' ' without quoting it ++ * - No leading ' ' or \t without escaping it + * - Escape non-printable ascii chars +- * - Double quotes if using escape sequences ++ * - Double quotes to enable use of escape sequences + * - Valid UTF8 string + * + * This method will ignore the question of original data +@@ -324,8 +339,14 @@ char **yaml_split_escape_string(UINT8 const *description, size_t size) + + i = 0; + do { ++ bool leadingSpace = true; + nl = memchr(description + i, '\n', size - i); +- len = nl ? (size_t)(nl - (description + i)) : size - i; ++ if (nl) { ++ nl++; ++ len = (size_t)(nl - (description + i)); ++ } else { ++ len = size - i; ++ } + + tmp = realloc(lines, sizeof(char *) * (nlines + 2)); + if (!tmp) { +@@ -337,62 +358,77 @@ char **yaml_split_escape_string(UINT8 const *description, size_t size) + lines[nlines + 1] = NULL; + k = 0; + +- /* Worst case: every byte needs escaping, plus start/end quotes, plus nul */ +- lines[nlines] = calloc(1, (len * 2) + 2 + 1); ++ /* Worst case: every byte is a space that needs escaping to a 4 byte ++ * sequence, plus a line continuation, plus nul. We're overallocating ++ * here, but the caller is going to free all these strings immediately ++ * after printing, so this is fairly harmless */ ++ lines[nlines] = calloc(1, (len * 4) + 1 + 1); + if (!lines[nlines]) { + LOG_ERR("failed to allocate memory for escaped string: %s\n", + strerror(errno)); + goto error; + } + +- lines[nlines][k++] = '"'; + for (j = i; j < (i + len); j++) { +- char escape = '\0'; ++ const char *escape = NULL; + + switch (description[j]) { + case '\0': +- escape = '0'; ++ escape = "\\0"; + break; + case '\a': +- escape = 'a'; ++ escape = "\\a"; + break; + case '\b': +- escape = 'b'; ++ escape = "\\b"; + break; + case '\t': +- escape = 't'; ++ if (leadingSpace) ++ escape = "\\t"; + break; + case '\v': +- escape = 'v'; ++ escape = "\\v"; + break; + case '\f': +- escape = 'f'; ++ escape = "\\f"; ++ break; ++ case '\n': ++ escape = "\\n"; + break; + case '\r': +- escape = 'r'; ++ escape = "\\r"; + break; + case '\e': +- escape = 'e'; +- break; +- case '\'': +- escape = '\''; ++ escape = "\\e"; + break; + case '\\': +- escape = '\\'; ++ escape = "\\\\"; ++ break; ++ case '"': ++ escape = "\\\""; ++ break; ++ case ' ': ++ if (leadingSpace) ++ escape = "\\x20"; + break; + } + +- if (escape == '\0') { ++ if (description[j] != ' ' && ++ description[j] != '\t') { ++ leadingSpace = false; ++ } ++ ++ if (escape == NULL) { + lines[nlines][k++] = description[j]; + } else { +- lines[nlines][k++] = '\\'; +- lines[nlines][k++] = escape; ++ while (*escape) { ++ lines[nlines][k++] = *escape; ++ escape++; ++ } + } + } +- lines[nlines][k++] = '"'; +- + nlines++; +- i += len + 1; ++ i += len; + } while (i < size); + + return lines; +@@ -405,6 +441,37 @@ char **yaml_split_escape_string(UINT8 const *description, size_t size) + return NULL; + } + ++static bool yaml_split_print_string(const char *indent, ++ const char *field, ++ UINT8 const *description, size_t size) ++{ ++ char **lines = NULL; ++ size_t i; ++ tpm2_tool_output("%s%s: \"", indent, field); ++ ++ lines = yaml_split_escape_string(description, size); ++ if (!lines) { ++ return false; ++ } ++ ++ for (i = 0; lines[i] != NULL; i++) { ++ if (i == 0) ++ tpm2_tool_output("%s", lines[i]); ++ else ++ tpm2_tool_output("%s %s", indent, lines[i]); ++ ++ if (lines[i+1] == NULL) { ++ tpm2_tool_output("\"\n"); ++ } else { ++ tpm2_tool_output("\\\n"); ++ } ++ ++ free(lines[i]); ++ } ++ free(lines); ++ return true; ++} ++ + /* + * TCG PC Client FPF section 9.2.6 + * The tpm2_eventlog module validates the event structure but nothing within +@@ -604,30 +671,18 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type, + return true; + } else if (strlen(ret) == NAME_SBATLEVEL_LEN && strncmp(ret, NAME_SBATLEVEL, NAME_SBATLEVEL_LEN) == 0) { + free(ret); +- tpm2_tool_output(" VariableData:\n" +- " String: |-\n"); ++ tpm2_tool_output(" VariableData:\n"); + + UINT8 *description = (UINT8 *)&data->UnicodeName[ + data->UnicodeNameLength]; +- char **lines = NULL; +- lines = yaml_split_escape_string(description, data->VariableDataLength); +- if (!lines) { +- return false; +- } +- +- size_t i; +- for (i = 0; lines[i] != NULL; i++) { +- tpm2_tool_output(" %s\n", lines[i]); +- free(lines[i]); +- } +- free(lines); +- return true; ++ return yaml_split_print_string(" ", "String", ++ description, data->VariableDataLength); + } + } else if (type == EV_EFI_VARIABLE_BOOT || type == EV_EFI_VARIABLE_BOOT2) { + if ((strlen(ret) == NAME_BOOTORDER_LEN && strncmp(ret, NAME_BOOTORDER, NAME_BOOTORDER_LEN) == 0)) { + free(ret); + tpm2_tool_output(" VariableData:\n"); +- ++ + if (data->VariableDataLength % 2 != 0) { + LOG_ERR("BootOrder value length %" PRIu64 " is not divisible by 2\n", + data->VariableDataLength); +@@ -763,23 +818,10 @@ bool yaml_uefi_action(UINT8 const *action, size_t size) { + * the loading of grub, kernel, and initrd images. + */ + bool yaml_ipl(UINT8 const *description, size_t size) { +- char **lines = NULL; +- size_t i; +- tpm2_tool_output(" Event:\n" +- " String: |-\n"); +- +- lines = yaml_split_escape_string(description, size); +- if (!lines) { +- return false; +- } ++ tpm2_tool_output(" Event:\n"); + +- for (i = 0; lines[i] != NULL; i++) { +- tpm2_tool_output(" %s\n", lines[i]); +- free(lines[i]); +- } +- free(lines); +- +- return true; ++ return yaml_split_print_string(" ", "String", ++ description, size); + } + /* TCG PC Client PFP section 9.2.3 */ + bool yaml_uefi_image_load(UEFI_IMAGE_LOAD_EVENT *data, size_t size) { +@@ -960,6 +1002,8 @@ bool yaml_event2data(TCG_EVENT2 const *event, UINT32 type, uint32_t eventlog_ver + event->EventSize, eventlog_version); + case EV_NO_ACTION: + return yaml_no_action((EV_NO_ACTION_STRUCT*)event->Event, event->EventSize, eventlog_version); ++ case EV_EFI_HCRTM_EVENT: ++ return yaml_uefi_hcrtm(event); + default: + bytes_to_str(event->Event, event->EventSize, hexstr, sizeof(hexstr)); + tpm2_tool_output(" Event: \"%s\"\n", hexstr); +diff --git a/lib/tpm2_header.h b/lib/tpm2_header.h +index 3285339..639697e 100644 +--- a/lib/tpm2_header.h ++++ b/lib/tpm2_header.h +@@ -43,7 +43,7 @@ union tpm2_response_header { + * @return + * A converted byte array. + */ +-static inline tpm2_command_header *tpm2_command_header_from_bytes(UINT8 *h) { ++static inline const tpm2_command_header *tpm2_command_header_from_bytes(const UINT8 *h) { + + return (tpm2_command_header *) h; + } +@@ -55,7 +55,7 @@ static inline tpm2_command_header *tpm2_command_header_from_bytes(UINT8 *h) { + * @return + * A converted byte array. + */ +-static inline tpm2_response_header *tpm2_response_header_from_bytes(UINT8 *h) { ++static inline const tpm2_response_header *tpm2_response_header_from_bytes(const UINT8 *h) { + + return (tpm2_response_header *) h; + } +@@ -67,7 +67,7 @@ static inline tpm2_response_header *tpm2_response_header_from_bytes(UINT8 *h) { + * @return + */ + static inline TPMI_ST_COMMAND_TAG tpm2_command_header_get_tag( +- tpm2_command_header *command) { ++ const tpm2_command_header *command) { + + return tpm2_util_ntoh_16(command->tag); + } +@@ -79,7 +79,7 @@ static inline TPMI_ST_COMMAND_TAG tpm2_command_header_get_tag( + * @param include_header + * @return + */ +-static inline UINT32 tpm2_command_header_get_size(tpm2_command_header *command, ++static inline UINT32 tpm2_command_header_get_size(const tpm2_command_header *command, + bool include_header) { + + UINT32 size = tpm2_util_ntoh_32(command->size); +@@ -92,7 +92,7 @@ static inline UINT32 tpm2_command_header_get_size(tpm2_command_header *command, + * @param command + * @return + */ +-static inline TPM2_CC tpm2_command_header_get_code(tpm2_command_header *command) { ++static inline TPM2_CC tpm2_command_header_get_code(const tpm2_command_header *command) { + + return tpm2_util_ntoh_32(command->command_code); + } +@@ -103,7 +103,7 @@ static inline TPM2_CC tpm2_command_header_get_code(tpm2_command_header *command) + * The command to check for following data. + * @return The command data or NULL if not present. + */ +-static inline UINT8 *tpm2_command_header_get_data(tpm2_command_header *command) { ++static inline const UINT8 *tpm2_command_header_get_data(const tpm2_command_header *command) { + + UINT32 size = tpm2_command_header_get_size(command, false); + return size ? command->data : NULL; +@@ -117,7 +117,7 @@ static inline UINT8 *tpm2_command_header_get_data(tpm2_command_header *command) + * @return + */ + static inline UINT32 tpm2_response_header_get_size( +- tpm2_response_header *response, bool include_header) { ++ const tpm2_response_header *response, bool include_header) { + + UINT32 size = tpm2_util_ntoh_32(response->size); + return include_header ? size : size - TPM2_RESPONSE_HEADER_SIZE; +@@ -130,7 +130,7 @@ static inline UINT32 tpm2_response_header_get_size( + * @return + */ + static inline TPM2_ST tpm2_response_header_get_tag( +- tpm2_response_header *response) { ++ const tpm2_response_header *response) { + + return tpm2_util_ntoh_16(response->tag); + } +@@ -142,7 +142,7 @@ static inline TPM2_ST tpm2_response_header_get_tag( + * @return + */ + static inline TSS2_RC tpm2_response_header_get_code( +- tpm2_response_header *response) { ++ const tpm2_response_header *response) { + + return tpm2_util_ntoh_32(response->response_code); + } +@@ -153,8 +153,8 @@ static inline TSS2_RC tpm2_response_header_get_code( + * The response_header to check for following data. + * @return The response data or NULL if not present. + */ +-static inline UINT8 *tpm2_response_header_get_data( +- tpm2_response_header *response) { ++static inline const UINT8 *tpm2_response_header_get_data( ++ const tpm2_response_header *response) { + + UINT32 size = tpm2_response_header_get_size(response, false); + return size ? response->data : NULL; +diff --git a/lib/tpm2_kdfa.c b/lib/tpm2_kdfa.c +index 5eb8d55..ab7ee2a 100644 +--- a/lib/tpm2_kdfa.c ++++ b/lib/tpm2_kdfa.c +@@ -13,6 +13,15 @@ + #include "tpm2_kdfa.h" + #include "tpm2_openssl.h" + ++/* ++ * Disable optimization because of an error in FORTIFY_SOURCE ++ */ ++ ++#ifdef _FORTIFY_SOURCE ++#pragma GCC push_options ++#pragma GCC optimize ("O0") ++#endif ++ + TSS2_RC tpm2_kdfa(TPMI_ALG_HASH hash_alg, TPM2B *key, char *label, + TPM2B *context_u, TPM2B *context_v, UINT16 bits, + TPM2B_MAX_BUFFER *result_key) { +@@ -139,3 +148,13 @@ err: + + return rval; + } ++#ifdef _FORTIFY_SOURCE ++ ++#endif ++ ++#ifdef _FORTIFY_SOURCE ++#pragma GCC pop_options ++#endif ++ ++ ++ +diff --git a/lib/tpm2_openssl.c b/lib/tpm2_openssl.c +index 855baa0..516d8b6 100644 +--- a/lib/tpm2_openssl.c ++++ b/lib/tpm2_openssl.c +@@ -595,6 +595,7 @@ static bool load_public_RSA_from_key(EVP_PKEY *key, TPM2B_PUBLIC *pub) { + switch (rdetail->keyBits) { + case 1024: /* falls-through */ + case 2048: /* falls-through */ ++ case 3072: /* falls-through */ + case 4096: /* falls-through */ + break; + default: +diff --git a/lib/tpm2_options.c b/lib/tpm2_options.c +index 6ebaa99..e8bdaf5 100644 +--- a/lib/tpm2_options.c ++++ b/lib/tpm2_options.c +@@ -434,44 +434,43 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv, + * SAPI + */ + bool is_sapi = +- (!tool_opts || !tool_opts->flags); ++ !tool_opts || !(tool_opts->flags & TPM2_OPTIONS_NO_SAPI); + +- /* +- * NO_SAPI +- */ +- bool is_no_sapi = +- (tool_opts && tool_opts->flags & TPM2_OPTIONS_NO_SAPI); +- /* tool doesn't use sapi, skip tcti checks and continue */ +- if (is_no_sapi) { ++ bool is_optional_sapi = ++ (tool_opts && (tool_opts->flags & TPM2_OPTIONS_OPTIONAL_SAPI)); ++ ++ /* tool doesn't REQUIRE the use sapi, skip tcti checks and continue */ ++ if (!is_sapi && !is_optional_sapi) { + if (flags->tcti_none && !flags->quiet) { + LOG_WARN("Tool does not use SAPI. Continuing with tcti=none"); + } + goto out; + } + +- /* +- * OPTIONAL_SAPI +- */ +- bool is_optional_sapi = +- (tool_opts && tool_opts->flags & TPM2_OPTIONS_OPTIONAL_SAPI); ++ bool is_fake_tcti = (flags->tcti_none && tool_opts && ++ (tool_opts->flags & TPM2_OPTIONS_FAKE_TCTI)); + + /* +- * Actions when tcti is "none" ++ * get the TCTI variable from the env if user didn't specify ++ * on command line. We cant' use flags->tcti_none until we ++ * check the env! + */ + bool is_tcti_from_env = +- (!is_no_sapi && tcti_conf_option == 0); ++ ((is_sapi || is_optional_sapi) && !tcti_conf_option); + if (is_tcti_from_env) { + tcti_conf_option = tpm2_util_getenv(TPM2TOOLS_ENV_TCTI); ++ flags->tcti_none = tcti_conf_option && !strcmp(tcti_conf_option, "none"); + } + +- if (flags->tcti_none && is_sapi) { ++ /* A tool the needs a SAPI (and not a fake one) should fail */ ++ if (flags->tcti_none && !is_fake_tcti && !is_optional_sapi && is_sapi) { + LOG_ERR("Requested no tcti, but tool requires TCTI."); + rc = tpm2_option_code_err; + goto out; + } + + /* tool doesn't request a sapi, don't initialize one */ +- if (flags->tcti_none && is_optional_sapi) { ++ if (flags->tcti_none && is_optional_sapi && !is_fake_tcti) { + if (!flags->quiet) { + LOG_WARN("Tool optionally uses SAPI. Continuing with tcti=none"); + } +@@ -491,9 +490,7 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv, + .finalize = tcti_fake_finalize + }; + +- bool is_optional_fake_tcti = (flags->tcti_none && tool_opts && +- tool_opts->flags & TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); +- if (is_optional_fake_tcti) { ++ if (is_fake_tcti) { + if (!flags->quiet) { + LOG_WARN("Tool optionally uses SAPI. Continuing with tcti=fake"); + } +diff --git a/lib/tpm2_options.h b/lib/tpm2_options.h +index 666a0ed..6909cd3 100644 +--- a/lib/tpm2_options.h ++++ b/lib/tpm2_options.h +@@ -8,10 +8,10 @@ + #include + + #include +- + #include + + #define TPM2TOOLS_ENV_TCTI "TPM2TOOLS_TCTI" ++#define TPM2TOOLS_ENV_AUTOFLUSH "TPM2TOOLS_AUTOFLUSH" + + #define TPM2TOOLS_ENV_ENABLE_ERRATA "TPM2TOOLS_ENABLE_ERRATA" + +@@ -65,9 +65,9 @@ typedef bool (*tpm2_arg_handler)(int argc, char **argv); + * TPM2_OPTIONS_NO_SAPI: + * Skip SAPI initialization. Removes the "-T" common option. + */ +-#define TPM2_OPTIONS_NO_SAPI 0x1 +-#define TPM2_OPTIONS_OPTIONAL_SAPI 0x2 +-#define TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI 0x4 ++#define TPM2_OPTIONS_NO_SAPI (1 << 0) ++#define TPM2_OPTIONS_OPTIONAL_SAPI (1 << 1) ++#define TPM2_OPTIONS_FAKE_TCTI (1 << 3) + + struct tpm2_options { + struct { +diff --git a/lib/tpm2_policy.c b/lib/tpm2_policy.c +index d70e3a9..2b7d7c5 100644 +--- a/lib/tpm2_policy.c ++++ b/lib/tpm2_policy.c +@@ -15,54 +15,56 @@ + #include "tpm2_util.h" + + static bool evaluate_populate_pcr_digests(TPML_PCR_SELECTION *pcr_selections, +- const char *raw_pcrs_file, TPML_DIGEST *pcr_values) { ++ const char *raw_pcrs_file, tpm2_pcrs *pcrs) { + + unsigned expected_pcr_input_file_size = 0; +- unsigned dgst_cnt = 0; ++ TPML_DIGEST *pcr_values = &pcrs->pcr_values[pcrs->count]; ++ // If pcr_selections is empty, this need to be reset to 0. ++ pcrs->count++; + + //Iterating the number of pcr banks selected + UINT32 i; + for (i = 0; i < pcr_selections->count; i++) { +- +- UINT8 total_indices_for_this_alg = 0; +- +- //Looping to check total pcr select bits in the pcr-select-octets for a bank +- UINT32 j; +- for (j = 0; j < pcr_selections->pcrSelections[i].sizeofSelect; j++) { +- UINT8 group_val = pcr_selections->pcrSelections[i].pcrSelect[j]; +- total_indices_for_this_alg += tpm2_util_pop_count(group_val); +- } +- +- if (pcr_values->count +- + total_indices_for_this_alg> ARRAY_LEN(pcr_values->digests)) { +- LOG_ERR("Number of PCR is limited to %zu", +- ARRAY_LEN(pcr_values->digests)); +- return false; +- } +- + //digest size returned per the hashAlg type + unsigned dgst_size = tpm2_alg_util_get_hash_size( + pcr_selections->pcrSelections[i].hash); + if (!dgst_size) { + return false; + } +- expected_pcr_input_file_size += +- (total_indices_for_this_alg * dgst_size); + +- //Cumulative total of all the pcr indices across banks selected in setlist +- pcr_values->count += total_indices_for_this_alg; ++ UINT8 total_indices_for_this_alg = 0; + +- /* +- * Populating the digest sizes in the PCR digest list per algorithm bank +- * Once iterated through all banks, creates an file offsets map for all pcr indices +- */ +- UINT8 k; +- for (k = 0; k < total_indices_for_this_alg; k++) { +- pcr_values->digests[dgst_cnt].size = dgst_size; +- dgst_cnt++; ++ //Looping to check total pcr select bits in the pcr-select-octets for a bank ++ UINT32 pcr; ++ for (pcr = 0; ++ pcr < pcr_selections->pcrSelections[i].sizeofSelect * 8; ++ pcr++) { ++ if (!tpm2_util_is_pcr_select_bit_set( ++ &pcr_selections->pcrSelections[i], pcr)) ++ continue; ++ ++ pcr_values->digests[pcr_values->count].size = dgst_size; ++ pcr_values->count++; ++ total_indices_for_this_alg++; ++ ++ if (pcr_values->count == ARRAY_LEN(pcr_values->digests)) { ++ pcrs->count++; ++ if (pcrs->count == ARRAY_LEN(pcrs->pcr_values)) { ++ return false; ++ } ++ ++ pcr_values = &pcrs->pcr_values[pcrs->count]; ++ } + } ++ ++ expected_pcr_input_file_size += ++ (total_indices_for_this_alg * dgst_size); + } + ++ // If the selection was totally empty, we reset to zero. ++ if (expected_pcr_input_file_size == 0) ++ pcrs->count = 0; ++ + //Check if the input pcrs file size is the same size as the pcr selection setlist + if (raw_pcrs_file) { + unsigned long filesize = 0; +@@ -80,11 +82,63 @@ static bool evaluate_populate_pcr_digests(TPML_PCR_SELECTION *pcr_selections, + return true; + } + ++static bool tpm2_apply_forward_seals( ++ TPML_PCR_SELECTION *pcr_selection, ++ tpm2_pcrs *pcrs, ++ tpm2_forwards *forwards) { ++ TPML_DIGEST *pcr_values; ++ unsigned int i; ++ unsigned int idx = 0; ++ ++ if (pcr_selection->count != forwards->count) { ++ LOG_ERR("mismatch between pcr count (%d) and forward count (%zu)", ++ pcr_selection->count, forwards->count); ++ ++ return false; ++ } ++ ++ for (i = 0 ; i < pcr_selection->count; i++) { ++ TPMS_PCR_SELECTION *pcr_select = ++ &pcr_selection->pcrSelections[i]; ++ tpm2_forward *forward = &forwards->bank[i]; ++ ++ if (pcr_select->hash != forward->pcr_selection.hash) { ++ LOG_ERR("mismatch between pcr hash (%x) and forward hash (%x)", ++ pcr_select->hash, forwards->bank[i].pcr_selection.hash); ++ return false; ++ } ++ ++ UINT16 dgst_size = tpm2_alg_util_get_hash_size(pcr_select->hash); ++ ++ for (int pcr = 0; pcr < pcr_select->sizeofSelect * 8; pcr++) { ++ if (!tpm2_util_is_pcr_select_bit_set(pcr_select, pcr)) ++ continue; ++ ++ if (tpm2_util_is_pcr_select_bit_set(&forward->pcr_selection, pcr)) { ++ const unsigned int lim = ARRAY_LEN(pcrs->pcr_values[0].digests); ++ pcr_values = &pcrs->pcr_values[idx / lim]; ++ memcpy(pcr_values->digests[idx % lim].buffer, ++ forward->pcrs[pcr].sha512, ++ dgst_size); ++ } ++ idx++; ++ if (idx == ARRAY_LEN(pcrs->pcr_values) * ++ ARRAY_LEN(pcrs->pcr_values[0].digests)) { ++ LOG_ERR("Too many PCRs specified (%u > %zu max)", ++ idx, ARRAY_LEN(pcrs->pcr_values) * ++ ARRAY_LEN(pcrs->pcr_values[0].digests)); ++ } ++ } ++ } ++ ++ return true; ++} ++ + tool_rc tpm2_policy_build_pcr(ESYS_CONTEXT *ectx, tpm2_session *policy_session, + const char *raw_pcrs_file, TPML_PCR_SELECTION *pcr_selections, +- TPM2B_DIGEST *raw_pcr_digest) { ++ TPM2B_DIGEST *raw_pcr_digest, tpm2_forwards *forwards) { + +- TPML_DIGEST pcr_values = { .count = 0 }; ++ tpm2_pcrs pcrs = { .count = 0 }; + + if (!pcr_selections->count) { + LOG_ERR("No pcr selection data specified!"); +@@ -112,7 +166,7 @@ tool_rc tpm2_policy_build_pcr(ESYS_CONTEXT *ectx, tpm2_session *policy_session, + + + bool result = evaluate_populate_pcr_digests(pcr_selections, raw_pcrs_file, +- &pcr_values); ++ &pcrs); + if (!result) { + return tool_rc_general_error; + } +@@ -125,43 +179,44 @@ tool_rc tpm2_policy_build_pcr(ESYS_CONTEXT *ectx, tpm2_session *policy_session, + return tool_rc_general_error; + } + // Bank hashAlg values dictates the order of the list of digests +- unsigned i; +- for (i = 0; i < pcr_values.count; i++) { +- size_t sz = fread(&pcr_values.digests[i].buffer, 1, +- pcr_values.digests[i].size, fp); +- if (sz != pcr_values.digests[i].size) { +- const char *msg = +- ferror(fp) ? strerror(errno) : "end of file reached"; +- LOG_ERR("Reading from file \"%s\" failed: %s", raw_pcrs_file, +- msg); +- fclose(fp); +- return tool_rc_general_error; ++ unsigned j; ++ ++ for (j = 0; j < pcrs.count; j++) { ++ TPML_DIGEST *pcr_values = &pcrs.pcr_values[j]; ++ unsigned int i; ++ ++ for (i = 0; i < pcr_values->count; i++) { ++ size_t sz = fread(&pcr_values->digests[i].buffer, 1, ++ pcr_values->digests[i].size, fp); ++ if (sz != pcr_values->digests[i].size) { ++ const char *msg = ++ ferror(fp) ? strerror(errno) : "end of file reached"; ++ LOG_ERR("Reading from file \"%s\" failed: %s", raw_pcrs_file, ++ msg); ++ fclose(fp); ++ return tool_rc_general_error; ++ } + } + } + fclose(fp); + } else { +- UINT32 pcr_update_counter; +- TPML_DIGEST *pcr_val = NULL; + // Read PCRs +- tool_rc rc = tpm2_pcr_read(ectx, ESYS_TR_NONE, ESYS_TR_NONE, +- ESYS_TR_NONE, pcr_selections, &pcr_update_counter, +- NULL, &pcr_val, NULL, TPM2_ALG_ERROR); ++ tool_rc rc = pcr_read_pcr_values(ectx, pcr_selections, &pcrs, ++ NULL, TPM2_ALG_ERROR); + if (rc != tool_rc_success) { + return rc; + } ++ } + +- UINT32 i; +- pcr_val->count = pcr_values.count; +- for (i = 0; i < pcr_val->count; i++) { +- memcpy(pcr_values.digests[i].buffer, pcr_val->digests[i].buffer, +- pcr_val->digests[i].size); +- pcr_values.digests[i].size = pcr_val->digests[i].size; ++ if (forwards) { ++ if (!tpm2_apply_forward_seals(pcr_selections, &pcrs, forwards)) { ++ LOG_ERR("Could not apply forward seal values"); ++ return tool_rc_general_error; + } +- free(pcr_val); + } + + // Calculate hashes +- result = tpm2_openssl_hash_pcr_values(auth_hash, &pcr_values, &pcr_digest); ++ result = tpm2_openssl_hash_pcr_banks(auth_hash, pcr_selections, &pcrs, &pcr_digest); + if (!result) { + LOG_ERR("Could not hash pcr values"); + return tool_rc_general_error; +diff --git a/lib/tpm2_policy.h b/lib/tpm2_policy.h +index aab28ad..67d0b17 100644 +--- a/lib/tpm2_policy.h ++++ b/lib/tpm2_policy.h +@@ -8,6 +8,7 @@ + #include + + #include "object.h" ++#include "pcr.h" + #include "tpm2_session.h" + + /** +@@ -28,7 +29,8 @@ + */ + tool_rc tpm2_policy_build_pcr(ESYS_CONTEXT *context, + tpm2_session *policy_session, const char *raw_pcrs_file, +- TPML_PCR_SELECTION *pcr_selections, TPM2B_DIGEST *raw_pcr_digest); ++ TPML_PCR_SELECTION *pcr_selections, TPM2B_DIGEST *raw_pcr_digest, ++ tpm2_forwards *forwards); + + /** + * Enables a signing authority to authorize policies +diff --git a/lib/tpm2_session.c b/lib/tpm2_session.c +index 541a1ad..ff7309e 100644 +--- a/lib/tpm2_session.c ++++ b/lib/tpm2_session.c +@@ -35,6 +35,7 @@ struct tpm2_session { + char *path; + ESYS_CONTEXT *ectx; + bool is_final; ++ bool delete; + } internal; + }; + +@@ -294,18 +295,23 @@ tool_rc tpm2_session_restore(ESYS_CONTEXT *ctx, const char *path, bool is_final, + dup_path = NULL; + + TPMA_SESSION attrs = 0; ++ s->internal.delete = false; ++ s->internal.is_final = is_final; ++ *session = s; + + if (ctx) { +- + /* hack this in here, should be done when starting the session */ + tmp_rc = tpm2_sess_get_attributes(ctx, handle, &attrs); +- UNUSED(tmp_rc); ++ if (tmp_rc != tool_rc_success) { ++ rc = tmp_rc; ++ LOG_ERR("Can't get session attributes."); ++ goto out; ++ } ++ if ((attrs & TPMA_SESSION_CONTINUESESSION) == 0) { ++ s->internal.delete = true; ++ } + } + +- s->internal.is_final = is_final; +- +- *session = s; +- + LOG_INFO("Restored session: ESYS_TR(0x%x) attrs(0x%x)", handle, attrs); + + rc = tool_rc_success; +@@ -345,22 +351,29 @@ tool_rc tpm2_session_close(tpm2_session **s) { + } + + const char *path = session->internal.path; +- FILE *session_file = path ? fopen(path, "w+b") : NULL; +- if (path && !session_file) { +- LOG_ERR("Could not open path \"%s\", due to error: \"%s\"", path, +- strerror(errno)); +- rc = tool_rc_general_error; +- goto out; +- } + + bool flush = path ? session->internal.is_final : true; + if (flush) { + rc = tpm2_flush_context(session->internal.ectx, + session->output.session_handle, NULL, TPM2_ALG_NULL); + /* done, use rc to indicate status */ ++ goto out2; ++ } ++ ++ if ((*s)->internal.delete && path) { ++ rc = tool_rc_success; ++ goto out2; ++ } ++ ++ FILE *session_file = path ? fopen(path, "w+b") : NULL; ++ if (path && !session_file) { ++ LOG_ERR("Could not open path \"%s\", due to error: \"%s\"", path, ++ strerror(errno)); ++ rc = tool_rc_general_error; + goto out; + } + ++ + /* + * Now write the session_type, handle and auth hash data to disk + */ +@@ -398,7 +411,7 @@ tool_rc tpm2_session_close(tpm2_session **s) { + ESYS_TR handle = tpm2_session_get_handle(session); + LOG_INFO("Saved session: ESYS_TR(0x%x)", handle); + rc = files_save_tpm_context_to_file(session->internal.ectx, handle, +- session_file); ++ session_file, false); + if (rc != tool_rc_success) { + LOG_ERR("Could not write session context"); + /* done, free session resources and use rc to indicate status */ +diff --git a/lib/tpm2_session.h b/lib/tpm2_session.h +index 346c9a7..b34694c 100644 +--- a/lib/tpm2_session.h ++++ b/lib/tpm2_session.h +@@ -176,9 +176,9 @@ tool_rc tpm2_session_open(ESYS_CONTEXT *context, tpm2_session_data *data, + * + * @Note + * This is accomplished by calling: +- * - Eys_ContextSave - marks to some RMs like tpm2-abrmd not to flush this session ++ * - Esys_ContextSave - marks to some RMs like tpm2-abrmd not to flush this session + * handle on client disconnection. +- * - Eys_ContextLoad - restores the session so it can be used. ++ * - Esys_ContextLoad - restores the session so it can be used. + * - Saving a custom file format at path - records the handle and algorithm. + * @param session + * The session context to save +diff --git a/lib/tpm2_util.c b/lib/tpm2_util.c +index 5026848..c489430 100644 +--- a/lib/tpm2_util.c ++++ b/lib/tpm2_util.c +@@ -632,6 +632,14 @@ char *tpm2_util_getenv(const char *name) { + return getenv(name); + } + ++bool tpm2_util_env_yes(const char *name) { ++ ++ char *value = getenv(name); ++ return (value && (strcasecmp(value, "yes") == 0 || ++ strcasecmp(value, "1") == 0 || ++ strcasecmp(value, "true") == 0)); ++} ++ + /** + * Parses a hierarchy value from an option argument. + * @param value +diff --git a/lib/tpm2_util.h b/lib/tpm2_util.h +index fc3f114..04f96ad 100644 +--- a/lib/tpm2_util.h ++++ b/lib/tpm2_util.h +@@ -433,6 +433,8 @@ ESYS_TR tpm2_tpmi_hierarchy_to_esys_tr(TPMI_RH_PROVISION inh); + + char *tpm2_util_getenv(const char *name); + ++bool tpm2_util_env_yes(const char *name); ++ + typedef enum tpm2_handle_flags tpm2_handle_flags; + enum tpm2_handle_flags { + TPM2_HANDLE_FLAGS_NONE = 0, +diff --git a/ltmain.sh b/ltmain.sh +index 0cb7f90..540a92a 100644 +--- a/ltmain.sh ++++ b/ltmain.sh +@@ -31,7 +31,7 @@ + + PROGRAM=libtool + PACKAGE=libtool +-VERSION="2.4.6 Debian-2.4.6-14" ++VERSION="2.4.6 Debian-2.4.6-15build2" + package_revision=2.4.6 + + +@@ -2141,7 +2141,7 @@ include the following information: + compiler: $LTCC + compiler flags: $LTCFLAGS + linker: $LD (gnu? $with_gnu_ld) +- version: $progname $scriptversion Debian-2.4.6-14 ++ version: $progname $scriptversion Debian-2.4.6-15build2 + automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` + autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` + +diff --git a/m4/ax_add_fortify_source.m4 b/m4/ax_add_fortify_source.m4 +index 1c36212..7e15312 100644 +--- a/m4/ax_add_fortify_source.m4 ++++ b/m4/ax_add_fortify_source.m4 +@@ -9,9 +9,9 @@ + # DESCRIPTION + # + # Check whether -D_FORTIFY_SOURCE=2 can be added to CPPFLAGS without macro +-# redefinition warnings. Some distributions (such as Gentoo Linux) enable +-# _FORTIFY_SOURCE globally in their compilers, leading to unnecessary +-# warnings in the form of ++# redefinition warnings, other cpp warnings or linker. Some distributions ++# (such as Gentoo Linux) enable _FORTIFY_SOURCE globally in their ++# compilers, leading to unnecessary warnings in the form of + # + # :0:0: error: "_FORTIFY_SOURCE" redefined [-Werror] + # : note: this is the location of the previous definition +@@ -20,34 +20,61 @@ + # _FORTIFY_SOURCE is already defined, and if not, adds -D_FORTIFY_SOURCE=2 + # to CPPFLAGS. + # ++# Newer mingw-w64 msys2 package comes with a bug in ++# headers-git-7.0.0.5546.d200317d-1. It broke -D_FORTIFY_SOURCE support, ++# and would need -lssp or -fstack-protector. See ++# https://github.com/msys2/MINGW-packages/issues/5803. Try to actually ++# link it. ++# + # LICENSE + # + # Copyright (c) 2017 David Seifert ++# Copyright (c) 2019 Reini Urban + # + # Copying and distribution of this file, with or without modification, are + # permitted in any medium without royalty provided the copyright notice + # and this notice are preserved. This file is offered as-is, without any + # warranty. + +-#serial 2 ++#serial 4 + + AC_DEFUN([AX_ADD_FORTIFY_SOURCE],[ ++ ac_save_cflags=$CFLAGS ++ ac_cwerror_flag=yes ++ AX_CHECK_COMPILE_FLAG([-Werror],[CFLAGS="$CFLAGS -Werror"]) + AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS]) + AC_LINK_IFELSE([ +- AC_LANG_SOURCE( ++ AC_LANG_PROGRAM([], + [[ +- int main() { + #ifndef _FORTIFY_SOURCE + return 0; + #else + this_is_an_error; + #endif +- } + ]] +- )], [ +- AC_MSG_RESULT([yes]) +- CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" +- ], [ +- AC_MSG_RESULT([no]) +- ]) ++ )], ++ AC_LINK_IFELSE([ ++ AC_LANG_SOURCE([[ ++ #define _FORTIFY_SOURCE 2 ++ #include ++ int main() { ++ char *s = " "; ++ strcpy(s, "x"); ++ return strlen(s)-1; ++ } ++ ]] ++ )], ++ [ ++ AC_MSG_RESULT([yes]) ++ CFLAGS=$ac_save_cflags ++ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" ++ ], [ ++ AC_MSG_RESULT([no]) ++ CFLAGS=$ac_save_cflags ++ ], ++ ), ++ [ ++ AC_MSG_RESULT([no]) ++ CFLAGS=$ac_save_cflags ++ ]) + ]) +diff --git a/m4/ax_check_gnu_make.m4 b/m4/ax_check_gnu_make.m4 +index 6811043..785dc96 100644 +--- a/m4/ax_check_gnu_make.m4 ++++ b/m4/ax_check_gnu_make.m4 +@@ -69,7 +69,7 @@ + # and this notice are preserved. This file is offered as-is, without any + # warranty. + +-#serial 11 ++#serial 12 + + AC_DEFUN([AX_CHECK_GNU_MAKE],dnl + [AC_PROG_AWK +@@ -87,7 +87,7 @@ dnl Search all the common names for GNU make + done ;]) + dnl If there was a GNU version, then set @ifGNUmake@ to the empty string, '#' otherwise + AS_VAR_IF([_cv_gnu_make_command], [""], [AS_VAR_SET([ifGNUmake], ["#"])], [AS_VAR_SET([ifGNUmake], [""])]) +- AS_VAR_IF([_cv_gnu_make_command], [""], [AS_VAR_SET([ifnGNUmake], [""])], [AS_VAR_SET([ifGNUmake], ["#"])]) ++ AS_VAR_IF([_cv_gnu_make_command], [""], [AS_VAR_SET([ifnGNUmake], [""])], [AS_VAR_SET([ifnGNUmake], ["#"])]) + AS_VAR_IF([_cv_gnu_make_command], [""], [AS_UNSET(ax_cv_gnu_make_command)], [AS_VAR_SET([ax_cv_gnu_make_command], [${_cv_gnu_make_command}])]) + AS_VAR_IF([_cv_gnu_make_command], [""],[$2],[$1]) + AC_SUBST([ifGNUmake]) +diff --git a/m4/ax_code_coverage.m4 b/m4/ax_code_coverage.m4 +index 3d36924..352165b 100644 +--- a/m4/ax_code_coverage.m4 ++++ b/m4/ax_code_coverage.m4 +@@ -74,7 +74,7 @@ + # You should have received a copy of the GNU Lesser General Public License + # along with this program. If not, see . + +-#serial 32 ++#serial 34 + + m4_define(_AX_CODE_COVERAGE_RULES,[ + AX_ADD_AM_MACRO_STATIC([ +@@ -138,7 +138,7 @@ CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT ?=\ + CODE_COVERAGE_GENHTML_OPTIONS ?= \$(CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT) + CODE_COVERAGE_IGNORE_PATTERN ?= + +-GITIGNOREFILES = \$(GITIGNOREFILES) \$(CODE_COVERAGE_OUTPUT_FILE) \$(CODE_COVERAGE_OUTPUT_DIRECTORY) ++GITIGNOREFILES := \$(GITIGNOREFILES) \$(CODE_COVERAGE_OUTPUT_FILE) \$(CODE_COVERAGE_OUTPUT_DIRECTORY) + code_coverage_v_lcov_cap = \$(code_coverage_v_lcov_cap_\$(V)) + code_coverage_v_lcov_cap_ = \$(code_coverage_v_lcov_cap_\$(AM_DEFAULT_VERBOSITY)) + code_coverage_v_lcov_cap_0 = @echo \" LCOV --capture\" \$(CODE_COVERAGE_OUTPUT_FILE); +@@ -175,7 +175,7 @@ code-coverage-clean: + + code-coverage-dist-clean: + +-A][M_DISTCHECK_CONFIGURE_FLAGS = \$(A][M_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage ++A][M_DISTCHECK_CONFIGURE_FLAGS := \$(A][M_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage + else # ifneq (\$(abs_builddir), \$(abs_top_builddir)) + check-code-coverage: + +diff --git a/m4/ax_is_release.m4 b/m4/ax_is_release.m4 +index 9097ddb..3a62609 100644 +--- a/m4/ax_is_release.m4 ++++ b/m4/ax_is_release.m4 +@@ -19,7 +19,8 @@ + # The POLICY parameter specifies how ax_is_release is determined. It can + # take the following values: + # +-# * git-directory: ax_is_release will be 'no' if a '.git' directory exists ++# * git-directory: ax_is_release will be 'no' if a '.git' ++# directory or git worktree exists + # * minor-version: ax_is_release will be 'no' if the minor version number + # in $PACKAGE_VERSION is odd; this assumes + # $PACKAGE_VERSION follows the 'major.minor.micro' scheme +@@ -44,7 +45,7 @@ + # permitted in any medium without royalty provided the copyright notice + # and this notice are preserved. + +-#serial 7 ++#serial 8 + + AC_DEFUN([AX_IS_RELEASE],[ + AC_BEFORE([AC_INIT],[$0]) +@@ -52,7 +53,7 @@ AC_DEFUN([AX_IS_RELEASE],[ + m4_case([$1], + [git-directory],[ + # $is_release = (.git directory does not exist) +- AS_IF([test -d ${srcdir}/.git],[ax_is_release=no],[ax_is_release=yes]) ++ AS_IF([test -d ${srcdir}/.git || (test -f ${srcdir}/.git && grep \.git/worktrees ${srcdir}/.git)],[ax_is_release=no],[ax_is_release=yes]) + ], + [minor-version],[ + # $is_release = ($minor_version is even) +diff --git a/m4/libtool.m4 b/m4/libtool.m4 +index a6d21ae..c4c0294 100644 +--- a/m4/libtool.m4 ++++ b/m4/libtool.m4 +@@ -1071,11 +1071,11 @@ _LT_EOF + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in +- 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) ++ 10.0,*86*-darwin8*|10.0,*-darwin[[912]]*) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + 10.[[012]][[,.]]*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; +- 10.*) ++ 10.*|11.*) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + esac + ;; +diff --git a/m4/pkg.m4 b/m4/pkg.m4 +index 82bea96..13a8890 100644 +--- a/m4/pkg.m4 ++++ b/m4/pkg.m4 +@@ -1,6 +1,6 @@ +-dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +-dnl serial 11 (pkg-config-0.29.1) +-dnl ++# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- ++# serial 12 (pkg-config-0.29.2) ++ + dnl Copyright © 2004 Scott James Remnant . + dnl Copyright © 2012-2015 Dan Nicholson + dnl +@@ -41,7 +41,7 @@ dnl + dnl See the "Since" comment for each macro you use to see what version + dnl of the macros you require. + m4_defun([PKG_PREREQ], +-[m4_define([PKG_MACROS_VERSION], [0.29.1]) ++[m4_define([PKG_MACROS_VERSION], [0.29.2]) + m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, + [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) + ])dnl PKG_PREREQ +@@ -142,7 +142,7 @@ AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl + AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl + + pkg_failed=no +-AC_MSG_CHECKING([for $1]) ++AC_MSG_CHECKING([for $2]) + + _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) + _PKG_CONFIG([$1][_LIBS], [libs], [$2]) +@@ -152,11 +152,11 @@ and $1[]_LIBS to avoid the need to call pkg-config. + See the pkg-config man page for more details.]) + + if test $pkg_failed = yes; then +- AC_MSG_RESULT([no]) ++ AC_MSG_RESULT([no]) + _PKG_SHORT_ERRORS_SUPPORTED + if test $_pkg_short_errors_supported = yes; then + $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` +- else ++ else + $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` + fi + # Put the nasty error message in config.log where it belongs +@@ -173,7 +173,7 @@ installed software in a non-standard prefix. + _PKG_TEXT])[]dnl + ]) + elif test $pkg_failed = untried; then +- AC_MSG_RESULT([no]) ++ AC_MSG_RESULT([no]) + m4_default([$4], [AC_MSG_FAILURE( + [The pkg-config script could not be found or is too old. Make sure it + is in your PATH or set the PKG_CONFIG environment variable to the full +diff --git a/man/common/options.md b/man/common/options.md +index 5651317..8da93a4 100644 +--- a/man/common/options.md ++++ b/man/common/options.md +@@ -27,3 +27,8 @@ information that many users may expect. + Enable the application of errata fixups. Useful if an errata fixup needs to be + applied to commands sent to the TPM. Defining the environment + TPM2TOOLS\_ENABLE\_ERRATA is equivalent. ++ * **-R**, **\--autoflush**: ++ Enable autoflush for transient objects created by the command. If a parent ++ object is loaded from a context file also the transient parent object will ++ be flushed. Autoflush can also be activated if the environment variable ++ TPM2TOOLS\_AUTOFLUSH is is set to yes or true. +diff --git a/man/common/pcr.md b/man/common/pcr.md +index bc71178..30900df 100644 +--- a/man/common/pcr.md ++++ b/man/common/pcr.md +@@ -16,6 +16,15 @@ sha1:3,4+sha256:all + will select PCRs 3 and 4 from the SHA1 bank and PCRs 0 to 23 + from the SHA256 bank. + ++Certain commands support specifying forward sealing values as well: ++ ++``` ++sha1:0,1=da39a3ee5e6b4b0d3255bfef95601890afd80709,2 ++``` ++This will select the current values for PCRs 0 and 2, but use the specified ++value for PCR 1. Digest lengths must match the bank size. An optional 0x ++prefix will be stripped off. ++ + ## Note + PCR Selections allow for up to 5 hash to pcr selection mappings. + This is a limitation in design in the single call to the tpm to +diff --git a/man/man1/tpm2.1 b/man/man1/tpm2.1 +index d533f11..6191f16 100644 +--- a/man/man1/tpm2.1 ++++ b/man/man1/tpm2.1 +@@ -1,19 +1,19 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2\f[R](1) \- A single small executable that combines the various +-tpm2\-tools much like a BusyBox that provides a fairly complete ++\f[B]tpm2\f[R](1) - A single small executable that combines the various ++tpm2-tools much like a BusyBox that provides a fairly complete + environment for any small or embedded system. + .SH SYNOPSIS + .PP + \f[B]tpm2\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENTS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2\f[R](1) \- To ease installation of tpm2\-tools in initrd or +-embedded systems where size\-optimization and limited resources are ++\f[B]tpm2\f[R](1) - To ease installation of tpm2-tools in initrd or ++embedded systems where size-optimization and limited resources are + important, it is convenient to have a single executable that can + dispatch the various TPM2 functionalities specified by the argument + which is one of the available tool names. +@@ -22,7 +22,7 @@ The options and arguments that follow are either the \f[B]common + options\f[R] or those specific to the \f[B]tool name\f[R]. + .PP + It is important to note that individual tools with prefix +-\f[B]tpm2_\f[R] can still be invoked, however, they are now soft\-linked ++\f[B]tpm2_\f[R] can still be invoked, however, they are now soft-linked + to this \f[B]tpm2\f[R] executable. + And so unlike BusyBox, full functionality of the individual tools is + available in the executable. +@@ -237,14 +237,13 @@ Look at examples. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -252,21 +251,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -277,7 +282,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -286,16 +291,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -304,10 +309,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -317,14 +322,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -337,7 +342,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -346,7 +351,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -369,7 +374,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -378,7 +383,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -390,31 +395,31 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2 getrandom 8 | xxd \-p ++tpm2 getrandom 8 | xxd -p + \f[R] + .fi + .SS Send a TPM Startup Command with flags TPM2_SU_CLEAR + .IP + .nf + \f[C] +-tpm2 startup \-c ++tpm2 startup -c + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_activatecredential.1 b/man/man1/tpm2_activatecredential.1 +index b52d973..0bc57e3 100644 +--- a/man/man1/tpm2_activatecredential.1 ++++ b/man/man1/tpm2_activatecredential.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_activatecredential" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_activatecredential" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_activatecredential\f[R](1) \- Enables access to the credential ++\f[B]tpm2_activatecredential\f[R](1) - Enables access to the credential + qualifier to recover the credential secret. + .SH SYNOPSIS + .PP + \f[B]tpm2_activatecredential\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_activatecredential\f[R](1) \- Enables the association of a ++\f[B]tpm2_activatecredential\f[R](1) - Enables the association of a + credential with an object in a way that ensures that the TPM has + validated the parameters of the credentialed object. + In an attestation scheme , this guarantees the registrar that the +@@ -19,45 +19,45 @@ attestation key belongs to the TPM with a qualified parent key in the + TPM. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-credentialedkey\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--credentialedkey-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Object associated with the created certificate by CA. + .RE + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-credentialkey\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--credentialkey-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The loaded object used to decrypt the random seed. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-credentialedkey\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--credentialedkey-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-The auth value of the credentialed object specified with \f[B]\-c\f[R]. ++The auth value of the credentialed object specified with \f[B]-c\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-credentialkey\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--credentialkey-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-The auth value of the credential object specified with \f[B]\-C\f[R]. ++The auth value of the credential object specified with \f[B]-C\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-credential\-blob\f[R]=\f[I]FILE\f[R]: ++\f[B]-i\f[R], \f[B]--credential-blob\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The input file path containing the credential blob and secret created + with the \f[B]tpm2_makecredential\f[R](1) tool. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-certinfo\-data\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--certinfo-data\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The output file path to save the decrypted credential secret + information. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -66,14 +66,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash, unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -84,7 +84,7 @@ encryption/decryption of the parameters. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -133,11 +133,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -149,7 +149,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -158,17 +158,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -211,17 +211,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -239,14 +238,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -254,21 +252,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -279,7 +283,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -288,16 +292,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -306,10 +310,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -319,14 +323,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -339,7 +343,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -348,7 +352,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -371,7 +375,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -380,7 +384,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -393,23 +397,23 @@ the various known TCTI modules. + \f[C] + echo \[dq]12345678\[dq] > secret.data + +-tpm2_createek \-Q \-c 0x81010001 \-G rsa \-u ek.pub ++tpm2_createek -Q -c 0x81010001 -G rsa -u ek.pub + +-tpm2_createak \-C 0x81010001 \-c ak.ctx \-G rsa \-g sha256 \-s rsassa \-u ak.pub \[rs] +-\-n ak.name \-p akpass> ak.out ++tpm2_createak -C 0x81010001 -c ak.ctx -G rsa -g sha256 -s rsassa -u ak.pub \[rs] ++-n ak.name -p akpass> ak.out + +-file_size=\[ga]stat \-\-printf=\[dq]%s\[dq] ak.name\[ga] +-loaded_key_name=\[ga]cat ak.name | xxd \-p \-c $file_size\[ga] ++file_size=\[ga]stat --printf=\[dq]%s\[dq] ak.name\[ga] ++loaded_key_name=\[ga]cat ak.name | xxd -p -c $file_size\[ga] + +-tpm2_makecredential \-Q \-e ek.pub \-s secret.data \-n $loaded_key_name \[rs] +-\-o mkcred.out ++tpm2_makecredential -Q -e ek.pub -s secret.data -n $loaded_key_name \[rs] ++-o mkcred.out + +-tpm2_startauthsession \-\-policy\-session \-S session.ctx ++tpm2_startauthsession --policy-session -S session.ctx + +-tpm2_policysecret \-S session.ctx \-c e ++tpm2_policysecret -S session.ctx -c e + +-tpm2_activatecredential \-Q \-c ak.ctx \-C 0x81010001 \-i mkcred.out \[rs] +-\-o actcred.out \-p akpass \-P\[dq]session:session.ctx\[dq] ++tpm2_activatecredential -Q -c ak.ctx -C 0x81010001 -i mkcred.out \[rs] ++-o actcred.out -p akpass -P\[dq]session:session.ctx\[dq] + + tpm2_flushcontext session.ctx + \f[R] +@@ -418,17 +422,17 @@ tpm2_flushcontext session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_certify.1 b/man/man1/tpm2_certify.1 +index ac1ec76..87e5660 100644 +--- a/man/man1/tpm2_certify.1 ++++ b/man/man1/tpm2_certify.1 +@@ -1,19 +1,19 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_certify" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_certify" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_certify\f[R](1) \- Prove that an object is loaded in the TPM. ++\f[B]tpm2_certify\f[R](1) - Prove that an object is loaded in the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_certify\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_certify\f[R](1) \- Proves that an object with a specific ++\f[B]tpm2_certify\f[R](1) - Proves that an object with a specific + \f[I]NAME\f[R] is loaded in the TPM. + By certifying that the object is loaded, the TPM warrants that a public +-area with a given \f[I]NAME\f[R] is self\-consistent and associated with ++area with a given \f[I]NAME\f[R] is self-consistent and associated with + a valid sensitive area. + .PP + If a relying party has a public area that has the same \f[I]NAME\f[R] as +@@ -24,31 +24,31 @@ An object that only has its public area loaded cannot be certified. + .PP + These options control the certification: + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-certifiedkey\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--certifiedkey-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The object to be certified. + .RE + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-signingkey\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--signingkey-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The key used to sign the attestation structure. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-certifiedkey\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--certifiedkey-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-The authorization value provided for the object specified with \-c. ++The authorization value provided for the object specified with -c. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm to use in signature generation. + .RE + .IP \[bu] 2 +-\f[B]\-\-scheme\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]--scheme\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The signing scheme used to sign the message. +@@ -62,31 +62,31 @@ If left unspecified, a default signature scheme for the key type will be + used. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-signingkey\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--signingkey-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-The authorization value for the signing key specified with \-C. ++The authorization value for the signing key specified with -C. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-attestation\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--attestation\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Output file name for the attestation data. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-signature\f[R]=\f[I]FILE\f[R]: ++\f[B]-s\f[R], \f[B]--signature\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Output file name for the signature data. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Format selection for the signature output file. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -95,14 +95,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash, unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -113,7 +113,7 @@ encryption/decryption of the parameters. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -162,11 +162,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -178,7 +178,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -187,17 +187,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -240,17 +240,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -265,7 +264,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -274,7 +273,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -351,54 +350,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -412,7 +411,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -430,8 +429,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -448,10 +447,10 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH Signature Format Specifiers + .PP +@@ -466,14 +465,13 @@ signature \f[I]FORMAT\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -481,21 +479,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -506,7 +510,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -515,16 +519,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -533,10 +537,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -546,14 +550,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -566,7 +570,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -575,7 +579,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -598,7 +602,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -607,7 +611,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -620,31 +624,31 @@ Create a primary key and certify it with a signing key. + .IP + .nf + \f[C] +-tpm2_createprimary \-Q \-C e \-g sha256 \-G rsa \-c primary.ctx ++tpm2_createprimary -Q -C e -g sha256 -G rsa -c primary.ctx + +-tpm2_create \-Q \-g sha256 \-G rsa \-u certify.pub \-r certify.priv \-C primary.ctx ++tpm2_create -Q -g sha256 -G rsa -u certify.pub -r certify.priv -C primary.ctx + +-tpm2_load \-Q \-C primary.ctx \-u certify.pub \-r certify.priv \-n certify.name \[rs] +-\-c certify.ctx ++tpm2_load -Q -C primary.ctx -u certify.pub -r certify.priv -n certify.name \[rs] ++-c certify.ctx + +-tpm2_certify \-Q \-c primary.ctx \-C certify.ctx \-g sha256 \-o attest.out \-s sig.out ++tpm2_certify -Q -c primary.ctx -C certify.ctx -g sha256 -o attest.out -s sig.out + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_certifyX509certutil.1 b/man/man1/tpm2_certifyX509certutil.1 +index d2a3dc9..f9c521f 100644 +--- a/man/man1/tpm2_certifyX509certutil.1 ++++ b/man/man1/tpm2_certifyX509certutil.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_certifyX509certutil" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_certifyX509certutil" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_certifyX509certutil\f[R](1) \- Generate partial X509 ++\f[B]tpm2_certifyX509certutil\f[R](1) - Generate partial X509 + certificate. + .SH SYNOPSIS + .PP + \f[B]tpm2_certifyX509certutil\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_certifyX509certutil\f[R](1) \- Generates a partial certificate ++\f[B]tpm2_certifyX509certutil\f[R](1) - Generates a partial certificate + that is suitable as the third input parameter for TPM2_certifyX509 + command. + The certificate data is written into a file in DER format and can be +@@ -19,50 +19,50 @@ examined using openssl asn1parse tool as follows: + .IP + .nf + \f[C] +-openssl asn1parse \-in partial_cert.der \-inform DER ++openssl asn1parse -in partial_cert.der -inform DER + \f[R] + .fi + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-outcert\f[R]=\f[I]STRING\f[R]: The output file ++\f[B]-o\f[R], \f[B]--outcert\f[R]=\f[I]STRING\f[R]: The output file + where the certificate will be written to. + The default is partial_cert.der Optional parameter. + .IP \[bu] 2 +-\f[B]\-d\f[R], \f[B]\-\-days\f[R]=\f[I]NUMBER\f[R]: The number of days +-the certificate will be valid starting from today. ++\f[B]-d\f[R], \f[B]--days\f[R]=\f[I]NUMBER\f[R]: The number of days the ++certificate will be valid starting from today. + The default is 3560 (10 years) Optional parameter. + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-issuer\f[R]=\f[I]STRING\f[R]: The ISSUER entry +-for the cert in the following format: \[en]issuer=\[lq]C=US;O=org;OU=Org ++\f[B]-i\f[R], \f[B]--issuer\f[R]=\f[I]STRING\f[R]: The ISSUER entry for ++the cert in the following format: \[en]issuer=\[lq]C=US;O=org;OU=Org + unit;CN=cname\[rq] Supported fields are: + .RS 2 + .IP \[bu] 2 +-C \- \[lq]Country\[rq], max size = 2 ++C - \[lq]Country\[rq], max size = 2 + .IP \[bu] 2 +-O \- \[lq]Org\[rq], max size = 8 ++O - \[lq]Org\[rq], max size = 8 + .IP \[bu] 2 +-OU \- \[lq]Org Unit\[rq], max size = 8 ++OU - \[lq]Org Unit\[rq], max size = 8 + .IP \[bu] 2 +-CN \- \[lq]Common Name\[rq], max size = 8 The files need to be separated ++CN - \[lq]Common Name\[rq], max size = 8 The files need to be separated + with semicolon. + At list one supported field is required for the option to be valid. + Optional parameter. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-subject\f[R]=\f[I]STRING\f[R]: The SUBJECT for +-the cert in the following format: \[en]subject=\[lq]C=US;O=org;OU=Org ++\f[B]-s\f[R], \f[B]--subject\f[R]=\f[I]STRING\f[R]: The SUBJECT for the ++cert in the following format: \[en]subject=\[lq]C=US;O=org;OU=Org + unit;CN=cname\[rq] Supported fields are: + .RS 2 + .IP \[bu] 2 +-C \- \[lq]Country\[rq], max size = 2 ++C - \[lq]Country\[rq], max size = 2 + .IP \[bu] 2 +-O \- \[lq]Org\[rq], max size = 8 ++O - \[lq]Org\[rq], max size = 8 + .IP \[bu] 2 +-OU \- \[lq]Org Unit\[rq], max size = 8 ++OU - \[lq]Org Unit\[rq], max size = 8 + .IP \[bu] 2 +-CN \- \[lq]Common Name\[rq], max size = 8 The files need to be separated ++CN - \[lq]Common Name\[rq], max size = 8 The files need to be separated + with semicolon. + At list one supported field is required for the option to be valid. + Optional parameter. +@@ -75,14 +75,13 @@ Optional parameter. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -90,44 +89,50 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH EXAMPLES + .IP + .nf + \f[C] +-tpm2 certifyX509certutil \-o partial_cert.der \-d 356 ++tpm2 certifyX509certutil -o partial_cert.der -d 356 + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_certifycreation.1 b/man/man1/tpm2_certifycreation.1 +index 00893f8..6fc203a 100644 +--- a/man/man1/tpm2_certifycreation.1 ++++ b/man/man1/tpm2_certifycreation.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_certifycreation" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_certifycreation" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_certifycreation\f[R](1) \- Attest the association between a ++\f[B]tpm2_certifycreation\f[R](1) - Attest the association between a + loaded public area and the provided hash of the creation data. + .SH SYNOPSIS + .PP + \f[B]tpm2_certifycreation\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_certifycreation\f[R](1) \- Attest the association between a ++\f[B]tpm2_certifycreation\f[R](1) - Attest the association between a + loaded public area and the provided hash of the creation data. + The creation data and the creation ticket is produced when creating the + object. +@@ -19,58 +19,58 @@ The object itself is created with either \f[B]TPM2_CreatePrimary\f[R] or + \f[B]TPM2_Create\f[R] commands. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-signingkey\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--signingkey-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Context object pointing to the key used that signs the attestation. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-signingkey\-auth\f[R]_AUTH_: ++\f[B]-P\f[R], \f[B]--signingkey-auth\f[R]_AUTH_: + .RS 2 + .PP + Optional authorization value to use for the key specified by +-\f[B]\-C\f[R]. ++\f[B]-C\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-certifiedkey\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--certifiedkey-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Context object pointing to the key that has to be certified. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm used to digest the creation data. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-scheme\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-s\f[R], \f[B]--scheme\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The signing scheme used to sign the attestation data. + .RE + .IP \[bu] 2 +-\f[B]\-d\f[R], \f[B]\-\-creation\-hash\f[R]=\f[I]FILE\f[R] ++\f[B]-d\f[R], \f[B]--creation-hash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File containing the digest of the creation data. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-ticket\f[R]=\f[I]FILE\f[R]: ++\f[B]-t\f[R], \f[B]--ticket\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The ticket file to validate that the creation data was produced by the + TPM. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-signature\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--signature\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File containing the signature of the attestation data for the certified + key. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Output signature format selection. +@@ -83,7 +83,7 @@ The attestation data of the type TPM2_CREATION_INFO signed with signing + key. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-qualification\f[R]=\f[I]FILE_OR_HEX\f[R]: ++\f[B]-q\f[R], \f[B]--qualification\f[R]=\f[I]FILE_OR_HEX\f[R]: + .RS 2 + .PP + Optional, the policy qualifier data that the signer can choose to +@@ -91,7 +91,7 @@ include in the signature. + Can either be a path or hex string. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -100,14 +100,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash, unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -118,7 +118,7 @@ encryption/decryption of the parameters. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -167,11 +167,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -183,7 +183,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -192,17 +192,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -245,17 +245,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -270,7 +269,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -279,7 +278,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -356,54 +355,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -417,7 +416,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -435,8 +434,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -453,24 +452,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -478,21 +476,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -503,7 +507,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -512,16 +516,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -530,10 +534,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -543,14 +547,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -563,7 +567,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -572,7 +576,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -595,7 +599,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -604,7 +608,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -623,31 +627,31 @@ defined by the used cryptographic algorithm. + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-c prim.ctx \-\-creation\-data create.dat \[rs] +-\-d create.dig \-t create.ticket ++tpm2_createprimary -C o -c prim.ctx --creation-data create.dat \[rs] ++-d create.dig -t create.ticket + +-tpm2_create \-G rsa \-u rsa.pub \-r rsa.priv \-C prim.ctx \-c signing_key.ctx ++tpm2_create -G rsa -u rsa.pub -r rsa.priv -C prim.ctx -c signing_key.ctx + +-tpm2_certifycreation \-C signing_key.ctx \-c prim.ctx \-d create.dig \[rs] +-\-t create.ticket \-g sha256 \-o sig.nature \-\-attestation attestat.ion \-f plain \[rs] +-\-s rsassa ++tpm2_certifycreation -C signing_key.ctx -c prim.ctx -d create.dig \[rs] ++-t create.ticket -g sha256 -o sig.nature --attestation attestat.ion -f plain \[rs] ++-s rsassa + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_changeauth.1 b/man/man1/tpm2_changeauth.1 +index e3f2ed8..82bd1a4 100644 +--- a/man/man1/tpm2_changeauth.1 ++++ b/man/man1/tpm2_changeauth.1 +@@ -1,20 +1,20 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_changeauth" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_changeauth" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_changeauth\f[R] \- Changes authorization values for TPM ++\f[B]tpm2_changeauth\f[R] - Changes authorization values for TPM + objects. + .SH SYNOPSIS + .PP + \f[B]tpm2_changeauth\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_changeauth\f[R] \- Configures authorization values for the ++\f[B]tpm2_changeauth\f[R] - Configures authorization values for the + various hierarchies, NV indices, transient and persistent objects. + .PP +-Note: For non\-permanent objects (Transient objects and Persistent ++Note: For non-permanent objects (Transient objects and Persistent + objects), copies of the private information (files or persistent + handles) created prior to changing auth are not invalidated. + .SH OPTIONS +@@ -22,20 +22,20 @@ handles) created prior to changing auth are not invalidated. + Passwords should follow the \[lq]password authorization formatting + standards\[rq], see section \[lq]Authorization Formatting\[rq]. + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-object\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--object-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The key context object to be used for the operation. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-object\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--object-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The old authorization value for the TPM object specified with +-\f[B]\-c\f[R]. ++\f[B]-c\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-parent\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--parent-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The parent object. +@@ -43,25 +43,25 @@ This is required if the object for the operation is a transient or + persistent object. + .RE + .IP \[bu] 2 +-\f[B]\-r\f[R], \f[B]\-\-private\f[R]=\f[I]FILE\f[R]: The output file +-which contains the new sensitive portion of the object whose auth was +-being changed. ++\f[B]-r\f[R], \f[B]--private\f[R]=\f[I]FILE\f[R]: The output file which ++contains the new sensitive portion of the object whose auth was being ++changed. + # Protection Details + .PP + Objects that can move outside of TPM need to be protected + (confidentiality and integrity). + For instance, transient objects require that TPM protected data (key or + seal material) be stored outside of the TPM. +-This is seen in tools like tpm2_create(1), where the \f[B]\-r\f[R] +-option outputs this protected data. ++This is seen in tools like tpm2_create(1), where the \f[B]-r\f[R] option ++outputs this protected data. + This blob contains the sensitive portions of the object. + The sensitive portions of the object are protected by the parent object, + using the parent\[cq]s symmetric encryption details to encrypt the + sensitive data and HMAC it. + .PP +-In\-depth details can be found in sections 23 of: ++In-depth details can be found in sections 23 of: + .IP \[bu] 2 +-https://trustedcomputinggroup.org/wp\-content/uploads/TPM\-Rev\-2.0\-Part\-1\-Architecture\-01.38.pdf ++https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf + .PP + Notably Figure 20, is relevant, even though it\[cq]s specifically + referring to duplication blobs, the process is identical. +@@ -69,7 +69,7 @@ referring to duplication blobs, the process is identical. + If the output is from tpm2_duplicate(1), the output will be slightly + different, as described fully in section 23. + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -78,14 +78,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash, unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -94,12 +94,12 @@ encryption/decryption of the parameters. + .RE + .IP \[bu] 2 + \f[B]ARGUMENT\f[R] the command line argument specifies the +-\f[I]AUTH\f[R] to be set for the object specified with \f[B]\-c\f[R]. ++\f[I]AUTH\f[R] to be set for the object specified with \f[B]-c\f[R]. + .SS References + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -148,11 +148,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -164,7 +164,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -173,17 +173,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -226,17 +226,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -254,14 +253,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -269,21 +267,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -294,7 +298,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -303,16 +307,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -321,10 +325,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -334,14 +338,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -354,7 +358,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -363,7 +367,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -386,7 +390,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -395,7 +399,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -407,38 +411,38 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_changeauth \-c owner newpass +-tpm2_changeauth \-c endorsement newpass +-tpm2_changeauth \-c lockout newpass ++tpm2_changeauth -c owner newpass ++tpm2_changeauth -c endorsement newpass ++tpm2_changeauth -c lockout newpass + \f[R] + .fi + .SS Change owner, endorsement and lockout authorizations + .IP + .nf + \f[C] +-tpm2_changeauth \-c o \-p newpass newerpass +-tpm2_changeauth \-c e \-p newpass newerpass +-tpm2_changeauth \-c l \-p newpass newerpass ++tpm2_changeauth -c o -p newpass newerpass ++tpm2_changeauth -c e -p newpass newerpass ++tpm2_changeauth -c l -p newpass newerpass + \f[R] + .fi + .SS Set owner authorization to empty password + .IP + .nf + \f[C] +-tpm2_changeauth \-c o \-p oldpass ++tpm2_changeauth -c o -p oldpass + \f[R] + .fi + .SS Modify authorization for a loadable transient object + .IP + .nf + \f[C] +-tpm2_createprimary \-Q \-C o \-c prim.ctx ++tpm2_createprimary -Q -C o -c prim.ctx + +-tpm2_create \-Q \-g sha256 \-G aes \-u key.pub \-r key.priv \-C prim.ctx ++tpm2_create -Q -g sha256 -G aes -u key.pub -r key.priv -C prim.ctx + +-tpm2_load \-C prim.ctx \-u key.pub \-r key.priv \-n key.name \-c key.ctx ++tpm2_load -C prim.ctx -u key.pub -r key.priv -n key.name -c key.ctx + +-tpm2_changeauth \-c key.ctx \-C prim.ctx \-r key.priv newkeyauth ++tpm2_changeauth -c key.ctx -C prim.ctx -r key.priv newkeyauth + \f[R] + .fi + .SS Modify authorization for a NV Index +@@ -447,35 +451,35 @@ Requires Extended Session Support. + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx ++tpm2_startauthsession -S session.ctx + +-tpm2_policycommandcode \-S session.ctx \-L policy.nvchange TPM2_CC_NV_ChangeAuth ++tpm2_policycommandcode -S session.ctx -L policy.nvchange TPM2_CC_NV_ChangeAuth + tpm2_flushcontext session.ctx + + NVIndex=0x1500015 +-tpm2_nvdefine $NVIndex \-C o \-s 32 \-a \[dq]authread|authwrite\[dq] \-L policy.nvchange +-tpm2_startauthsession \[rs]\-\-policy\-session \-S session.ctx ++tpm2_nvdefine $NVIndex -C o -s 32 -a \[dq]authread|authwrite\[dq] -L policy.nvchange ++tpm2_startauthsession \[rs]--policy-session -S session.ctx + +-tpm2_policycommandcode \-S session.ctx \-L policy.nvchange TPM2_CC_NV_ChangeAuth ++tpm2_policycommandcode -S session.ctx -L policy.nvchange TPM2_CC_NV_ChangeAuth + +-tpm2_changeauth \-p session:session.ctx \-c $NVIndex newindexauth ++tpm2_changeauth -p session:session.ctx -c $NVIndex newindexauth + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_changeeps.1 b/man/man1/tpm2_changeeps.1 +index 7ccf495..b71bfd8 100644 +--- a/man/man1/tpm2_changeeps.1 ++++ b/man/man1/tpm2_changeeps.1 +@@ -1,31 +1,31 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_changeeps" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_changeeps" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_changeeps\f[R](1) \- Replaces the active endorsement primary ++\f[B]tpm2_changeeps\f[R](1) - Replaces the active endorsement primary + seed with a new one generated off the TPM2 RNG. + .SH SYNOPSIS + .PP + \f[B]tpm2_changeeps\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_changeeps\f[R](1) \- Replaces the active endorsement primary ++\f[B]tpm2_changeeps\f[R](1) - Replaces the active endorsement primary + seed with a new one generated off the TPM2 RNG. + The Transient and Persistent objects under the endorsement hierarchy are + lost. + This command requires platform auth. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R] ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R] + .RS 2 + .PP + Specifies the \f[I]AUTH\f[R] for the platform. + hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -34,14 +34,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash, unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -79,11 +79,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -95,7 +95,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -104,17 +104,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -157,17 +157,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -189,7 +188,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -198,16 +197,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -216,10 +215,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -229,14 +228,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -249,7 +248,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -258,7 +257,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -281,7 +280,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -290,7 +289,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -309,17 +308,17 @@ tpm2_changeeps + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -328,7 +327,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_changepps.1 b/man/man1/tpm2_changepps.1 +index 5a92899..3ea6738 100644 +--- a/man/man1/tpm2_changepps.1 ++++ b/man/man1/tpm2_changepps.1 +@@ -1,27 +1,27 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_changepps" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_changepps" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_changepps\f[R](1) \- Replaces the active platform primary seed ++\f[B]tpm2_changepps\f[R](1) - Replaces the active platform primary seed + with a new one generated off the TPM2 RNG. + .SH SYNOPSIS + .PP + \f[B]tpm2_changepps\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_changepps\f[R](1) \- Replaces the active platform primary seed ++\f[B]tpm2_changepps\f[R](1) - Replaces the active platform primary seed + with a new one generated off the TPM2 RNG. + The Transient and Persistent objects under the platform hierarchy are + lost whilst retaining the NV objects. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R] specifies the \f[I]AUTH\f[R] for the ++\f[B]-p\f[R], \f[B]--auth\f[R] specifies the \f[I]AUTH\f[R] for the + platform. + hierarchy. + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -30,14 +30,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash, unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -75,11 +75,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -91,7 +91,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -100,17 +100,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -153,17 +153,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -185,7 +184,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -194,16 +193,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -212,10 +211,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -225,14 +224,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -245,7 +244,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -254,7 +253,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -277,7 +276,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -286,7 +285,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -305,17 +304,17 @@ tpm2_changepps + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -324,7 +323,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_checkquote.1 b/man/man1/tpm2_checkquote.1 +index 244bd2c..b0e599f 100644 +--- a/man/man1/tpm2_checkquote.1 ++++ b/man/man1/tpm2_checkquote.1 +@@ -1,16 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_checkquote" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_checkquote" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_checkquote\f[R](1) \- Validates a quote provided by a TPM. ++\f[B]tpm2_checkquote\f[R](1) - Validates a quote provided by a TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_checkquote\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_checkquote\f[R](1) \- Uses the public portion of the provided ++\f[B]tpm2_checkquote\f[R](1) - Uses the public portion of the provided + key to validate a quote generated by a TPM. + This will validate the signature against the quote message and, if + provided, verify that the qualifying data and PCR values match those in +@@ -20,49 +20,49 @@ information. + An example of PCR values without the PCR selection information is the + output from \f[B]tpm2_pcrread\f[R]. + If PCR value is specified without the PCR selection information, then +-the PCR selection string must be specified using the \f[B]\-l\f[R] +-option to interpret the PCR data. ++the PCR selection string must be specified using the \f[B]-l\f[R] option ++to interpret the PCR data. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File input for the public portion of the signature verification key. + Either the \f[I]pem\f[R] file or \f[I]tss\f[R] public format file. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm used to digest the message. + .RE + .IP \[bu] 2 +-\f[B]\-m\f[R], \f[B]\-\-message\f[R]=\f[I]FILE\f[R]: ++\f[B]-m\f[R], \f[B]--message\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The quote message that makes up the data that is signed by the TPM. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-signature\f[R]=\f[I]FILE\f[R]: ++\f[B]-s\f[R], \f[B]--signature\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The input signature file of the signature to be validated. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-pcr\f[R]=\f[I]FILE\f[R]: ++\f[B]-f\f[R], \f[B]--pcr\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Optional PCR input file to save the list of PCR values that were + included in the quote. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-pcr\-list\f[R]=\f[I]PCR\f[R]: ++\f[B]-l\f[R], \f[B]--pcr-list\f[R]=\f[I]PCR\f[R]: + .RS 2 + .PP + The list of PCR banks and selected PCRs\[cq] ids for each bank. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-qualification\f[R]=\f[I]HEX_STRING_OR_PATH\f[R]: ++\f[B]-q\f[R], \f[B]--qualification\f[R]=\f[I]HEX_STRING_OR_PATH\f[R]: + .RS 2 + .PP + Qualification data for the quote. +@@ -70,7 +70,7 @@ Can either be a hex string or path. + This is typically used to add a nonce against replay attacks. + .RE + .IP \[bu] 2 +-\f[B]\-F\f[R], \f[B]\-\-format\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-F\f[R], \f[B]--format\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + \f[B]DEPRECATED\f[R] and \f[B]IGNORED \f[R] as it\[cq]s superfluous. +@@ -78,7 +78,7 @@ This is typically used to add a nonce against replay attacks. + .SS References + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -87,7 +87,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -164,54 +164,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -225,7 +225,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -243,8 +243,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -261,10 +261,10 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH Signature Format Specifiers + .PP +@@ -279,14 +279,13 @@ signature \f[I]FORMAT\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -294,21 +293,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -319,7 +324,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -328,16 +333,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -346,10 +351,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -359,14 +364,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -379,7 +384,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -388,7 +393,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -411,7 +416,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -420,7 +425,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -432,33 +437,33 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createek \-c 0x81010001 \-G rsa \-u ekpub.pem \-f pem ++tpm2_createek -c 0x81010001 -G rsa -u ekpub.pem -f pem + +-tpm2_createak \-C 0x81010001 \-c ak.ctx \-G rsa \-s rsassa \-g sha256 \[rs] +-\-u akpub.pem \-f pem \-n ak.name ++tpm2_createak -C 0x81010001 -c ak.ctx -G rsa -s rsassa -g sha256 \[rs] ++-u akpub.pem -f pem -n ak.name + +-tpm2_quote \-c ak.ctx \-l sha256:15,16,22 \-q abc123 \-m quote.msg \-s quote.sig \[rs] +- \-o quote.pcrs \-g sha256 ++tpm2_quote -c ak.ctx -l sha256:15,16,22 -q abc123 -m quote.msg -s quote.sig \[rs] ++ -o quote.pcrs -g sha256 + +-tpm2_checkquote \-u akpub.pem \-m quote.msg \-s quote.sig \-f quote.pcrs \-g sha256 \[rs] +- \-q abc123 ++tpm2_checkquote -u akpub.pem -m quote.msg -s quote.sig -f quote.pcrs -g sha256 \[rs] ++ -q abc123 + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_clear.1 b/man/man1/tpm2_clear.1 +index 77841a5..475742d 100644 +--- a/man/man1/tpm2_clear.1 ++++ b/man/man1/tpm2_clear.1 +@@ -1,26 +1,36 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_clear" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_clear" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_clear\f[R](1) \- Clears lockout, endorsement and owner +-hierarchy authorization values. ++\f[B]tpm2_clear\f[R](1) - Clears lockout, endorsement and owner ++hierarchy authorization values and other TPM data. + .SH SYNOPSIS + .PP + \f[B]tpm2_clear\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_clear\f[R](1) \- Send a clear command to the TPM to clear the +-3 hierarchy authorization values. ++\f[B]tpm2_clear\f[R](1) - Send a clear command to the TPM to clear the 3 ++hierarchy authorization values. + As an argument takes the auth value for either platform or lockout +-hierarchy ++hierarchy. ++Details of the changes performed to the TPM can be found in Part 3, ++\[lq]Commands\[rq], section of the TPM Library spec located at the URL ++below. ++- https://trustedcomputinggroup.org/resource/tpm-library-specification ++.PP ++Please look for the version coresponding to your TPM support ++specification version and the TPM2_Clear command. ++The TPM\[cq]s supported spec version can be found by issuing a ++\f[C]tpm2_getcap properties-fixed\f[R] in the \f[C]TPM_PT_REVISION\f[R] ++property. + .PP + \f[B]NOTE\f[R]: All objects created under the respective hierarchies are + lost. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-auth\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--auth-hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Specifies the hierarchy the tools should operate on. +@@ -30,7 +40,7 @@ By default it operates on the lockout hierarchy. + authentication.\f[R] + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -40,12 +50,12 @@ the command, it simply returns a cpHash. + .RE + .IP \[bu] 2 + \f[B]ARGUMENT\f[R] the command line argument specifies the +-\f[I]AUTH\f[R] to be set for the object specified with \f[B]\-c\f[R]. ++\f[I]AUTH\f[R] to be set for the object specified with \f[B]-c\f[R]. + .SS References + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -94,11 +104,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -110,7 +120,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -119,17 +129,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -172,17 +182,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -200,14 +209,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -215,21 +223,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -240,7 +254,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -249,16 +263,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -267,10 +281,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -280,14 +294,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -300,7 +314,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -309,7 +323,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -332,7 +346,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -341,7 +355,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -360,24 +374,24 @@ tpm2_clear lockoutpasswd + .IP + .nf + \f[C] +-tpm2_clear \-c p ++tpm2_clear -c p + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_clearcontrol.1 b/man/man1/tpm2_clearcontrol.1 +index 92a3541..3d06caf 100644 +--- a/man/man1/tpm2_clearcontrol.1 ++++ b/man/man1/tpm2_clearcontrol.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_clearcontrol" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_clearcontrol" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_clearcontrol\f[R](1) \- Set/ Clear TPMA_PERMANENT.disableClear ++\f[B]tpm2_clearcontrol\f[R](1) - Set/ Clear TPMA_PERMANENT.disableClear + attribute to effectively block/ unblock lockout authorization handle for + issuing TPM clear. + .SH SYNOPSIS +@@ -12,7 +12,7 @@ issuing TPM clear. + \f[B]tpm2_clearcontrol\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_clearcontrol\f[R](1) \- Allows user with knowledge of either ++\f[B]tpm2_clearcontrol\f[R](1) - Allows user with knowledge of either + lockout auth and or platform hierarchy auth to set disableClear which + prevents the lockout authorization\[cq]s capability to execute + tpm2_clear. +@@ -24,7 +24,7 @@ Note: Platform hierarchy auth handle can always be used to clear the TPM + with tpm2_clear command. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Specifies what auth handle, either platform hierarchy or lockout the +@@ -36,15 +36,15 @@ Specify the handle as p|l|platform|lockout. + authentication.\f[R] + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-The authorization value of the hierarchy specified with \f[B]\-C\f[R]. ++The authorization value of the hierarchy specified with \f[B]-C\f[R]. + This tool only respects the \f[I]Password\f[R] and \f[I]HMAC\f[R] + options. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -59,7 +59,7 @@ set the disableClear attribute. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -108,11 +108,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -124,7 +124,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -133,17 +133,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -186,17 +186,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -214,14 +213,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -229,21 +227,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -254,7 +258,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -263,16 +267,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -281,10 +285,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -294,14 +298,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -314,7 +318,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -323,7 +327,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -346,7 +350,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -355,7 +359,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -367,31 +371,31 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_clearcontrol \-C l s ++tpm2_clearcontrol -C l s + \f[R] + .fi + .SS Clear the disableClear to unblock lockout authorization for TPM clear + .IP + .nf + \f[C] +-tpm2_clearcontrol \-C p c ++tpm2_clearcontrol -C p c + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_clockrateadjust.1 b/man/man1/tpm2_clockrateadjust.1 +index 5e6343c..a60de70 100644 +--- a/man/man1/tpm2_clockrateadjust.1 ++++ b/man/man1/tpm2_clockrateadjust.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_clockrateadjust" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_clockrateadjust" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_clockrateadjust\f[R](1) \- Sets the clock rate period on the ++\f[B]tpm2_clockrateadjust\f[R](1) - Sets the clock rate period on the + TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_clockrateadjust\f[R] [\f[I]OPTIONS\f[R]] \f[B]ADJUSTER\f[R] + .SH DESCRIPTION + .PP +-\f[B]tpm2_clockrateadjust\f[R](1) \- Adjusts the rate at which clock and ++\f[B]tpm2_clockrateadjust\f[R](1) - Adjusts the rate at which clock and + time are updated on the TPM so one can better match real time. + With no argument, the command is invoked but the clock rate is not + altered. +@@ -22,34 +22,34 @@ To specify this, the argument can be a string of 1 to 3 characters of + \f[I]all\f[R] `s' or `f'. + .SS Valid Adjuster Arguments + .IP \[bu] 2 +-s \- slows down the clock period one fine increment. ++s - slows down the clock period one fine increment. + .IP \[bu] 2 +-ss \- slows down the clock period one medium increment. ++ss - slows down the clock period one medium increment. + .IP \[bu] 2 +-sss \- slows down the clock period one course increment. ++sss - slows down the clock period one course increment. + .IP \[bu] 2 +-f \- speeds up the clock period one fine increment. ++f - speeds up the clock period one fine increment. + .IP \[bu] 2 +-ff \- speeds up the clock period one medium increment. ++ff - speeds up the clock period one medium increment. + .IP \[bu] 2 +-fff \- speeds up the clock period one course increment. ++fff - speeds up the clock period one course increment. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The hierarchy to use for authorization, either platform or owner. + Defaults to the owner hierarchy if not specified. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy specified by option +-\f[B]\-c\f[R]. ++\f[B]-c\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -61,7 +61,7 @@ the command, it simply returns a cpHash. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -110,11 +110,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -126,7 +126,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -135,17 +135,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -188,17 +188,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -216,14 +215,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -231,21 +229,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -256,7 +260,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -265,16 +269,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -283,10 +287,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -296,14 +300,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -316,7 +320,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -325,7 +329,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -348,7 +352,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -357,7 +361,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -371,7 +375,7 @@ Slow the clock one medium increment using the owner password. + .IP + .nf + \f[C] +-tpm2_clockrateadjust \-p ownerpw ss ++tpm2_clockrateadjust -p ownerpw ss + \f[R] + .fi + .PP +@@ -379,24 +383,24 @@ Speed up the clock one course increment using the platform password. + .IP + .nf + \f[C] +-tpm2_clockrateadjust \-c p \-p platformpw fff ++tpm2_clockrateadjust -c p -p platformpw fff + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_commit.1 b/man/man1/tpm2_commit.1 +index 1881410..f7d63b3 100644 +--- a/man/man1/tpm2_commit.1 ++++ b/man/man1/tpm2_commit.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_commit" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_commit" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_commit\f[R](1) \- Performs the first part of an ECC anonymous ++\f[B]tpm2_commit\f[R](1) - Performs the first part of an ECC anonymous + signing operation. + .SH SYNOPSIS + .PP + \f[B]tpm2_commit\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_commit\f[R](1) \- Performs the first part of an ECC anonymous ++\f[B]tpm2_commit\f[R](1) - Performs the first part of an ECC anonymous + signing operation. + The TPM will perform the point multiplications on the provided points + and return intermediate signing values. +@@ -27,50 +27,49 @@ TPM_ALG_ECDAA is the only supported anonymous scheme. + Specify the input data used to derive the x coordinate of the basepoint. + .RE + .IP \[bu] 2 +-\f[B]\-\-basepoint\-y\f[R]=\f[I]FILE\f[R]: ++\f[B]--basepoint-y\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specify the y coordinate of the basepoint. + .RE + .IP \[bu] 2 +-\f[B]\-\-eccpoint\-P\f[R]=\f[I]FILE\f[R]: ++\f[B]--eccpoint-P\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specify a point on the curve used by sign handle. + .RE + .IP \[bu] 2 +-\f[B]\-\-eccpoint\-K\f[R]=\f[I]FILE\f[R]: ++\f[B]--eccpoint-K\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Output ECC point K \[u2254] [ds](x2, y2). + .RE + .IP \[bu] 2 +-\f[B]\-\-eccpoint\-L\f[R]=\f[I]FILE\f[R]: ++\f[B]--eccpoint-L\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Output ECC point L \[u2254] [r](x2, y2). + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Output ECC point E \[u2254] [r]P1. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-counter\f[R]=\f[I]FILE\f[R] ++\f[B]-t\f[R], \f[B]--counter\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP +-Specify file path to save the least\-significant 16 bits of commit +-count. ++Specify file path to save the least-significant 16 bits of commit count. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for the created object. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-context\f[R]=\f[I]FILE\f[R]: ++\f[B]-c\f[R], \f[B]--context\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Context object pointing to the the key used for signing. +@@ -78,7 +77,7 @@ Either a file or a handle number. + See section \[lq]Context Object Format\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -89,7 +88,7 @@ the command, it simply returns a cpHash. + .SS References + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -98,7 +97,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -175,54 +174,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -236,7 +235,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -254,8 +253,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -272,24 +271,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -297,21 +295,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -322,7 +326,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -331,16 +335,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -349,10 +353,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -362,14 +366,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -382,7 +386,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -391,7 +395,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -414,7 +418,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -423,7 +427,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -434,29 +438,29 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-c prim.ctx \-Q ++tpm2_createprimary -C o -c prim.ctx -Q + +-tpm2_create \-C prim.ctx \-c key.ctx \-u key.pub \-r key.priv \-G ecc256:ecdaa ++tpm2_create -C prim.ctx -c key.ctx -u key.pub -r key.priv -G ecc256:ecdaa + +-tpm2_commit \-c key.ctx \-t count.er \[rs] +-\-\-eccpoint\-K K.bin \-\-eccpoint\-L L.bin \-u E.bin ++tpm2_commit -c key.ctx -t count.er \[rs] ++--eccpoint-K K.bin --eccpoint-L L.bin -u E.bin + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_create.1 b/man/man1/tpm2_create.1 +index a6f8cd6..e15d282 100644 +--- a/man/man1/tpm2_create.1 ++++ b/man/man1/tpm2_create.1 +@@ -1,59 +1,59 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_create" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_create" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_create\f[R](1) \- Create a child object. ++\f[B]tpm2_create\f[R](1) - Create a child object. + .SH SYNOPSIS + .PP + \f[B]tpm2_create\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_create\f[R](1) \- Create a child object. ++\f[B]tpm2_create\f[R](1) - Create a child object. + The object can either be a key or a sealing object. + A sealing object allows to seal user data to the TPM, with a maximum + size of 128 bytes. +-Additionally it will load the created object if the \f[B]\-c\f[R] is ++Additionally it will load the created object if the \f[B]-c\f[R] is + specified. + .SH OPTIONS + .PP + These options for creating the TPM entity: + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-parent\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--parent-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The parent of the object to be created. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-parent\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--parent-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value of the parent object specified with +-\f[B]\-C\f[R]. ++\f[B]-C\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-key\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--key-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for the created object. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm for generating the objects name. + This is optional and defaults to sha256 when not specified. + .RE + .IP \[bu] 2 +-\f[B]\-G\f[R], \f[B]\-\-key\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-G\f[R], \f[B]--key-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The key algorithm associated with this object. + It defaults to \[lq]rsa\[rq] if not specified. + .RE + .IP \[bu] 2 +-\f[B]\-a\f[R], \f[B]\-\-attributes\f[R]=\f[I]ATTRIBUTES\f[R]: ++\f[B]-a\f[R], \f[B]--attributes\f[R]=\f[I]ATTRIBUTES\f[R]: + .RS 2 + .PP + The object attributes, optional. +@@ -61,7 +61,7 @@ The default for created objects is: + .PP + \f[C]TPMA_OBJECT_SIGN_ENCRYPT|TPMA_OBJECT_DECRYPT|TPMA_OBJECT_FIXEDTPM| TPMA_OBJECT_FIXEDPARENT|TPMA_OBJECT_SENSITIVEDATAORIGIN| TPMA_OBJECT_USERWITHAUTH\f[R] + .PP +-When \f[B]\-i\f[R] is specified for sealing, ++When \f[B]-i\f[R] is specified for sealing, + \f[C]TPMA_OBJECT_SIGN_ENCRYPT\f[R] and \f[C]TPMA_OBJECT_DECRYPT\f[R] are + removed from the default attribute set. + The algorithm is set in a way where the the object is only good for +@@ -69,41 +69,40 @@ sealing and unsealing. + I.e. + one cannot use an object for sealing and cryptography operations. + .PP +-When \f[B]\-L\f[R] is specified for adding policy based authorization ++When \f[B]-L\f[R] is specified for adding policy based authorization + information AND no string password is specified, the attribute + \f[C]TPMA_OBJECT_USERWITHAUTH\f[R] is cleared unless an explicit choice +-is made by setting of the attribute with \f[B]\-a\f[R] option. ++is made by setting of the attribute with \f[B]-a\f[R] option. + This prevents creation of objects with inadvertent auth model where in + user intended to enforce a policy but inadvertently created an object + with empty auth which can be used instead of policy authorization. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-sealing\-input\f[R]=\f[I]FILE\f[R] or ++\f[B]-i\f[R], \f[B]--sealing-input\f[R]=\f[I]FILE\f[R] or + \f[I]STDIN\f[R]: + .RS 2 + .PP + The data file to be sealed, optional. +-If file is \-, read from stdin. ++If file is -, read from stdin. + When sealing data only the \f[I]TPM_ALG_KEYEDHASH\f[R] algorithm with a + NULL scheme is allowed. +-Thus, \f[B]\-G\f[R] cannot be specified. ++Thus, \f[B]-G\f[R] cannot be specified. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R] or +-\f[I]HEX_STRING\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R] or \f[I]HEX_STRING\f[R]: + .RS 2 + .PP + The input policy file or a hex string, optional. + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The output file which contains the public portion of the created object, + optional. + .RE + .IP \[bu] 2 +-\f[B]\-r\f[R], \f[B]\-\-private\f[R]=\f[I]FILE\f[R]: ++\f[B]-r\f[R], \f[B]--private\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The output file which contains the sensitive portion of the object, +@@ -115,16 +114,16 @@ Objects that can move outside of TPM need to be protected + (confidentiality and integrity). + For instance, transient objects require that TPM protected data (key or + seal material) be stored outside of the TPM. +-This is seen in tools like tpm2_create(1), where the \f[B]\-r\f[R] +-option outputs this protected data. ++This is seen in tools like tpm2_create(1), where the \f[B]-r\f[R] option ++outputs this protected data. + This blob contains the sensitive portions of the object. + The sensitive portions of the object are protected by the parent object, + using the parent\[cq]s symmetric encryption details to encrypt the + sensitive data and HMAC it. + .PP +-In\-depth details can be found in sections 23 of: ++In-depth details can be found in sections 23 of: + .IP \[bu] 2 +-https://trustedcomputinggroup.org/wp\-content/uploads/TPM\-Rev\-2.0\-Part\-1\-Architecture\-01.38.pdf ++https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf + .PP + Notably Figure 20, is relevant, even though it\[cq]s specifically + referring to duplication blobs, the process is identical. +@@ -132,7 +131,7 @@ referring to duplication blobs, the process is identical. + If the output is from tpm2_duplicate(1), the output will be slightly + different, as described fully in section 23. + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]FILE\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The output file which contains the key context, optional. +@@ -144,31 +143,31 @@ This option can be used to avoid the normal \f[B]tpm2_create\f[R](1) and + atomically. + .RE + .IP \[bu] 2 +-\f[B]\-\-creation\-data\f[R]=\f[I]FILE\f[R]: ++\f[B]--creation-data\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + An optional file output that saves the creation data for certification. + .IP \[bu] 2 +-\f[B]\-\-template\-data\f[R]=\f[I]FILE\f[R]: ++\f[B]--template-data\f[R]=\f[I]FILE\f[R]: + .PP + An optional file output that saves the key template data (TPM2B_PUBLIC) + to be used in \f[B]tpm2_policytemplate\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-creation\-ticket\f[R]=\f[I]FILE\f[R]: ++\f[B]-t\f[R], \f[B]--creation-ticket\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + An optional file output that saves the creation ticket for + certification. + .RE + .IP \[bu] 2 +-\f[B]\-d\f[R], \f[B]\-\-creation\-hash\f[R]=\f[I]FILE\f[R]: ++\f[B]-d\f[R], \f[B]--creation-hash\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + An optional file output that saves the creation hash for certification. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-outside\-info\f[R]=\f[I]HEX_STR_OR_FILE\f[R]: ++\f[B]-q\f[R], \f[B]--outside-info\f[R]=\f[I]HEX_STR_OR_FILE\f[R]: + .RS 2 + .PP + An optional hex string or path to add unique data to the creation data. +@@ -176,14 +175,14 @@ Note that it does not contribute in creating statistically unique + object. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-pcr\-list\f[R]=\f[I]PCR\f[R]: ++\f[B]-l\f[R], \f[B]--pcr-list\f[R]=\f[I]PCR\f[R]: + .RS 2 + .PP + The list of PCR banks and selected PCRs\[cq] ids for each bank to be + included in the creation data for certification. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -192,13 +191,13 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -207,7 +206,7 @@ For example, you can have one session for auditing and another for + encryption/decryption of the parameters. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]: + .RS 2 + .PP + Format selection for the public key output file. +@@ -221,7 +220,7 @@ TPM 2.0 specs. + Public key format. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The output file path, recording the public portion of the object. +@@ -231,7 +230,7 @@ The output file path, recording the public portion of the object. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -280,11 +279,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -296,7 +295,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -305,17 +304,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -358,17 +357,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -383,7 +381,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -392,7 +390,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -469,54 +467,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -530,7 +528,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -548,8 +546,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -566,17 +564,17 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH Object Attributes + .PP + Object Attributes are used to control various properties of created + objects. + When specified as an option, either the raw bitfield mask or +-\[lq]nice\-names\[rq] may be used. ++\[lq]nice-names\[rq] may be used. + The values can be found in Table 31 Part 2 of the TPM2.0 specification, + which can be found here: + .PP +@@ -598,14 +596,13 @@ argument would be: + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -613,21 +610,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -638,7 +641,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -647,16 +650,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -665,10 +668,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -678,14 +681,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -698,7 +701,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -707,7 +710,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -730,7 +733,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -739,7 +742,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -754,19 +757,19 @@ it\[cq]s parent. + .IP + .nf + \f[C] +-tpm2_createprimary \-c primary.ctx ++tpm2_createprimary -c primary.ctx + \f[R] + .fi + .SS Create an Object + .PP + This will create an object using all the default values and store the +-TPM sealed private and public portions to the paths specified via \-u +-and \-r respectively. ++TPM sealed private and public portions to the paths specified via -u and ++-r respectively. + The tool defaults to an RSA key. + .IP + .nf + \f[C] +-tpm2_create \-C primary.ctx \-u obj.pub \-r obj.priv ++tpm2_create -C primary.ctx -u obj.pub -r obj.priv + \f[R] + .fi + .SS Seal Data to the TPM +@@ -777,7 +780,7 @@ specified data to be sealed to the TPM. + .nf + \f[C] + echo \[dq]my sealed data\[dq] > seal.dat +-tpm2_create \-C primary.ctx \-i seal.dat \-u obj.pub \-r obj.priv ++tpm2_create -C primary.ctx -i seal.dat -u obj.pub -r obj.priv + \f[R] + .fi + .SS Create an EC Key Object and Load it to the TPM +@@ -797,7 +800,7 @@ See that manpage for details on its usage. + .IP + .nf + \f[C] +-tpm2_create \-C primary.ctx \-G ecc \-u obj.pub \-r obj.priv \-c ecc.ctx ++tpm2_create -C primary.ctx -G ecc -u obj.pub -r obj.priv -c ecc.ctx + \f[R] + .fi + .SS Create an Object and get the public key as a PEM file +@@ -808,24 +811,36 @@ whatever supports PEM files. + .IP + .nf + \f[C] +-tpm2_create \-C primary.ctx \-u obj.pub \-r obj.priv \-f pem \-o obj.pem ++tpm2_create -C primary.ctx -u obj.pub -r obj.priv -f pem -o obj.pem ++\f[R] ++.fi ++.SS Create a restricted RSA signing key ++.PP ++For a restricted signing key the scheme and null for the symmetric ++algorithm must be specified. ++.IP ++.nf ++\f[C] ++tpm2_create -C primary.ctx -Grsa2048:rsapss:null \[rs] ++ -a \[dq]fixedtpm|fixedparen|sensitivedataorigin|userwithauth|restricted|sign\[dq] \[rs] ++ -r obj.priv -u obj.pub + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_createak.1 b/man/man1/tpm2_createak.1 +index 70aa3ab..c83812e 100644 +--- a/man/man1/tpm2_createak.1 ++++ b/man/man1/tpm2_createak.1 +@@ -1,94 +1,95 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_createak" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_createak" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_createak\f[R](1) \- Generate attestation key with given ++\f[B]tpm2_createak\f[R](1) - Generate attestation key with given + algorithm under the endorsement hierarchy. + .SH SYNOPSIS + .PP + \f[B]tpm2_createak\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_createak\f[R](1) \- Generate an attestation key (AK) with the ++\f[B]tpm2_createak\f[R](1) - Generate an attestation key (AK) with the + given algorithm under the endorsement hierarchy. +-The context of the attestation key is specified via \f[B]\-c\f[R]. ++The context of the attestation key is specified via \f[B]-c\f[R]. + .PP + The tool outputs to stdout a YAML representation of the loaded key\[cq]s + name, for example: + .IP + .nf + \f[C] +-loaded\-key: ++loaded-key: + name: 000bac149518baa05540a0678bd9b624f8a98d042e46c60f4d098ba394d36fc49268 + \f[R] + .fi + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-eh\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--eh-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for the endorsement hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-ak\-auth\f[R]=\f[I]AUTH\f[R] ++\f[B]-p\f[R], \f[B]--ak-auth\f[R]=\f[I]AUTH\f[R] + .RS 2 + .PP + The authorization value for the attestation key object created. + .RE + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-ek\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--ek-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The endorsement key object. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-ak\-context\f[R]=\f[I]FILE\f[R]: ++\f[B]-c\f[R], \f[B]--ak-context\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file path to save the object context of the attestation key. + .RE + .IP \[bu] 2 +-\f[B]\-G\f[R], \f[B]\-\-key\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-G\f[R], \f[B]--key-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 ++.PP + Specifies the attestation key algorithm. + Supports: + .IP \[bu] 2 +-\f[B]ecc\f[R] \- A NIST_P256 key by default. ++\f[B]ecc\f[R] - A NIST_P256 key by default. + Alternative curves can be selected using algorithm specifiers + (e.g.\ \f[B]ecc384\f[R] or \f[B]ecc_nist_p384\f[R]) . + .IP \[bu] 2 +-\f[B]rsa\f[R] \- An RSA2048 key. ++\f[B]rsa\f[R] - An RSA2048 key. + .IP \[bu] 2 +-\f[B]keyedhash\f[R] \- hmac key. ++\f[B]keyedhash\f[R] - hmac key. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + Specifies the digest algorithm used for signing. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-signing\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-s\f[R], \f[B]--signing-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The signing algorithm. + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file to save the public portion of the attestation key. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-ak\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--ak-name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file to save the attestation key name, optional. + .RE + .IP \[bu] 2 +-\f[B]\-r\f[R], \f[B]\-\-private\f[R]=\f[I]FILE\f[R]: ++\f[B]-r\f[R], \f[B]--private\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The output file which contains the sensitive portion of the object, +@@ -100,16 +101,16 @@ Objects that can move outside of TPM need to be protected + (confidentiality and integrity). + For instance, transient objects require that TPM protected data (key or + seal material) be stored outside of the TPM. +-This is seen in tools like tpm2_create(1), where the \f[B]\-r\f[R] +-option outputs this protected data. ++This is seen in tools like tpm2_create(1), where the \f[B]-r\f[R] option ++outputs this protected data. + This blob contains the sensitive portions of the object. + The sensitive portions of the object are protected by the parent object, + using the parent\[cq]s symmetric encryption details to encrypt the + sensitive data and HMAC it. + .PP +-In\-depth details can be found in sections 23 of: ++In-depth details can be found in sections 23 of: + .IP \[bu] 2 +-https://trustedcomputinggroup.org/wp\-content/uploads/TPM\-Rev\-2.0\-Part\-1\-Architecture\-01.38.pdf ++https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf + .PP + Notably Figure 20, is relevant, even though it\[cq]s specifically + referring to duplication blobs, the process is identical. +@@ -117,7 +118,7 @@ referring to duplication blobs, the process is identical. + If the output is from tpm2_duplicate(1), the output will be slightly + different, as described fully in section 23. + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]: + .RS 2 + .PP + Format selection for the public key output file. +@@ -131,7 +132,7 @@ TPM 2.0 specs. + Format selection for the signature output file. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-ak\-qualified\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-q\f[R], \f[B]--ak-qualified-name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The qualified name of the attestation key object. +@@ -143,7 +144,7 @@ Thus, the qualified name of an object serves to bind it to its parents. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -192,11 +193,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -208,7 +209,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -217,17 +218,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -270,17 +271,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -295,7 +295,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -304,7 +304,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -381,54 +381,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -442,7 +442,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -460,8 +460,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -478,10 +478,10 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH Signature Format Specifiers + .PP +@@ -496,14 +496,13 @@ signature \f[I]FORMAT\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -511,21 +510,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -536,7 +541,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -545,16 +550,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -563,10 +568,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -576,14 +581,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -596,7 +601,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -605,7 +610,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -628,7 +633,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -637,7 +642,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -649,26 +654,26 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createek \-c ek.handle \-G rsa \-u ek.pub +-tpm2_createak \-C ek.handle \-c ak.ctx \-u ak.pub \-n ak.name +-tpm2_evictcontrol \-C o \-c ak.ctx 0x81010002 ++tpm2_createek -c ek.handle -G rsa -u ek.pub ++tpm2_createak -C ek.handle -c ak.ctx -u ak.pub -n ak.name ++tpm2_evictcontrol -C o -c ak.ctx 0x81010002 + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_createek.1 b/man/man1/tpm2_createek.1 +index 003bd05..66f7981 100644 +--- a/man/man1/tpm2_createek.1 ++++ b/man/man1/tpm2_createek.1 +@@ -1,87 +1,87 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_createek" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_createek" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_createek\f[R](1) \- Generate TCG profile compliant endorsement ++\f[B]tpm2_createek\f[R](1) - Generate TCG profile compliant endorsement + key. + .SH SYNOPSIS + .PP + \f[B]tpm2_createek\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_createek\f[R](1) \- Generate TCG profile compliant endorsement ++\f[B]tpm2_createek\f[R](1) - Generate TCG profile compliant endorsement + key (EK), which is the primary object of the endorsement hierarchy. + .PP + If a transient object is generated the tool outputs a context file +-specified with \f[B]\-c\f[R]. ++specified with \f[B]-c\f[R]. + .PP + Refer to: + + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-eh\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--eh-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for the endorsement hierarchy + .RE + .IP \[bu] 2 +-\f[B]\-w\f[R], \f[B]\-\-owner\-auth\f[R]=\f[I]AUTH\f[R] ++\f[B]-w\f[R], \f[B]--owner-auth\f[R]=\f[I]AUTH\f[R] + .RS 2 + .PP + The authorization value for the owner hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-ek\-context\f[R]=\f[I]OBJECT\f[R] or +-\f[I]FILE\f[R]: ++\f[B]-c\f[R], \f[B]--ek-context\f[R]=\f[I]OBJECT\f[R] or \f[I]FILE\f[R]: + .RS 2 + .PP + Either a file path or a persistent handle value to save the endorsement + key. + .PP +-If a value of \f[B]\-\f[R] is passed the tool will find a vacant ++If a value of \f[B]-\f[R] is passed the tool will find a vacant + persistent handle to use and print out the automatically selected + handle. + .PP + If one saves the context file via this option and the public key via the +-\f[B]\-u\f[R] option, the EK can be restored via a call to ++\f[B]-u\f[R] option, the EK can be restored via a call to + \f[B]tpm2_loadexternal\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-G\f[R], \f[B]\-\-key\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-G\f[R], \f[B]--key-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 ++.PP + The endorsement key algorithm. + Supports: + .IP \[bu] 2 +-\f[B]ecc\f[R] \- A NIST_P256 key by default. ++\f[B]ecc\f[R] - A NIST_P256 key by default. + Alternative curves can be selected using algorithm specifiers + (e.g.\ \f[B]ecc384\f[R] or \f[B]ecc_nist_p384\f[R]) . + .IP \[bu] 2 +-\f[B]rsa\f[R] \- An RSA2048 key. ++\f[B]rsa\f[R] - An RSA2048 key. + .IP \[bu] 2 +-\f[B]keyedhash\f[R] \- hmac key. ++\f[B]keyedhash\f[R] - hmac key. + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The optional input for a file to save the public portion of endorsement + key. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-template\f[R]: ++\f[B]-t\f[R], \f[B]--template\f[R]: + .RS 2 + .PP + The optional manufacturer defined endorsement key template and nonce + from fixed NV Indices to populate the \f[B]TPM2B_PUBLIC\f[R] public + area. + See the TCG EK Credential Profile specification for more information: +-https://trustedcomputinggroup.org/wp\-content/uploads/ ++https://trustedcomputinggroup.org/wp-content/uploads/ + TCG_IWG_Credential_Profile_EK_V2.1_R13.pdf + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]: + .RS 2 + .PP + Format selection for the public key output file. +@@ -98,7 +98,7 @@ Public key format. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -147,11 +147,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -163,7 +163,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -172,17 +172,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -225,17 +225,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -250,7 +249,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -259,7 +258,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -336,54 +335,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -397,7 +396,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -415,8 +414,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -433,24 +432,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -458,21 +456,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -483,7 +487,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -492,16 +496,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -510,10 +514,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -523,14 +527,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -543,7 +547,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -552,7 +556,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -575,7 +579,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -584,7 +588,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -596,56 +600,64 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createek \-P abc123 \-w abc123 \-c 0x81010001 \-G rsa \-u ek.pub ++tpm2_createek -P abc123 -w abc123 -c 0x81010001 -G rsa -u ek.pub + \f[R] + .fi + .SS Create an ECC NIST_P384 Endorsement Key and make it persistent + .IP + .nf + \f[C] +-tpm2_createek \-G ecc384 \-c 0x81010002 ++tpm2_createek -G ecc384 -c 0x81010002 + \f[R] + .fi + .SS Create a transient Endorsement Key, flush it, and reload it. ++.PP ++Typically, when using the TPM, the interactions occur through a resource ++manager, like tpm2-abrmd(8). ++However, when interacting with the TPM directly, this scenario is ++possible. ++The below example assumes direct TPM access not brokered by a resource ++manager. ++Specifically we will use /dev/tpm0. + .IP + .nf + \f[C] +-tpm2_createek \-G rsa \-u ek.pub ++tpm2_createek -c ek.ctx -G rsa -u ek.pub -Tdevice:/dev/tpm0 + + # Check that it is loaded in transient memory +-tpm2_getcap handles\-transient +-\- 0x80000000 ++tpm2_getcap handles-transient -Tdevice:/dev/tpm0 ++- 0x80000000 + + # Flush the handle +-tpm2_flushcontext 0x80000000 ++tpm2_flushcontext 0x80000000 -Tdevice:/dev/tpm0 + + # Note that it is flushed +-tpm2_getcap handles\-transient ++tpm2_getcap handles-transient -Tdevice:/dev/tpm0 + + + # Reload it via loadexternal +-tpm2_loadexternal \-C o \-u ek.pub \-c ek.ctx ++tpm2_loadexternal -C o -u ek.pub -c ek.ctx -Tdevice:/dev/tpm0 + +-# Check that it is re\-loaded in transient memory +-tpm2_getcap handles\-transient +-\- 0x80000000 ++# Check that it is re-loaded in transient memory ++tpm2_getcap handles-transient -Tdevice:/dev/tpm0 ++- 0x80000000 + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_createpolicy.1 b/man/man1/tpm2_createpolicy.1 +index d416e23..a463dc9 100644 +--- a/man/man1/tpm2_createpolicy.1 ++++ b/man/man1/tpm2_createpolicy.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_createpolicy" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_createpolicy" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_createpolicy\f[R](1) \- Creates simple assertion authorization ++\f[B]tpm2_createpolicy\f[R](1) - Creates simple assertion authorization + policies based on multiple PCR indices values across multiple enabled + banks. + .SH SYNOPSIS +@@ -12,7 +12,7 @@ banks. + \f[B]tpm2_createpolicy\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_createpolicy\f[R](1) \- Creates simple assertion authorization ++\f[B]tpm2_createpolicy\f[R](1) - Creates simple assertion authorization + policies based on multiple PCR indices values across multiple enabled + banks. + It can then be used with object creation and or tools using the object. +@@ -20,31 +20,31 @@ It can then be used with object creation and or tools using the object. + .PP + These options control creating the policy authorization session: + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file to save the policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-\-policy\-pcr\f[R]: ++\f[B]--policy-pcr\f[R]: + .RS 2 + .PP + Identifies the PCR policy type for policy creation. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-policy\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--policy-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm used in computation of the policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-pcr\-list\f[R]=\f[I]PCR\f[R]: ++\f[B]-l\f[R], \f[B]--pcr-list\f[R]=\f[I]PCR\f[R]: + .RS 2 + .PP + The list of PCR banks and selected PCRs\[cq] ids for each bank. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-pcr\f[R]=\f[I]FILE\f[R]: ++\f[B]-f\f[R], \f[B]--pcr\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Optional Path or Name of the file containing expected PCR values for the +@@ -52,7 +52,7 @@ specified index. + Default is to read the current PCRs per the set list. + .RE + .IP \[bu] 2 +-\f[B]\-\-policy\-session\f[R]: ++\f[B]--policy-session\f[R]: + .RS 2 + .PP + Start a policy session of type \f[B]TPM_SE_POLICY\f[R]. +@@ -61,7 +61,7 @@ Defaults to \f[B]TPM_SE_TRIAL\f[R] if this option isn\[cq]t specified. + .SS References + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -70,7 +70,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -147,54 +147,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -208,7 +208,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -226,8 +226,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -244,24 +244,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -269,35 +268,40 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + bank/algorithm \f[I]PCR\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -305,21 +309,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -330,7 +340,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -339,16 +349,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -357,10 +367,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -370,14 +380,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -390,7 +400,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -399,7 +409,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -422,7 +432,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -431,7 +441,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -443,24 +453,24 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createpolicy \[rs]\-\-policy\-pcr \-l 0x4:0 \-L policy.file \-f pcr0.bin ++tpm2_createpolicy \[rs]--policy-pcr -l 0x4:0 -L policy.file -f pcr0.bin + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_createprimary.1 b/man/man1/tpm2_createprimary.1 +index dd8b63f..240c41a 100644 +--- a/man/man1/tpm2_createprimary.1 ++++ b/man/man1/tpm2_createprimary.1 +@@ -1,16 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_createprimary" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_createprimary" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_createprimary\f[R](1) \- Create a primary key. ++\f[B]tpm2_createprimary\f[R](1) - Create a primary key. + .SH SYNOPSIS + .PP + \f[B]tpm2_createprimary\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_createprimary\f[R](1) \- This command is used to create a ++\f[B]tpm2_createprimary\f[R](1) - This command is used to create a + primary object under one of the hierarchies: Owner, Platform, + Endorsement, NULL. + The command will create and load a Primary Object. +@@ -19,8 +19,9 @@ A context file for the created object\[cq]s handle is saved as a file + for future interactions with the created primary. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + The hierarchy under which the object is created. + This will also dictate which authorization secret (if any) must be + supplied. +@@ -38,48 +39,47 @@ Supported options are: + \f[B]\f[CB]\f[B]\f[R] where a raw number can be used. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-hierarchy\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--hierarchy-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-The authorization value for the hierarchy specified with \f[B]\-C\f[R]. ++The authorization value for the hierarchy specified with \f[B]-C\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-key\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--key-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for the primary object created. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm to use for generating the objects name. + Defaults to sha256 if not specified. + .RE + .IP \[bu] 2 +-\f[B]\-G\f[R], \f[B]\-\-key\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-G\f[R], \f[B]--key-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The algorithm type for the generated primary key. + Defaults to rsa2048:null:aes128cfb. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]FILE\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file path to save the object context of the generated primary + object. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R] or +-\f[I]HEX_STRING\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R] or \f[I]HEX_STRING\f[R]: + .RS 2 + .PP + An optional file input or hex string that contains the policy digest for + policy based authorization of the object. + .RE + .IP \[bu] 2 +-\f[B]\-a\f[R], \f[B]\-\-attributes\f[R]=\f[I]ATTRIBUTES\f[R]: ++\f[B]-a\f[R], \f[B]--attributes\f[R]=\f[I]ATTRIBUTES\f[R]: + .RS 2 + .PP + The object attributes, optional. +@@ -87,12 +87,11 @@ Defaults to: + \f[C]TPMA_OBJECT_RESTRICTED|TPMA_OBJECT_DECRYPT|TPMA_OBJECT_FIXEDTPM| TPMA_OBJECT_FIXEDPARENT|TPMA_OBJECT_SENSITIVEDATAORIGIN| TPMA_OBJECT_USERWITHAUTH\f[R] + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-unique\-data\f[R]=\f[I]FILE\f[R] OR +-\f[I]STDIN\f[R]: ++\f[B]-u\f[R], \f[B]--unique-data\f[R]=\f[I]FILE\f[R] OR \f[I]STDIN\f[R]: + .RS 2 + .PP + An optional file input that contains the unique field of +-\f[B]TPMT_PUBLIC\f[R] in little\-endian format. ++\f[B]TPMT_PUBLIC\f[R] in little-endian format. + Primary key creator may place information that causes the primary key + generation scheme internal to the TPM to generate statistically unique + values. +@@ -105,9 +104,10 @@ If the data is specified as a file, the user is responsible for ensuring + that this buffer is formatted per TPMU_PUBLIC_ID union. + .PP + The unique data can also be retrieved from stdin buffer by specifying +-\f[B]\[lq]\-\[rq]\f[R] as the \f[B]\[en]unique\-data\f[R] option value +-and the tool will parse the key type and associate the input data with +-the unique data buffer associated with the key type. ++\f[B]\[lq]-\[rq]\f[R] as the \f[B]\[en]unique-data\f[R] option value and ++the tool will parse the key type and associate the input data with the ++unique data buffer associated with the key type. ++.PP + NOTE: + .IP "1." 3 + The maximum allowed bytes is dependent on key type and the TPM +@@ -120,33 +120,33 @@ The unique input data specified on stdin for ECC is split for specifying + the X coordinate and Y coordinate buffers. + .RE + .IP \[bu] 2 +-\f[B]\-\-creation\-data\f[R]=\f[I]FILE\f[R]: ++\f[B]--creation-data\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + An optional file output that saves the creation data for certification. + .RE + .IP \[bu] 2 +-\f[B]\-\-template\-data\f[R]=\f[I]FILE\f[R]: ++\f[B]--template-data\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + An optional file output that saves the key template data (TPM2B_PUBLIC) + to be used in \f[B]tpm2_policytemplate\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-creation\-ticket\f[R]=\f[I]FILE\f[R]: ++\f[B]-t\f[R], \f[B]--creation-ticket\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + An optional file output that saves the creation ticket for + certification. + .RE + .IP \[bu] 2 +-\f[B]\-d\f[R], \f[B]\-\-creation\-hash\f[R]=\f[I]FILE\f[R]: ++\f[B]-d\f[R], \f[B]--creation-hash\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + An optional file output that saves the creation hash for certification. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-outside\-info\f[R]=\f[I]FILE_OR_HEX\f[R]: ++\f[B]-q\f[R], \f[B]--outside-info\f[R]=\f[I]FILE_OR_HEX\f[R]: + .RS 2 + .PP + An optional file or hex string to add unique data to the creation data. +@@ -154,14 +154,14 @@ Note that it does not contribute in creating statistically unique + object. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-pcr\-list\f[R]=\f[I]PCR\f[R]: ++\f[B]-l\f[R], \f[B]--pcr-list\f[R]=\f[I]PCR\f[R]: + .RS 2 + .PP + The list of PCR banks and selected PCRs\[cq] ids for each bank to be + included in the creation data for certification. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -170,7 +170,7 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]: + .RS 2 + .PP + Format selection for the public key output file. +@@ -184,7 +184,7 @@ TPM 2.0 specs. + Public key format. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The output file path, recording the public portion of the object. +@@ -193,7 +193,7 @@ The output file path, recording the public portion of the object. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -242,11 +242,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -258,7 +258,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -267,17 +267,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -320,17 +320,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -345,7 +344,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -354,7 +353,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -431,54 +430,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -492,7 +491,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -510,8 +509,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -528,17 +527,17 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH Object Attributes + .PP + Object Attributes are used to control various properties of created + objects. + When specified as an option, either the raw bitfield mask or +-\[lq]nice\-names\[rq] may be used. ++\[lq]nice-names\[rq] may be used. + The values can be found in Table 31 Part 2 of the TPM2.0 specification, + which can be found here: + .PP +@@ -560,14 +559,13 @@ argument would be: + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -575,21 +573,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -600,7 +604,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -609,16 +613,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -627,10 +631,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -640,14 +644,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -660,7 +664,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -669,7 +673,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -692,7 +696,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -701,7 +705,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -713,42 +717,42 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-g sha256 \-G ecc \-c context.out ++tpm2_createprimary -C o -g sha256 -G ecc -c context.out + \f[R] + .fi + .SS Create a primary object that follows the guidance of TCG Provisioning guide + .PP + See : +-https://trustedcomputinggroup.org/wp\-content/uploads/TCG\-TPM\-v2.0\-Provisioning\-Guidance\-Published\-v1r1.pdf ++https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf + .PP +-Where unique.dat contains the binary\-formatted data: 0x00 0x01 (0x00 * ++Where unique.dat contains the binary-formatted data: 0x00 0x01 (0x00 * + 256) + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-G rsa2048:aes128cfb \-g sha256 \-c prim.ctx \[rs] +-\-a \[aq]restricted|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|\[rs] +-noda\[aq] \-u unique.dat ++tpm2_createprimary -C o -G rsa2048:aes128cfb -g sha256 -c prim.ctx \[rs] ++-a \[aq]restricted|decrypt|fixedtpm|fixedparent|sensitivedataorigin|userwithauth|\[rs] ++noda\[aq] -u unique.dat + + ## Create a primary object and output the public key in pem format +-tpm2_createprimary \-c primary.ctx \-\-format=pem \-\-output=public.pem ++tpm2_createprimary -c primary.ctx --format=pem --output=public.pem + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_dictionarylockout.1 b/man/man1/tpm2_dictionarylockout.1 +index fab714f..538b01c 100644 +--- a/man/man1/tpm2_dictionarylockout.1 ++++ b/man/man1/tpm2_dictionarylockout.1 +@@ -1,36 +1,36 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_dictionarylockout" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_dictionarylockout" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_dictionarylockout\f[R](1) \- Setup or clear +-dictionary\-attack\-lockout parameters. ++\f[B]tpm2_dictionarylockout\f[R](1) - Setup or clear ++dictionary-attack-lockout parameters. + .SH SYNOPSIS + .PP + \f[B]tpm2_dictionarylockout\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_dictionarylockout\f[R](1) \- Setup dictionary\-attack\-lockout +-parameters or clear dictionary\-attack\-lockout state. ++\f[B]tpm2_dictionarylockout\f[R](1) - Setup dictionary-attack-lockout ++parameters or clear dictionary-attack-lockout state. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-setup\-parameters\f[R]: ++\f[B]-s\f[R], \f[B]--setup-parameters\f[R]: + .RS 2 + .PP +-Specifies the tool should operate to setup dictionary\-attack\-lockout ++Specifies the tool should operate to setup dictionary-attack-lockout + parameters. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-clear\-lockout\f[R]: ++\f[B]-c\f[R], \f[B]--clear-lockout\f[R]: + .RS 2 + .PP +-Specifies the tool should operate to clear dictionary\-attack\-lockout ++Specifies the tool should operate to clear dictionary-attack-lockout + state. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], +-\f[B]\-\-lockout\-recovery\-time\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]-l\f[R], ++\f[B]--lockout-recovery-time\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP + Specifies the wait time in seconds before another +@@ -38,28 +38,28 @@ Specifies the wait time in seconds before another + failed authentication. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-recovery\-time\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]-t\f[R], \f[B]--recovery-time\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP +-Specifies the wait time in seconds before another DA\-protected\-object +-authentication attempt can be made after max\-tries number of failed ++Specifies the wait time in seconds before another DA-protected-object ++authentication attempt can be made after max-tries number of failed + authentications. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-max\-tries\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]-n\f[R], \f[B]--max-tries\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP + Specifies the maximum number of allowed authentication attempts on +-DA\-protected\-object; after which DA is activated. ++DA-protected-object; after which DA is activated. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for the lockout handle. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -98,11 +98,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -114,7 +114,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -123,17 +123,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -176,17 +176,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -204,14 +203,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -219,21 +217,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -244,7 +248,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -253,16 +257,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -271,10 +275,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -284,14 +288,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -304,7 +308,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -313,7 +317,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -336,7 +340,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -345,7 +349,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -356,26 +360,26 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_dictionarylockout \-c \-p passwd ++tpm2_dictionarylockout -c -p passwd + +-tpm2_dictionarylockout \-s \-n 5 \-t 6 \-l 7 \-p passwd ++tpm2_dictionarylockout -s -n 5 -t 6 -l 7 -p passwd + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_duplicate.1 b/man/man1/tpm2_duplicate.1 +index a372a33..1caac56 100644 +--- a/man/man1/tpm2_duplicate.1 ++++ b/man/man1/tpm2_duplicate.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_duplicate" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_duplicate" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-tpm2_duplicate(1) \- Duplicates a loaded object so that it may be used +-in a different hierarchy. ++tpm2_duplicate(1) - Duplicates a loaded object so that it may be used in ++a different hierarchy. + .SH SYNOPSIS + .PP + \f[B]tpm2_duplicate\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_duplicate\f[R](1) \- This tool duplicates a loaded object so ++\f[B]tpm2_duplicate\f[R](1) - This tool duplicates a loaded object so + that it may be used in a different hierarchy. + The new parent key for the duplicate may be on the same or different TPM + or TPM_RH_NULL. +@@ -19,17 +19,26 @@ or TPM_RH_NULL. + .PP + These options control the key importation process: + .IP \[bu] 2 +-\f[B]\-G\f[R], \f[B]\-\-wrapper\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-G\f[R], \f[B]--wrapper-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 +-The symmetric algorithm to be used for the inner wrapper. ++.PP ++The symmetric algorithm to be used for the inner wrapper if -U is not ++used. + Supports: + .IP \[bu] 2 +-aes \- AES 128 in CFB mode. ++aes - AES 128 in CFB mode. ++.IP \[bu] 2 ++null - none The key algorithm associated with the public parent if -U is ++used. ++.RE + .IP \[bu] 2 +-null \- none ++\f[B]-G\f[R], \f[B]--key-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++.RS 2 ++.PP ++The key algorithm associated with the public parent if -U is used. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-encryptionkey\-in\f[R]=\f[I]FILE\f[R]: ++\f[B]-i\f[R], \f[B]--encryptionkey-in\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the filename of the symmetric key (128 bit data) to be used +@@ -37,31 +46,33 @@ for the inner wrapper. + Valid only when specified symmetric algorithm is not null + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-encryptionkey\-out\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--encryptionkey-out\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the filename to store the symmetric key (128 bit data) that + was used for the inner wrapper. + Valid only when specified symmetric algorithm is not null and +-\-\-input\-key\-file is not specified. ++--input-key-file is not specified. + The TPM generates the key in this case. + .RE + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-parent\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--parent-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The parent key object. + .RE + .IP \[bu] 2 +-\f[B]\-U\f[R], \f[B]\-\-parent\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-U\f[R], \f[B]--parent-public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the file path to the public key of the parent object on the + destination TPM. + This should be a \f[C]TPM2B_PUBLIC\f[R] formatted file. ++This public key is used for the wrapping of a PEM or DER key which will ++be exported for a remote TPM. + .RE + .IP \[bu] 2 +-\f[B]\-k\f[R], \f[B]\-\-private\-key\f[R]=\f[I]FILE\f[R]: ++\f[B]-k\f[R], \f[B]--private-key\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the file path to the external private key be encrypted for the +@@ -69,7 +80,7 @@ remote TPM. + This should be a PEM format private key. + .RE + .IP \[bu] 2 +-\f[B]\-r\f[R], \f[B]\-\-private\f[R]=\f[I]FILE\f[R]: ++\f[B]-r\f[R], \f[B]--private\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the file path to save the private portion of the duplicated +@@ -81,16 +92,16 @@ Objects that can move outside of TPM need to be protected + (confidentiality and integrity). + For instance, transient objects require that TPM protected data (key or + seal material) be stored outside of the TPM. +-This is seen in tools like tpm2_create(1), where the \f[B]\-r\f[R] +-option outputs this protected data. ++This is seen in tools like tpm2_create(1), where the \f[B]-r\f[R] option ++outputs this protected data. + This blob contains the sensitive portions of the object. + The sensitive portions of the object are protected by the parent object, + using the parent\[cq]s symmetric encryption details to encrypt the + sensitive data and HMAC it. + .PP +-In\-depth details can be found in sections 23 of: ++In-depth details can be found in sections 23 of: + .IP \[bu] 2 +-https://trustedcomputinggroup.org/wp\-content/uploads/TPM\-Rev\-2.0\-Part\-1\-Architecture\-01.38.pdf ++https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf + .PP + Notably Figure 20, is relevant, even though it\[cq]s specifically + referring to duplication blobs, the process is identical. +@@ -98,38 +109,50 @@ referring to duplication blobs, the process is identical. + If the output is from tpm2_duplicate(1), the output will be slightly + different, as described fully in section 23. + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the file path to save the public portion of the duplicated + object, if an external key is being duplicated. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-encrypted\-seed\f[R]=\f[I]FILE\f[R]: ++\f[B]-s\f[R], \f[B]--encrypted-seed\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file to save the encrypted seed of the duplicated object. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for the key, optional. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The input policy file, optional. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The object to be duplicated. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]-a\f[R], \f[B]--attributes\f[R]=\f[I]ATTRIBUTES\f[R]: ++.RS 2 ++.PP ++The object attributes, optional. ++The default for created objects is: ++.PP ++\f[C]TPMA_OBJECT_SIGN_ENCRYPT|TPMA_OBJECT_DECRYPT|TPMA_OBJECT_USERWITHAUTH\f[R] ++.PP ++Note: If a policy is specified without an auth value then ++\f[C]TPMA_OBJECT_USERWITHAUTH\f[R] is turned down. ++.RE ++.IP \[bu] 2 ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -141,7 +164,7 @@ the command, it simply returns a cpHash. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -190,11 +213,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -206,7 +229,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -215,17 +238,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -268,17 +291,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -293,7 +315,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -302,7 +324,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -379,54 +401,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -440,7 +462,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -458,8 +480,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -476,24 +498,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -501,21 +522,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -526,7 +553,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -535,16 +562,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -553,10 +580,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -566,14 +593,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -586,7 +613,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -595,7 +622,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -618,7 +645,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -627,7 +654,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -635,54 +662,54 @@ Specify the default (abrmd) tcti and a config string of + the various known TCTI modules. + .RE + .SH EXAMPLES +-.SS Example\-1: Duplicate a key created with a policy that allows for duplication: ++.SS Example-1: Duplicate a key created with a policy that allows for duplication: + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.dat +-tpm2_policycommandcode \-S session.dat \-L policy.dat TPM2_CC_Duplicate ++tpm2_startauthsession -S session.dat ++tpm2_policycommandcode -S session.dat -L policy.dat TPM2_CC_Duplicate + tpm2_flushcontext session.dat + +-tpm2_createprimary \-C o \-g sha256 \-G rsa \-c primary.ctxt +-tpm2_create \-C primary.ctxt \-g sha256 \-G rsa \-r key.prv \-u key.pub \-c key.ctxt \[rs] +-\-L policy.dat \-a \[dq]sensitivedataorigin|userwithauth|decrypt|sign\[dq] ++tpm2_createprimary -C o -g sha256 -G rsa -c primary.ctxt ++tpm2_create -C primary.ctxt -g sha256 -G rsa -r key.prv -u key.pub -c key.ctxt \[rs] ++-L policy.dat -a \[dq]sensitivedataorigin|userwithauth|decrypt|sign\[dq] + +-tpm2_createprimary \-C o \-g sha256 \-G ecc \-c new_parent.ctxt ++tpm2_createprimary -C o -g sha256 -G ecc -c new_parent.ctxt + +-tpm2_startauthsession \[rs]\-\-policy\-session \-S session.dat +-tpm2_policycommandcode \-S session.dat \-L policy.dat TPM2_CC_Duplicate +-tpm2_duplicate \-C new_parent.ctxt \-c key.ctxt \-G null \-p \[dq]session:session.dat\[dq] \[rs] +-\-r duprv.bin \-s seed.dat ++tpm2_startauthsession \[rs]--policy-session -S session.dat ++tpm2_policycommandcode -S session.dat -L policy.dat TPM2_CC_Duplicate ++tpm2_duplicate -C new_parent.ctxt -c key.ctxt -G null -p \[dq]session:session.dat\[dq] \[rs] ++-r duprv.bin -s seed.dat + tpm2_flushcontext session.dat + \f[R] + .fi +-.SS Example\-2: As an end\-to\-end example, the following will transfer an RSA key generated on \f[C]TPM\-A\f[R] to \f[C]TPM\-B\f[R] +-.SS On TPM\-B ++.SS Example-2: As an end-to-end example, the following will transfer an RSA key generated on \f[C]TPM-A\f[R] to \f[C]TPM-B\f[R] ++.SS On TPM-B + .PP + Create a parent object that will be used to wrap/transfer the key. + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-g sha256 \-G rsa \-c primary.ctx ++tpm2_createprimary -C o -g sha256 -G rsa -c primary.ctx + +-tpm2_create \-C primary.ctx \-g sha256 \-G rsa \[rs] +-\-r new_parent.prv \-u new_parent.pub \[rs] +-\-a \[dq]restricted|sensitivedataorigin|decrypt|userwithauth\[dq] ++tpm2_create -C primary.ctx -g sha256 -G rsa \[rs] ++-r new_parent.prv -u new_parent.pub \[rs] ++-a \[dq]restricted|sensitivedataorigin|decrypt|userwithauth\[dq] + \f[R] + .fi + .PP +-Copy \f[C]new_parent.pub\f[R] to \f[C]TPM\-A\f[R]. +-.SS On TPM\-A ++Copy \f[C]new_parent.pub\f[R] to \f[C]TPM-A\f[R]. ++.SS On TPM-A + .PP + Create root object and auth policy allows duplication only + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-g sha256 \-G rsa \-c primary.ctx ++tpm2_createprimary -C o -g sha256 -G rsa -c primary.ctx + +-tpm2_startauthsession \-S session.dat ++tpm2_startauthsession -S session.dat + +-tpm2_policycommandcode \-S session.dat \-L dpolicy.dat TPM2_CC_Duplicate ++tpm2_policycommandcode -S session.dat -L dpolicy.dat TPM2_CC_Duplicate + + tpm2_flushcontext session.dat + +@@ -690,17 +717,17 @@ rm session.dat + \f[R] + .fi + .PP +-Generate an RSA keypair on TPM\-A that will be duplicated (note the ++Generate an RSA keypair on TPM-A that will be duplicated (note the + passphrase is `foo') + .IP + .nf + \f[C] +-tpm2_create \-C primary.ctx \-g sha256 \-G rsa \-p foo \-r key.prv \[rs] +-\-u key.pub \-L dpolicy.dat \-a \[dq]sensitivedataorigin|userwithauth|decrypt|sign\[dq] ++tpm2_create -C primary.ctx -g sha256 -G rsa -p foo -r key.prv \[rs] ++-u key.pub -L dpolicy.dat -a \[dq]sensitivedataorigin|userwithauth|decrypt|sign\[dq] + +-tpm2_load \-C primary.ctx \-r key.prv \-u key.pub \-c key.ctx ++tpm2_load -C primary.ctx -r key.prv -u key.pub -c key.ctx + +-tpm2_readpublic \-c key.ctx \-o dup.pub ++tpm2_readpublic -c key.ctx -o dup.pub + \f[R] + .fi + .PP +@@ -710,13 +737,13 @@ key was transferred). + .nf + \f[C] + echo \[dq]meet me at..\[dq] >file.txt +-tpm2_rsaencrypt \-c key.ctx \-o data.encrypted file.txt +-tpm2_sign \-c key.ctx \-g sha256 \-f plain \-p foo \-o sign.raw file.txt ++tpm2_rsaencrypt -c key.ctx -o data.encrypted file.txt ++tpm2_sign -c key.ctx -g sha256 -f plain -p foo -o sign.raw file.txt + \f[R] + .fi + .PP + Compare the signature hash (we will use this later to confirm the key +-was transferred to TPM\-B): ++was transferred to TPM-B): + .IP + .nf + \f[C] +@@ -730,17 +757,17 @@ Start an auth session and policy command to allow duplication + .IP + .nf + \f[C] +-tpm2_startauthsession \-\-policy\-session \-S session.dat ++tpm2_startauthsession --policy-session -S session.dat + +-tpm2_policycommandcode \-S session.dat \-L dpolicy.dat TPM2_CC_Duplicate ++tpm2_policycommandcode -S session.dat -L dpolicy.dat TPM2_CC_Duplicate + \f[R] + .fi + .PP +-Load the new_parent.pub file transferred from \f[C]TPM\-B\f[R] ++Load the new_parent.pub file transferred from \f[C]TPM-B\f[R] + .IP + .nf + \f[C] +-tpm2_loadexternal \-C o \-u new_parent.pub \-c new_parent.ctx ++tpm2_loadexternal -C o -u new_parent.pub -c new_parent.ctx + \f[R] + .fi + .PP +@@ -748,22 +775,22 @@ Start the duplication + .IP + .nf + \f[C] +-tpm2_duplicate \-C new_parent.ctx \-c key.ctx \-G null \[rs] +-\-p \[dq]session:session.dat\[dq] \-r dup.dpriv \-s dup.seed ++tpm2_duplicate -C new_parent.ctx -c key.ctx -G null \[rs] ++-p \[dq]session:session.dat\[dq] -r dup.dpriv -s dup.seed + \f[R] + .fi + .PP +-Copy the following files to TPM\-B: * dup.pub * dup.dpriv * dup.seed * ++Copy the following files to TPM-B: * dup.pub * dup.dpriv * dup.seed * + (optionally data.encrypted just to test decryption) +-.SS On TPM\-B ++.SS On TPM-B + .PP + Start an auth,policy session + .IP + .nf + \f[C] +-tpm2_startauthsession \-\-policy\-session \-S session.dat ++tpm2_startauthsession --policy-session -S session.dat + +-tpm2_policycommandcode \-S session.dat \-L dpolicy.dat TPM2_CC_Duplicate ++tpm2_policycommandcode -S session.dat -L dpolicy.dat TPM2_CC_Duplicate + \f[R] + .fi + .PP +@@ -771,9 +798,9 @@ Load the context we used to transfer + .IP + .nf + \f[C] +-tpm2_flushcontext \-\-transient\-object ++tpm2_flushcontext --transient-object + +-tpm2_load \-C primary.ctx \-u new_parent.pub \-r new_parent.prv \-c new_parent.ctx ++tpm2_load -C primary.ctx -u new_parent.pub -r new_parent.prv -c new_parent.ctx + \f[R] + .fi + .PP +@@ -781,8 +808,8 @@ Import the duplicated context against the parent we used + .IP + .nf + \f[C] +-tpm2_import \-C new_parent.ctx \-u dup.pub \-i dup.dpriv \[rs] +-\-r dup.prv \-s dup.seed \-L dpolicy.dat ++tpm2_import -C new_parent.ctx -u dup.pub -i dup.dpriv \[rs] ++-r dup.prv -s dup.seed -L dpolicy.dat + \f[R] + .fi + .PP +@@ -790,9 +817,9 @@ Load the duplicated key context + .IP + .nf + \f[C] +-tpm2_flushcontext \-\-transient\-object ++tpm2_flushcontext --transient-object + +-tpm2_load \-C new_parent.ctx \-u dup.pub \-r dup.prv \-c dup.ctx ++tpm2_load -C new_parent.ctx -u dup.pub -r dup.prv -c dup.ctx + \f[R] + .fi + .PP +@@ -804,7 +831,7 @@ Sign + \f[C] + echo \[dq]meet me at..\[dq] >file.txt + +-tpm2_sign \-c dup.ctx \-g sha256 \-o sig.rss \-p foo file.txt ++tpm2_sign -c dup.ctx -g sha256 -o sig.rss -p foo file.txt + + dd if=sig.rss of=sign.raw bs=1 skip=6 count=256 + \f[R] +@@ -824,27 +851,27 @@ Decryption + .IP + .nf + \f[C] +-tpm2_flushcontext \-\-transient\-object ++tpm2_flushcontext --transient-object + +-tpm2_rsadecrypt \-p foo \-c dup.ctx \-o data.ptext data.encrypted ++tpm2_rsadecrypt -p foo -c dup.ctx -o data.ptext data.encrypted + + # cat data.ptext + meet me at.. + \f[R] + .fi +-.SS Example\-3: Exporting an OpenSSL RSA key for a remote TPM ++.SS Example-3: Exporting an OpenSSL RSA key for a remote TPM + .PP + To securely send an OpenSSL generated RSA key to a remote TPM such that + only that remote TPM will be able to load it, and without exposing the + private key to the host operating system on the remote machine: + .IP \[bu] 2 +-On the destination TPM\-B, create a primary context and read its public ++On the destination TPM-B, create a primary context and read its public + key, then send \f[C]primary.pub\f[R] to the source machine: + .IP + .nf + \f[C] +-tpm2_createprimary \-c primary.ctx +-tpm2_readpublic \-c primary.ctx \-o primary.pub ++tpm2_createprimary -c primary.ctx ++tpm2_readpublic -c primary.ctx -o primary.pub + \f[R] + .fi + .IP \[bu] 2 +@@ -855,37 +882,37 @@ TPM. + .IP + .nf + \f[C] +-openssl genrsa \-out rsa.pem +-tpm2_duplicate \-U primary.pub \-G rsa \-k rsa.pem \-u rsa.pub \-r rsa.dpriv \-s rsa.seed ++openssl genrsa -out rsa.pem ++tpm2_duplicate -U primary.pub -G rsa -k rsa.pem -u rsa.pub -r rsa.dpriv -s rsa.seed + \f[R] + .fi + .IP \[bu] 2 + Send the \f[C]rsa.pub\f[R], \f[C]rsa.dpriv\f[R] and \f[C]rsa.seed\f[R] +-to the destination TPM\-B and import the files, which will decrypt them ++to the destination TPM-B and import the files, which will decrypt them + using the \f[C]primary.ctx\f[R] to produce \f[C]rsa.priv\f[R], which can + then be loaded and used as a TPM key: + .IP + .nf + \f[C] +-tpm2_import \-C primary.ctx \-G rsa \-i rsa.dpriv \-s rsa.seed \-u rsa.pub \-r rsa.priv +-tpm2_load \-C primary.ctx \-c rsa.ctx \-u rsa.pub \-r rsa.priv ++tpm2_import -C primary.ctx -G rsa -i rsa.dpriv -s rsa.seed -u rsa.pub -r rsa.priv ++tpm2_load -C primary.ctx -c rsa.ctx -u rsa.pub -r rsa.priv + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_ecdhkeygen.1 b/man/man1/tpm2_ecdhkeygen.1 +index 0e3753b..8231b66 100644 +--- a/man/man1/tpm2_ecdhkeygen.1 ++++ b/man/man1/tpm2_ecdhkeygen.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_ecdhkeygen" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_ecdhkeygen" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_ecdhkeygen\f[R](1) \- Creates an ephemeral key and uses it to ++\f[B]tpm2_ecdhkeygen\f[R](1) - Creates an ephemeral key and uses it to + generate the shared secret value using the parameters from a ECC public + key. + .SH SYNOPSIS +@@ -12,12 +12,12 @@ key. + \f[B]tpm2_ecdhkeygen\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_ecdhkeygen\f[R](1) \- Creates an ephemeral key and uses it to ++\f[B]tpm2_ecdhkeygen\f[R](1) - Creates an ephemeral key and uses it to + generate the shared secret value using the parameters from a ECC public + key. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-context\f[R]=\f[I]FILE\f[R]: ++\f[B]-c\f[R], \f[B]--context\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Context object pointing to ECC public key. +@@ -25,19 +25,19 @@ Either a file or a handle number. + See section \[lq]Context Object Format\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Output ECC point Q. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R] ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + Specify file path to save the calculated ecdh secret or Z point. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -48,7 +48,7 @@ the command, it simply returns a cpHash. + .SS References + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -57,7 +57,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -134,54 +134,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -195,7 +195,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -213,8 +213,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -231,24 +231,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -256,21 +255,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -281,7 +286,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -290,16 +295,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -308,10 +313,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -321,14 +326,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -341,7 +346,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -350,7 +355,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -373,7 +378,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -382,7 +387,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -393,28 +398,28 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-c prim.ctx \-Q ++tpm2_createprimary -C o -c prim.ctx -Q + +-tpm2_create \-C prim.ctx \-c key.ctx \-u key.pub \-r key.priv \-G ecc256:ecdaa ++tpm2_create -C prim.ctx -c key.ctx -u key.pub -r key.priv -G ecc256:ecdaa + +-tpm2_ecdhkeygen \-u ecdh.pub \-o ecdh.priv \-c key.ctx ++tpm2_ecdhkeygen -u ecdh.pub -o ecdh.priv -c key.ctx + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_ecdhzgen.1 b/man/man1/tpm2_ecdhzgen.1 +index 75bd8b8..e4f0c65 100644 +--- a/man/man1/tpm2_ecdhzgen.1 ++++ b/man/man1/tpm2_ecdhzgen.1 +@@ -1,24 +1,24 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_ecdhzgen" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_ecdhzgen" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_ecdhzgen\f[R](1) \- Recovers the shared secret value (Z) from +-a public point and a specified private key. ++\f[B]tpm2_ecdhzgen\f[R](1) - Recovers the shared secret value (Z) from a ++public point and a specified private key. + .SH SYNOPSIS + .PP + \f[B]tpm2_ecdhzgen\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_ecdhzgen\f[R](1) \- Recovers the shared secret value (Z) from +-a public point and a specified private key. ++\f[B]tpm2_ecdhzgen\f[R](1) - Recovers the shared secret value (Z) from a ++public point and a specified private key. + It will perform the multiplication of the provided inPoint (QB) with the + private key (ds) and return the coordinates of the resultant point (Z = + (xZ , yZ) \[u2254] [hds]QB; where h is the cofactor of the curve). + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]FILE\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Context object pointing to ECC key. +@@ -26,25 +26,31 @@ Either a file or a handle number. + See section \[lq]Context Object Format\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-key\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--key-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for the ECC key object. + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-Output ECC point Q. ++Input ECC point Q. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R] ++\f[B]-k\f[R], \f[B]--public-key\f[R]=\f[I]FILE\f[R]: ++.RS 2 ++.PP ++Input ECC public key with point Q. ++.RE ++.IP \[bu] 2 ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + Specify file path to save the calculated ecdh secret or Z point. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -55,7 +61,7 @@ the command, it simply returns a cpHash. + .SS References + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -64,7 +70,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -141,54 +147,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -202,7 +208,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -220,8 +226,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -238,24 +244,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -263,21 +268,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -288,7 +299,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -297,16 +308,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -315,10 +326,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -328,14 +339,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -348,7 +359,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -357,7 +368,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -380,7 +391,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -389,7 +400,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -400,30 +411,30 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-c prim.ctx \-Q ++tpm2_createprimary -C o -c prim.ctx -Q + +-tpm2_create \-C prim.ctx \-c key.ctx \-u key.pub \-r key.priv \-G ecc256:ecdh ++tpm2_create -C prim.ctx -c key.ctx -u key.pub -r key.priv -G ecc256:ecdh + +-tpm2_ecdhkeygen \-u ecdh.pub \-o ecdh.priv \-c key.ctx ++tpm2_ecdhkeygen -u ecdh.pub -o ecdh.priv -c key.ctx + +-tpm2_ecdhzgen \-u ecdh.pub \-o ecdh.dat \-c key.ctx ++tpm2_ecdhzgen -u ecdh.pub -o ecdh.dat -c key.ctx + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_ecephemeral.1 b/man/man1/tpm2_ecephemeral.1 +index ea8caaf..60dc551 100644 +--- a/man/man1/tpm2_ecephemeral.1 ++++ b/man/man1/tpm2_ecephemeral.1 +@@ -1,18 +1,18 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_ecephemeral" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_ecephemeral" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_ecephemeral\f[R](1) \- Creates an ephemeral key for use in a +-two\-phase key exchange protocol. ++\f[B]tpm2_ecephemeral\f[R](1) - Creates an ephemeral key for use in a ++two-phase key exchange protocol. + .SH SYNOPSIS + .PP + \f[B]tpm2_ecephemeral\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_ecephemeral\f[R](1) \- Creates an ephemeral key for use in a +-two\-phase key exchange protocol. ++\f[B]tpm2_ecephemeral\f[R](1) - Creates an ephemeral key for use in a ++two-phase key exchange protocol. + .SH OPTIONS + .IP \[bu] 2 + \f[B]ARGUMENT\f[R]=\f[I]ALGORITHM\f[R]: +@@ -22,21 +22,20 @@ Specify the ECC curve. + Example ecc521. + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R] ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + Specify the file path to save the ephemeral public point Q \[u2254] + [r]G. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-counter\f[R]=\f[I]FILE\f[R] ++\f[B]-t\f[R], \f[B]--counter\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP +-Specify file path to save the least\-significant 16 bits of commit +-count. ++Specify file path to save the least-significant 16 bits of commit count. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -47,7 +46,7 @@ the command, it simply returns a cpHash. + .SS References + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -56,7 +55,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -133,54 +132,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -194,7 +193,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -212,8 +211,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -230,24 +229,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -255,21 +253,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -280,7 +284,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -289,16 +293,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -307,10 +311,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -320,14 +324,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -340,7 +344,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -349,7 +353,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -372,7 +376,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -381,7 +385,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -392,24 +396,24 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_ecephemeral \-u ecc.q \-t ecc.ctr ecc256 ++tpm2_ecephemeral -u ecc.q -t ecc.ctr ecc256 + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_encodeobject.1 b/man/man1/tpm2_encodeobject.1 +index 21b9123..9d6704b 100644 +--- a/man/man1/tpm2_encodeobject.1 ++++ b/man/man1/tpm2_encodeobject.1 +@@ -1,60 +1,60 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_encodeobject" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_encodeobject" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_encodeobject\f[R](1) \- Encode an object into a combined PEM ++\f[B]tpm2_encodeobject\f[R](1) - Encode an object into a combined PEM + format. + .SH SYNOPSIS + .PP + \f[B]tpm2_encodeobject\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_encodeobject\f[R](1) \- Encode both the private and public ++\f[B]tpm2_encodeobject\f[R](1) - Encode both the private and public + portions of an object into a combined PEM format used by +-tpm2\-tss\-engine. ++tpm2-tss-engine. + .PP + The tool reads private and public portions of an object and encodes it +-into a combined PEM format used by tpm2\-tss\-engine and other ++into a combined PEM format used by tpm2-tss-engine and other + applications. + .PP + \f[B]NOTE\f[R]: Both private and public portions of the tpm key must be + specified. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-parent\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--parent-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The parent object. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-The authorization value of the parent object specified by \f[B]\-C\f[R]. ++The authorization value of the parent object specified by \f[B]-C\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + A file containing the public portion of the object. + .RE + .IP \[bu] 2 +-\f[B]\-r\f[R], \f[B]\-\-private\f[R]=\f[I]FILE\f[R]: ++\f[B]-r\f[R], \f[B]--private\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + A file containing the sensitive portion of the object. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-key\-auth\f[R]: ++\f[B]-p\f[R], \f[B]--key-auth\f[R]: + .RS 2 + .PP + Indicates if an authorization value is needed for the object specified +-by \f[B]\-r\f[R] and \f[B]\-u\f[R]. ++by \f[B]-r\f[R] and \f[B]-u\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The output file path, recording the public portion of the object. +@@ -63,7 +63,7 @@ The output file path, recording the public portion of the object. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -112,11 +112,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -128,7 +128,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -137,17 +137,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -190,17 +190,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -218,14 +217,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -233,21 +231,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -258,7 +262,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -267,16 +271,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -285,10 +289,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -298,14 +302,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -318,7 +322,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -327,7 +331,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -350,7 +354,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -359,7 +363,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -375,7 +379,7 @@ So the first step is to create the primary object. + .IP + .nf + \f[C] +-tpm2_createprimary \-c primary.ctx ++tpm2_createprimary -c primary.ctx + \f[R] + .fi + .PP +@@ -383,7 +387,7 @@ Step 2 is to create an object under the primary object. + .IP + .nf + \f[C] +-tpm2_create \-C primary.ctx \-u key.pub \-r key.priv \-f pem \-o pub.pem ++tpm2_create -C primary.ctx -u key.pub -r key.priv -f pem -o pub.pem + \f[R] + .fi + .PP +@@ -397,7 +401,7 @@ object into a PEM format. + .IP + .nf + \f[C] +-tpm2_encodeobject \-C primary.ctx \-u key.pub \-r key.priv \-c priv.pem ++tpm2_encodeobject -C primary.ctx -u key.pub -r key.priv -o priv.pem + \f[R] + .fi + .PP +@@ -407,17 +411,17 @@ The generated \f[C]priv.pem\f[R] can be used together with + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_encryptdecrypt.1 b/man/man1/tpm2_encryptdecrypt.1 +index d6bf6fa..5d8722a 100644 +--- a/man/man1/tpm2_encryptdecrypt.1 ++++ b/man/man1/tpm2_encryptdecrypt.1 +@@ -1,42 +1,42 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_encryptdecrypt" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_encryptdecrypt" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_encryptdecrypt\f[R](1) \- Performs symmetric encryption or ++\f[B]tpm2_encryptdecrypt\f[R](1) - Performs symmetric encryption or + decryption. + .SH SYNOPSIS + .PP + \f[B]tpm2_encryptdecrypt\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_encryptdecrypt\f[R](1) \- Performs symmetric encryption or ++\f[B]tpm2_encryptdecrypt\f[R](1) - Performs symmetric encryption or + decryption with a specified symmetric key on the contents of + \f[I]FILE\f[R]. + If \f[I]FILE\f[R] is not specified, defaults to \f[I]stdin\f[R]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The encryption key object. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for the encryption key object. + .RE + .IP \[bu] 2 +-\f[B]\-d\f[R], \f[B]\-\-decrypt\f[R]: ++\f[B]-d\f[R], \f[B]--decrypt\f[R]: + .RS 2 + .PP + Perform a decrypt operation. + Defaults to encryption when this option is not specified. + .RE + .IP \[bu] 2 +-\f[B]\-e\f[R], \f[B]\-\-pad\f[R]: ++\f[B]-e\f[R], \f[B]--pad\f[R]: + .RS 2 + .PP + Enable pkcs7 padding for applicable AES encryption modes cfb/cbc/ecb. +@@ -44,21 +44,21 @@ Applicable only to encryption and for input data with last block shorter + than encryption block length. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R] or \f[I]STDOUT\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R] or \f[I]STDOUT\f[R]: + .RS 2 + .PP + The output file path for either the encrypted or decrypted data. + If not specified, defaults to \f[B]stdout\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-G\f[R], \f[B]\-\-mode\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-G\f[R], \f[B]--mode\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The key algorithm associated with this object. + Defaults to object properties or CFB if not defined. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-iv\f[R]=\f[I]FILE\f[R]: ++\f[B]-t\f[R], \f[B]--iv\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Optional initialization vector to use. +@@ -69,7 +69,7 @@ and the output iv path. + This output iv can be saved for subsequent calls when chaining. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -84,7 +84,7 @@ path \f[I]FILE\f[R] of the data to encrypt or decrypt. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -133,11 +133,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -149,7 +149,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -158,17 +158,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -211,17 +211,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -236,7 +235,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -245,7 +244,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -322,54 +321,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -383,7 +382,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -401,8 +400,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -419,24 +418,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -444,21 +442,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -469,7 +473,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -478,16 +482,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -496,10 +500,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -509,14 +513,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -529,7 +533,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -538,7 +542,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -561,7 +565,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -570,7 +574,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -582,9 +586,9 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-c primary.ctx +-tpm2_create \-C primary.ctx \-Gaes128 \-u key.pub \-r key.priv +-tpm2_load \-C primary.ctx \-u key.pub \-r key.priv \-c key.ctx ++tpm2_createprimary -c primary.ctx ++tpm2_create -C primary.ctx -Gaes128 -u key.pub -r key.priv ++tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx + \f[R] + .fi + .SH Encrypt and Decrypt some data +@@ -592,8 +596,8 @@ tpm2_load \-C primary.ctx \-u key.pub \-r key.priv \-c key.ctx + .nf + \f[C] + echo \[dq]my secret\[dq] > secret.dat +-tpm2_encryptdecrypt \-c key.ctx \-o secret.enc secret.dat +-tpm2_encryptdecrypt \-d \-c key.ctx \-o secret.dec secret.enc ++tpm2_encryptdecrypt -c key.ctx -o secret.enc secret.dat ++tpm2_encryptdecrypt -d -c key.ctx -o secret.dec secret.enc + cat secret.dec + my secret + \f[R] +@@ -602,17 +606,17 @@ my secret + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_eventlog.1 b/man/man1/tpm2_eventlog.1 +index ede885a..9cc8592 100644 +--- a/man/man1/tpm2_eventlog.1 ++++ b/man/man1/tpm2_eventlog.1 +@@ -1,16 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_eventlog" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_eventlog" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_eventlog\f[R](1) \- Display tpm2 event log. ++\f[B]tpm2_eventlog\f[R](1) - Display tpm2 event log. + .SH SYNOPSIS + .PP + \f[B]tpm2_eventlog\f[R] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_eventlog\f[R](1) \- Parse a binary TPM2 event log. ++\f[B]tpm2_eventlog\f[R](1) - Parse a binary TPM2 event log. + The event log may be passed to the tool as the final positional + parameter. + If this parameter is omitted the tool will return an error. +@@ -18,7 +18,7 @@ The format of this log documented in the \[lq]TCG PC Client Platform + Firmware Profile Specification\[rq]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-\-eventlog\-version\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]--eventlog-version\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP + Specifies the yaml version of parsed event log. +@@ -34,14 +34,13 @@ TPM2 eventlog. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -49,21 +48,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH EXAMPLES + .IP +@@ -77,17 +82,17 @@ tpm2_eventlog eventlog.bin + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_evictcontrol.1 b/man/man1/tpm2_evictcontrol.1 +index d546a7d..f82b31e 100644 +--- a/man/man1/tpm2_evictcontrol.1 ++++ b/man/man1/tpm2_evictcontrol.1 +@@ -1,31 +1,32 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_evictcontrol" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_evictcontrol" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_evictcontrol\f[R](1) \- Make a transient object persistent or ++\f[B]tpm2_evictcontrol\f[R](1) - Make a transient object persistent or + evict a persistent object. + .SH SYNOPSIS + .PP + \f[B]tpm2_evictcontrol\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_evictcontrol\f[R](1) \- Allows a transient object to be made ++\f[B]tpm2_evictcontrol\f[R](1) - Allows a transient object to be made + persistent or a persistent object to be evicted. + The \f[I]HANDLE\f[R] argument controls the index the handle will be + assigned to. +-If the object specified via \f[B]\-c\f[R] is transient, and a permanent ++If the object specified via \f[B]-c\f[R] is transient, and a permanent + \f[I]HANDLE\f[R] is specified, the object will be persisted at + \f[I]HANDLE\f[R]. +-If \f[I]HANDLE\f[R] is a \-, then the object will be persisted at the ++If \f[I]HANDLE\f[R] is a -, then the object will be persisted at the + first available permanent handle location. +-If the object specified via \f[B]\-c\f[R] is a permanent handle, then +-the object will be evicted from it\[cq]s permenent handle location. ++If the object specified via \f[B]-c\f[R] is a permanent handle, then the ++object will be evicted from it\[cq]s permenent handle location. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + The authorization hierarchy used to authorize the commands. + Defaults to the \[lq]owner\[rq] hierarchy. + Supported options are: +@@ -37,7 +38,7 @@ Supported options are: + \f[B]\f[CB]\f[B]\f[R] where a raw number can be used. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-object\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--object-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + A context object specifier of a transient or persistent object. +@@ -45,16 +46,16 @@ If \f[I]OBJECT\f[R] is a transient object it will be persisted, either + to the handle specified by the argument or to first available vacant + persistent handle. + If the \f[I]OBJECT\f[R] is for a persistent object, then the object will +-be evicted from non\-volatile memory. ++be evicted from non-volatile memory. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-The authorization value for the hierarchy specified with \f[B]\-C\f[R]. ++The authorization value for the hierarchy specified with \f[B]-C\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Optionally output a serialized object representing the persistent +@@ -64,7 +65,7 @@ A raw persistent handle should be verified that the object it points to + is as expected. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -78,20 +79,20 @@ handle to save the transient object to. + .SH Output + .PP + The tool outputs a YAML compliant dictionary with the fields: +-persistent\-handle: action: evicted|persisted ++persistent-handle: action: evicted|persisted + .PP +-Where \f[I]persistent\-handle\f[R] is the handle the action occurred to. ++Where \f[I]persistent-handle\f[R] is the handle the action occurred to. + Where \f[I]action\f[R] can either be one of \f[I]evicted\f[R] or + \f[I]persisted\f[R]. + If an object is \f[I]evicted\f[R] then the object is no longer resident +-at the \f[I]persistent\-handle\f[R] address within the TPM. ++at the \f[I]persistent-handle\f[R] address within the TPM. + If an object is \f[I]persisted\f[R] then the object is resident at the +-\f[I]persistent\-handle\f[R] address within the TPM. ++\f[I]persistent-handle\f[R] address within the TPM. + .SS References + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -140,11 +141,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -156,7 +157,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -165,17 +166,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -218,17 +219,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -246,14 +246,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -261,21 +260,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -286,7 +291,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -295,16 +300,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -313,10 +318,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -326,14 +331,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -346,7 +351,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -355,7 +360,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -378,7 +383,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -387,7 +392,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -399,40 +404,40 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_changeauth \-c o ownerauth +-tpm2_createprimary \-c primary.ctx \-P ownerauth +-tpm2_evictcontrol \-C o \-c primary.ctx 0x81010002 \-P ownerauth ++tpm2_changeauth -c o ownerauth ++tpm2_createprimary -c primary.ctx -P ownerauth ++tpm2_evictcontrol -C o -c primary.ctx 0x81010002 -P ownerauth + \f[R] + .fi + .SS To evict a persistent handle + .IP + .nf + \f[C] +-tpm2_evictcontrol \-C o \-c 0x81010002 \-P ownerauth ++tpm2_evictcontrol -C o -c 0x81010002 -P ownerauth + \f[R] + .fi + .SS To make a transient handle persistent and output a serialized persistent handle. + .IP + .nf + \f[C] +-tpm2_evictcontrol \-C o \-c primary.ctx \-o primary.handle \-P ownerauth ++tpm2_evictcontrol -C o -c primary.ctx -o primary.handle -P ownerauth + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_flushcontext.1 b/man/man1/tpm2_flushcontext.1 +index 22de976..cd2a780 100644 +--- a/man/man1/tpm2_flushcontext.1 ++++ b/man/man1/tpm2_flushcontext.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_flushcontext" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_flushcontext" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_flushcontext\f[R](1) \- Remove a specified handle, or all ++\f[B]tpm2_flushcontext\f[R](1) - Remove a specified handle, or all + contexts associated with a transient object, loaded session or saved + session from the TPM. + .SH SYNOPSIS +@@ -12,31 +12,31 @@ session from the TPM. + \f[B]tpm2_flushcontext\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_flushcontext\f[R](1) \- Remove a specified handle, or all ++\f[B]tpm2_flushcontext\f[R](1) - Remove a specified handle, or all + contexts associated with a transient object, loaded session or saved + session from the TPM. + The object to be flushed is specified as the first argument to the tool +-and is in one of the following forms: \- The handle of the object to be ++and is in one of the following forms: - The handle of the object to be + flushed from the TPM. + Must be a valid handle number. +-\- Flush a session via a session file. ++- Flush a session via a session file. + A session file is generated from +-\f[B]tpm2_startauthsession\f[R](1)\[cq]s \f[B]\-S\f[R] option. ++\f[B]tpm2_startauthsession\f[R](1)\[cq]s \f[B]-S\f[R] option. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-transient\-object\f[R]: ++\f[B]-t\f[R], \f[B]--transient-object\f[R]: + .RS 2 + .PP + Remove all transient objects. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-loaded\-session\f[R]: ++\f[B]-l\f[R], \f[B]--loaded-session\f[R]: + .RS 2 + .PP + Remove all loaded sessions. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-saved\-session\f[R]: ++\f[B]-s\f[R], \f[B]--saved-session\f[R]: + .RS 2 + .PP + Remove all saved sessions. +@@ -45,7 +45,7 @@ Remove all saved sessions. + \f[B]ARGUMENT\f[R] the command line argument specifies the + \f[I]OBJECT\f[R] to be removed from the TPM resident memory. + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -58,14 +58,13 @@ the command, it simply returns a cpHash. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -73,21 +72,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + .SH TCTI Configuration + .PP + The TCTI or \[lq]Transmission Interface\[rq] is the communication +@@ -97,7 +102,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -106,16 +111,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -124,10 +129,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -137,14 +142,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -157,7 +162,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -166,7 +171,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -189,7 +194,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -198,7 +203,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -208,7 +213,7 @@ Specify the default (abrmd) tcti and a config string of + .SS Flushing a Transient Object + .PP + Typically, when using the TPM, the interactions occur through a resource +-manager, like tpm2\-abrmd(8). ++manager, like tpm2-abrmd(8). + When the process exits, transient object handles are flushed. + Thus, flushing transient objects through the command line is not + required. +@@ -220,26 +225,26 @@ Specifically we will use the simulator. + .IP + .nf + \f[C] +-tpm2_createprimary \-Tmssim \-c primary.ctx ++tpm2_createprimary -Tmssim -c primary.ctx + +-tpm2_getcap \-T mssim handles\-transient +-\- 0x80000000 ++tpm2_getcap -T mssim handles-transient ++- 0x80000000 + +-tpm2_flushcontext \-T mssim 0x80000000 ++tpm2_flushcontext -T mssim 0x80000000 + \f[R] + .fi + .SS Flush All the Transient Objects + .IP + .nf + \f[C] +-tpm2_flushcontext \[rs]\-\-transient\-object ++tpm2_flushcontext \[rs]--transient-object + \f[R] + .fi + .SS Flush a Session + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.dat ++tpm2_startauthsession -S session.dat + + tpm2_flushcontext session.dat + \f[R] +@@ -248,17 +253,17 @@ tpm2_flushcontext session.dat + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_getcap.1 b/man/man1/tpm2_getcap.1 +index f70ef43..d8894fb 100644 +--- a/man/man1/tpm2_getcap.1 ++++ b/man/man1/tpm2_getcap.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_getcap" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_getcap" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_getcap\f[R](1) \- Display TPM capabilities in a human readable ++\f[B]tpm2_getcap\f[R](1) - Display TPM capabilities in a human readable + form. + .SH SYNOPSIS + .PP + \f[B]tpm2_getcap\f[R] [\f[I]OPTIONS\f[R]] [\f[I]CAPABILITY\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_getcap\f[R](1) \- Query the TPM for it\[cq]s capabilities / ++\f[B]tpm2_getcap\f[R](1) - Query the TPM for it\[cq]s capabilities / + properties and print them to the console. + It takes a string form of the capability to query as an argument to the + tool. +@@ -23,26 +23,26 @@ Currently supported capability groups are: + .IP \[bu] 2 + \f[B]pcrs\f[R]: Display currently allocated PCRs. + .IP \[bu] 2 +-\f[B]properties\-fixed\f[R]: Display fixed TPM properties. ++\f[B]properties-fixed\f[R]: Display fixed TPM properties. + .IP \[bu] 2 +-\f[B]properties\-variable\f[R]: Display variable TPM properties. ++\f[B]properties-variable\f[R]: Display variable TPM properties. + .IP \[bu] 2 +-\f[B]ecc\-curves\f[R]: Display data about elliptic curves. ++\f[B]ecc-curves\f[R]: Display data about elliptic curves. + .IP \[bu] 2 +-\f[B]handles\-transient\f[R]: Display handles about transient objects. ++\f[B]handles-transient\f[R]: Display handles about transient objects. + .IP \[bu] 2 +-\f[B]handles\-persistent\f[R]: Display handles about persistent objects. ++\f[B]handles-persistent\f[R]: Display handles about persistent objects. + .IP \[bu] 2 +-\f[B]handles\-permanent\f[R]: Display handles about permanent objects. ++\f[B]handles-permanent\f[R]: Display handles about permanent objects. + .IP \[bu] 2 +-\f[B]handles\-pcr\f[R]: Display handles about PCRs. ++\f[B]handles-pcr\f[R]: Display handles about PCRs. + .IP \[bu] 2 +-\f[B]handles\-nv\-index\f[R]: Display handles about NV Indices. ++\f[B]handles-nv-index\f[R]: Display handles about NV Indices. + .IP \[bu] 2 +-\f[B]handles\-loaded\-session\f[R]: Display handles about both loaded +-HMAC and policy sessions. ++\f[B]handles-loaded-session\f[R]: Display handles about both loaded HMAC ++and policy sessions. + .IP \[bu] 2 +-\f[B]handles\-saved\-session\f[R]: Display handles about saved sessions. ++\f[B]handles-saved-session\f[R]: Display handles about saved sessions. + .IP \[bu] 2 + \f[B]vendor[:num]\f[R]: Displays the vendor properties as a hex buffer + output. +@@ -57,31 +57,31 @@ An example to call it with a property value of 2 is: tpm2_getcap + vendor:2 + .RS 2 + .PP +-NOTE: if vendor requests hang, try the \[lq]\-i\[rq] option to ignore +-the moreData field and only read once. ++NOTE: if vendor requests hang, try the \[lq]-i\[rq] option to ignore the ++moreData field and only read once. + .RE + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-list\f[R]: ++\f[B]-l\f[R], \f[B]--list\f[R]: + .RS 2 + .PP + List known supported capability names. +-These names can be supplied as the argument to the \f[B]\-c\f[R] option. ++These names can be supplied as the argument to the \f[B]-c\f[R] option. + Output is in a YAML compliant list to stdout. + .PP + For example: + .IP + .nf + \f[C] +- \- algorithms +- \- commands +- \- properties\-fixed ++ - algorithms ++ - commands ++ - properties-fixed + ... + \f[R] + .fi + .RE + .IP \[bu] 2 +-\f[B]\-\-ignore\-moredata\f[R] ++\f[B]--ignore-moredata\f[R] + .PP + Ignores the moreData field when dealing with buggy TPM responses. + .SH COMMON OPTIONS +@@ -89,14 +89,13 @@ Ignores the moreData field when dealing with buggy TPM responses. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -104,21 +103,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + .SH TCTI Configuration + .PP + The TCTI or \[lq]Transmission Interface\[rq] is the communication +@@ -128,7 +133,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -137,16 +142,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -155,10 +160,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -168,14 +173,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -188,7 +193,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -197,7 +202,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -220,7 +225,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -229,7 +234,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -240,31 +245,31 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-tpm2_getcap properties\-fixed ++tpm2_getcap properties-fixed + \f[R] + .fi + .SS To list the supported capability groups + .IP + .nf + \f[C] +-tpm2_getcap \-l ++tpm2_getcap -l + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_getcommandauditdigest.1 b/man/man1/tpm2_getcommandauditdigest.1 +index b7c0c28..7456ba6 100644 +--- a/man/man1/tpm2_getcommandauditdigest.1 ++++ b/man/man1/tpm2_getcommandauditdigest.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_getcommandauditdigest" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_getcommandauditdigest" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_getcommandauditdigest\f[R](1) \- Retrieve the command audit ++\f[B]tpm2_getcommandauditdigest\f[R](1) - Retrieve the command audit + attestation data from the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_getcommandauditdigest\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_getcommandauditdigest\f[R](1) \- Retrieve the command audit ++\f[B]tpm2_getcommandauditdigest\f[R](1) - Retrieve the command audit + attestation data from the TPM. + The attestation data includes the audit digest of the commands in the + setlist setup using the command \f[B]tpm2_setcommandauditstatus\f[R]. +@@ -21,26 +21,26 @@ The audit digest algorith is setup in the + \f[B]tpm2_setcommandauditstatus\f[R]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-hierarchy\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--hierarchy-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the endorsement hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Context object for the signing key that signs the attestation data. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for key specified by option +-\f[B]\-c\f[R]. ++\f[B]-c\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-qualification\f[R]=\f[I]HEX_STRING_OR_PATH\f[R]: ++\f[B]-q\f[R], \f[B]--qualification\f[R]=\f[I]HEX_STRING_OR_PATH\f[R]: + .RS 2 + .PP + Data given as a Hex string or binary file to qualify the quote, +@@ -48,14 +48,14 @@ optional. + This is typically used to add a nonce against replay attacks. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-signature\f[R]=\f[I]FILE\f[R]: ++\f[B]-s\f[R], \f[B]--signature\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Signature output file, records the signature in the format specified via +-the \f[B]\-f\f[R] option. ++the \f[B]-f\f[R] option. + .RE + .IP \[bu] 2 +-\f[B]\-m\f[R], \f[B]\-\-message\f[R]=\f[I]FILE\f[R]: ++\f[B]-m\f[R], \f[B]--message\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Message output file, records the quote message that makes up the data +@@ -63,20 +63,20 @@ that is signed by the TPM. + This is the command audit digest attestation data. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Format selection for the signature output file. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]: + .RS 2 + .PP + Hash algorithm for signature. + Defaults to sha256. + .RE + .IP \[bu] 2 +-\f[B]\-\-scheme\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]--scheme\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The signing scheme used to sign the message. +@@ -93,7 +93,7 @@ used. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -142,11 +142,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -158,7 +158,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -167,17 +167,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -220,17 +220,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -256,14 +255,13 @@ signature \f[I]FORMAT\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -271,21 +269,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -296,7 +300,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -305,16 +309,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -323,10 +327,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -336,14 +340,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -356,7 +360,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -365,7 +369,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -388,7 +392,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -397,7 +401,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -408,24 +412,24 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_getcommandauditdigest \-P ekpass \-c key.ctx \-p keypass \-m att.data \-s att.sig ++tpm2_getcommandauditdigest -P ekpass -c key.ctx -p keypass -m att.data -s att.sig + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_geteccparameters.1 b/man/man1/tpm2_geteccparameters.1 +index 011e56c..ee547ac 100644 +--- a/man/man1/tpm2_geteccparameters.1 ++++ b/man/man1/tpm2_geteccparameters.1 +@@ -1,18 +1,18 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_geteccparameters" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_geteccparameters" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_geteccparameters\f[R](1) \- Retrieves the parameters of an ECC +-curve identified by its TCG\-assigned curveID. ++\f[B]tpm2_geteccparameters\f[R](1) - Retrieves the parameters of an ECC ++curve identified by its TCG-assigned curveID. + .SH SYNOPSIS + .PP + \f[B]tpm2_geteccparameters\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_geteccparameters\f[R](1) \- Retrieves the parameters of an ECC +-curve identified by its TCG\-assigned curveID. ++\f[B]tpm2_geteccparameters\f[R](1) - Retrieves the parameters of an ECC ++curve identified by its TCG-assigned curveID. + .SH OPTIONS + .IP \[bu] 2 + \f[B]ARGUMENT\f[R]=\f[I]ALGORITHM\f[R]: +@@ -22,13 +22,13 @@ Specify the ECC curve. + Example ecc521. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R] ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + Specify the file path to save the ECC parameters. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -39,7 +39,7 @@ the command, it simply returns a cpHash. + .SS References + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -48,7 +48,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -125,54 +125,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -186,7 +186,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -204,8 +204,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -222,24 +222,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -247,21 +246,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -272,7 +277,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -281,16 +286,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -299,10 +304,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -312,14 +317,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -332,7 +337,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -341,7 +346,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -364,7 +369,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -373,7 +378,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -384,24 +389,24 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_geteccparameters ecc256 \-o ecc.params ++tpm2_geteccparameters ecc256 -o ecc.params + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_getekcertificate.1 b/man/man1/tpm2_getekcertificate.1 +index 0442414..ef2ff65 100644 +--- a/man/man1/tpm2_getekcertificate.1 ++++ b/man/man1/tpm2_getekcertificate.1 +@@ -1,36 +1,36 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_getekcertificate" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_getekcertificate" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_getekcertificate\f[R](1) \- Retrieve the Endorsement key ++\f[B]tpm2_getekcertificate\f[R](1) - Retrieve the Endorsement key + Certificate. + .SH SYNOPSIS + .PP + \f[B]tpm2_getekcertificate\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_getekcertificate\f[R](1) \- Retrieve the endorsement key ++\f[B]tpm2_getekcertificate\f[R](1) - Retrieve the endorsement key + certificate. + The certificate is present either on the TCG specified TPM NV indices OR + on the TPM manufacturer\[cq]s endorsement certificate hosting server. + Following are the conditions dictating the certificate location lookup. + .IP "1." 3 +-NV\-Index: ++NV-Index: + .RS 4 + .PP + Default search location when \f[B]ARGUMENT\f[R] is not specified. + .RE + .IP "2." 3 +-Intel\-EK\-certificate\-server: ++Intel-EK-certificate-server: + .RS 4 + .PP + Search location when EK certificate could not be found in the NV index + AND tpmEPSgenerated bit is CLEAR AND manufacturer is INTC. + .RE + .IP "3." 3 +-Intel\-EK\-Re\-certification\-server: ++Intel-EK-Re-certification-server: + .RS 4 + .PP + Search location when EK certificate could not be found in the NV index +@@ -39,14 +39,14 @@ AND tpmEPSgenerated bit is SET AND manufacturer is INTC. + Note: + .PP + In this operation information is provided regarding additional software +-to be run as part of the re\-provisioning/ re\-certification service. ++to be run as part of the re-provisioning/ re-certification service. + .PP +-After re\-provisioning/ recertification process is complete, EK ++After re-provisioning/ recertification process is complete, EK + certificates can be read from the NV indexes by running another instance + of \f[B]tpm2_getekcertificate\f[R]. + .RE + .IP "4." 3 +-Generic or other EK\-certificate\-server: ++Generic or other EK-certificate-server: + .RS 4 + .PP + Search location when \f[B]ARGUMENT\f[R] specifies the EK certificate web +@@ -54,7 +54,7 @@ hosting address. + .RE + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-ek\-certificate\f[R]=\f[I]FILE\f[R] or ++\f[B]-o\f[R], \f[B]--ek-certificate\f[R]=\f[I]FILE\f[R] or + \f[I]STDOUT\f[R]: + .RS 2 + .PP +@@ -69,7 +69,7 @@ either from the manufacturer web hosting or from the TPM NV indices, are + output to stdout. + .RE + .IP \[bu] 2 +-\f[B]\-X\f[R], \f[B]\-\-allow\-unverified\f[R]: ++\f[B]-X\f[R], \f[B]--allow-unverified\f[R]: + .RS 2 + .PP + Specifies to attempt connecting with the TPM manufacturer provisioning +@@ -81,14 +81,14 @@ indices. + older CA certificates. + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-ek\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--ek-public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the file path for the endorsement key public portion in tss + format. + .RE + .IP \[bu] 2 +-\f[B]\-x\f[R], \f[B]\-\-offline\f[R]: ++\f[B]-x\f[R], \f[B]--offline\f[R]: + .RS 2 + .PP + This flags the tool to operate in an offline mode. +@@ -106,7 +106,16 @@ indices. + .RS 2 + .PP + This flags the tool to output the EK certificate as is received from the +-source: NV/ Web\-Hosting. ++source: NV/ Web-Hosting. ++.RE ++.IP \[bu] 2 ++\f[B]-E\f[R], \f[B]--encoding\f[R]=\f[I]ENCODING\f[R]: ++.RS 2 ++.PP ++Specifies the encoding format to use explicitly. ++Normally, the default method is the one used by Intel unless an AMD fTPM ++is detected, in which case the AMD-specific encoding is used. ++Use `a' for AMD and `i' for Intel. + .RE + .IP \[bu] 2 + \f[B]ARGUMENT\f[R] the command line argument specifies the URL address +@@ -119,14 +128,13 @@ indices. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -134,21 +142,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -159,7 +173,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -168,16 +182,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -186,10 +200,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -199,14 +213,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -219,7 +233,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -228,7 +242,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -251,7 +265,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -260,7 +274,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -278,9 +292,9 @@ information. + .IP + .nf + \f[C] +-tpm2_createek \-G rsa \-u ek.pub \-c key.ctx ++tpm2_createek -G rsa -u ek.pub -c key.ctx + +-tpm2_getekcertificate \-X \-o ECcert.bin \-u ek.pub \[rs] ++tpm2_getekcertificate -X -o ECcert.bin -u ek.pub \[rs] + https://tpm.manufacturer.com/ekcertserver/ + \f[R] + .fi +@@ -288,47 +302,47 @@ https://tpm.manufacturer.com/ekcertserver/ + .IP + .nf + \f[C] +-tpm2_createek \-G rsa \-u ek.pub \-c key.ctx ++tpm2_createek -G rsa -u ek.pub -c key.ctx + +-tpm2_getekcertificate \-X \-o ECcert.bin \-u ek.pub ++tpm2_getekcertificate -X -o ECcert.bin -u ek.pub + \f[R] + .fi + .SS Retrieve EK certificate from Intel backend for an offline platform. + .IP + .nf + \f[C] +-tpm2_getekcertificate \-X \-x \-o ECcert.bin \-u ek.pub ++tpm2_getekcertificate -X -x -o ECcert.bin -u ek.pub + \f[R] + .fi + .SS Retrieve EK certificate from TPM NV indices only, fail otherwise. + .IP + .nf + \f[C] +-tpm2_getekcertificate \-o ECcert.bin ++tpm2_getekcertificate -o ECcert.bin + \f[R] + .fi + .SS Retrieve multiple EK certificates from TPM NV indices only, fail otherwise. + .IP + .nf + \f[C] +-tpm2_getekcertificate \-o RSA_EK_cert.bin \-o ECC_EK_cert.bin ++tpm2_getekcertificate -o RSA_EK_cert.bin -o ECC_EK_cert.bin + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_getpolicydigest.1 b/man/man1/tpm2_getpolicydigest.1 +index 8f5773e..1e48ac4 100644 +--- a/man/man1/tpm2_getpolicydigest.1 ++++ b/man/man1/tpm2_getpolicydigest.1 +@@ -1,38 +1,37 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_getpolicydigest" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_getpolicydigest" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_getpolicydigest\f[R](1) \- Retrieves the policy digest from ++\f[B]tpm2_getpolicydigest\f[R](1) - Retrieves the policy digest from + session. + .SH SYNOPSIS + .PP + \f[B]tpm2_getpolicydigest\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_getpolicydigest\f[R](1) \- Returns the policydigest of a ++\f[B]tpm2_getpolicydigest\f[R](1) - Returns the policydigest of a + session. + .PP + Output defaults to \f[I]stdout\f[R] and binary format unless otherwise +-specified with \f[B]\-o\f[R] and \f[B]\[en]hex\f[R] options +-respectively. ++specified with \f[B]-o\f[R] and \f[B]\[en]hex\f[R] options respectively. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R] ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + Specifies the filename to output the raw bytes to. + Defaults to stdout as a hex string. + .RE + .IP \[bu] 2 +-\f[B]\-\-hex\f[R] ++\f[B]--hex\f[R] + .RS 2 + .PP + Convert the output data to hex format without a leading \[lq]0x\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -43,14 +42,13 @@ The session created using \f[B]tpm2_startauthsession\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -58,21 +56,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -83,7 +87,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -92,16 +96,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -110,10 +114,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -123,14 +127,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -143,7 +147,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -152,7 +156,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -175,7 +179,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -184,7 +188,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -196,9 +200,9 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2 startauthsession \-S session.ctx +-tpm2 policypassword \-S session.ctx \-L test.policy +-tpm2 getpolicydigest \-S session.ctx \-o policy.out ++tpm2 startauthsession -S session.ctx ++tpm2 policypassword -S session.ctx -L test.policy ++tpm2 getpolicydigest -S session.ctx -o policy.out + tpm2 flushcontext session.ctx + \f[R] + .fi +@@ -206,17 +210,17 @@ tpm2 flushcontext session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_getrandom.1 b/man/man1/tpm2_getrandom.1 +index 4d6379a..928e943 100644 +--- a/man/man1/tpm2_getrandom.1 ++++ b/man/man1/tpm2_getrandom.1 +@@ -1,16 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_getrandom" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_getrandom" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_getrandom\f[R](1) \- Retrieves random bytes from the TPM. ++\f[B]tpm2_getrandom\f[R](1) - Retrieves random bytes from the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_getrandom\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_getrandom\f[R](1) \- Returns the next \f[I]SIZE\f[R] octets ++\f[B]tpm2_getrandom\f[R](1) - Returns the next \f[I]SIZE\f[R] octets + from the random number generator. + The \f[I]SIZE\f[R] parameter is expected as the only argument to the + tool. +@@ -24,25 +24,25 @@ by property \f[B]TPM2_PT_MAX_DIGEST\f[R] and issues an error if it is + too large. + .PP + Output defaults to \f[I]stdout\f[R] and binary format unless otherwise +-specified with \f[B]\-o\f[R] and \f[B]\[en]hex\f[R] options +-respectively. ++specified with \f[B]-o\f[R] and \f[B]\[en]hex\f[R] options respectively. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R] ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + Specifies the filename to output the raw bytes to. + Defaults to stdout as a hex string. + .RE + .IP \[bu] 2 +-\f[B]\-\-hex\f[R] ++\f[B]--hex\f[R] + .RS 2 + .PP + Convert the output data to hex format without a leading \[lq]0x\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R] ++\f[B]-f\f[R], \f[B]--force\f[R] + .RS 2 ++.PP + Override checking that the: + .IP \[bu] 2 + Requested size is within the hash size limit of the TPM. +@@ -50,7 +50,7 @@ Requested size is within the hash size limit of the TPM. + Number of retrieved random bytes matches requested amount. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -59,7 +59,7 @@ For example, you can have one session for auditing and another for + encryption of the parameters. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R]: ++\f[B]--cphash\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -68,7 +68,7 @@ NOTE: When this option is selected, in absence of rphash option, The + tool will not actually execute the command, it simply returns a cpHash. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R]: ++\f[B]--rphash\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File path to record the hash of the response parameters. +@@ -83,14 +83,13 @@ output. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -98,21 +97,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -123,7 +128,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -132,16 +137,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -150,10 +155,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -163,14 +168,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -183,7 +188,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -192,7 +197,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -215,7 +220,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -224,7 +229,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -236,7 +241,7 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_getrandom \-o random.out 20 ++tpm2_getrandom -o random.out 20 + \f[R] + .fi + .SS Generate a random 8 bytes and output the hex formatted data to stdout +@@ -250,17 +255,17 @@ tpm2_getrandom 8 + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_getsessionauditdigest.1 b/man/man1/tpm2_getsessionauditdigest.1 +index f8584c7..d7489fb 100644 +--- a/man/man1/tpm2_getsessionauditdigest.1 ++++ b/man/man1/tpm2_getsessionauditdigest.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_getsessionauditdigest" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_getsessionauditdigest" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_getsessionauditdigest\f[R](1) \- Retrieve the command audit ++\f[B]tpm2_getsessionauditdigest\f[R](1) - Retrieve the command audit + attestation data from the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_getsessionauditdigest\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_getsessionauditdigest\f[R](1) \- Retrieve the session audit ++\f[B]tpm2_getsessionauditdigest\f[R](1) - Retrieve the session audit + digest attestation data from the TPM. + The attestation data includes the session audit digest and a signature + over the session audit digest. +@@ -19,26 +19,26 @@ The session itself is started with the \f[B]tpm2_startauthsession\f[R] + command. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-hierarchy\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--hierarchy-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the endorsement hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Context object for the signing key that signs the attestation data. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for key specified by option +-\f[B]\-c\f[R]. ++\f[B]-c\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-qualification\f[R]=\f[I]HEX_STRING_OR_PATH\f[R]: ++\f[B]-q\f[R], \f[B]--qualification\f[R]=\f[I]HEX_STRING_OR_PATH\f[R]: + .RS 2 + .PP + Data given as a Hex string or binary file to qualify the quote, +@@ -46,14 +46,14 @@ optional. + This is typically used to add a nonce against replay attacks. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-signature\f[R]=\f[I]FILE\f[R]: ++\f[B]-s\f[R], \f[B]--signature\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Signature output file, records the signature in the format specified via +-the \f[B]\-f\f[R] option. ++the \f[B]-f\f[R] option. + .RE + .IP \[bu] 2 +-\f[B]\-m\f[R], \f[B]\-\-message\f[R]=\f[I]FILE\f[R]: ++\f[B]-m\f[R], \f[B]--message\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Message output file, records the quote message that makes up the data +@@ -61,20 +61,20 @@ that is signed by the TPM. + This is the command audit digest attestation data. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Format selection for the signature output file. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]: + .RS 2 + .PP + Hash algorithm for signature. + Defaults to sha256. + .RE + .IP \[bu] 2 +-\f[B]\-\-scheme\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]--scheme\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The signing scheme used to sign the message. +@@ -88,7 +88,7 @@ If left unspecified, a default signature scheme for the key type will be + used. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The path of the session that enables and records the audit digests. +@@ -97,7 +97,7 @@ The path of the session that enables and records the audit digests. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -146,11 +146,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -162,7 +162,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -171,17 +171,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -224,17 +224,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -260,14 +259,13 @@ signature \f[I]FORMAT\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -275,21 +273,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -300,7 +304,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -309,16 +313,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -327,10 +331,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -340,14 +344,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -360,7 +364,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -369,7 +373,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -392,7 +396,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -401,7 +405,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -412,34 +416,34 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-Q \-C e \-c prim.ctx ++tpm2_createprimary -Q -C e -c prim.ctx + +-tpm2_create \-Q \-C prim.ctx \-c signing_key.ctx \-u signing_key.pub \[rs] +-\-r signing_key.priv ++tpm2_create -Q -C prim.ctx -c signing_key.ctx -u signing_key.pub \[rs] ++-r signing_key.priv + +-tpm2_startauthsession \-S session.ctx \-\-audit\-session ++tpm2_startauthsession -S session.ctx --audit-session + +-tpm2_getrandom 8 \-S session.ctx ++tpm2_getrandom 8 -S session.ctx + +-tpm2_getsessionauditdigest \-c signing_key.ctx \-m att.data \-s att.sig \[rs] +-\-S session.ctx ++tpm2_getsessionauditdigest -c signing_key.ctx -m att.data -s att.sig \[rs] ++-S session.ctx + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_gettestresult.1 b/man/man1/tpm2_gettestresult.1 +index e4d055f..cb2db25 100644 +--- a/man/man1/tpm2_gettestresult.1 ++++ b/man/man1/tpm2_gettestresult.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_gettestresult" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_gettestresult" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_gettestresult\f[R](1) \- Get the result of tests performed by ++\f[B]tpm2_gettestresult\f[R](1) - Get the result of tests performed by + the TPM + .SH SYNOPSIS + .PP +@@ -21,7 +21,7 @@ If pending algorithms are scheduled to be tested, + Otherwise \[lq]FAILED\[rq] will be returned or \[lq]SUCCESS\[rq] + depending on the result to the test. + .PP +-Manufacturer\-dependent information will also be printed in raw hex ++Manufacturer-dependent information will also be printed in raw hex + format. + .SH OPTIONS + .PP +@@ -31,14 +31,13 @@ This tool accepts no tool specific options. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -46,21 +45,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + .SH TCTI Configuration + .PP + The TCTI or \[lq]Transmission Interface\[rq] is the communication +@@ -70,7 +75,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -79,16 +84,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -97,10 +102,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -110,14 +115,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -130,7 +135,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -139,7 +144,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -162,7 +167,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -171,7 +176,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -193,17 +198,17 @@ to TPM when in failure mode. + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_gettime.1 b/man/man1/tpm2_gettime.1 +index 5af121e..41e2b3d 100644 +--- a/man/man1/tpm2_gettime.1 ++++ b/man/man1/tpm2_gettime.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_gettime" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_gettime" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_gettime\f[R](1) \- Get the current time and clock from the TPM ++\f[B]tpm2_gettime\f[R](1) - Get the current time and clock from the TPM + in a signed form. + .SH SYNOPSIS + .PP + \f[B]tpm2_gettime\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_gettime\f[R](1) \- Provides a signed copy of the current time ++\f[B]tpm2_gettime\f[R](1) - Provides a signed copy of the current time + and clock from the TPM. + It returns both a signature, and the data in the standard TPM + attestation form, a TPMS_ATTEST structure. +@@ -40,7 +40,7 @@ clock_info: + .fi + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Context object pointing to the the key used for signing. +@@ -48,15 +48,15 @@ Either a file or a handle number. + See section \[lq]Context Object Format\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]_AUTH_: ++\f[B]-p\f[R], \f[B]--auth\f[R]_AUTH_: + .RS 2 + .PP +-Optional authorization value to use the key specified by \f[B]\-c\f[R]. ++Optional authorization value to use the key specified by \f[B]-c\f[R]. + Authorization values should follow the \[lq]authorization formatting + standards\[rq], see section \[lq]Authorization Formatting\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-endorse\-auth\f[R]_AUTH_: ++\f[B]-P\f[R], \f[B]--endorse-auth\f[R]_AUTH_: + .RS 2 + .PP + Optional authorization value for the endorsement hierarchy. +@@ -64,7 +64,7 @@ Authorization values should follow the \[lq]authorization formatting + standards\[rq], see section \[lq]Authorization Formatting\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm used to digest the message. +@@ -74,7 +74,7 @@ Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of + supported hash algorithms. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-scheme\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-s\f[R], \f[B]--scheme\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The signing scheme used to sign the message. +@@ -88,7 +88,7 @@ If left unspecified, a default signature scheme for the key type will be + used. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-qualification\f[R]=\f[I]FILE_OR_HEX_STR\f[R]: ++\f[B]-q\f[R], \f[B]--qualification\f[R]=\f[I]FILE_OR_HEX_STR\f[R]: + .RS 2 + .PP + Optional, the policy qualifier data that the signer can choose to +@@ -96,13 +96,13 @@ include in the signature. + Can be either a hex string or path. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-signature\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--signature\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The signature file, records the signature structure. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Format selection for the signature output file. +@@ -115,7 +115,7 @@ See section \[lq]Signature Format Specifiers\[rq]. + The attestation data of the type TPMS_ATTEST signed with signing key. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -130,7 +130,7 @@ sign. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -179,11 +179,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -195,7 +195,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -204,17 +204,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -257,17 +257,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -282,7 +281,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -291,7 +290,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -368,54 +367,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -429,7 +428,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -447,8 +446,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -465,24 +464,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -490,21 +488,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -515,7 +519,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -524,16 +528,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -542,10 +546,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -555,14 +559,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -575,7 +579,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -584,7 +588,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -607,7 +611,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -616,7 +620,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -635,30 +639,30 @@ defined by the used cryptographic algorithm. + .IP + .nf + \f[C] +-tpm2_createprimary \-C e \-c primary.ctx ++tpm2_createprimary -C e -c primary.ctx + +-tpm2_create \-G rsa \-u rsa.pub \-r rsa.priv \-C primary.ctx ++tpm2_create -G rsa -u rsa.pub -r rsa.priv -C primary.ctx + +-tpm2_load \-C primary.ctx \-u rsa.pub \-r rsa.priv \-c rsa.ctx ++tpm2_load -C primary.ctx -u rsa.pub -r rsa.priv -c rsa.ctx + +-tpm2_gettime \-c rsa.ctx \-o attest.sig \-\-attestation attest.data ++tpm2_gettime -c rsa.ctx -o attest.sig --attestation attest.data + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_hash.1 b/man/man1/tpm2_hash.1 +index cf3e8f4..324956b 100644 +--- a/man/man1/tpm2_hash.1 ++++ b/man/man1/tpm2_hash.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_hash" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_hash" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_hash\f[R](1) \- Performs a hash operation with the TPM. ++\f[B]tpm2_hash\f[R](1) - Performs a hash operation with the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_hash\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R] OR + \f[I]STDIN\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_hash\f[R](1) \- Performs a hash operation on file and returns ++\f[B]tpm2_hash\f[R](1) - Performs a hash operation on file and returns + the results. + If argument is not specified, then data is read from stdin. + If the results of the hash will be used in a signing operation that uses +@@ -19,11 +19,12 @@ a restricted signing key, then the ticket returned by this command can + indicate that the hash is safe to sign. + .PP + Output defaults to \f[I]stdout\f[R] and binary format unless otherwise +-specified via \f[B]\-o\f[R] and \f[B]\[en]hex\f[R] options respectively. ++specified via \f[B]-o\f[R] and \f[B]\[en]hex\f[R] options respectively. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Hierarchy to use for the ticket. + Defaults to \f[B]o\f[R], \f[B]TPM_RH_OWNER\f[R], when no value has been + specified. +@@ -38,26 +39,26 @@ Supported options are: + \f[B]n\f[R] for \f[B]TPM_RH_NULL\f[R] + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hashing algorithm for the digest operation. + .RE + .IP \[bu] 2 +-\f[B]\-\-hex\f[R] ++\f[B]--hex\f[R] + .RS 2 + .PP + Convert the output hmac to hex format without a leading \[lq]0x\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R] or \f[I]STDOUT\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R] or \f[I]STDOUT\f[R]: + .RS 2 + .PP + Optional file to save the hash result. + Defaults to stdout in hex form. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-ticket\f[R]=\f[I]TICKET_FILE\f[R] ++\f[B]-t\f[R], \f[B]--ticket\f[R]=\f[I]TICKET_FILE\f[R] + .RS 2 + .PP + Optional file record of the ticket result. +@@ -70,7 +71,7 @@ specifies the \f[I]FILE\f[R] to hash. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -119,11 +120,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -135,7 +136,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -144,17 +145,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -197,17 +198,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -225,14 +225,13 @@ pcr:sha256:0,1,2,3 + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -240,21 +239,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -265,7 +270,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -274,16 +279,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -292,10 +297,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -305,14 +310,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -325,7 +330,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -334,7 +339,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -357,7 +362,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -366,7 +371,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -378,24 +383,24 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_hash \-C e \-g sha1 \-o hash.bin \-t ticket.bin data.txt ++tpm2_hash -C e -g sha1 -o hash.bin -t ticket.bin data.txt + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_hierarchycontrol.1 b/man/man1/tpm2_hierarchycontrol.1 +index f95006a..ce8108d 100644 +--- a/man/man1/tpm2_hierarchycontrol.1 ++++ b/man/man1/tpm2_hierarchycontrol.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_hierarchycontrol" "1" "July 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_hierarchycontrol" "1" "July 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_hierarchycontrol\f[R](1) \- Enable and disable use of a ++\f[B]tpm2_hierarchycontrol\f[R](1) - Enable and disable use of a + hierarchy and its associated NV storage. + .SH SYNOPSIS + .PP +@@ -12,7 +12,7 @@ hierarchy and its associated NV storage. + \f[I]OPERATION\f[R] + .SH DESCRIPTION + .PP +-\f[B]tpm2_hierarchycontrol\f[R](1) \- Allows user change phEnable, ++\f[B]tpm2_hierarchycontrol\f[R](1) - Allows user change phEnable, + phEnableNV, shEnable and ehEnable when the proper authorization is + provided. + Authorization should be one out of owner hierarchy auth, endorsement +@@ -24,8 +24,9 @@ clear or set the \f[BI]VARIABLE\f[B] bit.\f[R] + Note: If password option is missing, assume NULL. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specifies the handle used to authorize. + Defaults to the \[lq]platform\[rq] hierarchy. + Supported options are: +@@ -37,13 +38,13 @@ Supported options are: + \f[B]\f[CB]\f[B]\f[R] where a raw number can be used. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-hierarchy\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--hierarchy-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -55,7 +56,7 @@ the command, it simply returns a cpHash. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -104,11 +105,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -120,7 +121,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -129,17 +130,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -182,17 +183,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -210,14 +210,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -225,21 +224,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -250,7 +255,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -259,16 +264,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -277,10 +282,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -290,14 +295,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -310,7 +315,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -319,7 +324,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -342,7 +347,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -351,7 +356,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -363,52 +368,52 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_hierarchycontrol \-C p phEnableNV set \-P pass ++tpm2_hierarchycontrol -C p phEnableNV set -P pass + \f[R] + .fi + .SS clear phEnableNV with platform hierarchy + .IP + .nf + \f[C] +-tpm2_hierarchycontrol \-C p phEnableNV clear ++tpm2_hierarchycontrol -C p phEnableNV clear + \f[R] + .fi + .SS Set shEnable with platform hierarchy + .IP + .nf + \f[C] +-tpm2_hierarchycontrol \-C p shEnable set ++tpm2_hierarchycontrol -C p shEnable set + \f[R] + .fi + .SS Set shEnable with owner hierarchy + .IP + .nf + \f[C] +-tpm2_hierarchycontrol \-C o shEnable set ++tpm2_hierarchycontrol -C o shEnable set + \f[R] + .fi + .SS Check current TPMA_STARTUP_CLEAR Bits + .IP + .nf + \f[C] +-tpm2_getcap properties\-variable ++tpm2_getcap properties-variable + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_hmac.1 b/man/man1/tpm2_hmac.1 +index b81fc50..7dbb2d9 100644 +--- a/man/man1/tpm2_hmac.1 ++++ b/man/man1/tpm2_hmac.1 +@@ -1,16 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_hmac" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_hmac" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_hmac\f[R](1) \- Performs an HMAC operation with the TPM. ++\f[B]tpm2_hmac\f[R](1) - Performs an HMAC operation with the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_hmac\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_hmac\f[R](1) \- Performs an HMAC operation and returns the ++\f[B]tpm2_hmac\f[R](1) - Performs an HMAC operation and returns the + results. + If argument file is not specified, then data is read from stdin. + .PP +@@ -18,10 +18,10 @@ The hashing algorithm defaults to the keys scheme or sha256 if the key + has a NULL scheme. + .PP + Output defaults to \f[I]STDOUT\f[R] and binary format unless otherwise +-specified via \f[B]\-o\f[R] and \f[B]\[en]hex\f[R] options respectively. ++specified via \f[B]-o\f[R] and \f[B]\[en]hex\f[R] options respectively. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The context object of the symmetric signing key providing the HMAC key. +@@ -29,13 +29,13 @@ Either a file or a handle number. + See section \[lq]Context Object Format\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-Optional authorization value to use the key specified by \f[B]\-c\f[R]. ++Optional authorization value to use the key specified by \f[B]-c\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm to use. +@@ -45,26 +45,26 @@ Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of + supported hash algorithms. + .RE + .IP \[bu] 2 +-\f[B]\-\-hex\f[R] ++\f[B]--hex\f[R] + .RS 2 + .PP + Convert the output hmac to hex format without a leading \[lq]0x\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Optional file record of the HMAC result. + Defaults to \f[I]STDOUT\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-ticket\f[R]=\f[I]FILE\f[R]: ++\f[B]-t\f[R], \f[B]--ticket\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Optional file record of the ticket result. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -80,7 +80,7 @@ Defaults to \f[I]STDIN\f[R] if not specified. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -129,11 +129,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -145,7 +145,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -154,17 +154,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -207,17 +207,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -260,11 +259,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -276,7 +275,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -285,17 +284,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -338,17 +337,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -366,14 +364,13 @@ pcr:sha256:0,1,2,3 + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -381,21 +378,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -406,7 +409,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -415,16 +418,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -433,10 +436,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -446,14 +449,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -466,7 +469,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -475,7 +478,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -498,7 +501,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -507,7 +510,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -520,10 +523,10 @@ the various known TCTI modules. + .nf + \f[C] + # create a primary object +-tpm2_createprimary \-c primary.ctx ++tpm2_createprimary -c primary.ctx + + # create an hmac key +-tpm2_create \-C primary.ctx \-G hmac \-c hmac.key ++tpm2_create -C primary.ctx -G hmac -c hmac.key + \f[R] + .fi + .SS Perform an HMAC with Default Hash Algorithm +@@ -533,7 +536,7 @@ output to stdout in hexidecimal format. + .IP + .nf + \f[C] +-tpm2_hmac \-c hmac.key \-\-hex data.in ++tpm2_hmac -c hmac.key --hex data.in + e6eda48a53a9ddbb92f788f6d98e0372d63a408afb11aca43f522a2475a32805 + \f[R] + .fi +@@ -541,17 +544,17 @@ e6eda48a53a9ddbb92f788f6d98e0372d63a408afb11aca43f522a2475a32805 + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_import.1 b/man/man1/tpm2_import.1 +index 7fdd152..84df369 100644 +--- a/man/man1/tpm2_import.1 ++++ b/man/man1/tpm2_import.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_import" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_import" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_import\f[R](1) \- Imports an external key into the tpm as a +-TPM managed key object. ++\f[B]tpm2_import\f[R](1) - Imports an external key into the tpm as a TPM ++managed key object. + .SH SYNOPSIS + .PP + \f[B]tpm2_import\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_import\f[R](1) \- Imports an external generated key as TPM ++\f[B]tpm2_import\f[R](1) - Imports an external generated key as TPM + managed key object. + It requires that the parent key object be a RSA key. + Can also import a TPM managed key object created by the tpm2_duplicate +@@ -20,22 +20,23 @@ tool. + .PP + These options control the key importation process: + .IP \[bu] 2 +-\f[B]\-G\f[R], \f[B]\-\-key\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-G\f[R], \f[B]--key-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 ++.PP + The algorithm used by the key to be imported. + Supports: + .IP \[bu] 2 +-\f[B]aes\f[R] \- AES 128, 192 or 256 key. ++\f[B]aes\f[R] - AES 128, 192 or 256 key. + .IP \[bu] 2 +-\f[B]rsa\f[R] \- RSA 1024 or 2048 key. ++\f[B]rsa\f[R] - RSA 1024, 2048, 3072, or 4096 key. + .IP \[bu] 2 +-\f[B]ecc\f[R] \- ECC NIST P192, P224, P256, P384 or P521 public and ++\f[B]ecc\f[R] - ECC NIST P192, P224, P256, P384 or P521 public and + private key. + .IP \[bu] 2 +-\f[B]hmac\f[R] \- HMAC key. ++\f[B]hmac\f[R] - HMAC key. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm for generating the objects name. +@@ -46,7 +47,7 @@ Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of + supported hash algorithms. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-input\f[R]=\f[I]FILE\f[R]: ++\f[B]-i\f[R], \f[B]--input\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the filename of the key to be imported. +@@ -55,13 +56,13 @@ For assymetric keys in PEM or DER format. + A typical file is generated with \f[C]openssl genrsa\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-parent\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--parent-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The parent key object. + .RE + .IP \[bu] 2 +-\f[B]\-U\f[R], \f[B]\-\-parent\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-U\f[R], \f[B]--parent-public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Optional. +@@ -71,7 +72,7 @@ If not specified, the tool invokes a tpm2_readpublic on the parent + object. + .RE + .IP \[bu] 2 +-\f[B]\-k\f[R], \f[B]\-\-encryption\-key\f[R]=\f[I]FILE\f[R]: ++\f[B]-k\f[R], \f[B]--encryption-key\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Optional. +@@ -81,7 +82,7 @@ If the file is specified the tool assumes the algorithm is AES 128 in + CFB mode otherwise none. + .RE + .IP \[bu] 2 +-\f[B]\-r\f[R], \f[B]\-\-private\f[R]=\f[I]FILE\f[R]: ++\f[B]-r\f[R], \f[B]--private\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the file path required to save the encrypted private portion +@@ -96,16 +97,16 @@ Objects that can move outside of TPM need to be protected + (confidentiality and integrity). + For instance, transient objects require that TPM protected data (key or + seal material) be stored outside of the TPM. +-This is seen in tools like tpm2_create(1), where the \f[B]\-r\f[R] +-option outputs this protected data. ++This is seen in tools like tpm2_create(1), where the \f[B]-r\f[R] option ++outputs this protected data. + This blob contains the sensitive portions of the object. + The sensitive portions of the object are protected by the parent object, + using the parent\[cq]s symmetric encryption details to encrypt the + sensitive data and HMAC it. + .PP +-In\-depth details can be found in sections 23 of: ++In-depth details can be found in sections 23 of: + .IP \[bu] 2 +-https://trustedcomputinggroup.org/wp\-content/uploads/TPM\-Rev\-2.0\-Part\-1\-Architecture\-01.38.pdf ++https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf + .PP + Notably Figure 20, is relevant, even though it\[cq]s specifically + referring to duplication blobs, the process is identical. +@@ -113,7 +114,7 @@ referring to duplication blobs, the process is identical. + If the output is from tpm2_duplicate(1), the output will be slightly + different, as described fully in section 23. + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the file path required to save the public portion of the +@@ -123,26 +124,26 @@ When importing a duplicated object this option specifies the file + containing the public portion of the object to be imported. + .RE + .IP \[bu] 2 +-\f[B]\-a\f[R], \f[B]\-\-attributes\f[R]=\f[I]ATTRIBUTES\f[R]: ++\f[B]-a\f[R], \f[B]--attributes\f[R]=\f[I]ATTRIBUTES\f[R]: + .RS 2 + .PP + The object attributes, optional. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-parent\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--parent-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for using the parent key specified with +-\f[B]\-C\f[R]. ++\f[B]-C\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-key\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--key-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for the imported key, optional. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]POLICY\f[R] or ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]POLICY\f[R] or + \f[I]HEX_STRING\f[R]: + .RS 2 + .PP +@@ -150,7 +151,7 @@ The policy file or policy hex string used for authorization to the + object. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-seed\f[R]=\f[I]FILE\f[R]: ++\f[B]-s\f[R], \f[B]--seed\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the file containing the encrypted seed of the duplicated +@@ -158,19 +159,19 @@ object. + .PP + In order to perform an \[lq]unencrypted import\[rq] a seed file with the + content 0x0000 needs to be provided (e.g.\ printf \[lq]0000\[rq] | xxd +-\-r \-p >seed.file). ++-r -p >seed.file). + .RE + .IP \[bu] 2 +-\f[B]\-\-passin\f[R]=\f[I]OSSL_PEM_FILE_PASSWORD\f[R] ++\f[B]--passin\f[R]=\f[I]OSSL_PEM_FILE_PASSWORD\f[R] + .RS 2 + .PP + An optional password for an Open SSL (OSSL) provided input file. +-It mirrors the \-passin option of OSSL and is known to support the pass, ++It mirrors the -passin option of OSSL and is known to support the pass, + file, env, fd and plain password formats of openssl. + (see \f[I]man(1) openssl\f[R]) for more. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -182,7 +183,7 @@ the command, it simply returns a cpHash. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -231,11 +232,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -247,7 +248,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -256,17 +257,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -309,17 +310,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -334,7 +334,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -343,7 +343,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -420,54 +420,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -481,7 +481,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -499,8 +499,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -517,17 +517,17 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH Object Attributes + .PP + Object Attributes are used to control various properties of created + objects. + When specified as an option, either the raw bitfield mask or +-\[lq]nice\-names\[rq] may be used. ++\[lq]nice-names\[rq] may be used. + The values can be found in Table 31 Part 2 of the TPM2.0 specification, + which can be found here: + .PP +@@ -549,14 +549,13 @@ argument would be: + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -564,21 +563,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -589,7 +594,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -598,16 +603,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -616,10 +621,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -629,14 +634,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -649,7 +654,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -658,7 +663,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -681,7 +686,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -690,7 +695,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -702,7 +707,7 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-Grsa2048:aes128cfb \-C o \-c parent.ctx ++tpm2_createprimary -Grsa2048:aes128cfb -C o -c parent.ctx + \f[R] + .fi + .PP +@@ -714,32 +719,32 @@ If you already have a key, just use that and skip creating it. + \f[C] + dd if=/dev/urandom of=sym.key bs=1 count=16 + +-tpm2_import \-C parent.ctx \-G aes \-i sym.key \-u key.pub \-r key.priv ++tpm2_import -C parent.ctx -G aes -i sym.key -u key.pub -r key.priv + \f[R] + .fi + .SS Import an RSA key + .IP + .nf + \f[C] +-openssl genrsa \-out private.pem 2048 ++openssl genrsa -out private.pem 2048 + +-tpm2_import \-C parent.ctx \-G rsa \-i private.pem \-u key.pub \-r key.priv ++tpm2_import -C parent.ctx -G rsa -i private.pem -u key.pub -r key.priv + \f[R] + .fi + .SS Import an ECC key + .IP + .nf + \f[C] +-openssl ecparam \-name prime256v1 \-genkey \-noout \-out private.ecc.pem ++openssl ecparam -name prime256v1 -genkey -noout -out private.ecc.pem + +-tpm2_import \-C parent.ctx \-G ecc \-i private.ecc.pem \-u key.pub \-r key.priv ++tpm2_import -C parent.ctx -G ecc -i private.ecc.pem -u key.pub -r key.priv + \f[R] + .fi + .SS Import a duplicated key + .IP + .nf + \f[C] +-tpm2_import \-C parent.ctx \-i key.dup \-u key.pub \-r key.priv \-L policy.dat ++tpm2_import -C parent.ctx -i key.dup -u key.pub -r key.priv -L policy.dat + \f[R] + .fi + .SH LIMITATIONS +@@ -750,17 +755,17 @@ the parent. + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_incrementalselftest.1 b/man/man1/tpm2_incrementalselftest.1 +index 1acd117..a1e8e16 100644 +--- a/man/man1/tpm2_incrementalselftest.1 ++++ b/man/man1/tpm2_incrementalselftest.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_incrementalselftest" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_incrementalselftest" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_incrementalselftest\f[R](1) \- Request testing of specified ++\f[B]tpm2_incrementalselftest\f[R](1) - Request testing of specified + algorithm list + .SH SYNOPSIS + .PP +@@ -21,7 +21,7 @@ on cryptographic operations as TPM must test the algorithm prior using + it. + .SH ALG_SPEC_LIST + .PP +-A space\-separated list of algorithm suite to be tested. ++A space-separated list of algorithm suite to be tested. + Algorithms should follow the \[lq]formatting standards\[rq], see section + \[lq]Algorithm Specifiers\[rq]. + Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of +@@ -53,7 +53,7 @@ This tool accepts no tool specific options. + .SS References + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -62,7 +62,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -139,54 +139,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -200,7 +200,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -218,8 +218,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -236,24 +236,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -261,21 +260,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -286,7 +291,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -295,16 +300,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -313,10 +318,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -326,14 +331,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -346,7 +351,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -355,7 +360,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -378,7 +383,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -387,7 +392,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -419,24 +424,24 @@ specified. + An other might also test complete AES mode list AND test ctr mode. + .PP + If an algorithm has already been tested, this command won\[cq]t permit +-re\-executing the test. +-Only issuing \f[B]tpm2_selftest\f[R](1) in full\-test mode enabled will +-force re\-testing. ++re-executing the test. ++Only issuing \f[B]tpm2_selftest\f[R](1) in full-test mode enabled will ++force re-testing. + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_load.1 b/man/man1/tpm2_load.1 +index 3bea07e..5019b75 100644 +--- a/man/man1/tpm2_load.1 ++++ b/man/man1/tpm2_load.1 +@@ -1,20 +1,20 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_load" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_load" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_load\f[R](1) \- Load an object into the TPM. ++\f[B]tpm2_load\f[R](1) - Load an object into the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_load\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_load\f[R](1) \- Load both the private and public portions of +-an object into the TPM or load the object in the TSS2\-Private\-Key PEM ++\f[B]tpm2_load\f[R](1) - Load both the private and public portions of an ++object into the TPM or load the object in the TSS2-Private-Key PEM + format. + This can be done by specifying the private as well as the public section +-or via a pem file using the \f[I]\-r\f[R] option. ++or via a pem file using the \f[I]-r\f[R] option. + .PP + The tool outputs the name of the loaded object in a YAML dictionary + format with the key \f[I]name\f[R] where the value for that key is the +@@ -30,47 +30,47 @@ It also saves a context file for future interactions with the object. + .PP + \f[B]NOTE\f[R]: Both private and public portions of the tpm key must be + specified. +-The exception to this is if a TSS2\-Private\-Key formatted PEM object is ++The exception to this is if a TSS2-Private-Key formatted PEM object is + to be loaded which does not need the public specified. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-parent\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--parent-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The parent object. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-The authorization value of the parent object specified by \f[B]\-C\f[R]. ++The authorization value of the parent object specified by \f[B]-C\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + A file containing the public portion of the object. + .RE + .IP \[bu] 2 +-\f[B]\-r\f[R], \f[B]\-\-private\f[R]=\f[I]FILE\f[R]: ++\f[B]-r\f[R], \f[B]--private\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + A file containing the sensitive portion of the object. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + An optional file to save the name structure of the object. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]FILE\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file name of the saved object context, required. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -82,7 +82,7 @@ the command, it simply returns a cpHash. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -131,11 +131,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -147,7 +147,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -156,17 +156,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -209,17 +209,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -237,14 +236,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -252,21 +250,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -277,7 +281,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -286,16 +290,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -304,10 +308,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -317,14 +321,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -337,7 +341,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -346,7 +350,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -369,7 +373,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -378,7 +382,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -394,7 +398,7 @@ So the first step is to create the primary object. + .IP + .nf + \f[C] +-tpm2_createprimary \-c primary.ctx ++tpm2_createprimary -c primary.ctx + \f[R] + .fi + .PP +@@ -402,7 +406,7 @@ Step 2 is to create an object under the primary object. + .IP + .nf + \f[C] +-tpm2_create \-C primary.ctx \-u key.pub \-r key.priv ++tpm2_create -C primary.ctx -u key.pub -r key.priv + \f[R] + .fi + .PP +@@ -416,7 +420,7 @@ into the TPM. + .IP + .nf + \f[C] +-tpm2_load \-C primary.ctx \-u key.pub \-r key.priv \-c key.ctx ++tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx + name: 000bac25cb8743111c8e1f52f2ee7279d05d3902a18dd1af694db5d1afa7adf1c8b3 + \f[R] + .fi +@@ -424,17 +428,17 @@ name: 000bac25cb8743111c8e1f52f2ee7279d05d3902a18dd1af694db5d1afa7adf1c8b3 + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_loadexternal.1 b/man/man1/tpm2_loadexternal.1 +index 1696749..320ef3e 100644 +--- a/man/man1/tpm2_loadexternal.1 ++++ b/man/man1/tpm2_loadexternal.1 +@@ -1,16 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_loadexternal" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_loadexternal" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_loadexternal\f[R](1) \- Load an external object into the TPM. ++\f[B]tpm2_loadexternal\f[R](1) - Load an external object into the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_loadexternal\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_loadexternal\f[R](1) \- This command loads an external object ++\f[B]tpm2_loadexternal\f[R](1) - This command loads an external object + into the TPM, forgoing TPM protections. + Ie, the key material is not protected by the parent object\[cq]s seed. + It can also be used to load TSS2 Private Keys in pem format. +@@ -31,8 +31,9 @@ name: 000bac25cb8743111c8e1f52f2ee7279d05d3902a18dd1af694db5d1afa7adf1c8b3 + It also saves a context file for future interactions with the object. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Hierarchy to use for the ticket, optional. + Defaults to \f[B]n\f[R], \f[B]null\f[R]. + Supported options are: +@@ -46,50 +47,53 @@ Supported options are: + \f[B]n\f[R] for the \f[B]null\f[R] hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-G\f[R], \f[B]\-\-key\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-G\f[R], \f[B]--key-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 ++.PP + The algorithm used by the key to be imported. + Supports: + .IP \[bu] 2 +-\f[B]aes\f[R] \- AES 128,192 or 256 key. ++\f[B]aes\f[R] - AES 128,192 or 256 key. + .IP \[bu] 2 +-\f[B]rsa\f[R] \- RSA 1024 or 2048 key. ++\f[B]rsa\f[R] - RSA 1024 or 2048 key. + .IP \[bu] 2 +-\f[B]ecc\f[R] \- ECC NIST P192, P224, P256, P384 or P521 public and ++\f[B]ecc\f[R] - ECC NIST P192, P224, P256, P384 or P521 public and + private key. + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 ++.PP + The public portion of the object, this can be one of the following file + formats: + .IP \[bu] 2 +-TSS \- The TSS/TPM format. +-For example from option \f[C]\-u\f[R] of command ++TSS - The TSS/TPM format. ++For example from option \f[C]-u\f[R] of command + \f[B]tpm2_create\f[R](1). + .IP \[bu] 2 +-RSA \- OSSL PEM formats. ++RSA - OSSL PEM formats. + For example \f[C]public.pem\f[R] from the command +-\f[C]openssl rsa \-in private.pem \-out public.pem \-pubout\f[R] ++\f[C]openssl rsa -in private.pem -out public.pem -pubout\f[R] + .IP \[bu] 2 +-ECC \- OSSL PEM formats. ++ECC - OSSL PEM formats. + For example \f[C]public.pem\f[R] from the command +-\f[C]openssl ec \-in private.ecc.pem \-out public.ecc.pem \-pubout\f[R] ++\f[C]openssl ec -in private.ecc.pem -out public.ecc.pem -pubout\f[R] + .RE + .IP \[bu] 2 +-\f[B]\-r\f[R], \f[B]\-\-private\f[R]=\f[I]FILE\f[R]: ++\f[B]-r\f[R], \f[B]--private\f[R]=\f[I]FILE\f[R]: + .RS 2 ++.PP + The sensitive portion of the object, optional. + If one wishes to use the private portion of a key, this must be + specified. +-Like option \f[B]\-u\f[R], this command takes files in the following ++Like option \f[B]-u\f[R], this command takes files in the following + format: + .IP \[bu] 2 +-RSA \- OSSL PEM formats. ++RSA - OSSL PEM formats. + For example \f[C]private.pem\f[R] from the command +-\f[C]openssl genrsa \-out private.pem 2048\f[R] Since an RSA public key +-can be derived from the private PEM file, their is no need to specify +-\-u for the public portion. ++\f[C]openssl genrsa -out private.pem 2048\f[R] Since an RSA public key ++can be derived from the private PEM file, their is no need to specify -u ++for the public portion. + .IP \[bu] 2 + TSS2 PrivateKey PEM formats. + .PP +@@ -99,14 +103,13 @@ previous command. + They are always protected by the TPM as \f[B]TPM2B_PRIVATE\f[R] blobs. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for the key, optional. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R] or +-\f[I]HEX_STRING\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R] or \f[I]HEX_STRING\f[R]: + .RS 2 + .PP + The input policy file or hex string, optional. +@@ -114,7 +117,7 @@ A file or hex string containing the hash of a policy derived from + \f[C]tpm2_createpolicy\f[R] or another policy digest generating source. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm for generating the objects name. +@@ -124,13 +127,13 @@ In this case, no cryptographic binding checks between the public and + private portions are performed. + .RE + .IP \[bu] 2 +-\f[B]\-a\f[R], \f[B]\-\-attributes\f[R]=\f[I]ATTRIBUTES\f[R]: ++\f[B]-a\f[R], \f[B]--attributes\f[R]=\f[I]ATTRIBUTES\f[R]: + .RS 2 + .PP + The object attributes, optional. + The default for created objects is: + \f[C]TPMA_OBJECT_SIGN_ENCRYPT|TPMA_OBJECT_DECRYPT\f[R]. +-Optionally, if \-p is specified or no \f[C]\-p\f[R] or \f[C]\-L\f[R] is ++Optionally, if -p is specified or no \f[C]-p\f[R] or \f[C]-L\f[R] is + specified then \f[C]TPMA_OBJECT_USERWITHAUTH\f[R] is added to the + default attribute set. + .PP +@@ -139,26 +142,26 @@ attributes like \f[B]TPMA_OBJECT_FIXEDTPM\f[R], as those guarantees + cannot be made. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]FILE\f[R] ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + The file name to save the object context, required. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + An optional file to save the object name, which is in a binary hash + format. +-The size of the hash is based on name algorithm or the \f[B]\-g\f[R] ++The size of the hash is based on name algorithm or the \f[B]-g\f[R] + option. + .RE + .IP \[bu] 2 +-\f[B]\-\-passin\f[R]=\f[I]OSSL_PEM_FILE_PASSWORD\f[R] ++\f[B]--passin\f[R]=\f[I]OSSL_PEM_FILE_PASSWORD\f[R] + .RS 2 + .PP + An optional password for an Open SSL (OSSL) provided input file. +-It mirrors the \-passin option of OSSL and is known to support the pass, ++It mirrors the -passin option of OSSL and is known to support the pass, + file, env, fd and plain password formats of openssl. + (see \f[I]man(1) openssl\f[R]) for more. + .RE +@@ -166,7 +169,7 @@ file, env, fd and plain password formats of openssl. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -215,11 +218,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -231,7 +234,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -240,17 +243,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -293,17 +296,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -318,7 +320,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -327,7 +329,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -404,54 +406,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -465,7 +467,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -483,8 +485,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -501,17 +503,17 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH Object Attributes + .PP + Object Attributes are used to control various properties of created + objects. + When specified as an option, either the raw bitfield mask or +-\[lq]nice\-names\[rq] may be used. ++\[lq]nice-names\[rq] may be used. + The values can be found in Table 31 Part 2 of the TPM2.0 specification, + which can be found here: + .PP +@@ -533,14 +535,13 @@ argument would be: + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -548,21 +549,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -573,7 +580,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -582,16 +589,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -600,10 +607,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -613,14 +620,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -633,7 +640,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -642,7 +649,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -665,7 +672,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -674,7 +681,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -693,11 +700,11 @@ If the private portion of an object is specified, the hierarchy must be + .IP + .nf + \f[C] +-tpm2_createprimary \-c primary.ctx ++tpm2_createprimary -c primary.ctx + +-tpm2_create \-C primary.ctx \-u pub.dat \-r priv.dat ++tpm2_create -C primary.ctx -u pub.dat -r priv.dat + +-tpm2_loadexternal \-C o \-u pub.dat \-c pub.ctx ++tpm2_loadexternal -C o -u pub.dat -c pub.ctx + name: 000b9be4d7c6193a57e1bfc86a42a6b03856a91d2f9e77c6cbdb796a783d52d4b3b9 + \f[R] + .fi +@@ -705,21 +712,21 @@ name: 000b9be4d7c6193a57e1bfc86a42a6b03856a91d2f9e77c6cbdb796a783d52d4b3b9 + .IP + .nf + \f[C] +-openssl genrsa \-out private.pem 2048 ++openssl genrsa -out private.pem 2048 + +-openssl rsa \-in private.pem \-out public.pem \-outform PEM \-pubout ++openssl rsa -in private.pem -out public.pem -outform PEM -pubout + +-tpm2_loadexternal \-C o \-Grsa \-u public.pem \-c key.ctx ++tpm2_loadexternal -C o -Grsa -u public.pem -c key.ctx + name: 000b7b91d304d16995d42792b57d0fb25df7abe5fdd8afe9950730e00dc5b934ddbc + \f[R] + .fi +-.SS Load an RSA key\-pair into the \f[I]null\f[R] hierarchy ++.SS Load an RSA key-pair into the \f[I]null\f[R] hierarchy + .IP + .nf + \f[C] +-openssl genrsa \-out private.pem 2048 ++openssl genrsa -out private.pem 2048 + +-tpm2_loadexternal \-C n \-Grsa \-r private.pem \-c key.ctx ++tpm2_loadexternal -C n -Grsa -r private.pem -c key.ctx + name: 000b635ea220b6c62ec1d02343859dd203c8ac5dad82ebc5b124e407d2502f88691f + \f[R] + .fi +@@ -729,7 +736,7 @@ name: 000b635ea220b6c62ec1d02343859dd203c8ac5dad82ebc5b124e407d2502f88691f + \f[C] + dd if=/dev/urandom of=sym.key bs=1 count=16 + +-tpm2_loadexternal \-C n \-Gaes \-r sym.key \-c key.ctx ++tpm2_loadexternal -C n -Gaes -r sym.key -c key.ctx + name: 000bfc4d8dd7e4f921bcc9dca4b04f49564243cd9def129a3740002bfd4b9e966d34 + \f[R] + .fi +@@ -737,7 +744,7 @@ name: 000bfc4d8dd7e4f921bcc9dca4b04f49564243cd9def129a3740002bfd4b9e966d34 + .IP + .nf + \f[C] +-tpm2_loadexternal \-r tss_privkey.pem \-c tss_privkey.ctx ++tpm2_loadexternal -r tss_privkey.pem -c tss_privkey.ctx + name: 000bc5a216702aca9ba226af1214c50dc4dc33ce6269677aa581ea6d9eec7f27000d + \f[R] + .fi +@@ -745,17 +752,17 @@ name: 000bc5a216702aca9ba226af1214c50dc4dc33ce6269677aa581ea6d9eec7f27000d + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_makecredential.1 b/man/man1/tpm2_makecredential.1 +index 85f3f3d..5cdc261 100644 +--- a/man/man1/tpm2_makecredential.1 ++++ b/man/man1/tpm2_makecredential.1 +@@ -1,59 +1,55 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_makecredential" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_makecredential" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_makecredential\f[R](1) \- Generate the +-encrypted\-user\-chosen\-data and the +-wrapped\-secret\-data\-encryption\-key for the privacy\-sensitive +-credentialing process of a TPM object. ++\f[B]tpm2_makecredential\f[R](1) - Generate the ++encrypted-user-chosen-data and the wrapped-secret-data-encryption-key ++for the privacy-sensitive credentialing process of a TPM object. + .SH SYNOPSIS + .PP + \f[B]tpm2_makecredential\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_makecredential\f[R](1) \- The TPM supports a privacy +-preserving protocol for distributing credentials for keys on a TPM. +-The process guarantees that the credentialed\-TPM\-object(AIK) is loaded +-on the same TPM as a well\-known public\-key\-object(EK) without +-knowledge of the specific public properties of the +-credentialed\-TPM\-object(AIK). ++\f[B]tpm2_makecredential\f[R](1) - The TPM supports a privacy preserving ++protocol for distributing credentials for keys on a TPM. ++The process guarantees that the credentialed-TPM-object(AIK) is loaded ++on the same TPM as a well-known public-key-object(EK) without knowledge ++of the specific public properties of the credentialed-TPM-object(AIK). + The privacy is guaranteed due to the fact that only the name of the +-credentialed\-TPM\-object(AIK) is shared and not the +-credentialed\-TPM\-object\[cq]s public key itself. ++credentialed-TPM-object(AIK) is shared and not the ++credentialed-TPM-object\[cq]s public key itself. + .PP +-Make\-credential is the first step in this process where in after +-receiving the public\-key\-object(EK) public key of the TPM and the name +-of the credentialed\-TPM\-object(AIK), an encrypted\-user\-chosen\-data +-is generated and the secret\-data\-encryption\-key is generated and +-wrapped using cryptographic processes specific to credential activation +-that guarantees that the credentialed\-TPM\-object(AIK) is loaded on the +-TPM with the well\-known public\-key\-object(EK). ++Make-credential is the first step in this process where in after ++receiving the public-key-object(EK) public key of the TPM and the name ++of the credentialed-TPM-object(AIK), an encrypted-user-chosen-data is ++generated and the secret-data-encryption-key is generated and wrapped ++using cryptographic processes specific to credential activation that ++guarantees that the credentialed-TPM-object(AIK) is loaded on the TPM ++with the well-known public-key-object(EK). + .PP + \f[B]tpm2_makecredential\f[R] can be used to generate the +-encrypted\-user\-chosen\-data and the wrapped +-secret\-data\-encryption\-key without a TPM by using the \f[B]none\f[R] +-TCTI option. ++encrypted-user-chosen-data and the wrapped secret-data-encryption-key ++without a TPM by using the \f[B]none\f[R] TCTI option. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-e\f[R], \f[B]\-\-encryption\-key\f[R]=\f[I]FILE\f[R]: ++\f[B]-e\f[R], \f[B]--encryption-key\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-\f[B]DEPRECATED\f[R], use \f[B]\-u\f[R] or \f[B]\[en]public\f[R] +-instead. ++\f[B]DEPRECATED\f[R], use \f[B]-u\f[R] or \f[B]\[en]public\f[R] instead. + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]-u\f[R], \f[B]--public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + A TPM public key which was used to wrap the seed. +-NOTE: This option is same as \f[B]\-e\f[R] and is added to make it ++NOTE: This option is same as \f[B]-e\f[R] and is added to make it + similar with other tools specifying the public key. + The old option is retained for backwards compatibility. + .RE + .IP \[bu] 2 +-\f[B]\-G\f[R], \f[B]\-\-key\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-G\f[R], \f[B]--key-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The key algorithm associated with TPM public key. +@@ -62,7 +58,7 @@ When this option is used, input public key is expected to be in PEM + format and the default TCG EK template is used for the key properties. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-secret\f[R]=\f[I]FILE\f[R] or \f[I]STDIN\f[R]: ++\f[B]-s\f[R], \f[B]--secret\f[R]=\f[I]FILE\f[R] or \f[I]STDIN\f[R]: + .RS 2 + .PP + The secret which will be protected by the key derived from the random +@@ -70,31 +66,30 @@ seed. + It can be specified as a file or passed from stdin. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the key for which certificate is to be created. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-credential\-blob\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--credential-blob\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The output file path, recording the encrypted\-user\-chosen\-data and +-the wrapped secret\-data\-encryption\-key. ++The output file path, recording the encrypted-user-chosen-data and the ++wrapped secret-data-encryption-key. + .RE + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -102,21 +97,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + .SH TCTI Configuration + .PP + The TCTI or \[lq]Transmission Interface\[rq] is the communication +@@ -126,7 +127,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -135,16 +136,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -153,10 +154,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -166,14 +167,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -186,7 +187,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -195,7 +196,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -218,7 +219,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -227,7 +228,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -237,35 +238,35 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-tpm2 createek \-Q \-c 0x81010009 \-G rsa \-u ek.pub ++tpm2 createek -Q -c 0x81010009 -G rsa -u ek.pub + +-tpm2 createak \-C 0x81010009 \-c ak.ctx \-G rsa \-g sha256 \-s rsassa \-u ak.pub \[rs] +-\-n ak.name \-p akpass> ak.out ++tpm2 createak -C 0x81010009 -c ak.ctx -G rsa -g sha256 -s rsassa -u ak.pub \[rs] ++-n ak.name -p akpass> ak.out + +-file_size=\[ga]ls \-l ak.name | awk {\[aq]print $5\[aq]}\[ga] +-loaded_key_name=\[ga]cat ak.name | xxd \-p \-c $file_size\[ga] ++file_size=\[ga]ls -l ak.name | awk {\[aq]print $5\[aq]}\[ga] ++loaded_key_name=\[ga]cat ak.name | xxd -p -c $file_size\[ga] + +-tpm2 readpublic \-c 0x81010009 \-o ek.pem \-f pem \-Q ++tpm2 readpublic -c 0x81010009 -o ek.pem -f pem -Q + +-echo \[dq]12345678\[dq] | tpm2 makecredential \-Q \-u ek.pem \-s \- \-n $loaded_key_name \[rs] +-\-o mkcred.out \-G rsa ++echo \[dq]12345678\[dq] | tpm2 makecredential -Q -u ek.pem -s - -n $loaded_key_name \[rs] ++-o mkcred.out -G rsa + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_nvcertify.1 b/man/man1/tpm2_nvcertify.1 +index 1dacbe6..ecf03e3 100644 +--- a/man/man1/tpm2_nvcertify.1 ++++ b/man/man1/tpm2_nvcertify.1 +@@ -1,37 +1,37 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_nvcertify" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_nvcertify" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_nvcertify\f[R](1) \- Provides attestation of the contents of +-an NV index. ++\f[B]tpm2_nvcertify\f[R](1) - Provides attestation of the contents of an ++NV index. + .SH SYNOPSIS + .PP + \f[B]tpm2_nvcertify\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENTS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_nvcertify\f[R](1) \- Provides attestation of the contents of +-an NV index. ++\f[B]tpm2_nvcertify\f[R](1) - Provides attestation of the contents of an ++NV index. + NOTE: As part of the attestation output, the NV index contents are + revealed. + .SH OPTIONS + .PP + These options control the certification: + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-signingkey\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--signingkey-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The key object that signs the attestation structure. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-signingkey\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--signingkey-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-The authorization value provided for the object specified with \-C. ++The authorization value provided for the object specified with -C. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-nvauthobj\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--nvauthobj-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The object that is the authorization handle for the NV object. +@@ -40,37 +40,37 @@ handle. + If not specified it defaults to the NV index handle. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-nvauthobj\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--nvauthobj-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-The authorization value provided for the object specified with \-c. ++The authorization value provided for the object specified with -c. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm to use in signature generation. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-scheme\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-s\f[R], \f[B]--scheme\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The signing scheme used to sign the attestation data. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Format selection for the signature output file. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-signature\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--signature\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Output file name for the signature data. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-qualification\f[R]=\f[I]FILE_OR_HEX_STR\f[R]: ++\f[B]-q\f[R], \f[B]--qualification\f[R]=\f[I]FILE_OR_HEX_STR\f[R]: + .RS 2 + .PP + Optional, the policy qualifier data that the signer can choose to +@@ -78,7 +78,7 @@ include in the signature. + Can be either a hex string or path. + .RE + .IP \[bu] 2 +-\f[B]\-\-size\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]--size\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP + Specifies the size of data to be read in bytes, starting from 0 if +@@ -87,7 +87,7 @@ If not specified, the size of the data as reported by the public portion + of the index will be used. + .RE + .IP \[bu] 2 +-\f[B]\-\-offset\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]--offset\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP + The offset within the NV index to start reading from. +@@ -100,7 +100,7 @@ The attestation data of the type TPM2_CREATION_INFO signed with signing + key. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -109,14 +109,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -124,14 +124,14 @@ This can be used to specify an auxiliary session for auditing and or + encryption/decryption of the parameters. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the NV index that must be provided when only calculating the + cpHash without actually dispatching the command to the TPM. + .RE + .IP \[bu] 2 +-\f[B]\-signer\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-signer-name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the signing key that must be provided when only calculating +@@ -144,7 +144,7 @@ offset number. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -193,11 +193,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -209,7 +209,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -218,17 +218,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -271,17 +271,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -296,7 +295,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -305,7 +304,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -382,54 +381,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -443,7 +442,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -461,8 +460,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -479,10 +478,10 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH Signature Format Specifiers + .PP +@@ -497,14 +496,13 @@ signature \f[I]FORMAT\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -512,21 +510,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -537,7 +541,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -546,16 +550,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -564,10 +568,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -577,14 +581,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -597,7 +601,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -606,7 +610,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -629,7 +633,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -638,7 +642,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -649,36 +653,36 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_nvdefine \-s 32 \-a \[dq]authread|authwrite\[dq] 1 ++tpm2_nvdefine -s 32 -a \[dq]authread|authwrite\[dq] 1 + + dd if=/dev/urandom bs=1 count=32 status=none| \[rs] +-tpm2_nvwrite 1 \-i\- ++tpm2_nvwrite 1 -i- + +-tpm2_createprimary \-C o \-c primary.ctx \-Q ++tpm2_createprimary -C o -c primary.ctx -Q + +-tpm2_create \-G rsa \-u rsa.pub \-r rsa.priv \-C primary.ctx \-c signing_key.ctx \-Q ++tpm2_create -G rsa -u rsa.pub -r rsa.priv -C primary.ctx -c signing_key.ctx -Q + +-tpm2_readpublic \-c signing_key.ctx \-f pem \-o sslpub.pem \-Q ++tpm2_readpublic -c signing_key.ctx -f pem -o sslpub.pem -Q + +-tpm2_nvcertify \-C signing_key.ctx \-g sha256 \-f plain \-s rsassa \[rs] +-\-o signature.bin \-\-attestation attestation.bin \-\-size 32 1 ++tpm2_nvcertify -C signing_key.ctx -g sha256 -f plain -s rsassa \[rs] ++-o signature.bin --attestation attestation.bin --size 32 1 + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_nvdefine.1 b/man/man1/tpm2_nvdefine.1 +index 388e118..71dbedf 100644 +--- a/man/man1/tpm2_nvdefine.1 ++++ b/man/man1/tpm2_nvdefine.1 +@@ -1,16 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_nvdefine" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_nvdefine" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_nvdefine\f[R](1) \- Define a TPM Non\-Volatile (NV) index. ++\f[B]tpm2_nvdefine\f[R](1) - Define a TPM Non-Volatile (NV) index. + .SH SYNOPSIS + .PP + \f[B]tpm2_nvdefine\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_nvdefine\f[R](1) \- Define an NV index with given auth value. ++\f[B]tpm2_nvdefine\f[R](1) - Define an NV index with given auth value. + The index is specified as an argument. + It can be specified as raw handle or an offset value to the nv handle + range \[lq]TPM2_HR_NV_INDEX\[rq]. +@@ -18,8 +18,9 @@ If an index isn\[cq]t specified, the tool uses the first free index. + The tool outputs the nv index defined on success. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specifies the handle used to authorize. + Defaults to \f[B]o\f[R], \f[B]TPM_RH_OWNER\f[R], when no value has been + specified. +@@ -29,18 +30,18 @@ Supported options are: + .IP \[bu] 2 + \f[B]p\f[R] for \f[B]TPM_RH_PLATFORM\f[R] + .IP \[bu] 2 +-\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv\-index may be ++\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv-index may be + used. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-size\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]-s\f[R], \f[B]--size\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP + Specifies the size of data area in bytes. + Defaults to \f[B]MAX_NV_INDEX_SIZE\f[R] which is typically 2048. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm used to compute the name of the Index and used for +@@ -49,31 +50,35 @@ If the index is an extend index, the hash algorithm is used for the + extend. + .RE + .IP \[bu] 2 +-\f[B]\-a\f[R], \f[B]\-\-attributes\f[R]=\f[I]ATTRIBUTES\f[R] ++\f[B]-a\f[R], \f[B]--attributes\f[R]=\f[I]ATTRIBUTES\f[R] + .RS 2 + .PP + Specifies the attribute values for the nv region used when creating the + entity. +-Either the raw bitfield mask or \[lq]nice\-names\[rq] may be used. ++Either the raw bitfield mask or \[lq]nice-names\[rq] may be used. + See section \[lq]NV Attributes\[rq] for more details. + If not specified, the attributes default to various selections based on + the hierarchy the index is defined in. ++.PP + For the owner hiearchy the defaults are: + .IP \[bu] 2 + TPMA_NV_OWNERWRITE + .IP \[bu] 2 + TPMA_NV_OWNERREAD ++.PP + For the platform hiearchy, the defaults are: + .IP \[bu] 2 + TPMA_NV_PPWRITE + .IP \[bu] 2 + TPMA_NV_PPREAD ++.PP + If a policy file is specified, the hiearchy chosen default attributes + are bitwise or\[cq]d with: + .IP \[bu] 2 + TPMA_NV_POLICYWRITE + .IP \[bu] 2 + TPMA_NV_POLICYREAD ++.PP + If a policy file is \f[B]NOT\f[R] specified, the hiearchy chosen default + attributes are bitwise or\[cq]d with: + .IP \[bu] 2 +@@ -82,7 +87,7 @@ TPMA_NV_AUTHWRITE + TPMA_NV_AUTHREAD + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-hierarchy\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--hierarchy-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. +@@ -90,7 +95,7 @@ Authorization values should follow the \[lq]authorization formatting + standards\[rq], see section \[lq]Authorization Formatting\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-index\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--index-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the password of NV Index when created. +@@ -99,13 +104,13 @@ HMAC and Password authorization values should follow the + \[lq]Authorization Formatting\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the policy digest file for policy based authorizations. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -114,14 +119,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash, unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -136,7 +141,7 @@ offset number. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -185,11 +190,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -201,7 +206,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -210,17 +215,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -263,17 +268,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -291,7 +295,7 @@ specifying \f[I]AUTH\f[R]. + Object Attributes are used to control various properties of created + objects. + When specified as an option, either the raw bitfield mask or +-\[lq]nice\-names\[rq] may be used. ++\[lq]nice-names\[rq] may be used. + The values can be found in Table 31 Part 2 of the TPM2.0 specification, + which can be found here: + .PP +@@ -313,14 +317,13 @@ argument would be: + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -328,21 +331,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -353,7 +362,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -362,16 +371,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -380,10 +389,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -393,14 +402,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -413,7 +422,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -422,7 +431,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -445,7 +454,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -454,7 +463,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -465,26 +474,26 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_nvdefine 0x1500016 \-C o \-s 32 \-a 0x2000A ++tpm2_nvdefine 0x1500016 -C o -s 32 -a 0x2000A + +-tpm2_nvdefine 0x1500016 \-C o \-s 32 \-a ownerread|ownerwrite|policywrite \-p 1a1b ++tpm2_nvdefine 0x1500016 -C o -s 32 -a ownerread|ownerwrite|policywrite -p 1a1b + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_nvextend.1 b/man/man1/tpm2_nvextend.1 +index 16a9e36..e974174 100644 +--- a/man/man1/tpm2_nvextend.1 ++++ b/man/man1/tpm2_nvextend.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_nvextend" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_nvextend" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_nvextend\f[R](1) \- Extend an Non\-Volatile (NV) index like it ++\f[B]tpm2_nvextend\f[R](1) - Extend an Non-Volatile (NV) index like it + was a PCR. + .SH SYNOPSIS + .PP + \f[B]tpm2_nvextend\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_nvextend\f[R](1) \- Extend an Non\-Volatile (NV) index like it ++\f[B]tpm2_nvextend\f[R](1) - Extend an Non-Volatile (NV) index like it + was a PCR. + The NV index must be of type \[lq]extend\[rq] which is specified via the + \[lq]nt\[rq] field when creating the NV space with tpm2_nvdefine(1). +@@ -19,8 +19,9 @@ The index can be specified as raw handle or an offset value to the NV + handle range \[lq]TPM2_HR_NV_INDEX\[rq] as an argument. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specifies the hierarchy used to authorize. + Supported options are: + .IP \[bu] 2 +@@ -28,28 +29,28 @@ Supported options are: + .IP \[bu] 2 + \f[B]p\f[R] for \f[B]TPM_RH_PLATFORM\f[R] + .IP \[bu] 2 +-\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv\-index may be ++\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv-index may be + used. + .PP +-When \f[B]\-C\f[R] isn\[cq]t explicitly passed the index handle will be ++When \f[B]-C\f[R] isn\[cq]t explicitly passed the index handle will be + used to authorize against the index. +-The index auth value is set via the \f[B]\-p\f[R] option to ++The index auth value is set via the \f[B]-p\f[R] option to + \f[B]tpm2_nvdefine\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-input\f[R]=\f[I]FILE\f[R]: ++\f[B]-i\f[R], \f[B]--input\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the input file with data to extend to the NV index. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -58,14 +59,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash, unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -74,7 +75,7 @@ For example, you can have one session for auditing and another for + encryption/decryption of the parameters. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the NV index that must be provided when only calculating the +@@ -87,7 +88,7 @@ offset number. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -136,11 +137,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -152,7 +153,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -161,17 +162,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -214,17 +215,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -242,14 +242,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -257,21 +256,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -282,7 +287,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -291,16 +296,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -309,10 +314,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -322,14 +327,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -342,7 +347,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -351,7 +356,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -374,7 +379,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -383,7 +388,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -395,11 +400,11 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_nvdefine \-C o \-a \[dq]nt=extend|ownerread|policywrite|ownerwrite|writedefine\[dq] 1 ++tpm2_nvdefine -C o -a \[dq]nt=extend|ownerread|policywrite|ownerwrite|writedefine\[dq] 1 + +-echo \[aq]my data\[aq] | tpm2_nvextend \-C o \-i\- 1 ++echo \[aq]my data\[aq] | tpm2_nvextend -C o -i- 1 + +-tpm2_nvread \-C o 1 | xxd \-p \-c32 ++tpm2_nvread -C o 1 | xxd -p -c32 + db7472e3fe3309b011ec11565bce4ea6668cc8ecdef7e6fdcda5206687af3f43 + \f[R] + .fi +@@ -407,17 +412,17 @@ db7472e3fe3309b011ec11565bce4ea6668cc8ecdef7e6fdcda5206687af3f43 + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_nvincrement.1 b/man/man1/tpm2_nvincrement.1 +index d8dab15..4382570 100644 +--- a/man/man1/tpm2_nvincrement.1 ++++ b/man/man1/tpm2_nvincrement.1 +@@ -1,24 +1,25 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_nvincrement" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_nvincrement" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_nvincrement\f[R](1) \- Increment counter in a Non\-Volatile +-(NV) index. ++\f[B]tpm2_nvincrement\f[R](1) - Increment counter in a Non-Volatile (NV) ++index. + .SH SYNOPSIS + .PP + \f[B]tpm2_nvincrement\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_nvincrement\f[R](1) \- Increment value of a Non\-Volatile (NV) ++\f[B]tpm2_nvincrement\f[R](1) - Increment value of a Non-Volatile (NV) + index setup as a counter. + The index can be specified as raw handle or an offset value to the nv + handle range \[lq]TPM2_HR_NV_INDEX\[rq]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specifies the hierarchy used to authorize. + Supported options are: + .IP \[bu] 2 +@@ -26,22 +27,22 @@ Supported options are: + .IP \[bu] 2 + \f[B]p\f[R] for \f[B]TPM_RH_PLATFORM\f[R] + .IP \[bu] 2 +-\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv\-index may be ++\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv-index may be + used. + .PP +-When \f[B]\-C\f[R] isn\[cq]t explicitly passed the index handle will be ++When \f[B]-C\f[R] isn\[cq]t explicitly passed the index handle will be + used to authorize against the index. +-The index auth value is set via the \f[B]\-p\f[R] option to ++The index auth value is set via the \f[B]-p\f[R] option to + \f[B]tpm2_nvdefine\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -50,14 +51,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -65,7 +66,7 @@ This can be used to specify an auxiliary session for auditing and or + encryption/decryption of the parameters. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the NV index that must be provided when only calculating the +@@ -78,7 +79,7 @@ offset number. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -127,11 +128,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -143,7 +144,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -152,17 +153,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -205,17 +206,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -233,14 +233,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -248,21 +247,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -273,7 +278,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -282,16 +287,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -300,10 +305,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -313,14 +318,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -333,7 +338,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -342,7 +347,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -365,7 +370,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -374,7 +379,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -386,28 +391,28 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_nvdefine \-C o \-s 8 \-a \[dq]ownerread|authread|authwrite|nt=1\[dq] 0x1500016 \-p index ++tpm2_nvdefine -C o -s 8 -a \[dq]ownerread|authread|authwrite|nt=1\[dq] 0x1500016 -p index + +-tpm2_nvincrement \-C 0x1500016 0x1500016 \-P \[dq]index\[dq] ++tpm2_nvincrement -C 0x1500016 0x1500016 -P \[dq]index\[dq] + +-tpm2_nvread 0x1500016 \-P index | xxd \-p ++tpm2_nvread 0x1500016 -P index | xxd -p + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_nvread.1 b/man/man1/tpm2_nvread.1 +index f3f4639..fb26be5 100644 +--- a/man/man1/tpm2_nvread.1 ++++ b/man/man1/tpm2_nvread.1 +@@ -1,24 +1,25 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_nvread" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_nvread" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_nvread\f[R](1) \- Read the data stored in a Non\-Volatile +-(NV)s index. ++\f[B]tpm2_nvread\f[R](1) - Read the data stored in a Non-Volatile (NV)s ++index. + .SH SYNOPSIS + .PP + \f[B]tpm2_nvread\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_nvread\f[R](1) \- Read the data stored in a Non\-Volatile +-(NV)s index. ++\f[B]tpm2_nvread\f[R](1) - Read the data stored in a Non-Volatile (NV)s ++index. + The index can be specified as raw handle or an offset value to the nv + handle range \[lq]TPM2_HR_NV_INDEX\[rq]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specifies the hierarchy used to authorize. + Supported options are: + .IP \[bu] 2 +@@ -26,28 +27,28 @@ Supported options are: + .IP \[bu] 2 + \f[B]p\f[R] for \f[B]TPM_RH_PLATFORM\f[R] + .IP \[bu] 2 +-\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv\-index may be ++\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv-index may be + used. + .PP +-When \f[B]\-C\f[R] isn\[cq]t explicitly passed the index handle will be ++When \f[B]-C\f[R] isn\[cq]t explicitly passed the index handle will be + used to authorize against the index. +-The index auth value is set via the \f[B]\-p\f[R] option to ++The index auth value is set via the \f[B]-p\f[R] option to + \f[B]tpm2_nvdefine\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to write data + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-size\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]-s\f[R], \f[B]--size\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP + Specifies the size of data to be read in bytes, starting from 0 if +@@ -56,13 +57,13 @@ If not specified, the size of the data as reported by the public portion + of the index will be used. + .RE + .IP \[bu] 2 +-\f[B]\-\-offset\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]--offset\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP + The offset within the NV index to start reading from. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -71,21 +72,21 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash, unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the NV index that must be provided when only calculating the + cpHash without actually dispatching the command to the TPM. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -93,7 +94,7 @@ This can be used to specify an auxiliary session for auditing and or + encryption/decryption of the parameters. + .RE + .IP \[bu] 2 +-\f[B]\-\-print\-yaml\f[R]: ++\f[B]--print-yaml\f[R]: + .RS 2 + .PP + Output the content of the NV index in a human readable format, useful +@@ -107,7 +108,7 @@ offset number. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -156,11 +157,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -172,7 +173,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -181,17 +182,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -234,17 +235,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -262,14 +262,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -277,21 +276,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -302,7 +307,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -311,16 +316,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -329,10 +334,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -342,14 +347,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -362,7 +367,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -371,7 +376,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -394,7 +399,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -403,7 +408,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -415,30 +420,30 @@ the various known TCTI modules.d) + .IP + .nf + \f[C] +-tpm2_nvdefine \-C o \-s 32 \-a \[dq]ownerread|policywrite|ownerwrite\[dq] 1 ++tpm2_nvdefine -C o -s 32 -a \[dq]ownerread|policywrite|ownerwrite\[dq] 1 + + echo \[dq]please123abc\[dq] > nv.dat + +-tpm2_nvwrite \-C o \-i nv.dat 1 ++tpm2_nvwrite -C o -i nv.dat 1 + +-tpm2_nvread \-C o \-s 32 1 ++tpm2_nvread -C o -s 32 1 + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_nvreadlock.1 b/man/man1/tpm2_nvreadlock.1 +index 2164d4d..4879b20 100644 +--- a/man/man1/tpm2_nvreadlock.1 ++++ b/man/man1/tpm2_nvreadlock.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_nvreadlock" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_nvreadlock" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_nvreadlock\f[R](1) \- Lock the Non\-Volatile (NV) index for ++\f[B]tpm2_nvreadlock\f[R](1) - Lock the Non-Volatile (NV) index for + further reads. + .SH SYNOPSIS + .PP + \f[B]tpm2_nvreadlock\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_nvreadlock\f[R](1) \- Lock the Non\-Volatile (NV) index for ++\f[B]tpm2_nvreadlock\f[R](1) - Lock the Non-Volatile (NV) index for + further reads. + The lock on the NN index is unlocked when the TPM is restarted and the + NV index becomes readable again. +@@ -19,8 +19,9 @@ The index can be specified as raw handle or an offset value to the nv + handle range \[lq]TPM2_HR_NV_INDEX\[rq]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specifies the hierarchy used to authorize. + Supported options are: + .IP \[bu] 2 +@@ -28,22 +29,22 @@ Supported options are: + .IP \[bu] 2 + \f[B]p\f[R] for \f[B]TPM_RH_PLATFORM\f[R] + .IP \[bu] 2 +-\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv\-index may be ++\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv-index may be + used. + .PP +-When \f[B]\-C\f[R] isn\[cq]t explicitly passed the index handle will be ++When \f[B]-C\f[R] isn\[cq]t explicitly passed the index handle will be + used to authorize against the index. +-The index auth value is set via the \f[B]\-p\f[R] option to ++The index auth value is set via the \f[B]-p\f[R] option to + \f[B]tpm2_nvdefine\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -52,14 +53,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -67,7 +68,7 @@ This can be used to specify an auxiliary session for auditing and or + encryption/decryption of the parameters. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the NV index that must be provided when only calculating the +@@ -80,7 +81,7 @@ offset number. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -129,11 +130,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -145,7 +146,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -154,17 +155,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -207,17 +208,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -235,14 +235,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -250,21 +249,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -275,7 +280,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -284,16 +289,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -302,10 +307,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -315,14 +320,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -335,7 +340,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -344,7 +349,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -367,7 +372,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -376,7 +381,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -388,33 +393,33 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_nvdefine \-Q 1 \-C o \-s 32 \[rs] +-\-a \[dq]ownerread|policywrite|ownerwrite|read_stclear\[dq] ++tpm2_nvdefine -Q 1 -C o -s 32 \[rs] ++-a \[dq]ownerread|policywrite|ownerwrite|read_stclear\[dq] + + echo \[dq]foobar\[dq] > nv.readlock + +-tpm2_nvwrite \-Q 0x01000001 \-C o \-i nv.readlock ++tpm2_nvwrite -Q 0x01000001 -C o -i nv.readlock + +-tpm2_nvread \-Q 1 \-C o \-s 6 \-o 0 ++tpm2_nvread -Q 1 -C o -s 6 -o 0 + +-tpm2_nvreadlock \-Q 1 \-C o ++tpm2_nvreadlock -Q 1 -C o + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_nvreadpublic.1 b/man/man1/tpm2_nvreadpublic.1 +index 681b4d8..1e65a35 100644 +--- a/man/man1/tpm2_nvreadpublic.1 ++++ b/man/man1/tpm2_nvreadpublic.1 +@@ -1,18 +1,18 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_nvreadpublic" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_nvreadpublic" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_nvreadpublic\f[R](1) \- Display all defined Non\-Volatile +-(NV)s indices. ++\f[B]tpm2_nvreadpublic\f[R](1) - Display all defined Non-Volatile (NV)s ++indices. + .SH SYNOPSIS + .PP + \f[B]tpm2_nvreadpublic\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_nvreadpublic\f[R](1) \- Display all defined Non\-Volatile +-(NV)s indices to stdout in a YAML format. ++\f[B]tpm2_nvreadpublic\f[R](1) - Display all defined Non-Volatile (NV)s ++indices to stdout in a YAML format. + .PP + Display metadata for all defined NV indices. + Metadata includes: +@@ -51,7 +51,7 @@ The NV attributes as defined in section \[lq]NV Attributes\[rq]. + .fi + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -60,21 +60,21 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]POLICY_SESSION\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]POLICY_SESSION\f[R]: + .RS 2 + .PP + Specify an auxiliary session for auditing and or encryption/decryption + of the parameters. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the NV index that must be provided when only calculating the +@@ -85,14 +85,13 @@ cpHash without actually dispatching the command to the TPM. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -100,21 +99,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + .SH TCTI Configuration + .PP + The TCTI or \[lq]Transmission Interface\[rq] is the communication +@@ -124,7 +129,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -133,16 +138,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -151,10 +156,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -164,14 +169,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -184,7 +189,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -193,7 +198,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -216,7 +221,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -225,7 +230,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -236,7 +241,7 @@ Specify the default (abrmd) tcti and a config string of + NV Attributes are used to control various properties of the NV defined + space. + When specified as an option, either the raw bitfield mask or +-\[lq]nice\-names\[rq] may be used. ++\[lq]nice-names\[rq] may be used. + The values can be found in Table 204 Part 2 of the TPM2.0 specification, + which can be found here: + .PP +@@ -256,19 +261,19 @@ For instance, to set The fields \f[B]TPMA_NV_OWNERREAD\f[R], + \f[B]ownerread|ownerwrite|policywrite|nt=0x2\f[R] + .PP + Additionally, the NT field, which denotes the type of the NV index, can +-also be specified via friendly names: * ordinary \- Ordinary contains ++also be specified via friendly names: * ordinary - Ordinary contains + data that is opaque to the TPM that can only be modified using + TPM2_NV_Write. +-* extend \- Extend is used similarly to a PCR and can only be modified ++* extend - Extend is used similarly to a PCR and can only be modified + with TPM2_NV_Extend. + Its size is determined by the length of the hash algorithm used. +-* counter \- Counter contains an 8\-octet value that is to be used as a +-counter and can only be modified with TPM2_NV_Increment * bits \- Bit +-Field contains an 8\-octet value to be used as a bit field and can only ++* counter - Counter contains an 8-octet value that is to be used as a ++counter and can only be modified with TPM2_NV_Increment * bits - Bit ++Field contains an 8-octet value to be used as a bit field and can only + be modified with TPM2_NV_SetBits. +-* pinfail \- PIN Fail contains an 8\-octet pinCount that increments on a ++* pinfail - PIN Fail contains an 8-octet pinCount that increments on a + PIN authorization failure and a pinLimit. +-* pinpass \- PIN Pass contains an 8\-octet pinCount that increments on a ++* pinpass - PIN Pass contains an 8-octet pinCount that increments on a + PIN authorization success and a pinLimit. + .PP + For instance, to set The fields \f[B]TPMA_NV_OWNERREAD\f[R], +@@ -288,17 +293,17 @@ tpm2_nvreadpublic + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_nvsetbits.1 b/man/man1/tpm2_nvsetbits.1 +index 5eeaf96..6e70921 100644 +--- a/man/man1/tpm2_nvsetbits.1 ++++ b/man/man1/tpm2_nvsetbits.1 +@@ -1,26 +1,25 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_nvsetbits" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_nvsetbits" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_nvsetbits\f[R](1) \- Bitwise OR bits into a Non\-Volatile +-(NV). ++\f[B]tpm2_nvsetbits\f[R](1) - Bitwise OR bits into a Non-Volatile (NV). + .SH SYNOPSIS + .PP + \f[B]tpm2_nvsetbits\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_nvsetbits\f[R](1) \- Bitwise OR bits into a Non\-Volatile +-(NV). ++\f[B]tpm2_nvsetbits\f[R](1) - Bitwise OR bits into a Non-Volatile (NV). + The NV index must be of type \[lq]bits\[rq] which is specified via the + \[lq]nt\[rq] field when creating the NV space with tpm2_nvdefine(1). + The index can be specified as raw handle or an offset value to the NV + handle range \[lq]TPM2_HR_NV_INDEX\[rq]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specifies the hierarchy used to authorize. + Supported options are: + .IP \[bu] 2 +@@ -28,29 +27,29 @@ Supported options are: + .IP \[bu] 2 + \f[B]p\f[R] for \f[B]TPM_RH_PLATFORM\f[R] + .IP \[bu] 2 +-\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv\-index may be ++\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv-index may be + used. + .PP +-When \f[B]\-C\f[R] isn\[cq]t explicitly passed the index handle will be ++When \f[B]-C\f[R] isn\[cq]t explicitly passed the index handle will be + used to authorize against the index. +-The index auth value is set via the \f[B]\-p\f[R] option to ++The index auth value is set via the \f[B]-p\f[R] option to + \f[B]tpm2_nvdefine\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-bits\f[R]=\f[I]BITS\f[R]: ++\f[B]-i\f[R], \f[B]--bits\f[R]=\f[I]BITS\f[R]: + .RS 2 + .PP + Specifies the bit value as a number to bitwise OR into the current value + of the NV index. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -59,14 +58,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash, unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -74,7 +73,7 @@ This can be used to specify an auxiliary session for auditing and or + encryption/decryption of the parameters. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the NV index that must be provided when only calculating the +@@ -87,7 +86,7 @@ offset number. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -136,11 +135,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -152,7 +151,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -161,17 +160,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -214,17 +213,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -242,14 +240,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -257,21 +254,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -282,7 +285,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -291,16 +294,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -309,10 +312,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -322,14 +325,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -342,7 +345,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -351,7 +354,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -374,7 +377,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -383,7 +386,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -395,11 +398,11 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_nvdefine \-C o \-a \[dq]nt=bits|ownerread|policywrite|ownerwrite|writedefine\[dq] 1 ++tpm2_nvdefine -C o -a \[dq]nt=bits|ownerread|policywrite|ownerwrite|writedefine\[dq] 1 + +-tpm2_nvsetbits \-C o \-i 0xbadc0de 1 ++tpm2_nvsetbits -C o -i 0xbadc0de 1 + +-tpm2_nvread \-C o 1 | xxd \-p | sed s/\[aq]\[ha]0*\[aq]/0x/ ++tpm2_nvread -C o 1 | xxd -p | sed s/\[aq]\[ha]0*\[aq]/0x/ + 0xbadc0de + \f[R] + .fi +@@ -407,17 +410,17 @@ tpm2_nvread \-C o 1 | xxd \-p | sed s/\[aq]\[ha]0*\[aq]/0x/ + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_nvundefine.1 b/man/man1/tpm2_nvundefine.1 +index 160f496..7a51758 100644 +--- a/man/man1/tpm2_nvundefine.1 ++++ b/man/man1/tpm2_nvundefine.1 +@@ -1,16 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_nvundefine" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_nvundefine" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_nvundefine\f[R](1) \- Delete a Non\-Volatile (NV) index. ++\f[B]tpm2_nvundefine\f[R](1) - Delete a Non-Volatile (NV) index. + .SH SYNOPSIS + .PP + \f[B]tpm2_nvundefine\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_nvundefine\f[R](1) \- Deletes a Non\-Volatile (NV) index that ++\f[B]tpm2_nvundefine\f[R](1) - Deletes a Non-Volatile (NV) index that + was previously defined with \f[B]tpm2_nvdefine\f[R](1). + The index is specified as an argument. + It can be specified as raw handle or an offset value to the nv handle +@@ -18,14 +18,15 @@ range \[lq]TPM2_HR_NV_INDEX\[rq]. + .PP + The tool is also capable of deleting NV indices with attribute + \f[C]TPMA_NV_POLICY_DELETE\f[R], and the tool uses this attribute for +-the default hierarchy to select when \f[C]\-C\f[R] is missing. +-The default value for \f[C]\-C\f[R] is the \[lq]owner\[rq] hierarchy +-when \f[C]TPMA_NV_POLICY_DELETE\f[R] is clear and \[lq]platform\[rq] +-when \f[C]TPMA_NV_POLICY_DELETE\f[R] is set. ++the default hierarchy to select when \f[C]-C\f[R] is missing. ++The default value for \f[C]-C\f[R] is the \[lq]owner\[rq] hierarchy when ++\f[C]TPMA_NV_POLICY_DELETE\f[R] is clear and \[lq]platform\[rq] when ++\f[C]TPMA_NV_POLICY_DELETE\f[R] is set. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specifies the hierarchy used to authorize. + Supported options are: + .IP \[bu] 2 +@@ -36,14 +37,15 @@ Supported options are: + \f[B]\f[CB]\f[B]\f[R] where a hierarchy handle may be specified. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]POLICY_SESSION\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]POLICY_SESSION\f[R]: + .RS 2 ++.PP + Specify a policy session to use when the NV index has attribute + \f[C]TPMA_NV_POLICY_DELETE\f[R] set. + This can also be used to specify an auxiliary session for auditing and +@@ -53,14 +55,14 @@ Note: + If TPM2_CC_NV_UndefineSpaceSpecial is invoked then only one additional + aux session can be specified. + The order of how sessions are specified also matters. +-First specification of \f[C]\-S\f[R] is interpreted as the session for ++First specification of \f[C]-S\f[R] is interpreted as the session for + satisfying the ADMIN role required for TPM2_CC_NV_UndefineSpaceSpecial. + .IP "2." 3 + If TPM2_CC_NV_Undefine is invoked then only two additional aux sessions + can be specified. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -70,23 +72,23 @@ the command, it simply returns a cpHash, it simply returns a cpHash + unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-\-with\-policydelete\f[R]=\f[I]NONE\f[R] ++\f[B]--with-policydelete\f[R]=\f[I]NONE\f[R] + .RS 2 + .PP + This must be specified when calculating cpHash with +-\f[B]\-\-tcti=none\f[R]. ++\f[B]--tcti=none\f[R]. + This is a requirement because there is no way to know if the attribute + TPMA_NV_POLICYDELETE has been set from the NV index name alone. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the NV index that must be provided when only calculating the +@@ -99,7 +101,7 @@ offset number. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -148,11 +150,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -164,7 +166,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -173,17 +175,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -226,17 +228,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -254,14 +255,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -269,21 +269,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -294,7 +300,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -303,16 +309,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -321,10 +327,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -334,14 +340,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -354,7 +360,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -363,7 +369,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -386,7 +392,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -395,7 +401,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -416,42 +422,42 @@ tpm2_nvundefine 1 + .IP + .nf + \f[C] +-tpm2_startauthsession \-S s.ctx ++tpm2_startauthsession -S s.ctx + +-tpm2_policyauthvalue \-S s.ctx ++tpm2_policyauthvalue -S s.ctx + +-tpm2_policycommandcode \-S s.ctx \-L policy.dat TPM2_CC_NV_UndefineSpaceSpecial ++tpm2_policycommandcode -S s.ctx -L policy.dat TPM2_CC_NV_UndefineSpaceSpecial + +-tpm2_nvdefine \-C p \-s 32 \[rs] +- \-a \[dq]ppread|ppwrite|authread|authwrite|platformcreate|policydelete|write_stclear|read_stclear\[dq] \[rs] +- \-L policy.dat 1 ++tpm2_nvdefine -C p -s 32 \[rs] ++ -a \[dq]ppread|ppwrite|authread|authwrite|platformcreate|policydelete|write_stclear|read_stclear\[dq] \[rs] ++ -L policy.dat 1 + + tpm2_flushcontext s.ctx + +-tpm2_startauthsession \-\-policy\-session \-S s.ctx ++tpm2_startauthsession --policy-session -S s.ctx + +-tpm2_policyauthvalue \-S s.ctx ++tpm2_policyauthvalue -S s.ctx + +-tpm2_policycommandcode \-S s.ctx TPM2_CC_NV_UndefineSpaceSpecial ++tpm2_policycommandcode -S s.ctx TPM2_CC_NV_UndefineSpaceSpecial + +-tpm2_nvundefine \-S s.ctx 1 ++tpm2_nvundefine -S s.ctx 1 + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_nvwrite.1 b/man/man1/tpm2_nvwrite.1 +index 9740067..912a97f 100644 +--- a/man/man1/tpm2_nvwrite.1 ++++ b/man/man1/tpm2_nvwrite.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_nvwrite" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_nvwrite" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_nvwrite\f[R](1) \- Write data to a Non\-Volatile (NV) index. ++\f[B]tpm2_nvwrite\f[R](1) - Write data to a Non-Volatile (NV) index. + .SH SYNOPSIS + .PP + \f[B]tpm2_nvwrite\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_nvwrite\f[R](1) \- Write data specified via \f[I]FILE\f[R] to +-a Non\-Volatile (NV) index. ++\f[B]tpm2_nvwrite\f[R](1) - Write data specified via \f[I]FILE\f[R] to a ++Non-Volatile (NV) index. + If \f[I]FILE\f[R] is not specified, it defaults to stdin. + The index is specified as an argument and can be a raw handle or an + offset value to the nv handle range \[lq]TPM2_HR_NV_INDEX\[rq]. +@@ -25,16 +25,17 @@ range or an absolute index value. + Example: tpm2_nvwrite 1 is same as tpm2_nvwrite 0x01000001 + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-input\f[R]=\f[I]FILE\f[R]: ++\f[B]-i\f[R], \f[B]--input\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + This is a mandatory input to specify the input file with data to write + to NV. +-The input can also be specified from stdin with \f[B]\-i\-\f[R] option. ++The input can also be specified from stdin with \f[B]-i-\f[R] option. + .RE + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specifies the hierarchy used to authorize. + Supported options are: + .IP \[bu] 2 +@@ -42,28 +43,28 @@ Supported options are: + .IP \[bu] 2 + \f[B]p\f[R] for \f[B]TPM_RH_PLATFORM\f[R] + .IP \[bu] 2 +-\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv\-index may be ++\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv-index may be + used. + .PP +-When \f[B]\-C\f[R] isn\[cq]t explicitly passed the index handle will be ++When \f[B]-C\f[R] isn\[cq]t explicitly passed the index handle will be + used to authorize against the index. +-The index auth value is set via the \f[B]\-p\f[R] option to ++The index auth value is set via the \f[B]-p\f[R] option to + \f[B]tpm2_nvdefine\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-\-offset\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]--offset\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP + The offset within the NV index to start writing at. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -72,14 +73,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -87,7 +88,7 @@ This can be used to specify an auxiliary session for auditing and or + encryption/decryption of the parameters. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the NV index that must be provided when only calculating the +@@ -97,7 +98,7 @@ cpHash without actually dispatching the command to the TPM. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -146,11 +147,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -162,7 +163,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -171,17 +172,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -224,17 +225,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -252,14 +252,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -267,21 +266,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -292,7 +297,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -301,16 +306,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -319,10 +324,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -332,14 +337,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -352,7 +357,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -361,7 +366,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -384,7 +389,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -393,7 +398,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -405,28 +410,28 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_nvdefine \-Q 1 \-C o \-s 32 \-a \[dq]ownerread|policywrite|ownerwrite\[dq] ++tpm2_nvdefine -Q 1 -C o -s 32 -a \[dq]ownerread|policywrite|ownerwrite\[dq] + + echo \[dq]please123abc\[dq] > nv.test_w + +-tpm2_nvwrite \-Q 1 \-C o \-i nv.test_w ++tpm2_nvwrite -Q 1 -C o -i nv.test_w + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_nvwritelock.1 b/man/man1/tpm2_nvwritelock.1 +index 4ec6d86..c7d3efe 100644 +--- a/man/man1/tpm2_nvwritelock.1 ++++ b/man/man1/tpm2_nvwritelock.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_nvwritelock" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_nvwritelock" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_nvwritelock\f[R](1) \- Lock the Non\-Volatile (NV) index for ++\f[B]tpm2_nvwritelock\f[R](1) - Lock the Non-Volatile (NV) index for + further writes. + .SH SYNOPSIS + .PP + \f[B]tpm2_nvwritelock\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_nvwritelock\f[R](1) \- Lock the Non\-Volatile (NV) index for ++\f[B]tpm2_nvwritelock\f[R](1) - Lock the Non-Volatile (NV) index for + further writes. + The lock on the NV index is unlocked when the TPM is restarted and the + NV index becomes writable again. +@@ -19,8 +19,9 @@ The index can be specified as raw handle or an offset value to the nv + handle range \[lq]TPM2_HR_NV_INDEX\[rq]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specifies the hierarchy used to authorize. + Supported options are: + .IP \[bu] 2 +@@ -28,29 +29,29 @@ Supported options are: + .IP \[bu] 2 + \f[B]p\f[R] for \f[B]TPM_RH_PLATFORM\f[R] + .IP \[bu] 2 +-\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv\-index may be ++\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv-index may be + used. + .PP +-When \f[B]\-C\f[R] isn\[cq]t explicitly passed the index handle will be ++When \f[B]-C\f[R] isn\[cq]t explicitly passed the index handle will be + used to authorize against the index. +-The index auth value is set via the \f[B]\-p\f[R] option to ++The index auth value is set via the \f[B]-p\f[R] option to + \f[B]tpm2_nvdefine\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-\-global\f[R]: ++\f[B]--global\f[R]: + .RS 2 + .PP + Lock all NV indices with attribute TPMA_NV_GLOBALLOCK. + This option does not require an NV index or offset as an argument. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -59,14 +60,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -74,7 +75,7 @@ This can be used to specify an auxiliary session for auditing and or + encryption/decryption of the parameters. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the NV index that must be provided when only calculating the +@@ -87,7 +88,7 @@ offset number. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -136,11 +137,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -152,7 +153,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -161,17 +162,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -214,17 +215,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -242,14 +242,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -257,21 +256,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -282,7 +287,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -291,16 +296,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -309,10 +314,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -322,14 +327,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -342,7 +347,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -351,7 +356,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -374,7 +379,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -383,7 +388,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -395,47 +400,47 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_nvdefine \-C o \-s 32 \[rs] +- \-a \[dq]ownerread|policywrite|ownerwrite|writedefine\[dq] 1 ++tpm2_nvdefine -C o -s 32 \[rs] ++ -a \[dq]ownerread|policywrite|ownerwrite|writedefine\[dq] 1 + + echo \[dq]foobar\[dq] > nv.writelock + +-tpm2_nvwrite \-C o \-i nv.writelock 1 ++tpm2_nvwrite -C o -i nv.writelock 1 + +-tpm2_nvwritelock \-C o 1 ++tpm2_nvwritelock -C o 1 + + # fails with \[dq]NV access locked\[dq] +-tpm2_nvwrite \-C o \-i nv.writelock 1 ++tpm2_nvwrite -C o -i nv.writelock 1 + \f[R] + .fi + .SS Global Lock + .IP + .nf + \f[C] +-tpm2_nvdefine \-C o \-s 32 \[rs] +- \-a \[dq]ownerread|policywrite|ownerwrite|globallock\[dq] 1 ++tpm2_nvdefine -C o -s 32 \[rs] ++ -a \[dq]ownerread|policywrite|ownerwrite|globallock\[dq] 1 + +-tpm2_nvwritelock \-C o \-\-global ++tpm2_nvwritelock -C o --global + + # this command fails with \[dq]NV access locked\[dq]. +-echo foo | tpm2_nvwrite \-C o \-i\- 1 ++echo foo | tpm2_nvwrite -C o -i- 1 + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_pcrallocate.1 b/man/man1/tpm2_pcrallocate.1 +index 73d7077..1716a66 100644 +--- a/man/man1/tpm2_pcrallocate.1 ++++ b/man/man1/tpm2_pcrallocate.1 +@@ -1,23 +1,23 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_pcrallocate" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_pcrallocate" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_pcrallocate\f[R](1) \- Configure PCRs and bank algorithms. ++\f[B]tpm2_pcrallocate\f[R](1) - Configure PCRs and bank algorithms. + .SH SYNOPSIS + .PP + \f[B]tpm2_pcrallocate\f[R] [\f[I]OPTIONS\f[R]] [*ARGUMENT] + .SH DESCRIPTION + .PP +-\f[B]tpm2_pcrallocate\f[R](1) \- Allow the user to specify a PCR ++\f[B]tpm2_pcrallocate\f[R](1) - Allow the user to specify a PCR + allocation for the TPM. + An allocation is the enabling or disabling of PCRs and it\[cq]s banks. + A PCR can have multiple banks, where each bank is associated with a + specific hashing algorithm. + Allocation is specified in the argument. + .PP +-If no allocation is given, then SHA1 and SHA256 banks with PCRs 0 \- 23 ++If no allocation is given, then SHA1 and SHA256 banks with PCRs 0 - 23 + are allocated. + .PP + Allocation is a list of banks and selected pcrs. +@@ -29,7 +29,7 @@ The new allocations become effective after the next reboot. + \f[B]Note\f[R]: This command requires platform authorization. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Optional authorization value. +@@ -40,7 +40,7 @@ standards\[rq], see section \[lq]Authorization Formatting\[rq]. + \f[B]ARGUMENT\f[R] the command line argument specifies the PCR + allocation. + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -52,7 +52,7 @@ the command, it simply returns a cpHash. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -101,11 +101,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -117,7 +117,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -126,17 +126,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -179,17 +179,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -204,7 +203,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -213,7 +212,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -290,54 +289,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -351,7 +350,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -369,8 +368,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -387,17 +386,17 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH Object Attributes + .PP + Object Attributes are used to control various properties of created + objects. + When specified as an option, either the raw bitfield mask or +-\[lq]nice\-names\[rq] may be used. ++\[lq]nice-names\[rq] may be used. + The values can be found in Table 31 Part 2 of the TPM2.0 specification, + which can be found here: + .PP +@@ -436,6 +435,19 @@ sha1:3,4+sha256:all + .PP + will select PCRs 3 and 4 from the SHA1 bank and PCRs 0 to 23 from the + SHA256 bank. ++.PP ++Certain commands support specifying forward sealing values as well: ++.IP ++.nf ++\f[C] ++sha1:0,1=da39a3ee5e6b4b0d3255bfef95601890afd80709,2 ++\f[R] ++.fi ++.PP ++This will select the current values for PCRs 0 and 2, but use the ++specified value for PCR 1. ++Digest lengths must match the bank size. ++An optional 0x prefix will be stripped off. + .SS Note + .PP + PCR Selections allow for up to 5 hash to pcr selection mappings. +@@ -446,14 +458,13 @@ pcr values. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -461,21 +472,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -486,7 +503,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -495,16 +512,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -513,10 +530,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -526,14 +543,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -546,7 +563,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -555,7 +572,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -578,7 +595,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -587,7 +604,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -606,31 +623,31 @@ tpm2_pcrallocate + .IP + .nf + \f[C] +-tpm2_pcrallocate \-P abc sha1:7,8,9,10,16,17,18,19+sha256:all ++tpm2_pcrallocate -P abc sha1:7,8,9,10,16,17,18,19+sha256:all + \f[R] + .fi + .SS To completly switch from SHA1 bank to SHA256 with a platform authorization + .IP + .nf + \f[C] +-tpm2_pcrallocate \-P abc sha1:none+sha256:all ++tpm2_pcrallocate -P abc sha1:none+sha256:all + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_pcrevent.1 b/man/man1/tpm2_pcrevent.1 +index fc3f2f9..9bfdd00 100644 +--- a/man/man1/tpm2_pcrevent.1 ++++ b/man/man1/tpm2_pcrevent.1 +@@ -1,18 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_pcrevent" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_pcrevent" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_pcrevent\f[R](1) \- Hashes a file and optionally extends a +-pcr. ++\f[B]tpm2_pcrevent\f[R](1) - Hashes a file and optionally extends a pcr. + .SH SYNOPSIS + .PP + \f[B]tpm2_pcrevent\f[R] [\f[I]OPTIONS\f[R]] \f[I]FILE\f[R] + \f[I]PCR_INDEX\f[R] + .SH DESCRIPTION + .PP +-\f[B]tpm2_pcrevent\f[R](1) \- Hashes \f[I]FILE\f[R] if specified or ++\f[B]tpm2_pcrevent\f[R](1) - Hashes \f[I]FILE\f[R] if specified or + stdin. + It uses all of the hashing algorithms that the TPM supports. + .PP +@@ -36,13 +35,13 @@ Specification (https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0- + .PP + These options control extending the pcr: + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for PCR. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -55,14 +54,13 @@ the command, it simply returns a cpHash. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -70,21 +68,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + .SH TCTI Configuration + .PP + The TCTI or \[lq]Transmission Interface\[rq] is the communication +@@ -94,7 +98,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -103,16 +107,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -121,10 +125,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -134,14 +138,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -154,7 +158,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -163,7 +167,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -186,7 +190,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -195,7 +199,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -231,11 +235,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -247,7 +251,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -256,17 +260,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -309,17 +313,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -351,17 +354,17 @@ tpm2_pcrevent 8 data + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_pcrextend.1 b/man/man1/tpm2_pcrextend.1 +index 6811927..1e9bf4e 100644 +--- a/man/man1/tpm2_pcrextend.1 ++++ b/man/man1/tpm2_pcrextend.1 +@@ -1,16 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_pcrextend" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_pcrextend" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_pcrextend\f[R](1) \- Extends a PCR. ++\f[B]tpm2_pcrextend\f[R](1) - Extends a PCR. + .SH SYNOPSIS + .PP + \f[B]tpm2_pcrextend\f[R] [\f[I]OPTIONS\f[R]] \f[I]PCR_DIGEST_SPEC\f[R] + .SH DESCRIPTION + .PP +-\f[B]tpm2_pcrextend\f[R](1) \- Extends the pcrs with values indicated by ++\f[B]tpm2_pcrextend\f[R](1) - Extends the pcrs with values indicated by + \f[I]PCR_DIGEST_SPEC\f[R]. + .PP + A \f[I]PCR_DIGEST_SPEC\f[R] is defined as follows: +@@ -45,14 +45,13 @@ This tool accepts no tool specific options. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -60,21 +59,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + .SH TCTI Configuration + .PP + The TCTI or \[lq]Transmission Interface\[rq] is the communication +@@ -84,7 +89,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -93,16 +98,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -111,10 +116,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -124,14 +129,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -144,7 +149,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -153,7 +158,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -176,7 +181,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -185,14 +190,14 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP + \f[B]NOTE\f[R]: abrmd and tabrmd are synonymous. + .RE + .PP +-PCR bank specifiers (common/pcr.md) ++PCR bank specifiers + .SH EXAMPLES + .SS Extend PCR 4\[cq]s SHA1 bank with a hash + .IP +@@ -219,17 +224,17 @@ tpm2_pcrextend 4:sha1=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15 7:sha256=b5bb9d80 + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_pcrread.1 b/man/man1/tpm2_pcrread.1 +index a9f3cc9..e665212 100644 +--- a/man/man1/tpm2_pcrread.1 ++++ b/man/man1/tpm2_pcrread.1 +@@ -1,16 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_pcrread" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_pcrread" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_pcrread\f[R](1) \- List PCR values. ++\f[B]tpm2_pcrread\f[R](1) - List PCR values. + .SH SYNOPSIS + .PP + \f[B]tpm2_pcrread\f[R] [\f[I]OPTIONS\f[R]] \f[I]PCR_LIST_OR_ALG\f[R] + .SH DESCRIPTION + .PP +-\f[B]tpm2_pcrread\f[R](1) \- Displays PCR values. ++\f[B]tpm2_pcrread\f[R](1) - Displays PCR values. + Without any arguments, \f[B]tpm2_pcrread\f[R](1) outputs all PCRs and + their hash banks. + One can use specify the hash algorithm or a pcr list as an argument to +@@ -45,13 +45,13 @@ sha256 : + .fi + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The output file to write the PCR values in binary format, optional. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -60,7 +60,7 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash. + .RE + .IP \[bu] 2 +-\f[B]\-F\f[R], \f[B]\-\-pcrs_format\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-F\f[R], \f[B]--pcrs_format\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Format selection for the binary blob in the PCR output file. +@@ -75,14 +75,13 @@ Default is `values'. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -90,21 +89,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + .SH TCTI Configuration + .PP + The TCTI or \[lq]Transmission Interface\[rq] is the communication +@@ -114,7 +119,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -123,16 +128,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -141,10 +146,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -154,14 +159,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -174,7 +179,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -183,7 +188,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -206,7 +211,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -215,14 +220,14 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP + \f[B]NOTE\f[R]: abrmd and tabrmd are synonymous. + .RE + .PP +-PCR bank specifiers (common/pcr.md) ++PCR bank specifiers + .SH Supported Hash Algorithms + .PP + Supported hash algorithms are: +@@ -241,7 +246,7 @@ Supported hash algorithms are: + \f[B]NOTE\f[R]: Your TPM may not support all algorithms. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -250,7 +255,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -327,54 +332,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -388,7 +393,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -406,8 +411,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -424,10 +429,10 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + .SH EXAMPLES + .SS Display all PCR values + .IP +@@ -447,7 +452,7 @@ tpm2_pcrread sha1 + .IP + .nf + \f[C] +-tpm2_pcrread \-o pcrs sha1:16,17,18+sha256:16,17,18 ++tpm2_pcrread -o pcrs sha1:16,17,18+sha256:16,17,18 + \f[R] + .fi + .SS Display the supported PCR bank algorithms and exit +@@ -467,17 +472,17 @@ On most TPMs, it means that this tool can dump up to 24 PCRs at once. + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_pcrreset.1 b/man/man1/tpm2_pcrreset.1 +index 8851b71..0bff9cf 100644 +--- a/man/man1/tpm2_pcrreset.1 ++++ b/man/man1/tpm2_pcrreset.1 +@@ -1,20 +1,20 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_pcrreset" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_pcrreset" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_pcrreset\f[R](1) \- Reset one or more PCR banks ++\f[B]tpm2_pcrreset\f[R](1) - Reset one or more PCR banks + .SH SYNOPSIS + .PP + \f[B]tpm2_pcrreset\f[R] [\f[I]OPTIONS\f[R]] \f[I]PCR_INDEX\f[R] \&... + .SH DESCRIPTION + .PP +-\f[B]tpm2_pcrreset\f[R](1) \- Reset PCR value in all banks for specified ++\f[B]tpm2_pcrreset\f[R](1) - Reset PCR value in all banks for specified + index. + More than one PCR index can be specified. + .PP +-The reset value is manufacturer\-dependent and is either sequence of 00 ++The reset value is manufacturer-dependent and is either sequence of 00 + or FF on the length of the hash algorithm for each supported bank. + .PP + \f[I]PCR_INDEX\f[R] is a space separated list of PCR indexes to be reset +@@ -23,7 +23,7 @@ when issuing the command. + .PP + This tool accepts no tool specific options. + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -36,14 +36,13 @@ the command, it simply returns a cpHash. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -51,21 +50,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + .SH TCTI Configuration + .PP + The TCTI or \[lq]Transmission Interface\[rq] is the communication +@@ -75,7 +80,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -84,16 +89,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -102,10 +107,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -115,14 +120,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -135,7 +140,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -144,7 +149,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -167,7 +172,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -176,7 +181,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -201,7 +206,7 @@ tpm2_pcrreset 16 23 + .PP + On operating system\[cq]s locality (generally locality 0), only PCR 23 + can be reset. +-PCR\-16 can also be reset on this locality, depending on TPM ++PCR-16 can also be reset on this locality, depending on TPM + manufacturers which could define this PCR as resettable. + .PP + PCR 0 to 15 are not resettable (being part of SRTM). +@@ -212,17 +217,17 @@ locality. + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_policyauthorize.1 b/man/man1/tpm2_policyauthorize.1 +index 229ba58..2648a1d 100644 +--- a/man/man1/tpm2_policyauthorize.1 ++++ b/man/man1/tpm2_policyauthorize.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policyauthorize" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policyauthorize" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policyauthorize\f[R](1) \- Allows for mutable policies by ++\f[B]tpm2_policyauthorize\f[R](1) - Allows for mutable policies by + tethering to a signing authority. + .SH SYNOPSIS + .PP + \f[B]tpm2_policyauthorize\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policyauthorize\f[R](1) \- This command allows for policies to ++\f[B]tpm2_policyauthorize\f[R](1) - This command allows for policies to + change by associating the policy to a signing authority and allowing the + policy contents to change. + .IP "1." 3 +@@ -25,26 +25,26 @@ the TPM to attest that the TPM has verified the signature on the policy + digest before authorizing the policy in the policy digest. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-input\f[R]=\f[I]FILE\f[R]: ++\f[B]-i\f[R], \f[B]--input\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The policy digest that has to be authorized. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-qualification\f[R]=\f[I]FILE_OR_HEX\f[R]: ++\f[B]-q\f[R], \f[B]--qualification\f[R]=\f[I]FILE_OR_HEX\f[R]: + .RS 2 + .PP + The policy qualifier data signed in conjunction with the input policy +@@ -53,7 +53,7 @@ This is unique data that the signer can choose to include in the + signature and can either be a path or hex string. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File containing the name of the verifying public key. +@@ -61,14 +61,14 @@ This ties the final policy digest with a signer. + This can be retrieved with \f[B]tpm2_readpublic\f[R](1) + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-ticket\f[R]=\f[I]FILE\f[R]: ++\f[B]-t\f[R], \f[B]--ticket\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The ticket file to record the validation structure. + This is generated with \f[B]tpm2_verifysignature\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -82,14 +82,13 @@ the command, it simply returns a cpHash. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -97,21 +96,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -122,7 +127,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -131,16 +136,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -149,10 +154,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -162,14 +167,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -182,7 +187,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -191,7 +196,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -214,7 +219,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -223,7 +228,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -248,20 +253,20 @@ verification of the signature on the PCR policy digest using + .IP + .nf + \f[C] +-openssl genrsa \-out signing_key_private.pem 2048 ++openssl genrsa -out signing_key_private.pem 2048 + +-openssl rsa \-in signing_key_private.pem \-out signing_key_public.pem \-pubout ++openssl rsa -in signing_key_private.pem -out signing_key_public.pem -pubout + +-tpm2_loadexternal \-G rsa \-C o \-u signing_key_public.pem \-c signing_key.ctx \-n signing_key.name ++tpm2_loadexternal -G rsa -C o -u signing_key_public.pem -c signing_key.ctx -n signing_key.name + \f[R] + .fi + .SS Create the authorize policy digest + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx ++tpm2_startauthsession -S session.ctx + +-tpm2_policyauthorize \-S session.ctx \-L authorized.policy \-n signing_key.name ++tpm2_policyauthorize -S session.ctx -L authorized.policy -n signing_key.name + + tpm2_flushcontext session.ctx + \f[R] +@@ -270,11 +275,11 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-tpm2_pcrread \-opcr0.sha256 sha256:0 ++tpm2_pcrread -opcr0.sha256 sha256:0 + +-tpm2_startauthsession \-S session.ctx ++tpm2_startauthsession -S session.ctx + +-tpm2_policypcr \-S session.ctx \-l sha256:0 \-f pcr0.sha256 \-L pcr.policy_desired ++tpm2_policypcr -S session.ctx -l sha256:0 -f pcr0.sha256 -L pcr.policy_desired + + tpm2_flushcontext session.ctx + \f[R] +@@ -283,33 +288,33 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-openssl dgst \-sha256 \-sign signing_key_private.pem \-out pcr.signature pcr.policy_desired ++openssl dgst -sha256 -sign signing_key_private.pem -out pcr.signature pcr.policy_desired + \f[R] + .fi + .SS Create a TPM object like a sealing object with the authorized policy based authentication + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-g sha256 \-G rsa \-c prim.ctx ++tpm2_createprimary -C o -g sha256 -G rsa -c prim.ctx + +-tpm2_create \-g sha256 \-u sealing_pubkey.pub \-r sealing_prikey.pub \-i\- \-C prim.ctx \-L authorized.policy <<< \[dq]secret to seal\[dq] ++tpm2_create -g sha256 -u sealing_pubkey.pub -r sealing_prikey.pub -i- -C prim.ctx -L authorized.policy <<< \[dq]secret to seal\[dq] + \f[R] + .fi + .SS Verify the desired policy digest comes from the signing authority, read the actual value of PCR and check that read policy and desired policy are equal. + .IP + .nf + \f[C] +-tpm2_verifysignature \-c signing_key.ctx \-g sha256 \-m pcr.policy_desired \-s pcr.signature \-t verification.tkt \-f rsassa ++tpm2_verifysignature -c signing_key.ctx -g sha256 -m pcr.policy_desired -s pcr.signature -t verification.tkt -f rsassa + +-tpm2_startauthsession \[rs]\-\-policy\-session \-S session.ctx ++tpm2_startauthsession \[rs]--policy-session -S session.ctx + +-tpm2_policypcr \-S session.ctx \-l sha256:0 \-L pcr.policy_read ++tpm2_policypcr -S session.ctx -l sha256:0 -L pcr.policy_read + +-tpm2_policyauthorize \-S session.ctx \-L authorized.policy \-i pcr.policy_desired \-n signing_key.name \-t verification.tkt ++tpm2_policyauthorize -S session.ctx -L authorized.policy -i pcr.policy_desired -n signing_key.name -t verification.tkt + +-tpm2_load \-C prim.ctx \-u sealing_pubkey.pub \-r sealing_prikey.pub \-c sealing_key.ctx ++tpm2_load -C prim.ctx -u sealing_pubkey.pub -r sealing_prikey.pub -c sealing_key.ctx + +-unsealed=$(tpm2_unseal \-p\[dq]session:session.ctx\[dq] \-c sealing_key.ctx) ++unsealed=$(tpm2_unseal -p\[dq]session:session.ctx\[dq] -c sealing_key.ctx) + + echo $unsealed + +@@ -320,17 +325,17 @@ tpm2_flushcontext session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -339,7 +344,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policyauthorizenv.1 b/man/man1/tpm2_policyauthorizenv.1 +index a2cd0f3..5edb6d5 100644 +--- a/man/man1/tpm2_policyauthorizenv.1 ++++ b/man/man1/tpm2_policyauthorizenv.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policyauthorizenv" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policyauthorizenv" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policyauthorizenv\f[R](1) \- Allows for mutable policies by ++\f[B]tpm2_policyauthorizenv\f[R](1) - Allows for mutable policies by + referencing to a policy from an NV index. + .SH SYNOPSIS + .PP +@@ -12,7 +12,7 @@ referencing to a policy from an NV index. + [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policyauthorizenv\f[R](1) \- This command allows for policies ++\f[B]tpm2_policyauthorizenv\f[R](1) - This command allows for policies + to change by referencing the authorization policy written to an NV + index. + The NV index containing the authorization policy should remain readable +@@ -21,8 +21,9 @@ The index can be specified as raw handle or an offset value to the nv + handle range \[lq]TPM2_HR_NV_INDEX\[rq]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specifies the hierarchy used to authorize. + Supported options are: + .IP \[bu] 2 +@@ -30,35 +31,35 @@ Supported options are: + .IP \[bu] 2 + \f[B]p\f[R] for \f[B]TPM_RH_PLATFORM\f[R] + .IP \[bu] 2 +-\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv\-index may be ++\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv-index may be + used. + .PP +-When \f[B]\-C\f[R] isn\[cq]t explicitly passed the index handle will be ++When \f[B]-C\f[R] isn\[cq]t explicitly passed the index handle will be + used to authorize against the index. +-The index auth value is set via the \f[B]\-p\f[R] option to ++The index auth value is set via the \f[B]-p\f[R] option to + \f[B]tpm2_nvdefine\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -72,14 +73,13 @@ the command, it simply returns a cpHash. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -87,21 +87,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -112,7 +118,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -121,16 +127,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -139,10 +145,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -152,14 +158,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -172,7 +178,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -181,7 +187,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -204,7 +210,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -213,7 +219,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -236,15 +242,15 @@ object. + .nf + \f[C] + nv_test_index=0x01500001 +-tpm2_nvdefine \-C o \-p nvpass $nv_test_index \-a \[dq]authread|authwrite\[dq] \-s 34 ++tpm2_nvdefine -C o -p nvpass $nv_test_index -a \[dq]authread|authwrite\[dq] -s 34 + \f[R] + .fi + .SS Define the auth policy + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx +-tpm2_policypassword \-S session.ctx \-L policy.pass ++tpm2_startauthsession -S session.ctx ++tpm2_policypassword -S session.ctx -L policy.pass + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -252,17 +258,17 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-echo \[dq]000b\[dq] | xxd \-p \-r | cat \- policy.pass | \[rs] +-tpm2_nvwrite \-C $nv_test_index \-P nvpass $nv_test_index \-i\- ++echo \[dq]000b\[dq] | xxd -p -r | cat - policy.pass | \[rs] ++tpm2_nvwrite -C $nv_test_index -P nvpass $nv_test_index -i- + \f[R] + .fi + .SS Define the policyauthorizenv + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx +-tpm2_policyauthorizenv \-S session.ctx \-C $nv_test_index \-P nvpass \[rs] +-\-L policyauthorizenv.1500001 $nv_test_index ++tpm2_startauthsession -S session.ctx ++tpm2_policyauthorizenv -S session.ctx -C $nv_test_index -P nvpass \[rs] ++-L policyauthorizenv.1500001 $nv_test_index + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -270,23 +276,23 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-c prim.ctx ++tpm2_createprimary -C o -c prim.ctx + + echo \[dq]secretdata\[dq] | \[rs] +-tpm2_create \-C prim.ctx \-u key.pub \-r key.priv \[rs] +-\-a \[dq]fixedtpm|fixedparent|adminwithpolicy\[dq] \-L policyauthorizenv.1500001 \-i\- ++tpm2_create -C prim.ctx -u key.pub -r key.priv \[rs] ++-a \[dq]fixedtpm|fixedparent|adminwithpolicy\[dq] -L policyauthorizenv.1500001 -i- + +-tpm2_load \-C prim.ctx \-u key.pub \-r key.priv \-c key.ctx ++tpm2_load -C prim.ctx -u key.pub -r key.priv -c key.ctx + \f[R] + .fi + .SS Satisfy the auth policy stored in the NV Index and thus policyauthorizenv + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx \-\-policy\-session +-tpm2_policypassword \-S session.ctx +-tpm2_policyauthorizenv \-S session.ctx \-C $nv_test_index \-P nvpass $nv_test_index +-tpm2_unseal \-c key.ctx \-p session:session.ctx ++tpm2_startauthsession -S session.ctx --policy-session ++tpm2_policypassword -S session.ctx ++tpm2_policyauthorizenv -S session.ctx -C $nv_test_index -P nvpass $nv_test_index ++tpm2_unseal -c key.ctx -p session:session.ctx + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -294,17 +300,17 @@ tpm2_flushcontext session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -313,7 +319,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policyauthvalue.1 b/man/man1/tpm2_policyauthvalue.1 +index f5498eb..472d244 100644 +--- a/man/man1/tpm2_policyauthvalue.1 ++++ b/man/man1/tpm2_policyauthvalue.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policyauthvalue" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policyauthvalue" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policyauthvalue\f[R](1) \- Enables binding a policy to the ++\f[B]tpm2_policyauthvalue\f[R](1) - Enables binding a policy to the + authorization value of the authorized TPM object. + .SH SYNOPSIS + .PP + \f[B]tpm2_policyauthvalue\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policyauthvalue\f[R](1) \- Enables a policy that requires the ++\f[B]tpm2_policyauthvalue\f[R](1) - Enables a policy that requires the + object\[cq]s authentication passphrase be provided. + This is equivalent to authenticating using the object passphrase in + plaintext or HMAC. +@@ -21,20 +21,20 @@ object only allows policy based authorization, ie object attribute + \[lq]userwithauth\[rq] is 0. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the compounded policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -48,14 +48,13 @@ the command, it simply returns a cpHash. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -63,21 +62,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -88,7 +93,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -97,16 +102,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -115,10 +120,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -128,14 +133,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -148,7 +153,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -157,7 +162,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -180,7 +185,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -189,7 +194,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -207,9 +212,9 @@ session instead using the \f[B]tpm2_policyauthvalue\f[R](1) tool. + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.dat ++tpm2_startauthsession -S session.dat + +-tpm2_policyauthvalue \-S session.dat \-L policy.dat ++tpm2_policyauthvalue -S session.dat -L policy.dat + + tpm2_flushcontext session.dat + \f[R] +@@ -218,31 +223,31 @@ tpm2_flushcontext session.dat + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-c prim.ctx ++tpm2_createprimary -C o -c prim.ctx + +-tpm2_create \-g sha256 \-G aes \-u key.pub \-r key.priv \-C prim.ctx \-L policy.dat \[rs] +- \-p testpswd ++tpm2_create -g sha256 -G aes -u key.pub -r key.priv -C prim.ctx -L policy.dat \[rs] ++ -p testpswd + \f[R] + .fi + .SS Authenticate with plaintext passphrase input + .IP + .nf + \f[C] +-tpm2_load \-C prim.ctx \-u key.pub \-r key.priv \-n key.name \-c key.ctx ++tpm2_load -C prim.ctx -u key.pub -r key.priv -n key.name -c key.ctx + + echo \[dq]plaintext\[dq] > plain.txt +-tpm2_encryptdecrypt \-c key.ctx \-o encrypt.out plain.txt \-p testpswd ++tpm2_encryptdecrypt -c key.ctx -o encrypt.out plain.txt -p testpswd + \f[R] + .fi + .SS Authenticate with password and the policy + .IP + .nf + \f[C] +-tpm2_startauthsession \-\-policy\-session \-S session.dat ++tpm2_startauthsession --policy-session -S session.dat + +-tpm2_policyauthvalue \-S session.dat ++tpm2_policyauthvalue -S session.dat + +-tpm2_encryptdecrypt \-c key.ctx \-o encrypt.out \-p session:session.dat+testpswd \[rs] ++tpm2_encryptdecrypt -c key.ctx -o encrypt.out -p session:session.dat+testpswd \[rs] + plain.txt + + tpm2_flushcontext session.dat +@@ -252,17 +257,17 @@ tpm2_flushcontext session.dat + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -271,7 +276,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policycommandcode.1 b/man/man1/tpm2_policycommandcode.1 +index b460854..a48b9f5 100644 +--- a/man/man1/tpm2_policycommandcode.1 ++++ b/man/man1/tpm2_policycommandcode.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policycommandcode" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policycommandcode" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policycommandcode\f[R](1) \- Restrict TPM object authorization ++\f[B]tpm2_policycommandcode\f[R](1) - Restrict TPM object authorization + to specific TPM commands. + .SH SYNOPSIS + .PP +@@ -12,8 +12,8 @@ to specific TPM commands. + [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policycommandcode\f[R](1) \- Restricts TPM object +-authorization to specific TPM commands. ++\f[B]tpm2_policycommandcode\f[R](1) - Restricts TPM object authorization ++to specific TPM commands. + Useful when you want to allow only specific commands to interact with + the TPM object. + .PP +@@ -23,14 +23,14 @@ Friendly string to COMMAND CODE mapping can be found in section + \f[I]COMMAND CODE MAPPINGS\f[R]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + A session file from \f[B]tpm2_startauthsession\f[R](1)\[cq]s +-\f[B]\-S\f[R] option. ++\f[B]-S\f[R] option. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the policy digest. +@@ -39,7 +39,7 @@ File to save the policy digest. + \f[B]ARGUMENT\f[R] the command line argument specifies TPM2 command + code. + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -53,14 +53,13 @@ the command, it simply returns a cpHash. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -68,21 +67,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -93,7 +98,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -102,16 +107,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -120,10 +125,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -133,14 +138,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -153,7 +158,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -162,7 +167,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -185,7 +190,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -194,7 +199,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -206,102 +211,100 @@ the various known TCTI modules. + The friendly strings below can be used en lieu of the raw integer + values. + .PP +-\-TPM2_CC_AC_GetCapability: 0x194 \-TPM2_CC_AC_Send: 0x195 +-\-TPM2_CC_ActivateCredential: 0x147 \-TPM2_CC_Certify: 0x148 +-\-TPM2_CC_CertifyCreation: 0x14a \-TPM2_CC_ChangeEPS: 0x124 +-\-TPM2_CC_ChangePPS: 0x125 \-TPM2_CC_Clear: 0x126 +-\-TPM2_CC_ClearControl: 0x127 \-TPM2_CC_ClockRateAdjust: 0x130 +-\-TPM2_CC_ClockSet: 0x128 \-TPM2_CC_Commit: 0x18b \-TPM2_CC_ContextLoad: +-0x161 \-TPM2_CC_ContextSave: 0x162 \-TPM2_CC_Create: 0x153 +-\-TPM2_CC_CreateLoaded: 0x191 \-TPM2_CC_CreatePrimary: 0x131 +-\-TPM2_CC_DictionaryAttackLockReset: 0x139 +-\-TPM2_CC_DictionaryAttackParameters: 0x13a \-TPM2_CC_Duplicate: 0x14b +-\-TPM2_CC_ECC_Parameters: 0x178 \-TPM2_CC_ECDH_KeyGen: 0x163 +-\-TPM2_CC_ECDH_ZGen: 0x154 \-TPM2_CC_EC_Ephemeral: 0x18e +-\-TPM2_CC_EncryptDecrypt: 0x164 \-TPM2_CC_EncryptDecrypt2: 0x193 +-\-TPM2_CC_EventSequenceComplete: 0x185 \-TPM2_CC_EvictControl: 0x120 +-\-TPM2_CC_FieldUpgradeData: 0x141 \-TPM2_CC_FieldUpgradeStart: 0x12f +-\-TPM2_CC_FirmwareRead: 0x179 \-TPM2_CC_FlushContext: 0x165 +-\-TPM2_CC_GetCapability: 0x17a \-TPM2_CC_GetCommandAuditDigest: 0x133 +-\-TPM2_CC_GetRandom: 0x17b \-TPM2_CC_GetSessionAuditDigest: 0x14d +-\-TPM2_CC_GetTestResult: 0x17c \-TPM2_CC_GetTime: 0x14c \-TPM2_CC_Hash: +-0x17d \-TPM2_CC_HashSequenceStart: 0x186 \-TPM2_CC_HierarchyChangeAuth: +-0x129 \-TPM2_CC_HierarchyControl: 0x121 \-TPM2_CC_HMAC: 0x155 +-\-TPM2_CC_HMAC_Start: 0x15b \-TPM2_CC_Import: 0x156 +-\-TPM2_CC_IncrementalSelfTest: 0x142 \-TPM2_CC_Load: 0x157 +-\-TPM2_CC_LoadExternal: 0x167 \-TPM2_CC_MakeCredential: 0x168 +-\-TPM2_CC_NV_Certify: 0x184 \-TPM2_CC_NV_ChangeAuth: 0x13b +-\-TPM2_CC_NV_DefineSpace: 0x12a \-TPM2_CC_NV_Extend: 0x136 +-\-TPM2_CC_NV_GlobalWriteLock: 0x132 \-TPM2_CC_NV_Increment: 0x134 +-\-TPM2_CC_NV_Read: 0x14e \-TPM2_CC_NV_ReadLock: 0x14f +-\-TPM2_CC_NV_ReadPublic: 0x169 \-TPM2_CC_NV_SetBits: 0x135 +-\-TPM2_CC_NV_UndefineSpace: 0x122 \-TPM2_CC_NV_UndefineSpaceSpecial: +-0x11f \-TPM2_CC_NV_Write: 0x137 \-TPM2_CC_NV_WriteLock: 0x138 +-\-TPM2_CC_ObjectChangeAuth: 0x150 \-TPM2_CC_PCR_Allocate: 0x12b +-\-TPM2_CC_PCR_Event: 0x13c \-TPM2_CC_PCR_Extend: 0x182 +-\-TPM2_CC_PCR_Read: 0x17e \-TPM2_CC_PCR_Reset: 0x13d +-\-TPM2_CC_PCR_SetAuthPolicy: 0x12c \-TPM2_CC_PCR_SetAuthValue: 0x183 +-\-TPM2_CC_Policy_AC_SendSelect: 0x196 \-TPM2_CC_PolicyAuthorize: 0x16a +-\-TPM2_CC_PolicyAuthorizeNV: 0x192 \-TPM2_CC_PolicyAuthValue: 0x16b +-\-TPM2_CC_PolicyCommandCode: 0x16c \-TPM2_CC_PolicyCounterTimer: 0x16d +-\-TPM2_CC_PolicyCpHash: 0x16e \-TPM2_CC_PolicyDuplicationSelect: 0x188 +-\-TPM2_CC_PolicyGetDigest: 0x189 \-TPM2_CC_PolicyLocality: 0x16f +-\-TPM2_CC_PolicyNameHash: 0x170 \-TPM2_CC_PolicyNV: 0x149 +-\-TPM2_CC_PolicyNvWritten: 0x18f \-TPM2_CC_PolicyOR: 0x171 +-\-TPM2_CC_PolicyPassword: 0x18c \-TPM2_CC_PolicyPCR: 0x17f +-\-TPM2_CC_PolicyPhysicalPresence: 0x187 \-TPM2_CC_PolicyRestart: 0x180 +-\-TPM2_CC_PolicySecret: 0x151 \-TPM2_CC_PolicySigned: 0x160 +-\-TPM2_CC_PolicyTemplate: 0x190 \-TPM2_CC_PolicyTicket: 0x172 +-\-TPM2_CC_PP_Commands: 0x12d \-TPM2_CC_Quote: 0x158 \-TPM2_CC_ReadClock: +-0x181 \-TPM2_CC_ReadPublic: 0x173 \-TPM2_CC_Rewrap: 0x152 +-\-TPM2_CC_RSA_Decrypt: 0x159 \-TPM2_CC_RSA_Encrypt: 0x174 +-\-TPM2_CC_SelfTest: 0x143 \-TPM2_CC_SequenceComplete: 0x13e +-\-TPM2_CC_SequenceUpdate: 0x15c \-TPM2_CC_SetAlgorithmSet: 0x13f +-\-TPM2_CC_SetCommandCodeAuditStatus: 0x140 \-TPM2_CC_SetPrimaryPolicy: +-0x12e \-TPM2_CC_Shutdown: 0x145 \-TPM2_CC_Sign: 0x15d +-\-TPM2_CC_StartAuthSession: 0x176 \-TPM2_CC_Startup: 0x144 +-\-TPM2_CC_StirRandom: 0x146 \-TPM2_CC_TestParms: 0x18a \-TPM2_CC_Unseal: +-0x15e \-TPM2_CC_Vendor_TCG_Test: 0x20000000 \-TPM2_CC_VerifySignature: +-0x177 \-TPM2_CC_ZGen_2Phase: 0x18d ++-TPM2_CC_AC_GetCapability: 0x194 -TPM2_CC_AC_Send: 0x195 ++-TPM2_CC_ActivateCredential: 0x147 -TPM2_CC_Certify: 0x148 ++-TPM2_CC_CertifyCreation: 0x14a -TPM2_CC_ChangeEPS: 0x124 ++-TPM2_CC_ChangePPS: 0x125 -TPM2_CC_Clear: 0x126 -TPM2_CC_ClearControl: ++0x127 -TPM2_CC_ClockRateAdjust: 0x130 -TPM2_CC_ClockSet: 0x128 ++-TPM2_CC_Commit: 0x18b -TPM2_CC_ContextLoad: 0x161 -TPM2_CC_ContextSave: ++0x162 -TPM2_CC_Create: 0x153 -TPM2_CC_CreateLoaded: 0x191 ++-TPM2_CC_CreatePrimary: 0x131 -TPM2_CC_DictionaryAttackLockReset: 0x139 ++-TPM2_CC_DictionaryAttackParameters: 0x13a -TPM2_CC_Duplicate: 0x14b ++-TPM2_CC_ECC_Parameters: 0x178 -TPM2_CC_ECDH_KeyGen: 0x163 ++-TPM2_CC_ECDH_ZGen: 0x154 -TPM2_CC_EC_Ephemeral: 0x18e ++-TPM2_CC_EncryptDecrypt: 0x164 -TPM2_CC_EncryptDecrypt2: 0x193 ++-TPM2_CC_EventSequenceComplete: 0x185 -TPM2_CC_EvictControl: 0x120 ++-TPM2_CC_FieldUpgradeData: 0x141 -TPM2_CC_FieldUpgradeStart: 0x12f ++-TPM2_CC_FirmwareRead: 0x179 -TPM2_CC_FlushContext: 0x165 ++-TPM2_CC_GetCapability: 0x17a -TPM2_CC_GetCommandAuditDigest: 0x133 ++-TPM2_CC_GetRandom: 0x17b -TPM2_CC_GetSessionAuditDigest: 0x14d ++-TPM2_CC_GetTestResult: 0x17c -TPM2_CC_GetTime: 0x14c -TPM2_CC_Hash: ++0x17d -TPM2_CC_HashSequenceStart: 0x186 -TPM2_CC_HierarchyChangeAuth: ++0x129 -TPM2_CC_HierarchyControl: 0x121 -TPM2_CC_HMAC: 0x155 ++-TPM2_CC_HMAC_Start: 0x15b -TPM2_CC_Import: 0x156 ++-TPM2_CC_IncrementalSelfTest: 0x142 -TPM2_CC_Load: 0x157 ++-TPM2_CC_LoadExternal: 0x167 -TPM2_CC_MakeCredential: 0x168 ++-TPM2_CC_NV_Certify: 0x184 -TPM2_CC_NV_ChangeAuth: 0x13b ++-TPM2_CC_NV_DefineSpace: 0x12a -TPM2_CC_NV_Extend: 0x136 ++-TPM2_CC_NV_GlobalWriteLock: 0x132 -TPM2_CC_NV_Increment: 0x134 ++-TPM2_CC_NV_Read: 0x14e -TPM2_CC_NV_ReadLock: 0x14f ++-TPM2_CC_NV_ReadPublic: 0x169 -TPM2_CC_NV_SetBits: 0x135 ++-TPM2_CC_NV_UndefineSpace: 0x122 -TPM2_CC_NV_UndefineSpaceSpecial: 0x11f ++-TPM2_CC_NV_Write: 0x137 -TPM2_CC_NV_WriteLock: 0x138 ++-TPM2_CC_ObjectChangeAuth: 0x150 -TPM2_CC_PCR_Allocate: 0x12b ++-TPM2_CC_PCR_Event: 0x13c -TPM2_CC_PCR_Extend: 0x182 -TPM2_CC_PCR_Read: ++0x17e -TPM2_CC_PCR_Reset: 0x13d -TPM2_CC_PCR_SetAuthPolicy: 0x12c ++-TPM2_CC_PCR_SetAuthValue: 0x183 -TPM2_CC_Policy_AC_SendSelect: 0x196 ++-TPM2_CC_PolicyAuthorize: 0x16a -TPM2_CC_PolicyAuthorizeNV: 0x192 ++-TPM2_CC_PolicyAuthValue: 0x16b -TPM2_CC_PolicyCommandCode: 0x16c ++-TPM2_CC_PolicyCounterTimer: 0x16d -TPM2_CC_PolicyCpHash: 0x16e ++-TPM2_CC_PolicyDuplicationSelect: 0x188 -TPM2_CC_PolicyGetDigest: 0x189 ++-TPM2_CC_PolicyLocality: 0x16f -TPM2_CC_PolicyNameHash: 0x170 ++-TPM2_CC_PolicyNV: 0x149 -TPM2_CC_PolicyNvWritten: 0x18f ++-TPM2_CC_PolicyOR: 0x171 -TPM2_CC_PolicyPassword: 0x18c ++-TPM2_CC_PolicyPCR: 0x17f -TPM2_CC_PolicyPhysicalPresence: 0x187 ++-TPM2_CC_PolicyRestart: 0x180 -TPM2_CC_PolicySecret: 0x151 ++-TPM2_CC_PolicySigned: 0x160 -TPM2_CC_PolicyTemplate: 0x190 ++-TPM2_CC_PolicyTicket: 0x172 -TPM2_CC_PP_Commands: 0x12d -TPM2_CC_Quote: ++0x158 -TPM2_CC_ReadClock: 0x181 -TPM2_CC_ReadPublic: 0x173 ++-TPM2_CC_Rewrap: 0x152 -TPM2_CC_RSA_Decrypt: 0x159 -TPM2_CC_RSA_Encrypt: ++0x174 -TPM2_CC_SelfTest: 0x143 -TPM2_CC_SequenceComplete: 0x13e ++-TPM2_CC_SequenceUpdate: 0x15c -TPM2_CC_SetAlgorithmSet: 0x13f ++-TPM2_CC_SetCommandCodeAuditStatus: 0x140 -TPM2_CC_SetPrimaryPolicy: ++0x12e -TPM2_CC_Shutdown: 0x145 -TPM2_CC_Sign: 0x15d ++-TPM2_CC_StartAuthSession: 0x176 -TPM2_CC_Startup: 0x144 ++-TPM2_CC_StirRandom: 0x146 -TPM2_CC_TestParms: 0x18a -TPM2_CC_Unseal: ++0x15e -TPM2_CC_Vendor_TCG_Test: 0x20000000 -TPM2_CC_VerifySignature: ++0x177 -TPM2_CC_ZGen_2Phase: 0x18d + .SH EXAMPLES + .PP + Start a \f[I]policy\f[R] session and extend it with a specific command + like unseal. + Attempts to perform other operations would fail. +-.SS Create an unseal\-only policy ++.SS Create an unseal-only policy + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.dat ++tpm2_startauthsession -S session.dat + +-tpm2_policycommandcode \-S session.dat \-L policy.dat TPM2_CC_Unseal ++tpm2_policycommandcode -S session.dat -L policy.dat TPM2_CC_Unseal + + tpm2_flushcontext session.dat + \f[R] + .fi +-.SS Create the object with unseal\-only auth policy ++.SS Create the object with unseal-only auth policy + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-c prim.ctx ++tpm2_createprimary -C o -c prim.ctx + +-tpm2_create \-C prim.ctx \-u sealkey.pub \-r sealkey.priv \-L policy.dat \[rs] +- \-i\- <<< \[dq]SEALED\-SECRET\[dq] ++tpm2_create -C prim.ctx -u sealkey.pub -r sealkey.priv -L policy.dat \[rs] ++ -i- <<< \[dq]SEALED-SECRET\[dq] + \f[R] + .fi + .SS Try unseal operation + .IP + .nf + \f[C] +-tpm2_load \-C prim.ctx \-u sealkey.pub \-r sealkey.priv \-n sealkey.name \[rs] +- \-c sealkey.ctx ++tpm2_load -C prim.ctx -u sealkey.pub -r sealkey.priv -n sealkey.name \[rs] ++ -c sealkey.ctx + +-tpm2_startauthsession \-\-policy\-session \-S session.dat ++tpm2_startauthsession --policy-session -S session.dat + +-tpm2_policycommandcode \-S session.dat \-L policy.dat TPM2_CC_Unseal ++tpm2_policycommandcode -S session.dat -L policy.dat TPM2_CC_Unseal + +-tpm2_unseal \-p session:session.dat \-c sealkey.ctx +-SEALED\-SECRET ++tpm2_unseal -p session:session.dat -c sealkey.ctx ++SEALED-SECRET + + tpm2_flushcontext session.dat + \f[R] +@@ -312,8 +315,8 @@ tpm2_flushcontext session.dat + \f[C] + echo \[dq]Encrypt Me\[dq] > plain.txt + +-tpm2_encryptdecrypt plain.txt \-o enc.txt \-c sealkey.ctx plain.txt +-ERROR: Esys_EncryptDecrypt2(0x12F) \- tpm:error(2.0): authValue or authPolicy is ++tpm2_encryptdecrypt plain.txt -o enc.txt -c sealkey.ctx plain.txt ++ERROR: Esys_EncryptDecrypt2(0x12F) - tpm:error(2.0): authValue or authPolicy is + not available for selected entity + \f[R] + .fi +@@ -321,17 +324,17 @@ not available for selected entity + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -340,7 +343,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policycountertimer.1 b/man/man1/tpm2_policycountertimer.1 +index 3eb2697..95eed29 100644 +--- a/man/man1/tpm2_policycountertimer.1 ++++ b/man/man1/tpm2_policycountertimer.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policycountertimer" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policycountertimer" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policycountertimer\f[R](1) \- Enables policy authorization by ++\f[B]tpm2_policycountertimer\f[R](1) - Enables policy authorization by + evaluating the comparison operation on the TPM parameters time, clock, + reset count, restart count and TPM clock safe flag. + .SH SYNOPSIS +@@ -13,7 +13,7 @@ reset count, restart count and TPM clock safe flag. + [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policycountertimer\f[R](1) \- Enables policy authorization by ++\f[B]tpm2_policycountertimer\f[R](1) - Enables policy authorization by + evaluating the comparison operation on the TPM parameters time, clock, + reset count, restart count and TPM clock safe flag. + If time/clock, it is input as milliseconds value. +@@ -22,11 +22,11 @@ below: + .IP + .nf + \f[C] +-tpm2_policycountertimer \-S session.ctx safe +-tpm2_policycountertimer \-S session.ctx clock= +-tpm2_policycountertimer \-S session.ctx time= +-tpm2_policycountertimer \-S session.ctx resets= +-tpm2_policycountertimer \-S session.ctx restarts= ++tpm2_policycountertimer -S session.ctx safe ++tpm2_policycountertimer -S session.ctx clock= ++tpm2_policycountertimer -S session.ctx time= ++tpm2_policycountertimer -S session.ctx resets= ++tpm2_policycountertimer -S session.ctx restarts= + \f[R] + .fi + .PP +@@ -34,16 +34,16 @@ By default comparison tests for equality and also by default it tests + for time. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R] or saved off of a previous tool run. + .RE + .IP \[bu] 2 +@@ -111,7 +111,7 @@ if all bits set in value of current time in the TPM are clear in value + of specified input time. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -125,14 +125,13 @@ the command, it simply returns a cpHash. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -140,21 +139,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -165,7 +170,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -174,16 +179,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -192,10 +197,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -205,14 +210,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -225,7 +230,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -234,7 +239,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -257,7 +262,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -266,7 +271,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -281,28 +286,28 @@ for first minute of TPM restart. + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx ++tpm2_startauthsession -S session.ctx + +-tpm2_policycountertimer \-S session.ctx \-L policy.countertimer \-\-ult 60000 ++tpm2_policycountertimer -S session.ctx -L policy.countertimer --ult 60000 + + tpm2_flushcontext session.ctx + +-tpm2_createprimary \-C o \-c prim.ctx \-Q ++tpm2_createprimary -C o -c prim.ctx -Q + + echo \[dq]SUPERSECRET\[dq] | \[rs] +-tpm2_create \-Q \-u key.pub \-r key.priv \-i\- \-C prim.ctx \[rs] +-\-L policy.countertimer \-a \[dq]fixedtpm|fixedparent\[dq] \-c key.ctx ++tpm2_create -Q -u key.pub -r key.priv -i- -C prim.ctx \[rs] ++-L policy.countertimer -a \[dq]fixedtpm|fixedparent\[dq] -c key.ctx + \f[R] + .fi + .SS Unsealing should work in the first minute after TPM restart + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx \-\-policy\-session ++tpm2_startauthsession -S session.ctx --policy-session + +-tpm2_policycountertimer \-S session.ctx \-\-ult 60000 ++tpm2_policycountertimer -S session.ctx --ult 60000 + +-tpm2_unseal \-c key.ctx \-p session:session.ctx ++tpm2_unseal -c key.ctx -p session:session.ctx + + tpm2_flushcontext session.ctx + \f[R] +@@ -311,17 +316,17 @@ tpm2_flushcontext session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -330,7 +335,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policycphash.1 b/man/man1/tpm2_policycphash.1 +index e1dcf2e..3cdcbac 100644 +--- a/man/man1/tpm2_policycphash.1 ++++ b/man/man1/tpm2_policycphash.1 +@@ -1,45 +1,45 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policycphash" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policycphash" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policycphash\f[R](1) \- Couples a policy with command ++\f[B]tpm2_policycphash\f[R](1) - Couples a policy with command + parameters of the command. + .SH SYNOPSIS + .PP + \f[B]tpm2_policycphash\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policycphash\f[R](1) \- Couples a policy with command ++\f[B]tpm2_policycphash\f[R](1) - Couples a policy with command + parameters of the command. + This is a deferred assertion where the hash of the command parameters in + a TPM command is checked against the one specified in the policy. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the compounded policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\-input\f[R]=\f[I]FILE\f[R]: ++\f[B]--cphash-input\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file containing the command parameter hash of the command. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R]: ++\f[B]--cphash\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-\f[B]DEPRECATED\f[R], use \f[B]\[en]cphash\-input\f[R] instead. ++\f[B]DEPRECATED\f[R], use \f[B]\[en]cphash-input\f[R] instead. + .RE + .SS References + .SH COMMON OPTIONS +@@ -47,14 +47,13 @@ The file containing the command parameter hash of the command. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -62,21 +61,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -87,7 +92,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -96,16 +101,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -114,10 +119,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -127,14 +132,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -147,7 +152,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -156,7 +161,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -179,7 +184,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -188,7 +193,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -202,23 +207,23 @@ Restrict the value that can be set through tpm2_nvsetbits. + .IP + .nf + \f[C] +-openssl genrsa \-out signing_key_private.pem 2048 +-openssl rsa \-in signing_key_private.pem \-out signing_key_public.pem \-pubout +-tpm2_loadexternal \-G rsa \-C o \-u signing_key_public.pem \-c signing_key.ctx \[rs] +-\-n signing_key.name +-tpm2_startauthsession \-S session.ctx \-g sha256 +-tpm2_policyauthorize \-S session.ctx \-L authorized.policy \-n signing_key.name ++openssl genrsa -out signing_key_private.pem 2048 ++openssl rsa -in signing_key_private.pem -out signing_key_public.pem -pubout ++tpm2_loadexternal -G rsa -C o -u signing_key_public.pem -c signing_key.ctx \[rs] ++-n signing_key.name ++tpm2_startauthsession -S session.ctx -g sha256 ++tpm2_policyauthorize -S session.ctx -L authorized.policy -n signing_key.name + tpm2_flushcontext session.ctx +-tpm2_nvdefine 1 \-a \[dq]policywrite|authwrite|ownerread|nt=bits\[dq] \-L authorized.policy ++tpm2_nvdefine 1 -a \[dq]policywrite|authwrite|ownerread|nt=bits\[dq] -L authorized.policy + \f[R] + .fi + .SS Create policycphash + .IP + .nf + \f[C] +-tpm2_nvsetbits 1 \-i 1 \-\-cphash cp.hash +-tpm2_startauthsession \-S session.ctx \-g sha256 +-tpm2_policycphash \-S session.ctx \-L policy.cphash \-\-cphash cp.hash ++tpm2_nvsetbits 1 -i 1 --cphash cp.hash ++tpm2_startauthsession -S session.ctx -g sha256 ++tpm2_policycphash -S session.ctx -L policy.cphash --cphash cp.hash + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -226,21 +231,21 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-openssl dgst \-sha256 \-sign signing_key_private.pem \[rs] +-\-out policycphash.signature policy.cphash +-tpm2_verifysignature \-c signing_key.ctx \-g sha256 \-m policy.cphash \[rs] +-\-s policycphash.signature \-t verification.tkt \-f rsassa ++openssl dgst -sha256 -sign signing_key_private.pem \[rs] ++-out policycphash.signature policy.cphash ++tpm2_verifysignature -c signing_key.ctx -g sha256 -m policy.cphash \[rs] ++-s policycphash.signature -t verification.tkt -f rsassa + \f[R] + .fi + .SS Satisfy policycphash and execute nvsetbits + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx \-\-policy\-session \-g sha256 +-tpm2_policycphash \-S session.ctx \-\-cphash cp.hash +-tpm2_policyauthorize \-S session.ctx \-i policy.cphash \-n signing_key.name \[rs] +-\-t verification.tkt +-tpm2_nvsetbits 1 \-i 1 \-P \[dq]session:session.ctx\[dq] ++tpm2_startauthsession -S session.ctx --policy-session -g sha256 ++tpm2_policycphash -S session.ctx --cphash cp.hash ++tpm2_policyauthorize -S session.ctx -i policy.cphash -n signing_key.name \[rs] ++-t verification.tkt ++tpm2_nvsetbits 1 -i 1 -P \[dq]session:session.ctx\[dq] + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -248,17 +253,17 @@ tpm2_flushcontext session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -267,7 +272,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policyduplicationselect.1 b/man/man1/tpm2_policyduplicationselect.1 +index 7fadbef..86d90ec 100644 +--- a/man/man1/tpm2_policyduplicationselect.1 ++++ b/man/man1/tpm2_policyduplicationselect.1 +@@ -1,46 +1,46 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policyduplicationselect" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policyduplicationselect" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policyduplicationselect\f[R](1) \- Restricts duplication to a ++\f[B]tpm2_policyduplicationselect\f[R](1) - Restricts duplication to a + specific new parent. + .SH SYNOPSIS + .PP + \f[B]tpm2_policyduplicationselect\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policyduplicationselect\f[R](1) \- Restricts duplication to a ++\f[B]tpm2_policyduplicationselect\f[R](1) - Restricts duplication to a + specific new parent. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-object\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--object-name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Input name file of the object to be duplicated. + .RE + .IP \[bu] 2 +-\f[B]\-N\f[R], \f[B]\-\-parent\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-N\f[R], \f[B]--parent-name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Input name file of the new parent. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-\-include\-object\f[R]: ++\f[B]--include-object\f[R]: + .RS 2 + .PP + If exists, the object name will be included in the value in policy +@@ -52,14 +52,13 @@ digest. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -67,21 +66,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -92,7 +97,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -101,16 +106,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -119,10 +124,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -132,14 +137,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -152,7 +157,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -161,7 +166,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -184,7 +189,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -193,7 +198,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -206,18 +211,18 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-C n \-g sha256 \-G rsa \-c dst_n.ctx \-Q +-tpm2_createprimary \-C o \-g sha256 \-G rsa \-c src_o.ctx \-Q ++tpm2_createprimary -C n -g sha256 -G rsa -c dst_n.ctx -Q ++tpm2_createprimary -C o -g sha256 -G rsa -c src_o.ctx -Q + \f[R] + .fi + .SS Create the restricted parent policy + .IP + .nf + \f[C] +-tpm2_readpublic \-c dst_n.ctx \-n dst_n.name \-Q +-tpm2_startauthsession \-S session.ctx +-tpm2_policyduplicationselect \-S session.ctx \-N dst_n.name \[rs] +-\-L policydupselect.dat \-Q ++tpm2_readpublic -c dst_n.ctx -n dst_n.name -Q ++tpm2_startauthsession -S session.ctx ++tpm2_policyduplicationselect -S session.ctx -N dst_n.name \[rs] ++-L policydupselect.dat -Q + tpm2_flushcontext session.ctx + rm session.ctx + \f[R] +@@ -226,19 +231,19 @@ rm session.ctx + .IP + .nf + \f[C] +-tpm2_create \-C src_o.ctx \-g sha256 \-G rsa \-r dupkey.priv \-u dupkey.pub \[rs] +-\-L policydupselect.dat \-a \[dq]sensitivedataorigin|sign|decrypt\[dq] \-c dupkey.ctx \-Q +-tpm2_readpublic \-c dupkey.ctx \-n dupkey.name \-Q ++tpm2_create -C src_o.ctx -g sha256 -G rsa -r dupkey.priv -u dupkey.pub \[rs] ++-L policydupselect.dat -a \[dq]sensitivedataorigin|sign|decrypt\[dq] -c dupkey.ctx -Q ++tpm2_readpublic -c dupkey.ctx -n dupkey.name -Q + \f[R] + .fi + .SS Satisfy the policy and duplicate the object + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx \-\-policy\-session +-tpm2_policyduplicationselect \-S session.ctx \-N dst_n.name \-n dupkey.name \-Q +-tpm2_duplicate \-C dst_n.ctx \-c dupkey.ctx \-G null \-p session:session.ctx \[rs] +-\-r new_dupkey.priv \-s dupseed.dat ++tpm2_startauthsession -S session.ctx --policy-session ++tpm2_policyduplicationselect -S session.ctx -N dst_n.name -n dupkey.name -Q ++tpm2_duplicate -C dst_n.ctx -c dupkey.ctx -G null -p session:session.ctx \[rs] ++-r new_dupkey.priv -s dupseed.dat + tpm2_flushcontext session.ctx + rm session.ctx + \f[R] +@@ -254,17 +259,17 @@ This command will set the policy session\[cq]s command code to + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -273,7 +278,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policylocality.1 b/man/man1/tpm2_policylocality.1 +index 1986065..1c343f3 100644 +--- a/man/man1/tpm2_policylocality.1 ++++ b/man/man1/tpm2_policylocality.1 +@@ -1,18 +1,18 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policylocality" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policylocality" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policylocality\f[R](1) \- Restrict TPM object authorization to ++\f[B]tpm2_policylocality\f[R](1) - Restrict TPM object authorization to + specific localities. + .SH SYNOPSIS + .PP + \f[B]tpm2_policylocality\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policylocality\f[R](1) \- Restricts TPM object authorization +-to specific TPM locality. ++\f[B]tpm2_policylocality\f[R](1) - Restricts TPM object authorization to ++specific TPM locality. + Useful when you want to allow only specific locality with the TPM + object. + A locality indicates the source of the command, for example it could be +@@ -34,22 +34,21 @@ represented as set bit indexes. + Thus locality 0 is indicated by \f[C]1<<0\f[R] and locality 4 is + indicated by \f[C]1<<4\f[R]. + Rather then using raw numbers, these localities can also be specified by +-the friendly names of: \- zero: locality 0 or \f[C]1<<0\f[R] \- one: +-locality 1 or \f[C]1<<1\f[R] \- two: locality 2 or \f[C]1<<2\f[R] \- +-three: locality 3 or \f[C]1<<3\f[R] \- four: locality 4 or +-\f[C]1<<4\f[R] ++the friendly names of: - zero: locality 0 or \f[C]1<<0\f[R] - one: ++locality 1 or \f[C]1<<1\f[R] - two: locality 2 or \f[C]1<<2\f[R] - ++three: locality 3 or \f[C]1<<3\f[R] - four: locality 4 or \f[C]1<<4\f[R] + .PP +-Anything from the range 32 \- 255 are extended localities. ++Anything from the range 32 - 255 are extended localities. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + A session file from \f[B]tpm2_startauthsession\f[R](1)\[cq]s +-\f[B]\-S\f[R] option. ++\f[B]-S\f[R] option. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the policy digest. +@@ -58,7 +57,7 @@ File to save the policy digest. + \f[B]ARGUMENT\f[R] the command line argument specifies the locality + number. + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -72,14 +71,13 @@ the command, it simply returns a cpHash. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -87,21 +85,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -112,7 +116,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -121,16 +125,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -139,10 +143,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -152,14 +156,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -172,7 +176,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -181,7 +185,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -204,7 +208,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -213,7 +217,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -229,9 +233,9 @@ Attempts to perform other operations would fail. + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.dat ++tpm2_startauthsession -S session.dat + +-tpm2_policylocality \-S session.dat \-L policy.dat three ++tpm2_policylocality -S session.dat -L policy.dat three + + tpm2_flushcontext session.dat + \f[R] +@@ -240,26 +244,26 @@ tpm2_flushcontext session.dat + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-c prim.ctx ++tpm2_createprimary -C o -c prim.ctx + +-tpm2_create \-C prim.ctx \-u sealkey.pub \-r sealkey.priv \-L policy.dat \[rs] +-\-i\- <<< \[dq]SEALED\-SECRET\[dq] ++tpm2_create -C prim.ctx -u sealkey.pub -r sealkey.priv -L policy.dat \[rs] ++-i- <<< \[dq]SEALED-SECRET\[dq] + \f[R] + .fi + .SS Try unseal operation + .IP + .nf + \f[C] +-tpm2_load \-C prim.ctx \-u sealkey.pub \-r sealkey.priv \-n sealkey.name \[rs] +-\-c sealkey.ctx ++tpm2_load -C prim.ctx -u sealkey.pub -r sealkey.priv -n sealkey.name \[rs] ++-c sealkey.ctx + +-tpm2_startauthsession \[rs]\-\-policy\-session \-S session.dat ++tpm2_startauthsession \[rs]--policy-session -S session.dat + +-tpm2_policylocality \-S session.dat \-L policy.dat three ++tpm2_policylocality -S session.dat -L policy.dat three + + # Change to locality 3, Note: this operation varies on different platforms + +-tpm2_unseal \-p session:session.dat \-c sealkey.ctx ++tpm2_unseal -p session:session.dat -c sealkey.ctx + + tpm2_flushcontext session.dat + \f[R] +@@ -268,17 +272,17 @@ tpm2_flushcontext session.dat + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -287,7 +291,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policynamehash.1 b/man/man1/tpm2_policynamehash.1 +index 2723d2b..e168b2b 100644 +--- a/man/man1/tpm2_policynamehash.1 ++++ b/man/man1/tpm2_policynamehash.1 +@@ -1,37 +1,37 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policynamehash" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policynamehash" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policynamehash\f[R](1) \- Couples a policy with names of ++\f[B]tpm2_policynamehash\f[R](1) - Couples a policy with names of + specific objects. + .SH SYNOPSIS + .PP + \f[B]tpm2_policynamehash\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policynamehash\f[R](1) \- Couples a policy with names of ++\f[B]tpm2_policynamehash\f[R](1) - Couples a policy with names of + specific objects. + This is a deferred assertion where the hash of the names of all object + handles in a TPM command is checked against the one specified in the + policy. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the compounded policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file containing the name hash of the referenced objects. +@@ -42,14 +42,13 @@ The file containing the name hash of the referenced objects. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -57,21 +56,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -82,7 +87,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -91,16 +96,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -109,10 +114,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -122,14 +127,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -142,7 +147,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -151,7 +156,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -174,7 +179,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -183,7 +188,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -198,68 +203,66 @@ key. + .IP + .nf + \f[C] ++openssl genrsa -out signing_key_private.pem 2048 + +-openssl genrsa \-out signing_key_private.pem 2048 +- +-openssl rsa \-in signing_key_private.pem \-out signing_key_public.pem \-pubout ++openssl rsa -in signing_key_private.pem -out signing_key_public.pem -pubout + +-tpm2_loadexternal \-G rsa \-C o \-u signing_key_public.pem \-c signing_key.ctx \[rs] +-\-n signing_key.name ++tpm2_loadexternal -G rsa -C o -u signing_key_public.pem -c signing_key.ctx \[rs] ++-n signing_key.name + +-tpm2_startauthsession \-S session.ctx \-g sha256 ++tpm2_startauthsession -S session.ctx -g sha256 + +-tpm2_policyauthorize \-S session.ctx \-L authorized.policy \-n signing_key.name ++tpm2_policyauthorize -S session.ctx -L authorized.policy -n signing_key.name + +-tpm2_policycommandcode \-S session.ctx \-L policy.dat TPM2_CC_Duplicate ++tpm2_policycommandcode -S session.ctx -L policy.dat TPM2_CC_Duplicate + + tpm2_flushcontext session.ctx + +-tpm2_createprimary \-C o \-g sha256 \-G rsa \-c primary.ctx \-Q ++tpm2_createprimary -C o -g sha256 -G rsa -c primary.ctx -Q + + ## The duplicable key +-tpm2_create \-Q \-C primary.ctx \-g sha256 \-G rsa \-r key.prv \-u key.pub \[rs] +-\-L policy.dat \-a \[dq]sensitivedataorigin|sign|decrypt\[dq] ++tpm2_create -Q -C primary.ctx -g sha256 -G rsa -r key.prv -u key.pub \[rs] ++-L policy.dat -a \[dq]sensitivedataorigin|sign|decrypt\[dq] + +-tpm2_load \-Q \-C primary.ctx \-r key.prv \-u key.pub \-c key.ctx ++tpm2_load -Q -C primary.ctx -r key.prv -u key.pub -c key.ctx + \f[R] + .fi + .SH Create the new parent + .IP + .nf + \f[C] ++tpm2_create -Q -C primary.ctx -g sha256 -G rsa -r new_parent.prv \[rs] ++-u new_parent.pub \[rs] ++-a \[dq]decrypt|fixedparent|fixedtpm|restricted|sensitivedataorigin\[dq] + +-tpm2_create \-Q \-C primary.ctx \-g sha256 \-G rsa \-r new_parent.prv \[rs] +-\-u new_parent.pub \[rs] +-\-a \[dq]decrypt|fixedparent|fixedtpm|restricted|sensitivedataorigin\[dq] +- +-tpm2_loadexternal \-Q \-C o \-u new_parent.pub \-c new_parent.ctx ++tpm2_loadexternal -Q -C o -u new_parent.pub -c new_parent.ctx + \f[R] + .fi + .SH Modify the duplicable key policy to namehash policy to restrict parent and key + .IP + .nf + \f[C] +-tpm2_readpublic \-Q \-c new_parent.ctx \-n new_parent.name ++tpm2_readpublic -Q -c new_parent.ctx -n new_parent.name + +-tpm2_readpublic \-Q \-c key.ctx \-n key.name ++tpm2_readpublic -Q -c key.ctx -n key.name + +-cat key.name new_parent.name | openssl dgst \-sha256 \-binary > name.hash ++cat key.name new_parent.name | openssl dgst -sha256 -binary > name.hash + +-tpm2_startauthsession \-S session.ctx \-g sha256 ++tpm2_startauthsession -S session.ctx -g sha256 + +-tpm2_policynamehash \-L policy.namehash \-S session.ctx \-n name.hash ++tpm2_policynamehash -L policy.namehash -S session.ctx -n name.hash + + tpm2_flushcontext session.ctx + +-openssl dgst \-sha256 \-sign signing_key_private.pem \[rs] +-\-out policynamehash.signature policy.namehash ++openssl dgst -sha256 -sign signing_key_private.pem \[rs] ++-out policynamehash.signature policy.namehash + +-tpm2_startauthsession \-S session.ctx \-g sha256 ++tpm2_startauthsession -S session.ctx -g sha256 + +-tpm2_policyauthorize \-S session.ctx \-L authorized.policy \-i policy.namehash \[rs] +-\-n signing_key.name ++tpm2_policyauthorize -S session.ctx -L authorized.policy -i policy.namehash \[rs] ++-n signing_key.name + +-tpm2_policycommandcode \-S session.ctx \-L policy.dat TPM2_CC_Duplicate ++tpm2_policycommandcode -S session.ctx -L policy.dat TPM2_CC_Duplicate + + tpm2_flushcontext session.ctx + \f[R] +@@ -268,20 +271,20 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-tpm2_verifysignature \-c signing_key.ctx \-g sha256 \-m policy.namehash \[rs] +-\-s policynamehash.signature \-t verification.tkt \-f rsassa ++tpm2_verifysignature -c signing_key.ctx -g sha256 -m policy.namehash \[rs] ++-s policynamehash.signature -t verification.tkt -f rsassa + +-tpm2_startauthsession \-S session.ctx \-\-policy\-session \-g sha256 ++tpm2_startauthsession -S session.ctx --policy-session -g sha256 + +-tpm2_policynamehash \-S session.ctx \-n name.hash ++tpm2_policynamehash -S session.ctx -n name.hash + +-tpm2_policyauthorize \-S session.ctx \-i policy.namehash \-n signing_key.name \[rs] +-\-t verification.tkt ++tpm2_policyauthorize -S session.ctx -i policy.namehash -n signing_key.name \[rs] ++-t verification.tkt + +-tpm2_policycommandcode \-S session.ctx TPM2_CC_Duplicate ++tpm2_policycommandcode -S session.ctx TPM2_CC_Duplicate + +-tpm2_duplicate \-C new_parent.ctx \-c key.ctx \-G null \-p \[dq]session:session.ctx\[dq] \[rs] +-\-r dupprv.bin \-s dupseed.dat ++tpm2_duplicate -C new_parent.ctx -c key.ctx -G null -p \[dq]session:session.ctx\[dq] \[rs] ++-r dupprv.bin -s dupseed.dat + + tpm2_flushcontext session.ctx + \f[R] +@@ -290,17 +293,17 @@ tpm2_flushcontext session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -309,7 +312,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policynv.1 b/man/man1/tpm2_policynv.1 +index 83ded30..0cdcb4f 100644 +--- a/man/man1/tpm2_policynv.1 ++++ b/man/man1/tpm2_policynv.1 +@@ -1,22 +1,21 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policynv" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policynv" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policynv\f[R](1) \- Evaluates policy authorization by +-comparing a specified value against the contents in the specified NV +-Index. ++\f[B]tpm2_policynv\f[R](1) - Evaluates policy authorization by comparing ++a specified value against the contents in the specified NV Index. + .SH SYNOPSIS + .PP + \f[B]tpm2_policynv\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policynv\f[R](1) \- This command evaluates policy +-authorization by comparing the contents written to an NV index against +-the one specified in the tool options. +-The tool takes two arguments \- (1) The NV index specified as raw handle ++\f[B]tpm2_policynv\f[R](1) - This command evaluates policy authorization ++by comparing the contents written to an NV index against the one ++specified in the tool options. ++The tool takes two arguments - (1) The NV index specified as raw handle + or an offset value to the nv handle range \[lq]TPM2_HR_NV_INDEX\[rq] and + (2) Comparison operator for magnitude comparison and or bit test + operations. +@@ -35,8 +34,9 @@ are set in operandB * \[lq]bc\[rq] if all bits set in operandA are clear + in operandB + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specifies the hierarchy used to authorize. + Supported options are: + .IP \[bu] 2 +@@ -44,35 +44,35 @@ Supported options are: + .IP \[bu] 2 + \f[B]p\f[R] for \f[B]TPM_RH_PLATFORM\f[R] + .IP \[bu] 2 +-\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv\-index may be ++\f[B]\f[CB]\f[B]\f[R] where a hierarchy handle or nv-index may be + used. + .PP +-When \f[B]\-C\f[R] isn\[cq]t explicitly passed the index handle will be ++When \f[B]-C\f[R] isn\[cq]t explicitly passed the index handle will be + used to authorize against the index. +-The index auth value is set via the \f[B]\-p\f[R] option to ++The index auth value is set via the \f[B]-p\f[R] option to + \f[B]tpm2_nvdefine\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R] or saved off of a previous tool run. + .RE + .IP \[bu] 2 +-\f[B]\-\-offset\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]--offset\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP + The offset within the NV index to start comparing at. +@@ -80,7 +80,7 @@ The size of the data starting at offset and ending at size of NV index + shall not exceed the size of the operand specified in the options. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -89,14 +89,14 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-input\f[R]=\f[I]FILE\f[R]: ++\f[B]-i\f[R], \f[B]--input\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Specifies the input file with data to compare to NV Index contents. + In the standard specification, this is termed as operand or operandB + more specifically . + It can be specified as a file input or stdin if option value is a +-\[lq]\-\[rq]. ++\[lq]-\[rq]. + .RE + .SS References + .SH COMMON OPTIONS +@@ -104,14 +104,13 @@ It can be specified as a file input or stdin if option value is a + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -119,21 +118,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -144,7 +149,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -153,16 +158,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -171,10 +176,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -184,14 +189,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -204,7 +209,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -213,7 +218,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -236,7 +241,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -245,7 +250,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -266,17 +271,17 @@ in the tool options. + .nf + \f[C] + nv_test_index=0x01500001 +-tpm2_nvdefine \-C o \-p nvpass $nv_test_index \-a \[dq]authread|authwrite\[dq] \-s 1 +-echo \[dq]aa\[dq] | xxd \-r \-p | tpm2_nvwrite \-P nvpass \-i\- $nv_test_index ++tpm2_nvdefine -C o -p nvpass $nv_test_index -a \[dq]authread|authwrite\[dq] -s 1 ++echo \[dq]aa\[dq] | xxd -r -p | tpm2_nvwrite -P nvpass -i- $nv_test_index + \f[R] + .fi + .SS Attempt defining policynv with wrong comparison value specified in options. + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx \-\-policy\-session ++tpm2_startauthsession -S session.ctx --policy-session + ### This should fail +-echo 0xBB | tpm2_policynv \-S session.ctx \-L policy.nv \-i\- 0x1500001 eq \-P nvpass ++echo 0xBB | tpm2_policynv -S session.ctx -L policy.nv -i- 0x1500001 eq -P nvpass + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -284,9 +289,9 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx \-\-policy\-session ++tpm2_startauthsession -S session.ctx --policy-session + ### This should pass +-echo 0xAA | tpm2_policynv \-S session.ctx \-L policy.nv \-i\- 0x1500001 eq \-P nvpass ++echo 0xAA | tpm2_policynv -S session.ctx -L policy.nv -i- 0x1500001 eq -P nvpass + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -294,17 +299,17 @@ tpm2_flushcontext session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -313,7 +318,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policynvwritten.1 b/man/man1/tpm2_policynvwritten.1 +index c4ae2f9..ba9b35a 100644 +--- a/man/man1/tpm2_policynvwritten.1 ++++ b/man/man1/tpm2_policynvwritten.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policynvwritten" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policynvwritten" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policynvwritten\f[R](1) \- Restrict TPM object authorization +-to the written state of an NV index. ++\f[B]tpm2_policynvwritten\f[R](1) - Restrict TPM object authorization to ++the written state of an NV index. + .SH SYNOPSIS + .PP + \f[B]tpm2_policynvwritten\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policynvwritten\f[R](1) \- Restricts TPM object authorization ++\f[B]tpm2_policynvwritten\f[R](1) - Restricts TPM object authorization + to the written state of an NV index. + Useful when creating write once NV indexes. + .PP +@@ -20,20 +20,20 @@ index. + It can be specified as s|c|0|1. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + A session file from \f[B]tpm2_startauthsession\f[R](1)\[cq]s +-\f[B]\-S\f[R] option. ++\f[B]-S\f[R] option. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -47,14 +47,13 @@ the command, it simply returns a cpHash. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -62,21 +61,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -87,7 +92,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -96,16 +101,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -114,10 +119,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -127,14 +132,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -147,7 +152,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -156,7 +161,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -179,7 +184,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -188,7 +193,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -204,9 +209,9 @@ only if the NV index attribute \[lq]TPMA_NV_WRITTEN\[rq] was never set. + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.dat +-tpm2_policycommandcode \-S session.dat TPM2_CC_NV_Write +-tpm2_policynvwritten \-S session.dat \-L nvwrite.policy c ++tpm2_startauthsession -S session.dat ++tpm2_policycommandcode -S session.dat TPM2_CC_NV_Write ++tpm2_policynvwritten -S session.dat -L nvwrite.policy c + tpm2_flushcontext session.dat + \f[R] + .fi +@@ -214,17 +219,17 @@ tpm2_flushcontext session.dat + .IP + .nf + \f[C] +- tpm2_nvdefine \-s 1 \-a \[dq]authread|policywrite\[dq] \-p nvrdpass \-L nvwrite.policy ++ tpm2_nvdefine -s 1 -a \[dq]authread|policywrite\[dq] -p nvrdpass -L nvwrite.policy + \f[R] + .fi + .SS Write the NV index by satisfying the policy + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.dat \-\-policy\-session +-tpm2_policycommandcode \-S session.dat TPM2_CC_NV_Write +-tpm2_policynvwritten \-S session.dat c +-echo 0xAA | xxd \-r \-p | tpm2_nvwrite 0x01000000 \-i\- \-P session:session.dat ++tpm2_startauthsession -S session.dat --policy-session ++tpm2_policycommandcode -S session.dat TPM2_CC_NV_Write ++tpm2_policynvwritten -S session.dat c ++echo 0xAA | xxd -r -p | tpm2_nvwrite 0x01000000 -i- -P session:session.dat + tpm2_flushcontext session.dat + \f[R] + .fi +@@ -232,17 +237,17 @@ tpm2_flushcontext session.dat + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -251,7 +256,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policyor.1 b/man/man1/tpm2_policyor.1 +index 895af2d..6cb1ccf 100644 +--- a/man/man1/tpm2_policyor.1 ++++ b/man/man1/tpm2_policyor.1 +@@ -1,16 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policyor" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policyor" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policyor\f[R](1) \- logically OR\[cq]s two policies together. ++\f[B]tpm2_policyor\f[R](1) - logically OR\[cq]s two policies together. + .SH SYNOPSIS + .PP + \f[B]tpm2_policyor\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policyor\f[R](1) \- Generates a policy_or event with the TPM. ++\f[B]tpm2_policyor\f[R](1) - Generates a policy_or event with the TPM. + It expects a session to be already established via + \f[B]tpm2_startauthsession\f[R](1). + If the input session is a trial session this tool generates a policy +@@ -22,16 +22,16 @@ authenticates the object successfully if at least one of the policy + events are true. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the compounded policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 +@@ -42,14 +42,14 @@ object. + The list begins with the policy digest hash alg. + Example sha256:policy1,policy2 + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-policy\-list\f[R]=\f[I]POLICY_FILE\f[R]_LIST: ++\f[B]-l\f[R], \f[B]--policy-list\f[R]=\f[I]POLICY_FILE\f[R]_LIST: + .RS 2 + .PP + This option is DEPRECATED yet is retained for backwards compatibility. + Use the argument method instead. +-\f[B]NOTE\f[R]: When \f[B]\-l\f[R] and an argument is specified it\[cq]s ++\f[B]NOTE\f[R]: When \f[B]-l\f[R] and an argument is specified it\[cq]s + the same as specifying it all at once. +-For instance: \f[C]tpm2_policyor \-l sha256:file1 sha256:file2\f[R] is ++For instance: \f[C]tpm2_policyor -l sha256:file1 sha256:file2\f[R] is + the same as \f[C]tpm2_policyor sha256:file1,file2\f[R]. + .RE + .SS References +@@ -58,14 +58,13 @@ the same as \f[C]tpm2_policyor sha256:file1,file2\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -73,21 +72,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -98,7 +103,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -107,16 +112,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -125,10 +130,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -138,14 +143,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -158,7 +163,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -167,7 +172,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -190,7 +195,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -199,7 +204,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -215,8 +220,8 @@ policies could unseal the secret. + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx +-tpm2_policypcr \-S session.ctx \-L policy.pcr \-l sha256:0,1,2,3 ++tpm2_startauthsession -S session.ctx ++tpm2_policypcr -S session.ctx -L policy.pcr -l sha256:0,1,2,3 + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -224,8 +229,8 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx +-tpm2_policypassword \-S session.ctx \-L policy.pass ++tpm2_startauthsession -S session.ctx ++tpm2_policypassword -S session.ctx -L policy.pass + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -233,8 +238,8 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx +-tpm2_policyor \-S session.ctx \-L policy.or sha256:policy.pass,policy.pcr ++tpm2_startauthsession -S session.ctx ++tpm2_policyor -S session.ctx -L policy.or sha256:policy.pass,policy.pcr + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -242,19 +247,19 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-tpm2_createprimary \-c prim.ctx \-Q +-echo \[dq]secret\[dq] | tpm2_create \-C prim.ctx \-c key.ctx \-u key.pub \-r key.priv \[rs] +-\-L policy.or \-i\- ++tpm2_createprimary -c prim.ctx -Q ++echo \[dq]secret\[dq] | tpm2_create -C prim.ctx -c key.ctx -u key.pub -r key.priv \[rs] ++-L policy.or -i- + \f[R] + .fi + .SS Satisfy auth policy using password and unseal the secret + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx \-\-policy\-session +-tpm2_policypassword \-S session.ctx +-tpm2_policyor \-S session.ctx sha256:policy.pass,policy.pcr +-tpm2_unseal \-c key.ctx \-p session:session.ctx ++tpm2_startauthsession -S session.ctx --policy-session ++tpm2_policypassword -S session.ctx ++tpm2_policyor -S session.ctx sha256:policy.pass,policy.pcr ++tpm2_unseal -c key.ctx -p session:session.ctx + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -262,10 +267,10 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx \-\-policy\-session +-tpm2_policypcr \-S session.ctx \-l sha256:0,1,2,3 +-tpm2_policyor \-S session.ctx sha256:policy.pass,policy.pcr +-tpm2_unseal \-c key.ctx \-p session:session.ctx ++tpm2_startauthsession -S session.ctx --policy-session ++tpm2_policypcr -S session.ctx -l sha256:0,1,2,3 ++tpm2_policyor -S session.ctx sha256:policy.pass,policy.pcr ++tpm2_unseal -c key.ctx -p session:session.ctx + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -273,17 +278,17 @@ tpm2_flushcontext session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -292,7 +297,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policypassword.1 b/man/man1/tpm2_policypassword.1 +index 6a9abae..eda1a63 100644 +--- a/man/man1/tpm2_policypassword.1 ++++ b/man/man1/tpm2_policypassword.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policypassword" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policypassword" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policypassword\f[R](1) \- Enables binding a policy to the ++\f[B]tpm2_policypassword\f[R](1) - Enables binding a policy to the + authorization value of the authorized TPM object. + .SH SYNOPSIS + .PP + \f[B]tpm2_policypassword\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policypassword\f[R](1) \- Enables a policy that requires the ++\f[B]tpm2_policypassword\f[R](1) - Enables a policy that requires the + object\[cq]s authentication passphrase be provided. + This is equivalent to authenticating using the object passphrase in + plaintext, only this enforces it as a policy. +@@ -20,20 +20,20 @@ object only allows policy based authorization, ie object attribute + \[lq]userwithauth\[rq] is 0. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the compounded policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -47,14 +47,13 @@ the command, it simply returns a cpHash. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -62,21 +61,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -87,7 +92,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -96,16 +101,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -114,10 +119,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -127,14 +132,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -147,7 +152,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -156,7 +161,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -179,7 +184,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -188,7 +193,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -206,9 +211,9 @@ session instead using the \f[B]tpm2_policypassword\f[R](1) tool. + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.dat ++tpm2_startauthsession -S session.dat + +-tpm2_policypassword \-S session.dat \-L policy.dat ++tpm2_policypassword -S session.dat -L policy.dat + + tpm2_flushcontext session.dat + \f[R] +@@ -217,32 +222,32 @@ tpm2_flushcontext session.dat + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-c prim.ctx ++tpm2_createprimary -C o -c prim.ctx + +-tpm2_create \-g sha256 \-G aes \-u key.pub \-r key.priv \-C prim.ctx \-L policy.dat \[rs] +- \-p testpswd ++tpm2_create -g sha256 -G aes -u key.pub -r key.priv -C prim.ctx -L policy.dat \[rs] ++ -p testpswd + \f[R] + .fi + .SS Authenticate with plaintext passphrase input + .IP + .nf + \f[C] +-tpm2_load \-C prim.ctx \-u key.pub \-r key.priv \-n key.name \-c key.ctx ++tpm2_load -C prim.ctx -u key.pub -r key.priv -n key.name -c key.ctx + + echo \[dq]plaintext\[dq] > plain.txt +-tpm2_encryptdecrypt \-c key.ctx \-o encrypt.out plain.txt \-p testpswd plain.txt ++tpm2_encryptdecrypt -c key.ctx -o encrypt.out plain.txt -p testpswd plain.txt + \f[R] + .fi + .SS Authenticate with password and the policy + .IP + .nf + \f[C] +-tpm2_startauthsession \[rs]\-\-policy\-session \-S session.dat ++tpm2_startauthsession \[rs]--policy-session -S session.dat + +-tpm2_policypassword \-S session.dat \-L policy.dat ++tpm2_policypassword -S session.dat -L policy.dat + +-tpm2_encryptdecrypt \-c key.ctx \-o encrypt.out \[rs] +- \-p session:session.dat+testpswd plain.txt ++tpm2_encryptdecrypt -c key.ctx -o encrypt.out \[rs] ++ -p session:session.dat+testpswd plain.txt + + tpm2_flushcontext session.dat + \f[R] +@@ -251,17 +256,17 @@ tpm2_flushcontext session.dat + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -270,7 +275,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policypcr.1 b/man/man1/tpm2_policypcr.1 +index 160914e..2d417d7 100644 +--- a/man/man1/tpm2_policypcr.1 ++++ b/man/man1/tpm2_policypcr.1 +@@ -1,18 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policypcr" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policypcr" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policypcr\f[R](1) \- Create a policy that includes specific +-PCR values. ++\f[B]tpm2_policypcr\f[R](1) - Create a policy that includes specific PCR ++values. + .SH SYNOPSIS + .PP + \f[B]tpm2_policypcr\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policypcr\f[R](1) \- Generates a PCR policy event with the +-TPM. ++\f[B]tpm2_policypcr\f[R](1) - Generates a PCR policy event with the TPM. + A PCR policy event creates a policy bound to specific PCR values and is + useful within larger policies constructed using policyor and + policyauthorize events. +@@ -30,13 +29,13 @@ The digest of all the PCR values directly specified as an + \f[B]argument\f[R]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-pcr\f[R]=\f[I]FILE\f[R]: ++\f[B]-f\f[R], \f[B]--pcr\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Optional Path or Name of the file containing expected PCR values for the +@@ -44,27 +43,28 @@ specified index. + Default is to read the current PCRs per the set list. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-pcr\-list\f[R]=\f[I]PCR\f[R]: ++\f[B]-l\f[R], \f[B]--pcr-list\f[R]=\f[I]PCR\f[R]: + .RS 2 + .PP + The list of PCR banks and selected PCRs\[cq] ids for each bank. ++Forward sealing values can be specified. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 + \f[B]ARGUMENT\f[R]: The calculated digest of all PCR values specified as + a hex byte stream. +-Eg: \f[C]openssl dgst \-sha256 \-binary pcr.bin | xxd \-p \-c 32\f[R] ++Eg: \f[C]openssl dgst -sha256 -binary pcr.bin | xxd -p -c 32\f[R] + .SS References + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -113,11 +113,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -129,7 +129,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -138,17 +138,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -191,17 +191,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -236,6 +235,19 @@ sha1:3,4+sha256:all + .PP + will select PCRs 3 and 4 from the SHA1 bank and PCRs 0 to 23 from the + SHA256 bank. ++.PP ++Certain commands support specifying forward sealing values as well: ++.IP ++.nf ++\f[C] ++sha1:0,1=da39a3ee5e6b4b0d3255bfef95601890afd80709,2 ++\f[R] ++.fi ++.PP ++This will select the current values for PCRs 0 and 2, but use the ++specified value for PCR 1. ++Digest lengths must match the bank size. ++An optional 0x prefix will be stripped off. + .SS Note + .PP + PCR Selections allow for up to 5 hash to pcr selection mappings. +@@ -247,14 +259,13 @@ pcr values. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -262,21 +273,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -287,7 +304,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -296,16 +313,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -314,10 +331,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -327,14 +344,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -347,7 +364,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -356,7 +373,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -379,7 +396,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -388,7 +405,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -405,13 +422,13 @@ the object. + .IP + .nf + \f[C] +-tpm2_createprimary \-C e \-g sha256 \-G ecc \-c primary.ctx ++tpm2_createprimary -C e -g sha256 -G ecc -c primary.ctx + +-tpm2_pcrread \-o pcr.dat \[dq]sha1:0,1,2,3\[dq] ++tpm2_pcrread -o pcr.dat \[dq]sha1:0,1,2,3\[dq] + +-tpm2_startauthsession \-S session.dat ++tpm2_startauthsession -S session.dat + +-tpm2_policypcr \-S session.dat \-l \[dq]sha1:0,1,2,3\[dq] \-f pcr.dat \-L policy.dat ++tpm2_policypcr -S session.dat -l \[dq]sha1:0,1,2,3\[dq] -f pcr.dat -L policy.dat + + tpm2_flushcontext session.dat + \f[R] +@@ -420,27 +437,27 @@ tpm2_flushcontext session.dat + .IP + .nf + \f[C] +-tpm2_create \-Q \-u key.pub \-r key.priv \-C primary.ctx \-L policy.dat \[rs] +-\-i\- <<< \[dq]12345678\[dq] ++tpm2_create -Q -u key.pub -r key.priv -C primary.ctx -L policy.dat \[rs] ++-i- <<< \[dq]12345678\[dq] + +-tpm2_load \-C primary.ctx \-u key.pub \-r key.priv \-n unseal.key.name \[rs] +-\-c unseal.key.ctx ++tpm2_load -C primary.ctx -u key.pub -r key.priv -n unseal.key.name \[rs] ++-c unseal.key.ctx + \f[R] + .fi + .SS Step 3: Satisfy the policy + .IP + .nf + \f[C] +-tpm2_startauthsession \-\-policy\-session \-S session.dat ++tpm2_startauthsession --policy-session -S session.dat + +-tpm2_policypcr \-S session.dat \-l \[dq]sha1:0,1,2,3\[dq] \-f pcr.dat \-L policy.dat ++tpm2_policypcr -S session.dat -l \[dq]sha1:0,1,2,3\[dq] -f pcr.dat -L policy.dat + \f[R] + .fi + .SS Step 4: Use the policy + .IP + .nf + \f[C] +-tpm2_unseal \-psession:session.dat \-c unseal.key.ctx ++tpm2_unseal -psession:session.dat -c unseal.key.ctx + 12345678 + + tpm2_flushcontext session.dat +@@ -450,17 +467,17 @@ tpm2_flushcontext session.dat + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -469,7 +486,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policyrestart.1 b/man/man1/tpm2_policyrestart.1 +index 5a21a02..5b876bb 100644 +--- a/man/man1/tpm2_policyrestart.1 ++++ b/man/man1/tpm2_policyrestart.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policyrestart" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policyrestart" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policyrestart\f[R](1) \- Restart an existing session with the ++\f[B]tpm2_policyrestart\f[R](1) - Restart an existing session with the + TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_policyrestart\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policyrestart\f[R](1) \- Restarts a session with the TPM back ++\f[B]tpm2_policyrestart\f[R](1) - Restarts a session with the TPM back + to it\[cq]s initial state. + This is useful when the TPM gives one a \f[B]TPM_RC_PCR_CHANGED\f[R] + (\f[C]0x00000128\f[R]) error code when using a PCR policy session. +@@ -22,16 +22,16 @@ One could restart the session and try again, however, the PCR state + would still need to satisfy the policy. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Optional, A session file from \f[B]tpm2_startauthsession\f[R](1)\[cq]s +-\f[B]\-S\f[R] option. ++\f[B]-S\f[R] option. + This session is used in lieu of starting a session and using the PCR + policy options. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -45,14 +45,13 @@ the command, it simply returns a cpHash. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -60,21 +59,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -85,7 +90,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -94,16 +99,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -112,10 +117,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -125,14 +130,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -145,7 +150,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -154,7 +159,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -177,7 +182,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -186,7 +191,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -199,49 +204,49 @@ the various known TCTI modules. + .nf + \f[C] + # create a policy and bind it to an object +-tpm2_startauthsession \-S session.dat ++tpm2_startauthsession -S session.dat + +-tpm2_policypcr \-S session.dat \-l \[dq]sha1:0,1,2,3\[dq] \-L policy.dat ++tpm2_policypcr -S session.dat -l \[dq]sha1:0,1,2,3\[dq] -L policy.dat + +-tpm2_createprimary \-c primary.ctx ++tpm2_createprimary -c primary.ctx + +-tpm2_create \-Cprimary.ctx \-u key.pub \-r key.priv \-L policy.dat \-i\- <<< \[dq]secret\[dq] ++tpm2_create -Cprimary.ctx -u key.pub -r key.priv -L policy.dat -i- <<< \[dq]secret\[dq] + +-tpm2_load \-C primary.ctx \-c key.ctx \-u key.pub \-r key.priv ++tpm2_load -C primary.ctx -c key.ctx -u key.pub -r key.priv + + tpm2_flushcontext session.dat + + # satisfy the policy and use the object +-tpm2_startauthsession \-\-policy \-S session.dat ++tpm2_startauthsession --policy -S session.dat + +-tpm2_policypcr \-S session.dat \-l \[dq]sha1:0,1,2,3\[dq] ++tpm2_policypcr -S session.dat -l \[dq]sha1:0,1,2,3\[dq] + + # PCR event occurs here causing unseal to fail + tpm2_pcrevent 0 <<< \[dq]event data\[dq] + +-tpm2_unseal \-psession:session.dat \-c key.ct +-ERROR: Esys_Unseal(0x128) \- tpm:error(2.0): PCR have changed since checked ++tpm2_unseal -psession:session.dat -c key.ct ++ERROR: Esys_Unseal(0x128) - tpm:error(2.0): PCR have changed since checked + + # Clear the policy digest to initial state, note access to object no longer allowed by + # policy so policyor would be useful here. +-tpm2_policyrestart \-S session.dat ++tpm2_policyrestart -S session.dat + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -250,7 +255,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policysecret.1 b/man/man1/tpm2_policysecret.1 +index e25e5f3..c124d5a 100644 +--- a/man/man1/tpm2_policysecret.1 ++++ b/man/man1/tpm2_policysecret.1 +@@ -1,22 +1,22 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policysecret" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policysecret" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policysecret\f[R](1) \- Couples the authorization of an object ++\f[B]tpm2_policysecret\f[R](1) - Couples the authorization of an object + to that of an existing object. + .SH SYNOPSIS + .PP + \f[B]tpm2_policysecret\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policysecret\f[R](1) \- Couples the authorization of an object ++\f[B]tpm2_policysecret\f[R](1) - Couples the authorization of an object + to that of an existing object without requiring exposing the existing + secret until time of object use. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-object\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--object-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + A context object specifier of a transient/permanent/persistent object. +@@ -24,25 +24,25 @@ Either a file path of a object context blob or a + loaded/persistent/permanent handle id. + See section \[lq]Context Object Format\[rq]. + As an argument, it takes the auth value of the associated TPM object, a +-single dash \- can be used to read the auth value from stdin. ++single dash - can be used to read the auth value from stdin. + The argument follows the \[lq]authorization formatting standards\[rq], + see section \[lq]Authorization Formatting\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-expiration\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]-t\f[R], \f[B]--expiration\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP + Set the expiration time of the policy in seconds. +@@ -51,19 +51,19 @@ If expiration value is 0 then the policy does not have a time limit on + the authorization. + .RE + .IP \[bu] 2 +-\f[B]\-\-ticket\f[R]=\f[I]FILE\f[R]: ++\f[B]--ticket\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The ticket file to record the authorization ticket structure. + .RE + .IP \[bu] 2 +-\f[B]\-\-timeout\f[R]=\f[I]FILE\f[R]: ++\f[B]--timeout\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file path to record the timeout structure returned. + .RE + .IP \[bu] 2 +-\f[B]\-x\f[R], \f[B]\-\-nonce\-tpm\f[R]: ++\f[B]-x\f[R], \f[B]--nonce-tpm\f[R]: + .RS 2 + .PP + Enable the comparison of the current session\[cq]s nonceTPM to ensure +@@ -71,7 +71,7 @@ the validity of the policy authorization is limited to the current + session. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-qualification\f[R]=\f[I]FILE_OR_HEX_STR\f[R]: ++\f[B]-q\f[R], \f[B]--qualification\f[R]=\f[I]FILE_OR_HEX_STR\f[R]: + .RS 2 + .PP + Optional, the policy qualifier data that the signer can choose to +@@ -79,7 +79,7 @@ include in the signature. + Can be either a hex string or path. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -90,12 +90,12 @@ policycphash. + .RE + .IP \[bu] 2 + \f[B]ARGUMENT\f[R] the command line argument specifies the +-\f[I]AUTH\f[R] to be set for the object specified with \f[B]\-c\f[R]. ++\f[I]AUTH\f[R] to be set for the object specified with \f[B]-c\f[R]. + .SS References + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -144,11 +144,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -160,7 +160,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -169,17 +169,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -222,17 +222,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -250,14 +249,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -265,21 +263,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -290,7 +294,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -299,16 +303,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -317,10 +321,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -330,14 +334,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -350,7 +354,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -359,7 +363,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -382,7 +386,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -391,7 +395,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -414,9 +418,9 @@ hierarchy auth was satisfied to the unseal tool. + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx ++tpm2_startauthsession -S session.ctx + +-tpm2_policysecret \-S session.ctx \-c o \-L secret.policy ++tpm2_policysecret -S session.ctx -c o -L secret.policy + + tpm2_flushcontext session.ctx + \f[R] +@@ -425,25 +429,25 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-tpm2_createprimary \-Q \-C o \-g sha256 \-G rsa \-c prim.ctx ++tpm2_createprimary -Q -C o -g sha256 -G rsa -c prim.ctx + +-tpm2_create \-Q \-g sha256 \-u sealing_key.pub \-r sealing_key.priv \-i\- \[rs] +- \-C prim.ctx \-L secret.policy <<< \[dq]SEALED\-SECRET\[dq] ++tpm2_create -Q -g sha256 -u sealing_key.pub -r sealing_key.priv -i- \[rs] ++ -C prim.ctx -L secret.policy <<< \[dq]SEALED-SECRET\[dq] + +-tpm2_load \-C prim.ctx \-u sealing_key.pub \-r sealing_key.priv \[rs] +- \-c sealing_key.ctx ++tpm2_load -C prim.ctx -u sealing_key.pub -r sealing_key.priv \[rs] ++ -c sealing_key.ctx + \f[R] + .fi + .SS Satisfy the policy and unseal the secret + .IP + .nf + \f[C] +-tpm2_startauthsession \-\-policy\-session \-S session.ctx ++tpm2_startauthsession --policy-session -S session.ctx + +-tpm2_policysecret \-S session.ctx \-c o \-L secret.policy ++tpm2_policysecret -S session.ctx -c o -L secret.policy + +-tpm2_unseal \-p \[dq]session:session.ctx\[dq] \-c sealing_key.ctx +-SEALED\-SECRET ++tpm2_unseal -p \[dq]session:session.ctx\[dq] -c sealing_key.ctx ++SEALED-SECRET + + tpm2_flushcontext session.ctx + \f[R] +@@ -452,17 +456,17 @@ tpm2_flushcontext session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -471,7 +475,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policysigned.1 b/man/man1/tpm2_policysigned.1 +index f286eb6..0b3b97e 100644 +--- a/man/man1/tpm2_policysigned.1 ++++ b/man/man1/tpm2_policysigned.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policysigned" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policysigned" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policysigned\f[R](1) \- Enables policy authorization by ++\f[B]tpm2_policysigned\f[R](1) - Enables policy authorization by + verifying signature of optional TPM2 parameters. + The signature is generated by a signing authority. + .SH SYNOPSIS +@@ -12,27 +12,27 @@ The signature is generated by a signing authority. + \f[B]tpm2_policysigned\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policysigned\f[R](1) \- Enables policy authorization by ++\f[B]tpm2_policysigned\f[R](1) - Enables policy authorization by + verifying signature of optional TPM2 parameters. + The signature is generated by a signing authority. + The optional TPM2 parameters being cpHashA, nonceTPM, policyRef and + expiration. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the compounded policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Context object for the key context used for the operation. +@@ -40,19 +40,19 @@ Either a file or a handle number. + See section \[lq]Context Object Format\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm used to digest the message. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-signature\f[R]=\f[I]FILE\f[R]: ++\f[B]-s\f[R], \f[B]--signature\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The input signature file of the signature to be validated. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Set the input signature file to a specified format. +@@ -62,7 +62,7 @@ OpenSSL. + The tool currently supports rsassa and ecdsa. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-expiration\f[R]=\f[I]NATURAL_NUMBER\f[R]: ++\f[B]-t\f[R], \f[B]--expiration\f[R]=\f[I]NATURAL_NUMBER\f[R]: + .RS 2 + .PP + Set the expiration time of the policy in seconds. +@@ -73,26 +73,26 @@ If expiration value is 0 then the policy does not have a time limit on + the authorization. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\-input\f[R]=\f[I]FILE\f[R]: ++\f[B]--cphash-input\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The command parameter hash (cpHash), enforcing the TPM command to be + authorized as well as its handle and parameter values. + .RE + .IP \[bu] 2 +-\f[B]\-\-ticket\f[R]=\f[I]FILE\f[R]: ++\f[B]--ticket\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The ticket file to record the authorization ticket structure. + .RE + .IP \[bu] 2 +-\f[B]\-\-timeout\f[R]=\f[I]FILE\f[R]: ++\f[B]--timeout\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file path to record the timeout structure returned. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-qualification\f[R]=\f[I]FILE_OR_HEX_STR\f[R]: ++\f[B]-q\f[R], \f[B]--qualification\f[R]=\f[I]FILE_OR_HEX_STR\f[R]: + .RS 2 + .PP + Optional, the policy qualifier data that the signer can choose to +@@ -100,7 +100,7 @@ include in the signature. + Can be either a hex string or path. + .RE + .IP \[bu] 2 +-\f[B]\-x\f[R], \f[B]\-\-nonce\-tpm\f[R]: ++\f[B]-x\f[R], \f[B]--nonce-tpm\f[R]: + .RS 2 + .PP + Enable the comparison of the current session\[cq]s nonceTPM to ensure +@@ -113,14 +113,13 @@ session. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -128,21 +127,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -153,7 +158,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -162,16 +167,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -180,10 +185,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -193,14 +198,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -213,7 +218,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -222,7 +227,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -245,7 +250,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -254,7 +259,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -269,29 +274,29 @@ specific signing authority. + .IP + .nf + \f[C] +-openssl genrsa \-out private.pem 2048 ++openssl genrsa -out private.pem 2048 + +-openssl rsa \-in private.pem \-outform PEM \-pubout \-out public.pem ++openssl rsa -in private.pem -outform PEM -pubout -out public.pem + \f[R] + .fi + .SS Generate signature with nonceTPM, cpHashA, policyRef and expiration set to 0 + .IP + .nf + \f[C] +-echo \[dq]00 00 00 00\[dq] | xxd \-r \-p | \[rs] +-openssl dgst \-sha256 \-sign private.pem \-out signature.dat ++echo \[dq]00 00 00 00\[dq] | xxd -r -p | \[rs] ++openssl dgst -sha256 -sign private.pem -out signature.dat + \f[R] + .fi + .SS Load the verification key and Create the policysigned policy + .IP + .nf + \f[C] +-tpm2_loadexternal \-C o \-G rsa \-u public.pem \-c signing_key.ctx ++tpm2_loadexternal -C o -G rsa -u public.pem -c signing_key.ctx + +-tpm2_startauthsession \-S session.ctx ++tpm2_startauthsession -S session.ctx + +-tpm2_policysigned \-S session.ctx \-g sha256 \-s signature.dat \-f rsassa \[rs] +-\-c signing_key.ctx \-L policy.signed ++tpm2_policysigned -S session.ctx -g sha256 -s signature.dat -f rsassa \[rs] ++-c signing_key.ctx -L policy.signed + + tpm2_flushcontext session.ctx + \f[R] +@@ -302,22 +307,22 @@ tpm2_flushcontext session.ctx + \f[C] + echo \[dq]plaintext\[dq] > secret.data + +-tpm2_createprimary \-C o \-c prim.ctx ++tpm2_createprimary -C o -c prim.ctx + +-tpm2_create \-u key.pub \-r sealing_key.priv \-c sealing_key.ctx \-C prim.ctx \[rs] +-\-i secret.data \-L policy.signed ++tpm2_create -u key.pub -r sealing_key.priv -c sealing_key.ctx -C prim.ctx \[rs] ++-i secret.data -L policy.signed + \f[R] + .fi + .SS Satisfy the policy and unseal secret + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx \-\-policy\-session ++tpm2_startauthsession -S session.ctx --policy-session + +-tpm2_policysigned \-S session.ctx \-g sha256 \-s signature.dat \-f rsassa \[rs] +-\-c signing_key.ctx \-L policy.signed ++tpm2_policysigned -S session.ctx -g sha256 -s signature.dat -f rsassa \[rs] ++-c signing_key.ctx -L policy.signed + +-tpm2_unseal \-p session:session.ctx \-c sealing_key.ctx ++tpm2_unseal -p session:session.ctx -c sealing_key.ctx + + tpm2_flushcontext session.ctx + \f[R] +@@ -326,17 +331,17 @@ tpm2_flushcontext session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -345,7 +350,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policytemplate.1 b/man/man1/tpm2_policytemplate.1 +index 0091530..407bf30 100644 +--- a/man/man1/tpm2_policytemplate.1 ++++ b/man/man1/tpm2_policytemplate.1 +@@ -1,36 +1,36 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_policytemplate" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_policytemplate" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_policytemplate\f[R](1) \- Couples a policy with public +-template data digest of an object. ++\f[B]tpm2_policytemplate\f[R](1) - Couples a policy with public template ++data digest of an object. + .SH SYNOPSIS + .PP + \f[B]tpm2_policytemplate\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_policytemplate\f[R](1) \- Couples a policy with public +-template data digest of an object. ++\f[B]tpm2_policytemplate\f[R](1) - Couples a policy with public template ++data digest of an object. + This is a deferred assertion where the hash of the public template data + of an object is checked against the one specified in the policy. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the compounded policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\[en]template\-hash\f[R]=\f[I]FILE\f[R]: ++\f[B]\[en]template-hash\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file containing the hash of the public template of the object. +@@ -41,14 +41,13 @@ The file containing the hash of the public template of the object. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -56,21 +55,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -81,7 +86,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -90,16 +95,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -108,10 +113,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -121,14 +126,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -141,7 +146,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -150,7 +155,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -173,7 +178,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -182,7 +187,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -194,20 +199,20 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-c prim.ctx \-\-template\-data template.data ++tpm2_createprimary -C o -c prim.ctx --template-data template.data + +-cat template.data | openssl dgst \-sha256 \-binary \-out template.hash ++cat template.data | openssl dgst -sha256 -binary -out template.hash + +-tpm2_startauthsession \-S session.ctx \-g sha256 +-tpm2_policytemplate \-S session.ctx \-L policy.template \[rs] +-\-\-template\-hash template.hash ++tpm2_startauthsession -S session.ctx -g sha256 ++tpm2_policytemplate -S session.ctx -L policy.template \[rs] ++--template-hash template.hash + tpm2_flushcontext session.ctx + +-tpm2_setprimarypolicy \-C o \-g sha256 \-L policy.template ++tpm2_setprimarypolicy -C o -g sha256 -L policy.template + +-tpm2_startauthsession \-S session.ctx \-g sha256 \-\-policy\-session +-tpm2_policytemplate \-S session.ctx \-\-template\-hash template.hash +-tpm2_createprimary \-C o \-c prim2.ctx \-P session:session.ctx ++tpm2_startauthsession -S session.ctx -g sha256 --policy-session ++tpm2_policytemplate -S session.ctx --template-hash template.hash ++tpm2_createprimary -C o -c prim2.ctx -P session:session.ctx + tpm2_flushcontext session.ctx + \f[R] + .fi +@@ -215,17 +220,17 @@ tpm2_flushcontext session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -234,7 +239,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_policyticket.1 b/man/man1/tpm2_policyticket.1 +index 83b97ef..14ec3a6 100644 +--- a/man/man1/tpm2_policyticket.1 ++++ b/man/man1/tpm2_policyticket.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_ticket" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_ticket" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_ticket\f[R](1) \- Enables policy authorization by verifying a ++\f[B]tpm2_ticket\f[R](1) - Enables policy authorization by verifying a + ticket that represents a validated authorization that had an expiration + time associated with it. + .SH SYNOPSIS +@@ -12,43 +12,43 @@ time associated with it. + \f[B]tpm2_ticket\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_ticket\f[R](1) \- Enables policy authorization by verifying a ++\f[B]tpm2_ticket\f[R](1) - Enables policy authorization by verifying a + ticket that represents a validated authorization that had an expiration + time associated with it. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + File to save the compounded policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP +-The policy session file generated via the \f[B]\-S\f[R] option to ++The policy session file generated via the \f[B]-S\f[R] option to + \f[B]tpm2_startauthsession\f[R](1). + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Name of the object that validated the authorization. + .RE + .IP \[bu] 2 +-\f[B]\-\-ticket\f[R]=\f[I]FILE\f[R]: ++\f[B]--ticket\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The ticket file to record the authorization ticket structure. + .RE + .IP \[bu] 2 +-\f[B]\-\-timeout\f[R]=\f[I]FILE\f[R]: ++\f[B]--timeout\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file path to record the timeout structure returned. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-qualification\f[R]=\f[I]FILE_OR_HEX_STR\f[R]: ++\f[B]-q\f[R], \f[B]--qualification\f[R]=\f[I]FILE_OR_HEX_STR\f[R]: + .RS 2 + .PP + Optional, the policy qualifier data that the signer can choose to +@@ -61,14 +61,13 @@ Can be either a hex string or path. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -76,21 +75,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -101,7 +106,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -110,16 +115,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -128,10 +133,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -141,14 +146,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -161,7 +166,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -170,7 +175,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -193,7 +198,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -202,7 +207,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -217,12 +222,12 @@ specific signing authority. + .IP + .nf + \f[C] +-openssl genrsa \-out private.pem 2048 ++openssl genrsa -out private.pem 2048 + +-openssl rsa \-in private.pem \-outform PEM \-pubout \-out public.pem ++openssl rsa -in private.pem -outform PEM -pubout -out public.pem + +-tpm2_loadexternal \-C o \-G rsa \-u public.pem \-c signing_key.ctx \[rs] +-\-n signing_key.name ++tpm2_loadexternal -C o -G rsa -u public.pem -c signing_key.ctx \[rs] ++-n signing_key.name + \f[R] + .fi + .SS Generate signature with the expiry time +@@ -231,18 +236,18 @@ tpm2_loadexternal \-C o \-G rsa \-u public.pem \-c signing_key.ctx \[rs] + \f[C] + EXPIRYTIME=\[dq]FFFFFE0C\[dq] + +-echo $EXPIRYTIME | xxd \-r \-p | \[rs] +-openssl dgst \-sha256 \-sign private.pem \-out signature.dat ++echo $EXPIRYTIME | xxd -r -p | \[rs] ++openssl dgst -sha256 -sign private.pem -out signature.dat + \f[R] + .fi + .SS Create the policy + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx ++tpm2_startauthsession -S session.ctx + +-tpm2_policysigned \-S session.ctx \-g sha256 \-s signature.dat \-f rsassa \[rs] +-\-c signing_key.ctx \-L policy.signed ++tpm2_policysigned -S session.ctx -g sha256 -s signature.dat -f rsassa \[rs] ++-c signing_key.ctx -L policy.signed + + tpm2_flushcontext session.ctx + \f[R] +@@ -251,26 +256,26 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-c prim.ctx \-Q ++tpm2_createprimary -C o -c prim.ctx -Q + + echo \[dq]plaintext\[dq] > secret.dat + +-tpm2_create \-u sealing_key.pub \-r sealing_key.priv \-c sealing_key.ctx \[rs] +-\-C prim.ctx \-i secret.dat \-L policy.signed \-Q ++tpm2_create -u sealing_key.pub -r sealing_key.priv -c sealing_key.ctx \[rs] ++-C prim.ctx -i secret.dat -L policy.signed -Q + \f[R] + .fi +-.SS Create ticket\-able policy ++.SS Create ticket-able policy + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx \-\-nonce\-tpm=nonce.test \-\-policy\-session ++tpm2_startauthsession -S session.ctx --nonce-tpm=nonce.test --policy-session + +-{ cat nonce.test & echo $EXPIRYTIME | xxd \-r \-p; } | \[rs] +-openssl dgst \-sha256 \-sign private.pem \-out signature.dat ++{ cat nonce.test & echo $EXPIRYTIME | xxd -r -p; } | \[rs] ++openssl dgst -sha256 -sign private.pem -out signature.dat + +-tpm2_policysigned \-S session.ctx \-g sha256 \-s signature.dat \-f rsassa \[rs] +-\-c signing_key.ctx \-x nonce.test \-\-ticket tic.ket \-\-timeout time.out \[rs] +-\-t 0xFFFFFE0C ++tpm2_policysigned -S session.ctx -g sha256 -s signature.dat -f rsassa \[rs] ++-c signing_key.ctx -x nonce.test --ticket tic.ket --timeout time.out \[rs] ++-t 0xFFFFFE0C + + tpm2_flushcontext session.ctx + \f[R] +@@ -280,29 +285,29 @@ tpm2_flushcontext session.ctx + .IP + .nf + \f[C] +-tpm2_startauthsession \-S session.ctx \-\-policy\-session ++tpm2_startauthsession -S session.ctx --policy-session + +-tpm2_policyticket \-S session.ctx \-n signing_key.name \-\-ticket tic.ket \[rs] +-\-\-timeout time.out ++tpm2_policyticket -S session.ctx -n signing_key.name --ticket tic.ket \[rs] ++--timeout time.out + +-tpm2_unseal \-p session:session.ctx \-c sealing_key.ctx ++tpm2_unseal -p session:session.ctx -c sealing_key.ctx + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -311,7 +316,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_print.1 b/man/man1/tpm2_print.1 +index a02c4e8..d1077b2 100644 +--- a/man/man1/tpm2_print.1 ++++ b/man/man1/tpm2_print.1 +@@ -1,25 +1,26 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_print" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_print" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_print\f[R](1) \- Prints TPM data structures ++\f[B]tpm2_print\f[R](1) - Prints TPM data structures + .SH SYNOPSIS + .PP + \f[B]tpm2_print\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R] or + \f[I]STDIN\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_print\f[R](1) \- Decodes a TPM data structure and prints ++\f[B]tpm2_print\f[R](1) - Decodes a TPM data structure and prints + enclosed elements to stdout as YAML. + A file path containing a TPM object or a TSS2 Private Key in the PEM + format may be specified as the path argument. + Reads from stdin if unspecified. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-type\f[R]: ++\f[B]-t\f[R], \f[B]--type\f[R]: + .RS 2 ++.PP + Required. + Type of data structure. + The option supports the following arguments: +@@ -40,7 +41,7 @@ The option supports the following arguments: + \f[B]ARGUMENT\f[R] the command line argument specifies the path of the + TPM data. + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]: + .RS 2 + .PP + Format selection for the public key output file. +@@ -52,14 +53,14 @@ Specification. + TPM 2.0 specs. + .PP + Public key format. +-This only works if option \f[C]\-\-type/\-t\f[R] is set to TPM2B_PUBLIC +-or TPMT_PUBLIC. ++This only works if option \f[C]--type/-t\f[R] is set to TPM2B_PUBLIC or ++TPMT_PUBLIC. + .RE + .SS References + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -108,11 +109,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -124,7 +125,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -133,17 +134,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -186,17 +187,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -214,14 +214,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -229,21 +228,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -254,7 +259,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -263,16 +268,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -281,10 +286,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -294,14 +299,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -314,7 +319,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -323,7 +328,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -346,7 +351,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -355,7 +360,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -368,14 +373,13 @@ the various known TCTI modules. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -383,21 +387,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -408,7 +418,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -417,16 +427,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -435,10 +445,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -448,14 +458,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -468,7 +478,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -477,7 +487,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -500,7 +510,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -509,7 +519,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -522,77 +532,77 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-C e \-c primary.ctx +-tpm2_create \-C primary.ctx \-u key.pub \-r key.priv +-tpm2_load \-C primary.ctx \-u key.pub \-r key.priv \-c key.ctx +-tpm2_quote \-c key.ctx \-l 0x0004:16,17,18+0x000b:16,17,18 \-g sha256 \-m msg.dat ++tpm2_createprimary -C e -c primary.ctx ++tpm2_create -C primary.ctx -u key.pub -r key.priv ++tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx ++tpm2_quote -c key.ctx -l 0x0004:16,17,18+0x000b:16,17,18 -g sha256 -m msg.dat + \f[R] + .fi + .SS Print a Quote + .IP + .nf + \f[C] +-tpm2_print \-t TPMS_ATTEST msg.dat ++tpm2_print -t TPMS_ATTEST msg.dat + \f[R] + .fi + .SS Print a public file + .IP + .nf + \f[C] +-tpm2_print \-t TPM2B_PUBLIC key.pub ++tpm2_print -t TPM2B_PUBLIC key.pub + \f[R] + .fi + .SS Print a tpmt public file + .IP + .nf + \f[C] +-tpm2_readpublic \-c key.ctx \-f tpmt \-o key.tpmt +-tpm2_print \-t TPMT_PUBLIC key.tpmt ++tpm2_readpublic -c key.ctx -f tpmt -o key.tpmt ++tpm2_print -t TPMT_PUBLIC key.tpmt + \f[R] + .fi + .SS Print a TPM2B_PUBLIC file and convert to PEM format + .IP + .nf + \f[C] +-tpm2 print \-t TPM2B_PUBLIC \-f pem key.pub ++tpm2 print -t TPM2B_PUBLIC -f pem key.pub + \f[R] + .fi + .SS Print public portion of TSSPRIVKEY PEM file and convert to PEM format + .IP + .nf + \f[C] +-tpm2 print \-t TSSPRIVKEY_OBJ tssprivkey.pem +-tpm2 print \-t TSSPRIVKEY_OBJ tssprivkey.pem \-f pem > publickey.pem ++tpm2 print -t TSSPRIVKEY_OBJ tssprivkey.pem ++tpm2 print -t TSSPRIVKEY_OBJ tssprivkey.pem -f pem > publickey.pem + \f[R] + .fi + .SS Print the name of a serialized ESYS_TR handle. + .PP + Serialized ESYS_TR handles are returned from tools like +-\f[C]tpm2_evictcontrol\f[R]\[cq]s \f[C]\-o\f[R] and +-\f[C]tpm2_readpublic\f[R]\[cq]s \f[C]\-t\f[R] options. ++\f[C]tpm2_evictcontrol\f[R]\[cq]s \f[C]-o\f[R] and ++\f[C]tpm2_readpublic\f[R]\[cq]s \f[C]-t\f[R] options. + .IP + .nf + \f[C] +-tpm2_createprimary \-c primary.ctx +-tpm2_evictcontrol \-c primary.ctx \-o primary.tr +-tpm2 print \-t ESYS_TR primary.tr ++tpm2_createprimary -c primary.ctx ++tpm2_evictcontrol -c primary.ctx -o primary.tr ++tpm2 print -t ESYS_TR primary.tr + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_quote.1 b/man/man1/tpm2_quote.1 +index b219535..3922d5c 100644 +--- a/man/man1/tpm2_quote.1 ++++ b/man/man1/tpm2_quote.1 +@@ -1,67 +1,67 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_quote" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_quote" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_quote\f[R](1) \- Provide a quote and signature from the TPM. ++\f[B]tpm2_quote\f[R](1) - Provide a quote and signature from the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_quote\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_quote\f[R](1) \- Provide quote and signature for given list of ++\f[B]tpm2_quote\f[R](1) - Provide quote and signature for given list of + PCRs in given algorithm/banks. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Context object for the quote signing key. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for AK specified by option +-\f[B]\-C\f[R]. ++\f[B]-C\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-pcr\-list\f[R]=\f[I]PCR\f[R]: ++\f[B]-l\f[R], \f[B]--pcr-list\f[R]=\f[I]PCR\f[R]: + .RS 2 + .PP + The list of PCR banks and selected PCRs\[cq] ids for each bank. + Also see \f[B]NOTES\f[R] section below. + .RE + .IP \[bu] 2 +-\f[B]\-m\f[R], \f[B]\-\-message\f[R]=\f[I]FILE\f[R]: ++\f[B]-m\f[R], \f[B]--message\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Message output file, records the quote message that makes up the data + that is signed by the TPM. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-signature\f[R]=\f[I]FILE\f[R]: ++\f[B]-s\f[R], \f[B]--signature\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Signature output file, records the signature in the format specified via +-the \f[B]\-f\f[R] option. ++the \f[B]-f\f[R] option. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Format selection for the signature output file. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-pcr\f[R]=\f[I]FILE\f[R]. ++\f[B]-o\f[R], \f[B]--pcr\f[R]=\f[I]FILE\f[R]. + .RS 2 + .PP + PCR output file, optional, records the list of PCR values as defined by +-\f[B]\-l\f[R]. ++\f[B]-l\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-F\f[R], \f[B]\-\-pcrs_format\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-F\f[R], \f[B]--pcrs_format\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Format selection for the binary blob in the PCR output file. +@@ -72,7 +72,7 @@ Optional. + Default is `serialized'. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-qualification\f[R]=\f[I]HEX_STRING_OR_PATH\f[R]: ++\f[B]-q\f[R], \f[B]--qualification\f[R]=\f[I]HEX_STRING_OR_PATH\f[R]: + .RS 2 + .PP + Data given as a Hex string or binary file to qualify the quote, +@@ -80,14 +80,14 @@ optional. + This is typically used to add a nonce against replay attacks. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]: + .RS 2 + .PP + Hash algorithm for signature. + Defaults to sha256. + .RE + .IP \[bu] 2 +-\f[B]\-\-scheme\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]--scheme\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The signing scheme used to sign the message. +@@ -101,7 +101,7 @@ If left unspecified, a default signature scheme for the key type will be + used. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -113,7 +113,7 @@ the command, it simply returns a cpHash. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -162,11 +162,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -178,7 +178,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -187,17 +187,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -240,17 +240,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -293,6 +292,19 @@ sha1:3,4+sha256:all + .PP + will select PCRs 3 and 4 from the SHA1 bank and PCRs 0 to 23 from the + SHA256 bank. ++.PP ++Certain commands support specifying forward sealing values as well: ++.IP ++.nf ++\f[C] ++sha1:0,1=da39a3ee5e6b4b0d3255bfef95601890afd80709,2 ++\f[R] ++.fi ++.PP ++This will select the current values for PCRs 0 and 2, but use the ++specified value for PCR 1. ++Digest lengths must match the bank size. ++An optional 0x prefix will be stripped off. + .SS Note + .PP + PCR Selections allow for up to 5 hash to pcr selection mappings. +@@ -303,14 +315,13 @@ pcr values. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -318,21 +329,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -343,7 +360,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -352,16 +369,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -370,10 +387,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -383,14 +400,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -403,7 +420,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -412,7 +429,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -435,7 +452,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -444,7 +461,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -455,13 +472,13 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-C e \-c primary.ctx ++tpm2_createprimary -C e -c primary.ctx + +-tpm2_create \-C primary.ctx \-u key.pub \-r key.priv ++tpm2_create -C primary.ctx -u key.pub -r key.priv + +-tpm2_load \-C primary.ctx \-u key.pub \-r key.priv \-c key.ctx ++tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx + +-tpm2_quote \-Q \-c key.ctx \-l 0x0004:16,17,18+0x000b:16,17,18 ++tpm2_quote -Q -c key.ctx -l 0x0004:16,17,18+0x000b:16,17,18 + \f[R] + .fi + .SH NOTES +@@ -476,17 +493,17 @@ That this performs a detached signature. + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_rc_decode.1 b/man/man1/tpm2_rc_decode.1 +index a6cc43c..a20e8b4 100644 +--- a/man/man1/tpm2_rc_decode.1 ++++ b/man/man1/tpm2_rc_decode.1 +@@ -1,18 +1,18 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_rc_decode" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_rc_decode" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_rc_decode\f[R](1) \- Decode TPM2 error codes to a human ++\f[B]tpm2_rc_decode\f[R](1) - Decode TPM2 error codes to a human + readable format. + .SH SYNOPSIS + .PP + \f[B]tpm2_rc_decode\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_rc_decode\f[R](1) \- Converts an \f[I]RC_CODE\f[R] from the +-TPM or TSS2 software stack into human readable errors. ++\f[B]tpm2_rc_decode\f[R](1) - Converts an \f[I]RC_CODE\f[R] from the TPM ++or TSS2 software stack into human readable errors. + Analogous to \f[B]strerror\f[R](3), but for the TPM2 stack. + .SH OPTIONS + .PP +@@ -26,14 +26,13 @@ be parsed. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -41,21 +40,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH EXAMPLES + .IP +@@ -69,17 +74,17 @@ tpm:parameter(1):structure is the wrong size + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_readclock.1 b/man/man1/tpm2_readclock.1 +index 4dc3f56..b4e86cf 100644 +--- a/man/man1/tpm2_readclock.1 ++++ b/man/man1/tpm2_readclock.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_readclock" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_readclock" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_readclock\f[R](1) \- Retrieves the time information from the ++\f[B]tpm2_readclock\f[R](1) - Retrieves the time information from the + TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_readclock\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_readclock\f[R](1) \-Reads the current TPMS_TIME_INFO structure ++\f[B]tpm2_readclock\f[R](1) -Reads the current TPMS_TIME_INFO structure + from the TPM. + The structure contains the current setting of Time, Clock, resetCount, + and restartCount. +@@ -41,14 +41,13 @@ This tool takes no arguments and no tool specific options. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -56,21 +55,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -81,7 +86,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -90,16 +95,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -108,10 +113,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -121,14 +126,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -141,7 +146,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -150,7 +155,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -173,7 +178,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -182,7 +187,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -207,17 +212,17 @@ clock_info: + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_readpublic.1 b/man/man1/tpm2_readpublic.1 +index 86ab3ec..c4efc4b 100644 +--- a/man/man1/tpm2_readpublic.1 ++++ b/man/man1/tpm2_readpublic.1 +@@ -1,32 +1,31 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_readpublic" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_readpublic" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_readpublic\f[R](1) \- Read the public area of a loaded object. ++\f[B]tpm2_readpublic\f[R](1) - Read the public area of a loaded object. + .SH SYNOPSIS + .PP + \f[B]tpm2_readpublic\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_readpublic\f[R](1) \- Reads the public area of a loaded +-object. ++\f[B]tpm2_readpublic\f[R](1) - Reads the public area of a loaded object. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-object\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--object-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Context object for the object to read. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + An optional file to save the name structure of the object. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]: + .RS 2 + .PP + Format selection for the public key output file. +@@ -40,13 +39,13 @@ TPM 2.0 specs. + Public key format. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The output file path, recording the public portion of the object. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-serialized\-handle\f[R]=\f[I]HANDLE\f[R]: ++\f[B]-t\f[R], \f[B]--serialized-handle\f[R]=\f[I]HANDLE\f[R]: + .RS 2 + .PP + If the object to be read is a persistent object specified by a raw +@@ -56,7 +55,7 @@ Callers should ensure that the contents of name match the expected + objects name. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-qualified\-name\f[R]=\f[I]FILE\f[R]: ++\f[B]-q\f[R], \f[B]--qualified-name\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Saves the qualified name of the object to \f[I]FILE\f[R]. +@@ -69,7 +68,7 @@ parents. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -93,14 +92,13 @@ handle, e.g.\ 0x81010013 and used directly._OBJECT_. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -108,21 +106,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -133,7 +137,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -142,16 +146,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -160,10 +164,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -173,14 +177,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -193,7 +197,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -202,7 +206,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -225,7 +229,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -234,7 +238,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -246,15 +250,15 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-c primary.ctx +-tpm2_readpublic \-c primary.ctx \-o output.dat \-f pem ++tpm2_createprimary -c primary.ctx ++tpm2_readpublic -c primary.ctx -o output.dat -f pem + \f[R] + .fi + .SS Serialize an existing persistent object handle to disk for later use + .PP +-This work\-flow is primarily intended for existing persistent TPM ++This work-flow is primarily intended for existing persistent TPM + objects. +-This work\-flow does not verify that the name of the serialized object ++This work-flow does not verify that the name of the serialized object + matches the expected, and thus the serialized handle could be pointing + to an attacker controlled object if no verification is done. + If you are creating an object from scratch, save the serialized handle +@@ -265,11 +269,11 @@ We assume that an object has already been persisted, for example via: + .nf + \f[C] + # We assume that an object has already been persisted, for example +-tpm2_createprimary \-c primary.ctx ++tpm2_createprimary -c primary.ctx + + # context files have all the information for the TPM to verify the object +-tpm2_evictcontrol \-c primary.ctx +-persistent\-handle: 0x81000001 ++tpm2_evictcontrol -c primary.ctx ++persistent-handle: 0x81000001 + action: persisted + \f[R] + .fi +@@ -279,13 +283,13 @@ Next use the persistent handle to get a serialized handle: + .nf + \f[C] + # The persistent handle output could be at an attacker controlled object, +-# best practice is to use the option \[dq]\-o: for tpm2_evictcontrol to get a ++# best practice is to use the option \[dq]-o: for tpm2_evictcontrol to get a + # serialized handle instead. + +-tpm2_readpublic \-c 0x81000001 \-o output.dat \-f pem \-t primary.handle ++tpm2_readpublic -c 0x81000001 -o output.dat -f pem -t primary.handle + + # use this verified handle in an encrypted session with the tpm +-tpm2_startauthsession \-\-policy\-session \-S session.ctx \-c primary.handle ++tpm2_startauthsession --policy-session -S session.ctx -c primary.handle + \f[R] + .fi + .PP +@@ -294,17 +298,17 @@ For new objects, its best to use all serialized handles. + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_rsadecrypt.1 b/man/man1/tpm2_rsadecrypt.1 +index d10418a..96a4469 100644 +--- a/man/man1/tpm2_rsadecrypt.1 ++++ b/man/man1/tpm2_rsadecrypt.1 +@@ -1,22 +1,22 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_rsadecrypt" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_rsadecrypt" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_rsadecrypt\f[R](1) \- Performs an RSA decryption operation ++\f[B]tpm2_rsadecrypt\f[R](1) - Performs an RSA decryption operation + using the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_rsadecrypt\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_rsadecrypt\f[R](1) \- Performs RSA decryption on the contents ++\f[B]tpm2_rsadecrypt\f[R](1) - Performs RSA decryption on the contents + of file using the indicated padding scheme according to IETF RFC 3447 + (PKCS#1). + Command line argument defaults to \f[I]stdin\f[R] if not specified. + .PP +-The key referenced by key\-context is \f[B]required\f[R] to be: ++The key referenced by key-context is \f[B]required\f[R] to be: + .IP "1." 3 + An RSA key + .IP "2." 3 +@@ -24,7 +24,7 @@ Have the attribute \f[I]decrypt\f[R] \f[B]SET\f[R] in it\[cq]s + attributes. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Context object pointing to the the public portion of RSA key to use for +@@ -33,32 +33,32 @@ Either a file or a handle number. + See section \[lq]Context Object Format\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-Optional authorization value to use the key specified by \f[B]\-c\f[R]. ++Optional authorization value to use the key specified by \f[B]-c\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Optional output file path to record the decrypted data to. + The default is to print the binary encrypted data to \f[I]STDOUT\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-scheme\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-s\f[R], \f[B]--scheme\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Optional, set the padding scheme (defaults to rsaes). + .IP \[bu] 2 +-null \- TPM_ALG_NULL uses the key\[cq]s scheme if set. ++null - TPM_ALG_NULL uses the key\[cq]s scheme if set. + .IP \[bu] 2 +-rsaes \- TPM_ALG_RSAES which is RSAES_PKCSV1.5. ++rsaes - TPM_ALG_RSAES which is RSAES_PKCSV1.5. + .IP \[bu] 2 +-oaep \- TPM_ALG_OAEP which is RSAES_OAEP. ++oaep - TPM_ALG_OAEP which is RSAES_OAEP. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-label\f[R]=\f[I]FILE\f[R] OR \f[I]STRING\f[R]: ++\f[B]-l\f[R], \f[B]--label\f[R]=\f[I]FILE\f[R] OR \f[I]STRING\f[R]: + .RS 2 + .PP + Optional, set the label data.The TPM requires the last byte of the label +@@ -66,7 +66,7 @@ to be zero, this is handled internally to the tool. + No other embedded 0 bytes can exist or the TPM will truncate your label. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -81,7 +81,7 @@ containing data to be decrypted. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -130,11 +130,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -146,7 +146,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -155,17 +155,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -208,17 +208,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -236,14 +235,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -251,21 +249,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -276,7 +280,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -285,16 +289,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -303,10 +307,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -316,14 +320,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -336,7 +340,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -345,7 +349,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -368,7 +372,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -377,7 +381,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -389,9 +393,9 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-c primary.ctx +-tpm2_create \-C primary.ctx \-Grsa2048 \-u key.pub \-r key.priv +-tpm2_load \-C primary.ctx \-u key.pub \-r key.priv \-c key.ctx ++tpm2_createprimary -c primary.ctx ++tpm2_create -C primary.ctx -Grsa2048 -u key.pub -r key.priv ++tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx + \f[R] + .fi + .SS Encrypt using RSA +@@ -399,14 +403,14 @@ tpm2_load \-C primary.ctx \-u key.pub \-r key.priv \-c key.ctx + .nf + \f[C] + echo \[dq]my message\[dq] > msg.dat +-tpm2_rsaencrypt \-c key.ctx \-o msg.enc msg.dat ++tpm2_rsaencrypt -c key.ctx -o msg.enc msg.dat + \f[R] + .fi + .SS Decrypt using RSA + .IP + .nf + \f[C] +-tpm2_rsadecrypt \-c key.ctx \-o msg.ptext msg.enc ++tpm2_rsadecrypt -c key.ctx -o msg.ptext msg.enc + cat msg.ptext + my message + \f[R] +@@ -415,17 +419,17 @@ my message + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_rsaencrypt.1 b/man/man1/tpm2_rsaencrypt.1 +index 7716796..d64d5c7 100644 +--- a/man/man1/tpm2_rsaencrypt.1 ++++ b/man/man1/tpm2_rsaencrypt.1 +@@ -1,22 +1,22 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_rsaencrypt" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_rsaencrypt" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_rsaencrypt\f[R](1) \- Performs an RSA encryption operation ++\f[B]tpm2_rsaencrypt\f[R](1) - Performs an RSA encryption operation + using the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_rsaencrypt\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_rsaencrypt\f[R](1) \- Performs RSA encryption on the contents ++\f[B]tpm2_rsaencrypt\f[R](1) - Performs RSA encryption on the contents + of file data using the indicated padding scheme according to IETF RFC + 3447 (PKCS#1). + Input defaults to \f[I]STDIN\f[R] if not specified. + .PP +-The key referenced by key\-context is \f[B]required\f[R] to be: ++The key referenced by key-context is \f[B]required\f[R] to be: + .IP "1." 3 + An RSA key + .IP "2." 3 +@@ -24,33 +24,33 @@ Have the attribute \f[I]encrypt\f[R] \f[B]SET\f[R] in it\[cq]s + attributes. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Context object pointing to the the public portion of RSA key to use for + encryption. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Optional output file path to record the encrypted data to. + The default is to print the binary encrypted data to stdout. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-scheme\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-s\f[R], \f[B]--scheme\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Optional, set the padding scheme (defaults to rsaes). + .IP \[bu] 2 +-null \- TPM_ALG_NULL uses the key\[cq]s scheme if set. ++null - TPM_ALG_NULL uses the key\[cq]s scheme if set. + .IP \[bu] 2 +-rsaes \- TPM_ALG_RSAES which is RSAES_PKCSV1.5. ++rsaes - TPM_ALG_RSAES which is RSAES_PKCSV1.5. + .IP \[bu] 2 +-oaep \- TPM_ALG_OAEP which is RSAES_OAEP. ++oaep - TPM_ALG_OAEP which is RSAES_OAEP. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-label\f[R]=\f[I]FILE\f[R] or \f[I]STRING\f[R]: ++\f[B]-l\f[R], \f[B]--label\f[R]=\f[I]FILE\f[R] or \f[I]STRING\f[R]: + .RS 2 + .PP + Optional, set the label data. +@@ -66,7 +66,7 @@ file with data to be encrypted. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -115,11 +115,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -131,7 +131,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -140,17 +140,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -193,17 +193,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -221,14 +220,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -236,21 +234,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -261,7 +265,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -270,16 +274,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -288,10 +292,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -301,14 +305,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -321,7 +325,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -330,7 +334,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -353,7 +357,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -362,7 +366,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -374,9 +378,9 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-c primary.ctx +-tpm2_create \-C primary.ctx \-Grsa2048 \-u key.pub \-r key.priv +-tpm2_load \-C primary.ctx \-u key.pub \-r key.priv \-c key.ctx ++tpm2_createprimary -c primary.ctx ++tpm2_create -C primary.ctx -Grsa2048 -u key.pub -r key.priv ++tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx + \f[R] + .fi + .SS Encrypt using RSA +@@ -384,14 +388,14 @@ tpm2_load \-C primary.ctx \-u key.pub \-r key.priv \-c key.ctx + .nf + \f[C] + echo \[dq]my message\[dq] > msg.dat +-tpm2_rsaencrypt \-c key.ctx \-o msg.enc msg.dat ++tpm2_rsaencrypt -c key.ctx -o msg.enc msg.dat + \f[R] + .fi + .SS Decrypt using RSA + .IP + .nf + \f[C] +-tpm2_rsadecrypt \-c key.ctx \-o msg.ptext msg.enc ++tpm2_rsadecrypt -c key.ctx -o msg.ptext msg.enc + cat msg.ptext + my message + \f[R] +@@ -400,17 +404,17 @@ my message + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_selftest.1 b/man/man1/tpm2_selftest.1 +index 2302377..2307b61 100644 +--- a/man/man1/tpm2_selftest.1 ++++ b/man/man1/tpm2_selftest.1 +@@ -1,23 +1,23 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_selftest" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_selftest" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_selftest\f[R](1) \- Run TPM\[cq]s self\-test internal routines ++\f[B]tpm2_selftest\f[R](1) - Run TPM\[cq]s self-test internal routines + .SH SYNOPSIS + .PP + \f[B]tpm2_selftest\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_selftest\f[R](1) \- Cause the TPM to execute self\-test of its ++\f[B]tpm2_selftest\f[R](1) - Cause the TPM to execute self-test of its + capabilities. + .PP +-Self\-test can be executed in two modes : ++Self-test can be executed in two modes : + .IP \[bu] 2 +-Simple test \- TPM will test functions that require testing ++Simple test - TPM will test functions that require testing + .IP \[bu] 2 +-Full test \- TPM will test all functions regardless of what has already ++Full test - TPM will test all functions regardless of what has already + been tested + .PP + Once the TPM receives this request, the TPM will return TPM_RC_TESTING +@@ -28,21 +28,20 @@ time. + The TPM will remain in failure mode until the next TPM initialization. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-fulltest\f[R] : Run self\-test in full mode ++\f[B]-f\f[R], \f[B]--fulltest\f[R] : Run self-test in full mode + .SS References + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -50,21 +49,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -75,7 +80,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -84,16 +89,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -102,10 +107,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -115,14 +120,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -135,7 +140,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -144,7 +149,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -167,7 +172,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -176,7 +181,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -184,35 +189,35 @@ Specify the default (abrmd) tcti and a config string of + the various known TCTI modules. + .RE + .SH EXAMPLES +-.SS Perform a simple TPM self\-test ++.SS Perform a simple TPM self-test + .IP + .nf + \f[C] + tpm2_selftest + \f[R] + .fi +-.SS Perform a complete TPM self\-test ++.SS Perform a complete TPM self-test + .IP + .nf + \f[C] +-tpm2_selftest \-f ++tpm2_selftest -f + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_send.1 b/man/man1/tpm2_send.1 +index d611c87..6bf1680 100644 +--- a/man/man1/tpm2_send.1 ++++ b/man/man1/tpm2_send.1 +@@ -1,16 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_send" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_send" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_send\f[R](1) \- Send a raw command buffer to the TPM. ++\f[B]tpm2_send\f[R](1) - Send a raw command buffer to the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_send\f[R] [\f[I]OPTIONS\f[R]] [\f[I]STDIN\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_send\f[R](1) \- Sends a TPM command to the TPM. ++\f[B]tpm2_send\f[R](1) - Sends a TPM command to the TPM. + The command is read from a file as a binary stream and transmitted to + the TPM using the TCTI specified by the caller. + The response received from the TPM is written to the output file. +@@ -19,7 +19,7 @@ Likely the caller will want to redirect this to a file or into a program + to decode and display the response in a human readable form. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Output file to send response buffer to. +@@ -33,14 +33,13 @@ Defaults to \f[I]STDOUT\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -48,21 +47,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -73,7 +78,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -82,16 +87,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -100,10 +105,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -113,14 +118,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -133,7 +138,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -142,7 +147,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -165,7 +170,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -174,7 +179,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -184,31 +189,31 @@ the various known TCTI modules. + .SH EXAMPLES + .SS Send and receive raw commands to TPM + .PP +-Send the contents of \f[I]tpm2\-command.bin\f[R] to a device and collect +-the response as \f[I]tpm2\-response.bin\f[R]. ++Send the contents of \f[I]tpm2-command.bin\f[R] to a device and collect ++the response as \f[I]tpm2-response.bin\f[R]. + .IP + .nf + \f[C] +-tpm2_send < tpm2\-command.bin > tpm2\-response.bin ++tpm2_send < tpm2-command.bin > tpm2-response.bin + +-tpm2_send < tpm2\-command.bin \-o tpm2\-response.bin ++tpm2_send < tpm2-command.bin -o tpm2-response.bin + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_sessionconfig.1 b/man/man1/tpm2_sessionconfig.1 +index d468c2c..76e70f4 100644 +--- a/man/man1/tpm2_sessionconfig.1 ++++ b/man/man1/tpm2_sessionconfig.1 +@@ -1,18 +1,18 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_sessionconfig" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_sessionconfig" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_sessionconfig\f[R](1) \- Configure session attributes and +-print session info from a session file. ++\f[B]tpm2_sessionconfig\f[R](1) - Configure session attributes and print ++session info from a session file. + .SH SYNOPSIS + .PP + \f[B]tpm2_sessionconfig\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_sessionconfig\f[R](1) \- Configure session attributes and +-print session info from a session file. ++\f[B]tpm2_sessionconfig\f[R](1) - Configure session attributes and print ++session info from a session file. + .PP + The tool operates in one of two modes: 1. + Configure/ modify the session attributes. +@@ -21,76 +21,76 @@ Print the session information. + This is the default behavior. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-\-enable\-continuesession\f[R]: ++\f[B]--enable-continuesession\f[R]: + .RS 2 + .PP +-Enable continueSession in the session\-attributes. ++Enable continueSession in the session-attributes. + .RE + .IP \[bu] 2 +-\f[B]\-\-disable\-continuesession\f[R] ++\f[B]--disable-continuesession\f[R] + .RS 2 + .PP +-Disable continuesession in the session\-attributes. ++Disable continuesession in the session-attributes. + .RE + .IP \[bu] 2 +-\f[B]\-\-enable\-auditexclusive\f[R] ++\f[B]--enable-auditexclusive\f[R] + .RS 2 + .PP +-Enable auditexclusive in the session\-attributes. ++Enable auditexclusive in the session-attributes. + .RE + .IP \[bu] 2 +-\f[B]\-\-disable\-auditexclusive\f[R] ++\f[B]--disable-auditexclusive\f[R] + .RS 2 + .PP +-Disable auditexclusive in the session\-attributes. ++Disable auditexclusive in the session-attributes. + .RE + .IP \[bu] 2 +-\f[B]\-\-enable\-auditreset\f[R] ++\f[B]--enable-auditreset\f[R] + .RS 2 + .PP +-Enable auditreset in the session\-attributes. ++Enable auditreset in the session-attributes. + .RE + .IP \[bu] 2 +-\f[B]\-\-disable\-auditreset\f[R] ++\f[B]--disable-auditreset\f[R] + .RS 2 + .PP +-Disable auditreset in the session\-attributes. ++Disable auditreset in the session-attributes. + .RE + .IP \[bu] 2 +-\f[B]\-\-enable\-decrypt\f[R] ++\f[B]--enable-decrypt\f[R] + .RS 2 + .PP +-Enable decrypt in the session\-attributes. ++Enable decrypt in the session-attributes. + .RE + .IP \[bu] 2 +-\f[B]\-\-disable\-decrypt\f[R] ++\f[B]--disable-decrypt\f[R] + .RS 2 + .PP +-Disable decrypt in the session\-attributes. ++Disable decrypt in the session-attributes. + .RE + .IP \[bu] 2 +-\f[B]\-\-enable\-encrypt\f[R] ++\f[B]--enable-encrypt\f[R] + .RS 2 + .PP +-Enable encrypt in the session\-attributes. ++Enable encrypt in the session-attributes. + .RE + .IP \[bu] 2 +-\f[B]\-\-disable\-encrypt\f[R] ++\f[B]--disable-encrypt\f[R] + .RS 2 + .PP +-Disable encrypt in the session\-attributes. ++Disable encrypt in the session-attributes. + .RE + .IP \[bu] 2 +-\f[B]\-\-enable\-audit\f[R] ++\f[B]--enable-audit\f[R] + .RS 2 + .PP +-Enable audit in the session\-attributes. ++Enable audit in the session-attributes. + .RE + .IP \[bu] 2 +-\f[B]\-\-disable\-audit\f[R] ++\f[B]--disable-audit\f[R] + .RS 2 + .PP +-Disable audit in the session\-attributes. ++Disable audit in the session-attributes. + .RE + .IP \[bu] 2 + \f[B]ARGUMENT\f[R] the session context file. +@@ -100,14 +100,13 @@ Disable audit in the session\-attributes. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -115,21 +114,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -140,7 +145,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -149,16 +154,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -167,10 +172,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -180,14 +185,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -200,7 +205,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -209,7 +214,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -232,7 +237,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -241,7 +246,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -253,15 +258,14 @@ the various known TCTI modules. + .IP + .nf + \f[C] +- +-tpm2 createprimary \-c prim.ctx +-tpm2 startauthsession \-S session.ctx \-\-policy\-session \-c prim.ctx ++tpm2 createprimary -c prim.ctx ++tpm2 startauthsession -S session.ctx --policy-session -c prim.ctx + + ### Session info before changing attributes + tpm2 sessionconfig session.ctx + + ### Session info after changing attributes +-tpm2 sessionconfig \-\-disable\-continuesession ++tpm2 sessionconfig --disable-continuesession + tpm2 sessionconfig session.ctx + \f[R] + .fi +@@ -269,17 +273,17 @@ tpm2 sessionconfig session.ctx + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_setclock.1 b/man/man1/tpm2_setclock.1 +index 58a2a17..cc137a5 100644 +--- a/man/man1/tpm2_setclock.1 ++++ b/man/man1/tpm2_setclock.1 +@@ -1,35 +1,35 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_setclock" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_setclock" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_setclock\f[R](1) \- Sets the time on the TPM. ++\f[B]tpm2_setclock\f[R](1) - Sets the time on the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_setclock\f[R] [\f[I]OPTIONS\f[R]] \f[B]TIME\f[R] + .SH DESCRIPTION + .PP +-\f[B]tpm2_setclock\f[R](1) \- Sets the clock on the TPM to a time in the ++\f[B]tpm2_setclock\f[R](1) - Sets the clock on the TPM to a time in the + \f[B]future\f[R]. + The sole argument is the clock time as a number to set. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + The hierarchy to use for authorization, either platform or owner. + Defaults to the owner hierarchy if not specified. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy specified by option +-\f[B]\-c\f[R]. ++\f[B]-c\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -41,7 +41,7 @@ the command, it simply returns a cpHash. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -90,11 +90,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -106,7 +106,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -115,17 +115,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -168,17 +168,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -196,14 +195,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -211,21 +209,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -236,7 +240,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -245,16 +249,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -263,10 +267,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -276,14 +280,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -296,7 +300,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -305,7 +309,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -328,7 +332,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -337,7 +341,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -351,24 +355,24 @@ Set the clock using the owner password. + .IP + .nf + \f[C] +-tpm2_setclock \-p ownerpw 13673142 ++tpm2_setclock -p ownerpw 13673142 + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_setcommandauditstatus.1 b/man/man1/tpm2_setcommandauditstatus.1 +index 721085e..eb0bbd4 100644 +--- a/man/man1/tpm2_setcommandauditstatus.1 ++++ b/man/man1/tpm2_setcommandauditstatus.1 +@@ -1,19 +1,19 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_setcommandauditstatus" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_setcommandauditstatus" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_setcommandauditstatus\f[R](1) \- Add or remove TPM2 commands +-to the audited commands list. ++\f[B]tpm2_setcommandauditstatus\f[R](1) - Add or remove TPM2 commands to ++the audited commands list. + .SH SYNOPSIS + .PP + \f[B]tpm2_setcommandauditstatus\f[R] [\f[I]OPTIONS\f[R]] + [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_setcommandauditstatus\f[R](1) \- Add or remove TPM2 commands +-to the audited commands list. ++\f[B]tpm2_setcommandauditstatus\f[R](1) - Add or remove TPM2 commands to ++the audited commands list. + .PP + As an argument it takes the command as an integer or friendly string + value. +@@ -21,8 +21,9 @@ Friendly string to COMMAND CODE mapping can be found in section + \f[I]COMMAND CODE MAPPINGS\f[R]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 ++.PP + Specify either owner or platform hierarchy. + Defaults to \f[B]TPM_RH_OWNER\f[R], when no value has been specified. + Supported options are: +@@ -32,17 +33,17 @@ Supported options are: + \f[B]p\f[R] for \f[B]TPM_RH_PLATFORM\f[R] + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-hierarchy\-auth\f[R]=\f[I]AUTH\f[R]: Specifies +-the authorization value for the hierarchy. ++\f[B]-P\f[R], \f[B]--hierarchy-auth\f[R]=\f[I]AUTH\f[R]: Specifies the ++authorization value for the hierarchy. + Authorization values should follow the \[lq]authorization formatting + standards\[rq], see section \[lq]Authorization Formatting\[rq]. + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-clear\-list\f[R]: Specifies that the TPM command ++\f[B]-c\f[R], \f[B]--clear-list\f[R]: Specifies that the TPM command + specified has to be taken off the audit list. + When not specified, the default behaviour is to add the TPM command to + the audit list. + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + Sets up the hashing algorithm for the audit digest. +@@ -57,14 +58,13 @@ code. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -72,21 +72,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -97,7 +103,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -106,16 +112,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -124,10 +130,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -137,14 +143,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -157,7 +163,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -166,7 +172,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -189,7 +195,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -198,7 +204,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -206,70 +212,67 @@ Specify the default (abrmd) tcti and a config string of + the various known TCTI modules. + .RE + .PP +-hash algorithm options (common/hash.md) collection of options to specify +-hash algorithm. ++hash algorithm options collection of options to specify hash algorithm. + .SH COMMAND CODE MAPPINGS + .PP + The friendly strings below can be used en lieu of the raw integer + values. + .PP +-\-TPM2_CC_AC_GetCapability: 0x194 \-TPM2_CC_AC_Send: 0x195 +-\-TPM2_CC_ActivateCredential: 0x147 \-TPM2_CC_Certify: 0x148 +-\-TPM2_CC_CertifyCreation: 0x14a \-TPM2_CC_ChangeEPS: 0x124 +-\-TPM2_CC_ChangePPS: 0x125 \-TPM2_CC_Clear: 0x126 +-\-TPM2_CC_ClearControl: 0x127 \-TPM2_CC_ClockRateAdjust: 0x130 +-\-TPM2_CC_ClockSet: 0x128 \-TPM2_CC_Commit: 0x18b \-TPM2_CC_ContextLoad: +-0x161 \-TPM2_CC_ContextSave: 0x162 \-TPM2_CC_Create: 0x153 +-\-TPM2_CC_CreateLoaded: 0x191 \-TPM2_CC_CreatePrimary: 0x131 +-\-TPM2_CC_DictionaryAttackLockReset: 0x139 +-\-TPM2_CC_DictionaryAttackParameters: 0x13a \-TPM2_CC_Duplicate: 0x14b +-\-TPM2_CC_ECC_Parameters: 0x178 \-TPM2_CC_ECDH_KeyGen: 0x163 +-\-TPM2_CC_ECDH_ZGen: 0x154 \-TPM2_CC_EC_Ephemeral: 0x18e +-\-TPM2_CC_EncryptDecrypt: 0x164 \-TPM2_CC_EncryptDecrypt2: 0x193 +-\-TPM2_CC_EventSequenceComplete: 0x185 \-TPM2_CC_EvictControl: 0x120 +-\-TPM2_CC_FieldUpgradeData: 0x141 \-TPM2_CC_FieldUpgradeStart: 0x12f +-\-TPM2_CC_FirmwareRead: 0x179 \-TPM2_CC_FlushContext: 0x165 +-\-TPM2_CC_GetCapability: 0x17a \-TPM2_CC_GetCommandAuditDigest: 0x133 +-\-TPM2_CC_GetRandom: 0x17b \-TPM2_CC_GetSessionAuditDigest: 0x14d +-\-TPM2_CC_GetTestResult: 0x17c \-TPM2_CC_GetTime: 0x14c \-TPM2_CC_Hash: +-0x17d \-TPM2_CC_HashSequenceStart: 0x186 \-TPM2_CC_HierarchyChangeAuth: +-0x129 \-TPM2_CC_HierarchyControl: 0x121 \-TPM2_CC_HMAC: 0x155 +-\-TPM2_CC_HMAC_Start: 0x15b \-TPM2_CC_Import: 0x156 +-\-TPM2_CC_IncrementalSelfTest: 0x142 \-TPM2_CC_Load: 0x157 +-\-TPM2_CC_LoadExternal: 0x167 \-TPM2_CC_MakeCredential: 0x168 +-\-TPM2_CC_NV_Certify: 0x184 \-TPM2_CC_NV_ChangeAuth: 0x13b +-\-TPM2_CC_NV_DefineSpace: 0x12a \-TPM2_CC_NV_Extend: 0x136 +-\-TPM2_CC_NV_GlobalWriteLock: 0x132 \-TPM2_CC_NV_Increment: 0x134 +-\-TPM2_CC_NV_Read: 0x14e \-TPM2_CC_NV_ReadLock: 0x14f +-\-TPM2_CC_NV_ReadPublic: 0x169 \-TPM2_CC_NV_SetBits: 0x135 +-\-TPM2_CC_NV_UndefineSpace: 0x122 \-TPM2_CC_NV_UndefineSpaceSpecial: +-0x11f \-TPM2_CC_NV_Write: 0x137 \-TPM2_CC_NV_WriteLock: 0x138 +-\-TPM2_CC_ObjectChangeAuth: 0x150 \-TPM2_CC_PCR_Allocate: 0x12b +-\-TPM2_CC_PCR_Event: 0x13c \-TPM2_CC_PCR_Extend: 0x182 +-\-TPM2_CC_PCR_Read: 0x17e \-TPM2_CC_PCR_Reset: 0x13d +-\-TPM2_CC_PCR_SetAuthPolicy: 0x12c \-TPM2_CC_PCR_SetAuthValue: 0x183 +-\-TPM2_CC_Policy_AC_SendSelect: 0x196 \-TPM2_CC_PolicyAuthorize: 0x16a +-\-TPM2_CC_PolicyAuthorizeNV: 0x192 \-TPM2_CC_PolicyAuthValue: 0x16b +-\-TPM2_CC_PolicyCommandCode: 0x16c \-TPM2_CC_PolicyCounterTimer: 0x16d +-\-TPM2_CC_PolicyCpHash: 0x16e \-TPM2_CC_PolicyDuplicationSelect: 0x188 +-\-TPM2_CC_PolicyGetDigest: 0x189 \-TPM2_CC_PolicyLocality: 0x16f +-\-TPM2_CC_PolicyNameHash: 0x170 \-TPM2_CC_PolicyNV: 0x149 +-\-TPM2_CC_PolicyNvWritten: 0x18f \-TPM2_CC_PolicyOR: 0x171 +-\-TPM2_CC_PolicyPassword: 0x18c \-TPM2_CC_PolicyPCR: 0x17f +-\-TPM2_CC_PolicyPhysicalPresence: 0x187 \-TPM2_CC_PolicyRestart: 0x180 +-\-TPM2_CC_PolicySecret: 0x151 \-TPM2_CC_PolicySigned: 0x160 +-\-TPM2_CC_PolicyTemplate: 0x190 \-TPM2_CC_PolicyTicket: 0x172 +-\-TPM2_CC_PP_Commands: 0x12d \-TPM2_CC_Quote: 0x158 \-TPM2_CC_ReadClock: +-0x181 \-TPM2_CC_ReadPublic: 0x173 \-TPM2_CC_Rewrap: 0x152 +-\-TPM2_CC_RSA_Decrypt: 0x159 \-TPM2_CC_RSA_Encrypt: 0x174 +-\-TPM2_CC_SelfTest: 0x143 \-TPM2_CC_SequenceComplete: 0x13e +-\-TPM2_CC_SequenceUpdate: 0x15c \-TPM2_CC_SetAlgorithmSet: 0x13f +-\-TPM2_CC_SetCommandCodeAuditStatus: 0x140 \-TPM2_CC_SetPrimaryPolicy: +-0x12e \-TPM2_CC_Shutdown: 0x145 \-TPM2_CC_Sign: 0x15d +-\-TPM2_CC_StartAuthSession: 0x176 \-TPM2_CC_Startup: 0x144 +-\-TPM2_CC_StirRandom: 0x146 \-TPM2_CC_TestParms: 0x18a \-TPM2_CC_Unseal: +-0x15e \-TPM2_CC_Vendor_TCG_Test: 0x20000000 \-TPM2_CC_VerifySignature: +-0x177 \-TPM2_CC_ZGen_2Phase: 0x18d ++-TPM2_CC_AC_GetCapability: 0x194 -TPM2_CC_AC_Send: 0x195 ++-TPM2_CC_ActivateCredential: 0x147 -TPM2_CC_Certify: 0x148 ++-TPM2_CC_CertifyCreation: 0x14a -TPM2_CC_ChangeEPS: 0x124 ++-TPM2_CC_ChangePPS: 0x125 -TPM2_CC_Clear: 0x126 -TPM2_CC_ClearControl: ++0x127 -TPM2_CC_ClockRateAdjust: 0x130 -TPM2_CC_ClockSet: 0x128 ++-TPM2_CC_Commit: 0x18b -TPM2_CC_ContextLoad: 0x161 -TPM2_CC_ContextSave: ++0x162 -TPM2_CC_Create: 0x153 -TPM2_CC_CreateLoaded: 0x191 ++-TPM2_CC_CreatePrimary: 0x131 -TPM2_CC_DictionaryAttackLockReset: 0x139 ++-TPM2_CC_DictionaryAttackParameters: 0x13a -TPM2_CC_Duplicate: 0x14b ++-TPM2_CC_ECC_Parameters: 0x178 -TPM2_CC_ECDH_KeyGen: 0x163 ++-TPM2_CC_ECDH_ZGen: 0x154 -TPM2_CC_EC_Ephemeral: 0x18e ++-TPM2_CC_EncryptDecrypt: 0x164 -TPM2_CC_EncryptDecrypt2: 0x193 ++-TPM2_CC_EventSequenceComplete: 0x185 -TPM2_CC_EvictControl: 0x120 ++-TPM2_CC_FieldUpgradeData: 0x141 -TPM2_CC_FieldUpgradeStart: 0x12f ++-TPM2_CC_FirmwareRead: 0x179 -TPM2_CC_FlushContext: 0x165 ++-TPM2_CC_GetCapability: 0x17a -TPM2_CC_GetCommandAuditDigest: 0x133 ++-TPM2_CC_GetRandom: 0x17b -TPM2_CC_GetSessionAuditDigest: 0x14d ++-TPM2_CC_GetTestResult: 0x17c -TPM2_CC_GetTime: 0x14c -TPM2_CC_Hash: ++0x17d -TPM2_CC_HashSequenceStart: 0x186 -TPM2_CC_HierarchyChangeAuth: ++0x129 -TPM2_CC_HierarchyControl: 0x121 -TPM2_CC_HMAC: 0x155 ++-TPM2_CC_HMAC_Start: 0x15b -TPM2_CC_Import: 0x156 ++-TPM2_CC_IncrementalSelfTest: 0x142 -TPM2_CC_Load: 0x157 ++-TPM2_CC_LoadExternal: 0x167 -TPM2_CC_MakeCredential: 0x168 ++-TPM2_CC_NV_Certify: 0x184 -TPM2_CC_NV_ChangeAuth: 0x13b ++-TPM2_CC_NV_DefineSpace: 0x12a -TPM2_CC_NV_Extend: 0x136 ++-TPM2_CC_NV_GlobalWriteLock: 0x132 -TPM2_CC_NV_Increment: 0x134 ++-TPM2_CC_NV_Read: 0x14e -TPM2_CC_NV_ReadLock: 0x14f ++-TPM2_CC_NV_ReadPublic: 0x169 -TPM2_CC_NV_SetBits: 0x135 ++-TPM2_CC_NV_UndefineSpace: 0x122 -TPM2_CC_NV_UndefineSpaceSpecial: 0x11f ++-TPM2_CC_NV_Write: 0x137 -TPM2_CC_NV_WriteLock: 0x138 ++-TPM2_CC_ObjectChangeAuth: 0x150 -TPM2_CC_PCR_Allocate: 0x12b ++-TPM2_CC_PCR_Event: 0x13c -TPM2_CC_PCR_Extend: 0x182 -TPM2_CC_PCR_Read: ++0x17e -TPM2_CC_PCR_Reset: 0x13d -TPM2_CC_PCR_SetAuthPolicy: 0x12c ++-TPM2_CC_PCR_SetAuthValue: 0x183 -TPM2_CC_Policy_AC_SendSelect: 0x196 ++-TPM2_CC_PolicyAuthorize: 0x16a -TPM2_CC_PolicyAuthorizeNV: 0x192 ++-TPM2_CC_PolicyAuthValue: 0x16b -TPM2_CC_PolicyCommandCode: 0x16c ++-TPM2_CC_PolicyCounterTimer: 0x16d -TPM2_CC_PolicyCpHash: 0x16e ++-TPM2_CC_PolicyDuplicationSelect: 0x188 -TPM2_CC_PolicyGetDigest: 0x189 ++-TPM2_CC_PolicyLocality: 0x16f -TPM2_CC_PolicyNameHash: 0x170 ++-TPM2_CC_PolicyNV: 0x149 -TPM2_CC_PolicyNvWritten: 0x18f ++-TPM2_CC_PolicyOR: 0x171 -TPM2_CC_PolicyPassword: 0x18c ++-TPM2_CC_PolicyPCR: 0x17f -TPM2_CC_PolicyPhysicalPresence: 0x187 ++-TPM2_CC_PolicyRestart: 0x180 -TPM2_CC_PolicySecret: 0x151 ++-TPM2_CC_PolicySigned: 0x160 -TPM2_CC_PolicyTemplate: 0x190 ++-TPM2_CC_PolicyTicket: 0x172 -TPM2_CC_PP_Commands: 0x12d -TPM2_CC_Quote: ++0x158 -TPM2_CC_ReadClock: 0x181 -TPM2_CC_ReadPublic: 0x173 ++-TPM2_CC_Rewrap: 0x152 -TPM2_CC_RSA_Decrypt: 0x159 -TPM2_CC_RSA_Encrypt: ++0x174 -TPM2_CC_SelfTest: 0x143 -TPM2_CC_SequenceComplete: 0x13e ++-TPM2_CC_SequenceUpdate: 0x15c -TPM2_CC_SetAlgorithmSet: 0x13f ++-TPM2_CC_SetCommandCodeAuditStatus: 0x140 -TPM2_CC_SetPrimaryPolicy: ++0x12e -TPM2_CC_Shutdown: 0x145 -TPM2_CC_Sign: 0x15d ++-TPM2_CC_StartAuthSession: 0x176 -TPM2_CC_Startup: 0x144 ++-TPM2_CC_StirRandom: 0x146 -TPM2_CC_TestParms: 0x18a -TPM2_CC_Unseal: ++0x15e -TPM2_CC_Vendor_TCG_Test: 0x20000000 -TPM2_CC_VerifySignature: ++0x177 -TPM2_CC_ZGen_2Phase: 0x18d + .SH EXAMPLES + .PP + Add TPM2_CC_Unseal to the list of audited commands. +@@ -283,17 +286,17 @@ tpm2_setcommandauditstatus TPM2_CC_Unseal + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH Limitations + .PP +@@ -302,7 +305,7 @@ It expects a session to be already established via + .IP \[bu] 2 + direct device access + .IP \[bu] 2 +-extended session support with \f[B]tpm2\-abrmd\f[R]. ++extended session support with \f[B]tpm2-abrmd\f[R]. + .PP + Without it, most resource managers \f[B]will not\f[R] save session state + between command invocations. +diff --git a/man/man1/tpm2_setprimarypolicy.1 b/man/man1/tpm2_setprimarypolicy.1 +index 0176c8d..dd5159d 100644 +--- a/man/man1/tpm2_setprimarypolicy.1 ++++ b/man/man1/tpm2_setprimarypolicy.1 +@@ -1,10 +1,10 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_setprimarypolicy" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_setprimarypolicy" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_setprimarypolicy\f[R](1) \- Sets the authorization policy for ++\f[B]tpm2_setprimarypolicy\f[R](1) - Sets the authorization policy for + the lockout (lockoutPolicy), the platform hierarchy (platformPolicy), + the storage hierarchy (ownerPolicy), and the endorsement hierarchy + (endorsementPolicy). +@@ -13,7 +13,7 @@ the storage hierarchy (ownerPolicy), and the endorsement hierarchy + \f[B]tpm2_setprimarypolicy\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_setprimarypolicy\f[R](1) \- Sets the authorization policy for ++\f[B]tpm2_setprimarypolicy\f[R](1) - Sets the authorization policy for + the lockout (lockoutPolicy), the platform hierarchy (platformPolicy), + the storage hierarchy (ownerPolicy), and the endorsement hierarchy + (endorsementPolicy). +@@ -21,32 +21,32 @@ the storage hierarchy (ownerPolicy), and the endorsement hierarchy + .PP + These options control creating the policy authorization session: + .IP \[bu] 2 +-\f[B]\-C\f[R], \f[B]\-\-hierarchy\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-C\f[R], \f[B]--hierarchy\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Specifies the hierarchy whose authorization policy is to be setup. + It can be specified as o|p|e|l + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-P\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Specifies the authorization value for the hierarchy. + .RE + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-policy\f[R]=\f[I]FILE\f[R]: ++\f[B]-L\f[R], \f[B]--policy\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The file path of the authorization policy data. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm used in computation of the policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -58,7 +58,7 @@ the command, it simply returns a cpHash. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -107,11 +107,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -123,7 +123,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -132,17 +132,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -185,17 +185,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -210,7 +209,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -219,7 +218,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -296,54 +295,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -357,7 +356,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -375,8 +374,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -393,24 +392,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -418,21 +416,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -443,7 +447,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -452,16 +456,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -470,10 +474,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -483,14 +487,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -503,7 +507,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -512,7 +516,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -535,7 +539,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -544,7 +548,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -556,24 +560,24 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_setprimarypolicy \-C e ++tpm2_setprimarypolicy -C e + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_shutdown.1 b/man/man1/tpm2_shutdown.1 +index 52b56b6..24cae08 100644 +--- a/man/man1/tpm2_shutdown.1 ++++ b/man/man1/tpm2_shutdown.1 +@@ -1,20 +1,20 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_shutdown" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_shutdown" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_shutdown\f[R](1) \- Send a shutdown command to the TPM. ++\f[B]tpm2_shutdown\f[R](1) - Send a shutdown command to the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_shutdown\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_shutdown\f[R](1) \- Send a \f[B]TPM2_Shutdown\f[R] command +-with either \f[B]TPM_SU_CLEAR\f[R] or \f[B]TPM_SU_STATE\f[R]. ++\f[B]tpm2_shutdown\f[R](1) - Send a \f[B]TPM2_Shutdown\f[R] command with ++either \f[B]TPM_SU_CLEAR\f[R] or \f[B]TPM_SU_STATE\f[R]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-clear\f[R]: ++\f[B]-c\f[R], \f[B]--clear\f[R]: + .RS 2 + .PP + Shutdown type sent will be \f[B]TPM_SU_CLEAR\f[R] instead of +@@ -26,14 +26,13 @@ Shutdown type sent will be \f[B]TPM_SU_CLEAR\f[R] instead of + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -41,21 +40,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -66,7 +71,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -75,16 +80,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -93,10 +98,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -106,14 +111,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -126,7 +131,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -135,7 +140,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -158,7 +163,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -167,7 +172,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -186,29 +191,29 @@ tpm2_shutdown + .IP + .nf + \f[C] +-tpm2_shutdown \-c ++tpm2_shutdown -c + \f[R] + .fi + .SH NOTES + .PP + Typically a Resource Manager (like +-tpm2\-abrmd (https://github.com/tpm2-software/tpm2-abrmd)) or +-low\-level/boot software will have already sent this command. ++tpm2-abrmd (https://github.com/tpm2-software/tpm2-abrmd)) or ++low-level/boot software will have already sent this command. + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_sign.1 b/man/man1/tpm2_sign.1 +index 9a5ed51..06d74eb 100644 +--- a/man/man1/tpm2_sign.1 ++++ b/man/man1/tpm2_sign.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_sign" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_sign" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_sign\f[R](1) \- Sign a hash or message using the TPM. ++\f[B]tpm2_sign\f[R](1) - Sign a hash or message using the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_sign\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_sign\f[R](1) \- Generates signature of specified message or +-message\-digest using the specified symmetric or asymmetric signing key. ++\f[B]tpm2_sign\f[R](1) - Generates signature of specified message or ++message-digest using the specified symmetric or asymmetric signing key. + .PP + When signing a message, \f[B]tpm2_sign\f[R] utility first calculates the + digest of the message similar to the \f[B]tpm2_hash\f[R] command. +@@ -24,11 +24,11 @@ use the \f[B]tpm2_hash\f[R] tool first and pass the digest and + validation ticket. + .PP + NOTE: If the signing key is a restricted signing key, then validation +-and digest must be provided via the \f[B]\-t\f[R] input. ++and digest must be provided via the \f[B]-t\f[R] input. + The ticket indicates that the TPM performed the hash of the message. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Context object pointing to the the key used for signing. +@@ -36,15 +36,15 @@ Either a file or a handle number. + See section \[lq]Context Object Format\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]_AUTH_: ++\f[B]-p\f[R], \f[B]--auth\f[R]_AUTH_: + .RS 2 + .PP +-Optional authorization value to use the key specified by \f[B]\-c\f[R]. ++Optional authorization value to use the key specified by \f[B]-c\f[R]. + Authorization values should follow the \[lq]authorization formatting + standards\[rq], see section \[lq]Authorization Formatting\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm used to digest the message. +@@ -54,7 +54,7 @@ Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of + supported hash algorithms. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-scheme\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-s\f[R], \f[B]--scheme\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The signing scheme used to sign the message. +@@ -68,37 +68,37 @@ If left unspecified, a default signature scheme for the key type will be + used. + .RE + .IP \[bu] 2 +-\f[B]\-d\f[R], \f[B]\-\-digest\f[R]: ++\f[B]-d\f[R], \f[B]--digest\f[R]: + .RS 2 + .PP + Indicate that \f[I]FILE\f[R] is a file containing the digest of the + message. +-When this option and \f[B]\-t\f[R] is specified, a warning is generated +-and the \f[B]validation ticket (\-t) is ignored\f[R]. ++When this option and \f[B]-t\f[R] is specified, a warning is generated ++and the \f[B]validation ticket (-t) is ignored\f[R]. + You cannot use this option to sign a digest against a restricted signing + key. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-ticket\f[R]=\f[I]FILE\f[R]: ++\f[B]-t\f[R], \f[B]--ticket\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The ticket file, containing the validation structure, optional. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-signature\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--signature\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The signature file, records the signature structure. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-format\f[R]=\f[I]FORMAT\f[R]: ++\f[B]-f\f[R], \f[B]--format\f[R]=\f[I]FORMAT\f[R]: + .RS 2 + .PP + Format selection for the signature output file. + See section \[lq]Signature Format Specifiers\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -107,7 +107,7 @@ NOTE: When this option is selected, The tool will not actually execute + the command, it simply returns a cpHash. + .RE + .IP \[bu] 2 +-\f[B]\-\-commit\-index\f[R]=\f[I]NATURALNUMBER\f[R] ++\f[B]--commit-index\f[R]=\f[I]NATURALNUMBER\f[R] + .RS 2 + .PP + The commit counter value to determine the key index to use in an ECDAA +@@ -121,7 +121,7 @@ sign. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -170,11 +170,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -186,7 +186,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -195,17 +195,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -248,17 +248,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -273,7 +272,7 @@ pcr:sha256:0,1,2,3 + specifying \f[I]AUTH\f[R]. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -282,7 +281,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -359,54 +358,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -420,7 +419,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -438,8 +437,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -456,24 +455,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -481,21 +479,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -506,7 +510,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -515,16 +519,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -533,10 +537,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -546,14 +550,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -566,7 +570,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -575,7 +579,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -598,7 +602,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -607,7 +611,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -626,58 +630,58 @@ defined by the used cryptographic algorithm. + .IP + .nf + \f[C] +-tpm2_createprimary \-C e \-c primary.ctx ++tpm2_createprimary -C e -c primary.ctx + +-tpm2_create \-G rsa \-u rsa.pub \-r rsa.priv \-C primary.ctx ++tpm2_create -G rsa -u rsa.pub -r rsa.priv -C primary.ctx + +-tpm2_load \-C primary.ctx \-u rsa.pub \-r rsa.priv \-c rsa.ctx ++tpm2_load -C primary.ctx -u rsa.pub -r rsa.priv -c rsa.ctx + + echo \[dq]my message\[dq] > message.dat + +-tpm2_sign \-c rsa.ctx \-g sha256 \-o sig.rssa message.dat ++tpm2_sign -c rsa.ctx -g sha256 -o sig.rssa message.dat + +-tpm2_verifysignature \-c rsa.ctx \-g sha256 \-s sig.rssa \-m message.dat ++tpm2_verifysignature -c rsa.ctx -g sha256 -s sig.rssa -m message.dat + \f[R] + .fi + .SS Sign with the TPM and verify with OSSL + .IP + .nf + \f[C] +-openssl ecparam \-name prime256v1 \-genkey \-noout \-out private.ecc.pem ++openssl ecparam -name prime256v1 -genkey -noout -out private.ecc.pem + +-openssl ec \-in private.ecc.pem \-out public.ecc.pem \-pubout ++openssl ec -in private.ecc.pem -out public.ecc.pem -pubout + + # Generate a hash to sign + echo \[dq]data to sign\[dq] > data.in.raw + + sha256sum data.in.raw | awk \[aq]{ print \[dq]000000 \[dq] $1 }\[aq] | \[rs] +-xxd \-r \-c 32 > data.in.digest ++xxd -r -c 32 > data.in.digest + + # Load the private key for signing +-tpm2_loadexternal \-Q \-G ecc \-r private.ecc.pem \-c key.ctx ++tpm2_loadexternal -Q -G ecc -r private.ecc.pem -c key.ctx + + # Sign in the TPM and verify with OSSL +-tpm2_sign \-Q \-c key.ctx \-g sha256 \-d \-f plain \-o data.out.signed data.in.digest ++tpm2_sign -Q -c key.ctx -g sha256 -d -f plain -o data.out.signed data.in.digest + +-openssl dgst \-verify public.ecc.pem \-keyform pem \-sha256 \[rs] +-\-signature data.out.signed data.in.raw ++openssl dgst -verify public.ecc.pem -keyform pem -sha256 \[rs] ++-signature data.out.signed data.in.raw + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_startauthsession.1 b/man/man1/tpm2_startauthsession.1 +index c78511a..5f592e9 100644 +--- a/man/man1/tpm2_startauthsession.1 ++++ b/man/man1/tpm2_startauthsession.1 +@@ -1,24 +1,24 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_startauthsession" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_startauthsession" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_startauthsession\f[R](1) \- Start a session with the TPM. ++\f[B]tpm2_startauthsession\f[R](1) - Start a session with the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_startauthsession\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_startauthsession\f[R](1) \- Starts a session with the TPM. ++\f[B]tpm2_startauthsession\f[R](1) - Starts a session with the TPM. + The default is to start a \f[I]trial\f[R] session unless the +-\f[B]\-a\f[R] option is specified. ++\f[B]-a\f[R] option is specified. + Saves the policy session data to a file. + This file can then be used in subsequent tools that can use a policy + file for authorization or policy events. + .PP + This will not work with resource managers (RMs) outside of +-tpm2\-abrmd (https://github.com/tpm2-software/tpm2-abrmd), as most RMs ++tpm2-abrmd (https://github.com/tpm2-software/tpm2-abrmd), as most RMs + will flush session handles when a client disconnects from the IPC + channel. + However, when using a RM without the session gapping feature, one can +@@ -29,7 +29,7 @@ The first step is to create a socket listener that uses tpm2_send: + .nf + \f[C] + mknod \[dq]$HOME/backpipe\[dq] p +-while [ 1 ]; do tpm2_send 0<\[dq]$HOME/backpipe\[dq] | nc \-lU \[dq]$HOME/sock\[dq] 1>\[dq]$HOME/backpipe\[dq]; done; ++while [ 1 ]; do tpm2_send 0<\[dq]$HOME/backpipe\[dq] | nc -lU \[dq]$HOME/sock\[dq] 1>\[dq]$HOME/backpipe\[dq]; done; + \f[R] + .fi + .PP +@@ -38,7 +38,7 @@ the socket. + .IP + .nf + \f[C] +-tpm2_startauthsession \-\-tcti=\[dq]cmd:nc \-q 0 \-U $HOME/sock\[dq] ++tpm2_startauthsession --tcti=\[dq]cmd:nc -q 0 -U $HOME/sock\[dq] + \f[R] + .fi + .PP +@@ -46,7 +46,7 @@ When finishing ensure to kill the listener. + For commands executed with the command tcti against the listener, one + will need to manage transient handles. + The simplest way is to add a flush after each command: +-\f[C]tpm2_flushcontext \-\-tcti=\[dq]cmd:nc \-q 0 \-U $HOME/sock\[dq] \-t\f[R] ++\f[C]tpm2_flushcontext --tcti=\[dq]cmd:nc -q 0 -U $HOME/sock\[dq] -t\f[R] + .PP + Note: This example uses UNIX sockets, since the socket is controlled + with Linux access controls. +@@ -59,7 +59,7 @@ calls a \f[I]ContextSave\f[R] and a \f[I]ContextLoad\f[R] on the session + handle, thus the session \f[B]cannot\f[R] be saved/loaded again. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-\-policy\-session\f[R]: ++\f[B]--policy-session\f[R]: + .RS 2 + .PP + Start a policy session of type \f[B]TPM_SE_POLICY\f[R]. +@@ -70,48 +70,48 @@ and a \f[I]policy\f[R] session is used when authenticating with a + policy. + .RE + .IP \[bu] 2 +-\f[B]\-\-audit\-session\f[R]: ++\f[B]--audit-session\f[R]: + .RS 2 + .PP + Start an HMAC session to be used as an audit session. + Default without this option is \f[B]TPM2_SE_TRIAL\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-\-hmac\-session\f[R]: ++\f[B]--hmac-session\f[R]: + .RS 2 + .PP + Start an HMAC session of type \f[B]TPM_SE_HMAC\f[R]. + Default without this option is \f[B]TPM2_SE_TRIAL\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm used in computation of the policy digest. + .RE + .IP \[bu] 2 +-\f[B]\-G\f[R], \f[B]\-\-key\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-G\f[R], \f[B]--key-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The symmetric algorithm used in parameter encryption/decryption. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Set the tpmkey and bind objects to be the same. + Session parameter encryption is turned on. + Session parameter decryption is turned on. +-Parameter encryption/decryption symmetric\-key set to AES\-CFB. ++Parameter encryption/decryption symmetric-key set to AES-CFB. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The name of the policy session file, required. + .RE + .IP \[bu] 2 +-\f[B]\-\-bind\-context\f[R]=\f[I]FILE\f[R]: ++\f[B]--bind-context\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Set the bind object. +@@ -119,16 +119,16 @@ Session parameter encryption is off. + Use \f[B]tpm2_sessionconfig\f[R] to turn on. + Session parameter decryption is off. + Use \f[B]tpm2_sessionconfig\f[R] to turn on. +-Parameter encryption/decryption symmetric\-key set to AES\-CFB. ++Parameter encryption/decryption symmetric-key set to AES-CFB. + .RE + .IP \[bu] 2 +-\f[B]\-\-bind\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]--bind-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + Set the authorization value for the bind object. + .RE + .IP \[bu] 2 +-\f[B]\-\-tpmkey\-context\f[R]=\f[I]FILE\f[R]: ++\f[B]--tpmkey-context\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Set the tpmkey object. +@@ -136,26 +136,26 @@ Session parameter encryption is off. + Use \f[B]tpm2_sessionconfig\f[R] to turn on. + Session parameter decryption is off. + Use \f[B]tpm2_sessionconfig\f[R] to turn on. +-Parameter encryption/decryption symmetric\-key set to AES\-CFB. ++Parameter encryption/decryption symmetric-key set to AES-CFB. + .RE + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-name\f[R]=\f[I]FILE\f[R] ++\f[B]-n\f[R], \f[B]--name\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP +-A name file as output from a tool like tpm2_readpublic(1) \f[C]\-n\f[R] ++A name file as output from a tool like tpm2_readpublic(1) \f[C]-n\f[R] + option. + The name file can be used to \f[B]verify\f[R] a persistent handle input +-for the \f[C]\-\-tpmkey\-context\f[R], \f[C]\-c\f[R], and +-\f[C]\-\-key\-context\f[R] options. ++for the \f[C]--tpmkey-context\f[R], \f[C]-c\f[R], and ++\f[C]--key-context\f[R] options. + Verification that the object referenced by a peristent handle, e.g + 0x81000000, is the key expected prevents attackers from performing a +-man\-in\-the\-middle attack on session traffic. ++man-in-the-middle attack on session traffic. + .RE + .SS References + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -204,11 +204,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -220,7 +220,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -229,17 +229,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -282,17 +282,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -310,14 +309,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -325,21 +323,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -350,7 +354,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -359,16 +363,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -377,10 +381,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -390,14 +394,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -410,7 +414,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -419,7 +423,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -442,7 +446,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -451,7 +455,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -463,39 +467,39 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_startauthsession \-S mysession.ctx ++tpm2_startauthsession -S mysession.ctx + \f[R] + .fi + .SS Start a \f[I]policy\f[R] session and save the session data to a file + .IP + .nf + \f[C] +-tpm2_startauthsession \-\-policy\-session \-S mysession.ctx ++tpm2_startauthsession --policy-session -S mysession.ctx + \f[R] + .fi + .SS Start an encrypted and bound \f[I]policy\f[R] session and save the session data to a file + .IP + .nf + \f[C] +-tpm2_createprimary \-c primary.ctx +-tpm2_startauthsession \-\-policy\-session \-c primary.ctx \-S mysession.ctx ++tpm2_createprimary -c primary.ctx ++tpm2_startauthsession --policy-session -c primary.ctx -S mysession.ctx + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_startup.1 b/man/man1/tpm2_startup.1 +index e827fbc..38ec19d 100644 +--- a/man/man1/tpm2_startup.1 ++++ b/man/man1/tpm2_startup.1 +@@ -1,20 +1,20 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_startup" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_startup" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_startup\f[R](1) \- Send a startup command to the TPM. ++\f[B]tpm2_startup\f[R](1) - Send a startup command to the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_startup\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_startup\f[R](1) \- Send a \f[B]TPM2_Startup\f[R] command with ++\f[B]tpm2_startup\f[R](1) - Send a \f[B]TPM2_Startup\f[R] command with + either \f[B]TPM_SU_CLEAR\f[R] or \f[B]TPM_SU_STATE\f[R]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-clear\f[R]: ++\f[B]-c\f[R], \f[B]--clear\f[R]: + .RS 2 + .PP + Startup type sent will be \f[B]TPM_SU_CLEAR\f[R] instead of +@@ -26,14 +26,13 @@ Startup type sent will be \f[B]TPM_SU_CLEAR\f[R] instead of + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -41,21 +40,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -66,7 +71,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -75,16 +80,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -93,10 +98,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -106,14 +111,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -126,7 +131,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -135,7 +140,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -158,7 +163,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -167,7 +172,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -186,29 +191,29 @@ tpm2_startup + .IP + .nf + \f[C] +-tpm2_startup \-c ++tpm2_startup -c + \f[R] + .fi + .SH NOTES + .PP + Typically a Resource Manager (like +-tpm2\-abrmd (https://github.com/tpm2-software/tpm2-abrmd)) or +-low\-level/boot software will have already sent this command. ++tpm2-abrmd (https://github.com/tpm2-software/tpm2-abrmd)) or ++low-level/boot software will have already sent this command. + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_stirrandom.1 b/man/man1/tpm2_stirrandom.1 +index 886e3a0..9e0a0a1 100644 +--- a/man/man1/tpm2_stirrandom.1 ++++ b/man/man1/tpm2_stirrandom.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_stirrandom" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_stirrandom" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_stirrandom\f[R](1) \- Add \[lq]additional information\[rq] +-into TPM RNG state. ++\f[B]tpm2_stirrandom\f[R](1) - Add \[lq]additional information\[rq] into ++TPM RNG state. + .SH SYNOPSIS + .PP + \f[B]tpm2_stirrandom\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_stirrandom\f[R](1) \- Inject \[lq]additional information\[rq] ++\f[B]tpm2_stirrandom\f[R](1) - Inject \[lq]additional information\[rq] + as bytes into TPM entropy Protected Capability pool. + .PP + \[lq]Additional information\[rq] can be extracted from file specified as +@@ -38,14 +38,13 @@ This command has no option + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -53,21 +52,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -78,7 +83,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -87,16 +92,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -105,10 +110,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -118,14 +123,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -138,7 +143,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -147,7 +152,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -170,7 +175,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -179,7 +184,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -191,7 +196,7 @@ the various known TCTI modules.) + .IP + .nf + \f[C] +-echo \-n \[dq]myrandomdata\[dq] | tpm2_stirrandom ++echo -n \[dq]myrandomdata\[dq] | tpm2_stirrandom + \f[R] + .fi + .SS Inject 64 bytes from stdin using a file +@@ -222,22 +227,22 @@ As a consequence, it will just be considered as \[lq]additional + input\[rq]. + .PP + The \[lq]additional input\[rq] is as defined in NIST +-SP800\-90A (https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-90.pdf) ++SP800-90A (https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-90.pdf) + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_testparms.1 b/man/man1/tpm2_testparms.1 +index 8053aa7..9ee8e5b 100644 +--- a/man/man1/tpm2_testparms.1 ++++ b/man/man1/tpm2_testparms.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_testparms" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_testparms" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_testparms\f[R](1) \- Verify that specified algorithm suite is ++\f[B]tpm2_testparms\f[R](1) - Verify that specified algorithm suite is + supported by TPM + .SH SYNOPSIS + .PP + \f[B]tpm2_testparms\f[R] [\f[I]OPTIONS\f[R]] [\f[I]ARGUMENT\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_testparms\f[R](1) \- Checks that the suite specified by ++\f[B]tpm2_testparms\f[R](1) - Checks that the suite specified by + \f[I]ALG_SPEC\f[R] is available for usage per \f[I]ALGORITHM\f[R]. + .PP + Algorithms should follow the \[lq]formatting standards\[rq], see section +@@ -28,14 +28,13 @@ This tool accepts no tool specific options. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -43,21 +42,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -68,7 +73,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -77,16 +82,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -95,10 +100,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -108,14 +113,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -128,7 +133,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -137,7 +142,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -160,7 +165,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -169,7 +174,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -178,7 +183,7 @@ the various known TCTI modules. + .RE + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -187,7 +192,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -264,54 +269,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -325,7 +330,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -343,8 +348,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -361,10 +366,10 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH Signature Format Specifiers + .PP +@@ -381,7 +386,7 @@ defined by the used cryptographic algorithm. + tpm2_testparms rsa + \f[R] + .fi +-.SS Check that ECDSA using P\-256 with AES\-128 CTR mode is available ++.SS Check that ECDSA using P-256 with AES-128 CTR mode is available + .IP + .nf + \f[C] +@@ -392,17 +397,17 @@ tpm2_testparms ecc256:ecdsa:aes128ctr + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_tr_encode.1 b/man/man1/tpm2_tr_encode.1 +new file mode 100644 +index 0000000..b11d85e +--- /dev/null ++++ b/man/man1/tpm2_tr_encode.1 +@@ -0,0 +1,260 @@ ++.\" Automatically generated by Pandoc 2.9.2.1 ++.\" ++.TH "tpm2_tr_encode" "1" "" "tpm2-tools" "General Commands Manual" ++.hy ++.SH NAME ++.PP ++\f[B]tpm2_tr_encode\f[R](1) - Encodes a peristent handle and ++\f[C]TPM2B_NAME\f[R] as a serialized \f[C]ESYS_TR\f[R] as output. ++.SH SYNOPSIS ++.PP ++\f[B]tpm2_tr_encode\f[R] [\f[I]OPTIONS\f[R]] ++.SH DESCRIPTION ++.PP ++\f[B]tpm2_tr_encode\f[R](1) - Encodes a peristent TPM2 handle along with ++a populated \f[C]TPM2B_PUBLIC\f[R] as a serialized \f[C]ESYS_TR\f[R]. ++This is useful for moving a public and handle from one environment where ++a TPM is not available to another environment with a TPM and make use of ++it through the ESAPI API or tpm2-tools(1). ++.SH OPTIONS ++.IP \[bu] 2 ++\f[B]-c\f[R], \f[B]--object-context\f[R]=\f[I]OBJECT\f[R]: ++.RS 2 ++.PP ++Persistent handle. ++.RE ++.IP \[bu] 2 ++\f[B]-f\f[R], \f[B]--format\f[R]: ++.RS 2 ++.PP ++Format selection for the public key output file. ++`tss' (the default) will output a binary blob according to the TPM 2.0 ++Specification. ++`pem' will output an OpenSSL compatible PEM encoded public key. ++`der' will output an OpenSSL compatible DER encoded public key. ++`tpmt' will output a binary blob of the TPMT_PUBLIC struct referenced by ++TPM 2.0 specs. ++.PP ++Public key format. ++.RE ++.IP \[bu] 2 ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: ++.RS 2 ++.PP ++The output file path, recording the serialized \f[C]ESYS_TR\f[R]. ++.RE ++.SS References ++.SH Context Object Format ++.PP ++The type of a context object, whether it is a handle or file name, is ++determined according to the following logic \f[I]in-order\f[R]: ++.IP \[bu] 2 ++If the argument is a file path, then the file is loaded as a restored ++TPM transient object. ++.IP \[bu] 2 ++If the argument is a \f[I]prefix\f[R] match on one of: ++.RS 2 ++.IP \[bu] 2 ++owner: the owner hierarchy ++.IP \[bu] 2 ++platform: the platform hierarchy ++.IP \[bu] 2 ++endorsement: the endorsement hierarchy ++.IP \[bu] 2 ++lockout: the lockout control persistent object ++.RE ++.IP \[bu] 2 ++If the argument argument can be loaded as a number it will be treat as a ++handle, e.g.\ 0x81010013 and used directly._OBJECT_. ++.SH COMMON OPTIONS ++.PP ++This collection of options are common to many programs and provide ++information that many users may expect. ++.IP \[bu] 2 ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. ++By default, it attempts to invoke the manpager for the tool, however, on ++failure will output a short tool summary. ++This is the same behavior if the \[lq]man\[rq] option argument is ++specified, however if explicit \[lq]man\[rq] is requested, the tool will ++provide errors from man on stderr. ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the ++short options will be output to stdout. ++.RS 2 ++.PP ++To successfully use the manpages feature requires the manpages to be ++installed or on \f[I]MANPATH\f[R], See man(1) for more details. ++.RE ++.IP \[bu] 2 ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. ++.IP \[bu] 2 ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the ++tool prints to the console during its execution. ++When using this option the file and line number are printed. ++.IP \[bu] 2 ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. ++.IP \[bu] 2 ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of ++errata fixups. ++Useful if an errata fixup needs to be applied to commands sent to the ++TPM. ++Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. ++information many users may expect. ++.SH TCTI Configuration ++.PP ++The TCTI or \[lq]Transmission Interface\[rq] is the communication ++mechanism with the TPM. ++TCTIs can be changed for communication with TPMs across different ++mediums. ++.PP ++To control the TCTI, the tools respect: ++.IP "1." 3 ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] ++.IP "2." 3 ++The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. ++.PP ++\f[B]Note:\f[R] The command line option always overrides the environment ++variable. ++.PP ++The current known TCTIs are: ++.IP \[bu] 2 ++tabrmd - The resource manager, called ++tabrmd (https://github.com/tpm2-software/tpm2-abrmd). ++Note that tabrmd and abrmd as a tcti name are synonymous. ++.IP \[bu] 2 ++mssim - Typically used for communicating to the TPM software simulator. ++.IP \[bu] 2 ++device - Used when talking directly to a TPM device file. ++.IP \[bu] 2 ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. ++Tools that do not support it will error when attempted to be used ++without a TCTI connection. ++Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented ++as the exact text of \[lq]none\[rq]. ++.PP ++The arguments to either the command line option or the environment ++variable are in the form: ++.PP ++\f[C]:\f[R] ++.PP ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for ++that portion respectively. ++.SS TCTI Defaults ++.PP ++When a TCTI is not specified, the default TCTI is searched for using ++\f[I]dlopen(3)\f[R] semantics. ++The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and ++\f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE ++FOUND\f[R]. ++You can query what TCTI will be chosen as the default by using the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the ++aforementioned TCTIs is the default. ++.SS Custom TCTIs ++.PP ++Any TCTI that implements the dynamic TCTI interface can be loaded. ++The tools internally use \f[I]dlopen(3)\f[R], and the raw ++\f[I]tcti-name\f[R] value is used for the lookup. ++Thus, this could be a path to the shared library, or a library name as ++understood by \f[I]dlopen(3)\f[R] semantics. ++.SH TCTI OPTIONS ++.PP ++This collection of options are used to configure the various known TCTI ++modules available: ++.IP \[bu] 2 ++\f[B]device\f[R]: For the device TCTI, the TPM character device file for ++use by the device TCTI can be specified. ++The default is \f[I]/dev/tpm0\f[R]. ++.RS 2 ++.PP ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export ++\f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] ++.RE ++.IP \[bu] 2 ++\f[B]mssim\f[R]: For the mssim TCTI, the domain name or IP address and ++port number used by the simulator can be specified. ++The default are 127.0.0.1 and 2321. ++.RS 2 ++.PP ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++\f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] ++.RE ++.IP \[bu] 2 ++\f[B]abrmd\f[R]: For the abrmd TCTI, the configuration string format is ++a series of simple key value pairs separated by a `,' character. ++Each key and value string are separated by a `=' character. ++.RS 2 ++.IP \[bu] 2 ++TCTI abrmd supports two keys: ++.RS 2 ++.IP "1." 3 ++`bus_name' : The name of the tabrmd service on the bus (a string). ++.IP "2." 3 ++`bus_type' : The type of the dbus instance (a string) limited to ++`session' and `system'. ++.RE ++.PP ++Specify the tabrmd tcti name and a config string of ++\f[C]bus_name=com.example.FooBar\f[R]: ++.IP ++.nf ++\f[C] ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar ++\f[R] ++.fi ++.PP ++Specify the default (abrmd) tcti and a config string of ++\f[C]bus_type=session\f[R]: ++.IP ++.nf ++\f[C] ++\[rs]--tcti:bus_type=session ++\f[R] ++.fi ++.PP ++\f[B]NOTE\f[R]: abrmd and tabrmd are synonymous. ++the various known TCTI modules. ++.RE ++.SH EXAMPLES ++.SS Serialize a public and handle as an ESYS_TR ++.IP ++.nf ++\f[C] ++tpm2_createprimary -c primary.ctx ++tpm2_evictcontrol -c primary.ctx -o primary.tr 0x81000002 ++tpm2_readpublic -c primary.tr -o primary.pub ++tpm2_tr_encode -c 0x81000002 -u primary.pub -o primary2.tr ++\f[R] ++.fi ++.SH Returns ++.PP ++Tools can return any of the following codes: ++.IP \[bu] 2 ++0 - Success. ++.IP \[bu] 2 ++1 - General non-specific error. ++.IP \[bu] 2 ++2 - Options handling error. ++.IP \[bu] 2 ++3 - Authentication error. ++.IP \[bu] 2 ++4 - TCTI related error. ++.IP \[bu] 2 ++5 - Non supported scheme. ++Applicable to tpm2_testparams. ++.SH BUGS ++.PP ++Github Issues (https://github.com/tpm2-software/tpm2-tools/issues) ++.SH HELP ++.PP ++See the Mailing ++List (https://lists.linuxfoundation.org/mailman/listinfo/tpm2) +diff --git a/man/man1/tpm2_unseal.1 b/man/man1/tpm2_unseal.1 +index a9ce67e..f718487 100644 +--- a/man/man1/tpm2_unseal.1 ++++ b/man/man1/tpm2_unseal.1 +@@ -1,17 +1,17 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_unseal" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_unseal" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_unseal\f[R](1) \- Returns a data blob in a loaded TPM object. ++\f[B]tpm2_unseal\f[R](1) - Returns a data blob in a loaded TPM object. + The data blob is returned in clear. + .SH SYNOPSIS + .PP + \f[B]tpm2_unseal\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_unseal\f[R](1) \- Returns a data blob in a loaded TPM object. ++\f[B]tpm2_unseal\f[R](1) - Returns a data blob in a loaded TPM object. + The data blob is returned in clear. + The data is sealed at the time of the object creation using the + \f[B]tpm2_create\f[R] tool. +@@ -19,26 +19,26 @@ Such an object intended for sealing data has to be of the type + \f[I]TPM_ALG_KEYEDHASH\f[R]. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-object\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--object-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Object context for the loaded object. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP +-Optional auth value to use for the key specified by \f[B]\-c\f[R]. ++Optional auth value to use for the key specified by \f[B]-c\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-output\f[R]=\f[I]FILE\f[R]: ++\f[B]-o\f[R], \f[B]--output\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Output file name containing the unsealed data. + Defaults to \f[I]STDOUT\f[R] if not specified. + .RE + .IP \[bu] 2 +-\f[B]\-\-cphash\f[R]=\f[I]FILE\f[R] ++\f[B]--cphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the command parameters. +@@ -48,14 +48,14 @@ the command, it simply returns a cpHash, it simply returns a cpHash, + unless rphash is also required. + .RE + .IP \[bu] 2 +-\f[B]\-\-rphash\f[R]=\f[I]FILE\f[R] ++\f[B]--rphash\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + File path to record the hash of the response parameters. + This is commonly termed as rpHash. + .RE + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-session\f[R]=\f[I]FILE\f[R]: ++\f[B]-S\f[R], \f[B]--session\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The session created using \f[B]tpm2_startauthsession\f[R]. +@@ -67,7 +67,7 @@ encryption/decryption of the parameters. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -116,11 +116,11 @@ foobar + str:foobar + \f[R] + .fi +-.SS Hex\-string ++.SS Hex-string + .PP +-A hex\-string password, specified by prefix \[lq]hex:\[rq] is converted ++A hex-string password, specified by prefix \[lq]hex:\[rq] is converted + from a hexidecimal form into a byte array form, thus allowing passwords +-with non\-printable and/or terminal un\-friendly characters. ++with non-printable and/or terminal un-friendly characters. + .SS Example + .IP + .nf +@@ -132,7 +132,7 @@ hex:1122334455667788 + .PP + A file based password, specified be prefix \[lq]file:\[rq] should be the + path of a file containing the password to be read by the tool or a +-\[lq]\-\[rq] to use stdin. ++\[lq]-\[rq] to use stdin. + Storing passwords in files prevents information leakage, passwords + passed as options can be read from the process list or common shell + history features. +@@ -141,17 +141,17 @@ history features. + .nf + \f[C] + # to use stdin and be prompted +-file:\- ++file:- + + # to use a file from a path + file:path/to/password/file + + # to echo a password via stdin: +-echo foobar | tpm2_tool \-p file:\- ++echo foobar | tpm2_tool -p file:- + +-# to use a bash here\-string via stdin: ++# to use a bash here-string via stdin: + +-tpm2_tool \-p file:\- <<< foobar ++tpm2_tool -p file:- <<< foobar + \f[R] + .fi + .SS Sessions +@@ -194,17 +194,16 @@ session:session.ctx+hex:11223344 + .PP + You can satisfy a PCR policy using the \[lq]pcr:\[rq] prefix and the PCR + minilanguage. +-The PCR minilanguage is as follows: +-\f[C]=\f[R] ++The PCR minilanguage is as follows: \f[C]=\f[R] + .PP + The PCR spec is documented in in the section \[lq]PCR bank + specifiers\[rq]. + .PP +-The \f[C]raw\-pcr\-file\f[R] is an \f[B]optional\f[R] argument that ++The \f[C]raw-pcr-file\f[R] is an \f[B]optional\f[R] argument that + contains the output of the raw PCR contents as returned by + \f[I]tpm2_pcrread(1)\f[R]. + .PP +-PCR bank specifiers (pcr.md) ++PCR bank specifiers + .SS Examples + .PP + To satisfy a PCR policy of sha256 on banks 0, 1, 2 and 3 use a specifier +@@ -222,14 +221,13 @@ specifying \f[I]AUTH\f[R]. + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -237,21 +235,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -262,7 +266,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -271,16 +275,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -289,10 +293,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -302,14 +306,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -322,7 +326,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -331,7 +335,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -354,7 +358,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -363,7 +367,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -374,33 +378,33 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-c primary.ctx \-Q ++tpm2_createprimary -c primary.ctx -Q + +-tpm2_pcrread \-Q \-o pcr.bin sha256:0,1,2,3 ++tpm2_pcrread -Q -o pcr.bin sha256:0,1,2,3 + +-tpm2_createpolicy \-Q \-\-policy\-pcr \-l sha256:0,1,2,3 \-f pcr.bin \-L pcr.policy ++tpm2_createpolicy -Q --policy-pcr -l sha256:0,1,2,3 -f pcr.bin -L pcr.policy + +-echo \[aq]secret\[aq] | tpm2_create \-C primary.ctx \-L pcr.policy \-i\-\[rs] +-\-u seal.pub \-r seal.priv \-c seal.ctx \-Q ++echo \[aq]secret\[aq] | tpm2_create -C primary.ctx -L pcr.policy -i-\[rs] ++-u seal.pub -r seal.priv -c seal.ctx -Q + +-tpm2_unseal \-c seal.ctx \-p pcr:sha256:0,1,2,3 ++tpm2_unseal -c seal.ctx -p pcr:sha256:0,1,2,3 + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_verifysignature.1 b/man/man1/tpm2_verifysignature.1 +index fab34a0..e8c2fb9 100644 +--- a/man/man1/tpm2_verifysignature.1 ++++ b/man/man1/tpm2_verifysignature.1 +@@ -1,17 +1,16 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_verifysignature" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_verifysignature" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_verifysignature\f[R](1) \- Validates a signature using the +-TPM. ++\f[B]tpm2_verifysignature\f[R](1) - Validates a signature using the TPM. + .SH SYNOPSIS + .PP + \f[B]tpm2_verifysignature\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_verifysignature\f[R](1) \- Uses loaded keys to validate a ++\f[B]tpm2_verifysignature\f[R](1) - Uses loaded keys to validate a + signature on a message with the message digest passed to the TPM. + If the signature check succeeds, then the TPM will produce a + \f[B]TPMT_TK_VERIFIED\f[R]. +@@ -22,7 +21,7 @@ If object references a symmetric key, both the public and private + portions need to be loaded. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]OBJECT\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]OBJECT\f[R]: + .RS 2 + .PP + Context object for the key context used for the operation. +@@ -30,7 +29,7 @@ Either a file or a handle number. + See section \[lq]Context Object Format\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-g\f[R], \f[B]\-\-hash\-algorithm\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-g\f[R], \f[B]--hash-algorithm\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The hash algorithm used to digest the message. +@@ -40,27 +39,27 @@ Also, see section \[lq]Supported Hash Algorithms\[rq] for a list of + supported hash algorithms. + .RE + .IP \[bu] 2 +-\f[B]\-m\f[R], \f[B]\-\-message\f[R]=\f[I]FILE\f[R]: ++\f[B]-m\f[R], \f[B]--message\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The message file, containing the content to be digested. + .RE + .IP \[bu] 2 +-\f[B]\-d\f[R], \f[B]\-\-digest\f[R]=\f[I]FILE\f[R]: ++\f[B]-d\f[R], \f[B]--digest\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The input hash file, containing the hash of the message. +-If this option is selected, then the message (\f[B]\-m\f[R]) and +-algorithm (\f[B]\-g\f[R]) options do not need to be specified. ++If this option is selected, then the message (\f[B]-m\f[R]) and ++algorithm (\f[B]-g\f[R]) options do not need to be specified. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-signature\f[R]=\f[I]FILE\f[R]: ++\f[B]-s\f[R], \f[B]--signature\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The input signature file of the signature to be validated. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-scheme\f[R]=\f[I]SCHEME\f[R]: ++\f[B]-f\f[R], \f[B]--scheme\f[R]=\f[I]SCHEME\f[R]: + .RS 2 + .PP + The signing scheme that was used to sign the message. +@@ -74,14 +73,14 @@ Signing schemes should follow the \[lq]formatting standards\[rq], see + section \[lq]Algorithm Specifiers\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-\-format\f[R]=\f[I]SCHEME\f[R]: ++\f[B]--format\f[R]=\f[I]SCHEME\f[R]: + .RS 2 + .PP + Deprecated. +-Same as \f[B]\-\-scheme\f[R]. ++Same as \f[B]--scheme\f[R]. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-ticket\f[R]=\f[I]FILE\f[R]: ++\f[B]-t\f[R], \f[B]--ticket\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The ticket file to record the validation structure. +@@ -90,7 +89,7 @@ The ticket file to record the validation structure. + .SH Context Object Format + .PP + The type of a context object, whether it is a handle or file name, is +-determined according to the following logic \f[I]in\-order\f[R]: ++determined according to the following logic \f[I]in-order\f[R]: + .IP \[bu] 2 + If the argument is a file path, then the file is loaded as a restored + TPM transient object. +@@ -111,7 +110,7 @@ If the argument argument can be loaded as a number it will be treat as a + handle, e.g.\ 0x81010013 and used directly._OBJECT_. + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -120,7 +119,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -197,54 +196,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -258,7 +257,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -276,8 +275,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -294,24 +293,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -319,21 +317,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -344,7 +348,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -353,16 +357,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -371,10 +375,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -384,14 +388,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -404,7 +408,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -413,7 +417,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -436,7 +440,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -445,7 +449,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -464,17 +468,17 @@ defined by the used cryptographic algorithm. + .IP + .nf + \f[C] +-tpm2_createprimary \-C e \-c primary.ctx ++tpm2_createprimary -C e -c primary.ctx + +-tpm2_create \-G rsa \-u rsa.pub \-r rsa.priv \-C primary.ctx ++tpm2_create -G rsa -u rsa.pub -r rsa.priv -C primary.ctx + +-tpm2_load \-C primary.ctx \-u rsa.pub \-r rsa.priv \-c rsa.ctx ++tpm2_load -C primary.ctx -u rsa.pub -r rsa.priv -c rsa.ctx + + echo \[dq]my message > message.dat + +-tpm2_sign \-c rsa.ctx \-g sha256 \-m message.dat \-s sig.rssa ++tpm2_sign -c rsa.ctx -g sha256 -s sig.rssa message.dat + +-tpm2_verifysignature \-c rsa.ctx \-g sha256 \-m message.dat \-s sig.rssa ++tpm2_verifysignature -c rsa.ctx -g sha256 -m message.dat -s sig.rssa + \f[R] + .fi + .SS Sign with openssl and verify with the TPM +@@ -482,47 +486,47 @@ tpm2_verifysignature \-c rsa.ctx \-g sha256 \-m message.dat \-s sig.rssa + .nf + \f[C] + # Generate an ECC key +-openssl ecparam \-name prime256v1 \-genkey \-noout \-out private.ecc.pem ++openssl ecparam -name prime256v1 -genkey -noout -out private.ecc.pem + +-openssl ec \-in private.ecc.pem \-out public.ecc.pem \-pubout ++openssl ec -in private.ecc.pem -out public.ecc.pem -pubout + + # Generate a hash to sign (OSSL needs the hash of the message) + echo \[dq]data to sign\[dq] > data.in.raw + + sha256sum data.in.raw | awk \[aq]{ print \[dq]000000 \[dq] $1 }\[aq] | \[rs] +-xxd \-r \-c 32 > data.in.digest ++xxd -r -c 32 > data.in.digest + + # Load the private key for signing +-tpm2_loadexternal \-Q \-G ecc \-r private.ecc.pem \-c key.ctx ++tpm2_loadexternal -Q -G ecc -r private.ecc.pem -c key.ctx + + # Sign in the TPM and verify with OSSL +-tpm2_sign \-Q \-c key.ctx \-g sha256 \-d data.in.digest \-f plain \-s data.out.signed ++tpm2_sign -Q -c key.ctx -g sha256 -d data.in.digest -f plain -s data.out.signed + +-openssl dgst \-verify public.ecc.pem \-keyform pem \-sha256 \[rs] +-\-signature data.out.signed data.in.raw ++openssl dgst -verify public.ecc.pem -keyform pem -sha256 \[rs] ++-signature data.out.signed data.in.raw + + # Sign with openssl and verify with TPM +-openssl dgst \-sha256 \-sign private.ecc.pem \-out data.out.signed data.in.raw ++openssl dgst -sha256 -sign private.ecc.pem -out data.out.signed data.in.raw + +-tpm2_verifysignature \-Q \-c key.ctx \-g sha256 \-m data.in.raw \-f ecdsa \[rs] +-\-s data.out.signed ++tpm2_verifysignature -Q -c key.ctx -g sha256 -m data.in.raw -f ecdsa \[rs] ++-s data.out.signed + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tpm2_zgen2phase.1 b/man/man1/tpm2_zgen2phase.1 +index 65c0e95..9ebfbaa 100644 +--- a/man/man1/tpm2_zgen2phase.1 ++++ b/man/man1/tpm2_zgen2phase.1 +@@ -1,23 +1,23 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tpm2_zgen2phase" "1" "" "tpm2\-tools" "General Commands Manual" ++.TH "tpm2_zgen2phase" "1" "" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tpm2_zgen2phase\f[R](1) \- Command to enable the TPM to combine +-data from the other party with the ephemeral key generated in the first +-phase of two\-phase key exchange protocols. ++\f[B]tpm2_zgen2phase\f[R](1) - Command to enable the TPM to combine data ++from the other party with the ephemeral key generated in the first phase ++of two-phase key exchange protocols. + .SH SYNOPSIS + .PP + \f[B]tpm2_zgen2phase\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tpm2_zgen2phase\f[R](1) \- Command to enable the TPM to combine +-data from the other party with the ephemeral key generated in the first +-phase of two\-phase key exchange protocols. ++\f[B]tpm2_zgen2phase\f[R](1) - Command to enable the TPM to combine data ++from the other party with the ephemeral key generated in the first phase ++of two-phase key exchange protocols. + .SH OPTIONS + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-key\-context\f[R]=\f[I]FILE\f[R]: ++\f[B]-c\f[R], \f[B]--key-context\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + Context object pointing to ECC key. +@@ -25,13 +25,13 @@ Either a file or a handle number. + See section \[lq]Context Object Format\[rq]. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-key\-auth\f[R]=\f[I]AUTH\f[R]: ++\f[B]-p\f[R], \f[B]--key-auth\f[R]=\f[I]AUTH\f[R]: + .RS 2 + .PP + The authorization value for the ECC key object. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-scheme\f[R]=\f[I]ALGORITHM\f[R]: ++\f[B]-s\f[R], \f[B]--scheme\f[R]=\f[I]ALGORITHM\f[R]: + .RS 2 + .PP + The key exchange scheme. +@@ -39,31 +39,31 @@ Optional. + Valid options are ecdh or sm2. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-counter\f[R]=\f[I]NATURALNUMBER\f[R]: ++\f[B]-t\f[R], \f[B]--counter\f[R]=\f[I]NATURALNUMBER\f[R]: + .RS 2 + .PP + The commit count to determine the key index to use. + .RE + .IP \[bu] 2 +-\f[B]\-\-static\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]--static-public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The static public key input of the other party. + .RE + .IP \[bu] 2 +-\f[B]\-\-ephemeral\-public\f[R]=\f[I]FILE\f[R]: ++\f[B]--ephemeral-public\f[R]=\f[I]FILE\f[R]: + .RS 2 + .PP + The ephemeral public key input of the other party. + .RE + .IP \[bu] 2 +-\f[B]\-\-output\-Z1\f[R]=\f[I]FILE\f[R] ++\f[B]--output-Z1\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + Specify file path to save the calculated ecdh secret Z1 point. + .RE + .IP \[bu] 2 +-\f[B]\-\-output\-Z2\f[R]=\f[I]FILE\f[R] ++\f[B]--output-Z2\f[R]=\f[I]FILE\f[R] + .RS 2 + .PP + Specify file path to save the calculated ecdh secret Z2 point. +@@ -71,7 +71,7 @@ Specify file path to save the calculated ecdh secret Z2 point. + .SS References + .SH Algorithm Specifiers + .PP +-Options that take algorithms support \[lq]nice\-names\[rq]. ++Options that take algorithms support \[lq]nice-names\[rq]. + .PP + There are two major algorithm specification string classes, simple and + complex. +@@ -80,7 +80,7 @@ conditions. + .SS Simple specifiers + .PP + These are strings with no additional specification data. +-When creating objects, non\-specified portions of an object are assumed ++When creating objects, non-specified portions of an object are assumed + to defaults. + You can find the list of known \[lq]Simple Specifiers\[rq] below. + .SS Asymmetric +@@ -157,54 +157,54 @@ Objects, when specified for creation by the TPM, have numerous + algorithms to populate in the public data. + Things like type, scheme and asymmetric details, key size, etc. + Below is the general format for specifying this data: +-\f[C]::\f[R] ++\f[C]::\f[R] + .SS Type Specifiers + .PP + This portion of the complex algorithm specifier is required. + The remaining scheme and symmetric details will default based on the + type specified and the type of the object being created. + .IP \[bu] 2 +-aes \- Default AES: aes128 ++aes - Default AES: aes128 + .IP \[bu] 2 +-aes128\f[C]\f[R] \- 128 bit AES with optional mode ++aes128\f[C]\f[R] - 128 bit AES with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-aes192\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes192\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 192 bit key size. + .IP \[bu] 2 +-aes256\f[C]\f[R] \- Same as aes128\f[C]\f[R], except for a ++aes256\f[C]\f[R] - Same as aes128\f[C]\f[R], except for a + 256 bit key size. + .IP \[bu] 2 +-sm4 \- Default SM4: sm4128 ++sm4 - Default SM4: sm4128 + .IP \[bu] 2 +-sm4128 or sm4_128 \f[C]\f[R] \- 128 bit SM4 with optional mode ++sm4128 or sm4_128 \f[C]\f[R] - 128 bit SM4 with optional mode + (\f[I]ctr\f[R]|\f[I]ofb\f[R]|\f[I]cbc\f[R]|\f[I]cfb\f[R]|\f[I]ecb\f[R]). + If mode is not specified, defaults to \f[I]null\f[R]. + .IP \[bu] 2 +-ecc \- Elliptical Curve, defaults to ecc256. ++ecc - Elliptical Curve, defaults to ecc256. + .IP \[bu] 2 +-ecc192 or ecc_nist_p192 \- 192 bit ECC NIST curve ++ecc192 or ecc_nist_p192 - 192 bit ECC NIST curve + .IP \[bu] 2 +-ecc224 or ecc_nist_p224 \- 224 bit ECC NIST curve ++ecc224 or ecc_nist_p224 - 224 bit ECC NIST curve + .IP \[bu] 2 +-ecc256 or ecc_nist_p256 \- 256 bit ECC NIST curve ++ecc256 or ecc_nist_p256 - 256 bit ECC NIST curve + .IP \[bu] 2 +-ecc384 or ecc_nist_p384 \- 384 bit ECC NIST curve ++ecc384 or ecc_nist_p384 - 384 bit ECC NIST curve + .IP \[bu] 2 +-ecc521 or ecc_nist_p521 \- 521 bit ECC NIST curve ++ecc521 or ecc_nist_p521 - 521 bit ECC NIST curve + .IP \[bu] 2 +-ecc_sm2 or ecc_sm2_p256 \- 256 bit SM2 curve ++ecc_sm2 or ecc_sm2_p256 - 256 bit SM2 curve + .IP \[bu] 2 +-rsa \- Default RSA: rsa2048 ++rsa - Default RSA: rsa2048 + .IP \[bu] 2 +-rsa1024 \- RSA with 1024 bit keysize. ++rsa1024 - RSA with 1024 bit keysize. + .IP \[bu] 2 +-rsa2048 \- RSA with 2048 bit keysize. ++rsa2048 - RSA with 2048 bit keysize. + .IP \[bu] 2 +-rsa3072 \- RSA with 3072 bit keysize. ++rsa3072 - RSA with 3072 bit keysize. + .IP \[bu] 2 +-rsa4096 \- RSA with 4096 bit keysize. ++rsa4096 - RSA with 4096 bit keysize. + .SS Scheme Specifiers + .PP + Next, is an optional field, it can be skipped. +@@ -218,7 +218,7 @@ Some take no arguments, and some take multiple arguments. + .SS Hash Optional Scheme Specifiers + .PP + These scheme specifiers are followed by a dash and a valid hash +-algorithm, For example: \f[C]oaep\-sha256\f[R]. ++algorithm, For example: \f[C]oaep-sha256\f[R]. + .IP \[bu] 2 + oaep + .IP \[bu] 2 +@@ -236,8 +236,8 @@ sm2 + .SS Multiple Option Scheme Specifiers + .PP + This scheme specifier is followed by a count (max size UINT16) then +-followed by a dash(\-) and a valid hash algorithm. +-* ecdaa For example, ecdaa4\-sha256. ++followed by a dash(-) and a valid hash algorithm. ++* ecdaa For example, ecdaa4-sha256. + If no count is specified, it defaults to 4. + .SS No Option Scheme Specifiers + .PP +@@ -254,24 +254,23 @@ If not specified, an asymmetric objects symmetric details defaults to + .SS Examples + .SS Create an rsa2048 key with an rsaes asymmetric encryption scheme + .PP +-\f[C]tpm2_create \-C parent.ctx \-G rsa2048:rsaes \-u key.pub \-r key.priv\f[R] ++\f[C]tpm2_create -C parent.ctx -G rsa2048:rsaes -u key.pub -r key.priv\f[R] + .SS Create an ecc256 key with an ecdaa signing scheme with a count of 4 and sha384 hash + .PP +-\f[C]/tpm2_create \-C parent.ctx \-G ecc256:ecdaa4\-sha384 \-u key.pub \-r key.priv\f[R] ++\f[C]/tpm2_create -C parent.ctx -G ecc256:ecdaa4-sha384 -u key.pub -r key.priv\f[R] + cryptographic algorithms \f[I]ALGORITHM\f[R]. + .SH COMMON OPTIONS + .PP + This collection of options are common to many programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help=[man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help=[man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -279,21 +278,27 @@ To successfully use the manpages feature requires the manpages to be + installed or on \f[I]MANPATH\f[R], See man(1) for more details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .IP \[bu] 2 +-\f[B]\-V\f[R], \f[B]\-\-verbose\f[R]: Increase the information that the ++\f[B]-V\f[R], \f[B]--verbose\f[R]: Increase the information that the + tool prints to the console during its execution. + When using this option the file and line number are printed. + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-quiet\f[R]: Silence normal tool output to +-stdout. ++\f[B]-Q\f[R], \f[B]--quiet\f[R]: Silence normal tool output to stdout. + .IP \[bu] 2 +-\f[B]\-Z\f[R], \f[B]\-\-enable\-errata\f[R]: Enable the application of ++\f[B]-Z\f[R], \f[B]--enable-errata\f[R]: Enable the application of + errata fixups. + Useful if an errata fixup needs to be applied to commands sent to the + TPM. + Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. ++.IP \[bu] 2 ++\f[B]-R\f[R], \f[B]--autoflush\f[R]: Enable autoflush for transient ++objects created by the command. ++If a parent object is loaded from a context file also the transient ++parent object will be flushed. ++Autoflush can also be activated if the environment variable ++TPM2TOOLS_AUTOFLUSH is is set to yes or true. + information many users may expect. + .SH TCTI Configuration + .PP +@@ -304,7 +309,7 @@ mediums. + .PP + To control the TCTI, the tools respect: + .IP "1." 3 +-The command line option \f[B]\-T\f[R] or \f[B]\-\-tcti\f[R] ++The command line option \f[B]-T\f[R] or \f[B]--tcti\f[R] + .IP "2." 3 + The environment variable: \f[I]TPM2TOOLS_TCTI\f[R]. + .PP +@@ -313,16 +318,16 @@ variable. + .PP + The current known TCTIs are: + .IP \[bu] 2 +-tabrmd \- The resource manager, called ++tabrmd - The resource manager, called + tabrmd (https://github.com/tpm2-software/tpm2-abrmd). + Note that tabrmd and abrmd as a tcti name are synonymous. + .IP \[bu] 2 +-mssim \- Typically used for communicating to the TPM software simulator. ++mssim - Typically used for communicating to the TPM software simulator. + .IP \[bu] 2 +-device \- Used when talking directly to a TPM device file. ++device - Used when talking directly to a TPM device file. + .IP \[bu] 2 +-none \- Do not initalize a connection with the TPM. +-Some tools allow for off\-tpm options and thus support not using a TCTI. ++none - Do not initalize a connection with the TPM. ++Some tools allow for off-tpm options and thus support not using a TCTI. + Tools that do not support it will error when attempted to be used + without a TCTI connection. + Does not support \f[I]ANY\f[R] options and \f[I]MUST BE\f[R] presented +@@ -331,10 +336,10 @@ as the exact text of \[lq]none\[rq]. + The arguments to either the command line option or the environment + variable are in the form: + .PP +-\f[C]:\f[R] ++\f[C]:\f[R] + .PP +-Specifying an empty string for either the \f[C]\f[R] or +-\f[C]\f[R] results in the default being used for ++Specifying an empty string for either the \f[C]\f[R] or ++\f[C]\f[R] results in the default being used for + that portion respectively. + .SS TCTI Defaults + .PP +@@ -344,14 +349,14 @@ The tools will search for \f[I]tabrmd\f[R], \f[I]device\f[R] and + \f[I]mssim\f[R] TCTIs \f[B]IN THAT ORDER\f[R] and \f[B]USE THE FIRST ONE + FOUND\f[R]. + You can query what TCTI will be chosen as the default by using the +-\f[B]\-v\f[R] option to print the version information. +-The \[lq]default\-tcti\[rq] key\-value pair will indicate which of the ++\f[B]-v\f[R] option to print the version information. ++The \[lq]default-tcti\[rq] key-value pair will indicate which of the + aforementioned TCTIs is the default. + .SS Custom TCTIs + .PP + Any TCTI that implements the dynamic TCTI interface can be loaded. + The tools internally use \f[I]dlopen(3)\f[R], and the raw +-\f[I]tcti\-name\f[R] value is used for the lookup. ++\f[I]tcti-name\f[R] value is used for the lookup. + Thus, this could be a path to the shared library, or a library name as + understood by \f[I]dlopen(3)\f[R] semantics. + .SH TCTI OPTIONS +@@ -364,7 +369,7 @@ use by the device TCTI can be specified. + The default is \f[I]/dev/tpm0\f[R]. + .RS 2 + .PP +-Example: \f[B]\-T device:/dev/tpm0\f[R] or \f[B]export ++Example: \f[B]-T device:/dev/tpm0\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]device:/dev/tpm0\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -373,7 +378,7 @@ port number used by the simulator can be specified. + The default are 127.0.0.1 and 2321. + .RS 2 + .PP +-Example: \f[B]\-T mssim:host=localhost,port=2321\f[R] or \f[B]export ++Example: \f[B]-T mssim:host=localhost,port=2321\f[R] or \f[B]export + \f[BI]TPM2TOOLS_TCTI\f[B]=\[lq]mssim:host=localhost,port=2321\[rq]\f[R] + .RE + .IP \[bu] 2 +@@ -396,7 +401,7 @@ Specify the tabrmd tcti name and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti=tabrmd:bus_name=com.example.FooBar ++\[rs]--tcti=tabrmd:bus_name=com.example.FooBar + \f[R] + .fi + .PP +@@ -405,7 +410,7 @@ Specify the default (abrmd) tcti and a config string of + .IP + .nf + \f[C] +-\[rs]\-\-tcti:bus_type=session ++\[rs]--tcti:bus_type=session + \f[R] + .fi + .PP +@@ -416,33 +421,33 @@ the various known TCTI modules. + .IP + .nf + \f[C] +-tpm2_createprimary \-C o \-c prim.ctx \-Q ++tpm2_createprimary -C o -c prim.ctx -Q + +-tpm2_create \-C prim.ctx \-c key.ctx \-u key.pub \-r key.priv \-G ecc256:ecdh \-Q ++tpm2_create -C prim.ctx -c key.ctx -u key.pub -r key.priv -G ecc256:ecdh -Q + +-tpm2_ecephemeral \-u ecc.q \-t ecc.ctr ecc256 ++tpm2_ecephemeral -u ecc.q -t ecc.ctr ecc256 + +-tpm2_ecdhkeygen \-u ecdh.pub \-o ecdh.priv \-c key.ctx ++tpm2_ecdhkeygen -u ecdh.pub -o ecdh.priv -c key.ctx + +-tpm2_zgen2phase \-c key.ctx \-\-static\-public ecdh.pub \-\-ephemeral\-public ecc.q \[rs] +-\-t 0 \-\-output\-Z1 z1.bin \-\-output\-Z2 z2.bin ++tpm2_zgen2phase -c key.ctx --static-public ecdh.pub --ephemeral-public ecc.q \[rs] ++-t 0 --output-Z1 z1.bin --output-Z2 z2.bin + \f[R] + .fi + .SH Returns + .PP + Tools can return any of the following codes: + .IP \[bu] 2 +-0 \- Success. ++0 - Success. + .IP \[bu] 2 +-1 \- General non\-specific error. ++1 - General non-specific error. + .IP \[bu] 2 +-2 \- Options handling error. ++2 - Options handling error. + .IP \[bu] 2 +-3 \- Authentication error. ++3 - Authentication error. + .IP \[bu] 2 +-4 \- TCTI related error. ++4 - TCTI related error. + .IP \[bu] 2 +-5 \- Non supported scheme. ++5 - Non supported scheme. + Applicable to tpm2_testparams. + .SH BUGS + .PP +diff --git a/man/man1/tss2_authorizepolicy.1 b/man/man1/tss2_authorizepolicy.1 +index 1192a2f..0523574 100644 +--- a/man/man1/tss2_authorizepolicy.1 ++++ b/man/man1/tss2_authorizepolicy.1 +@@ -1,36 +1,36 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_authorizepolicy" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_authorizepolicy" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_authorizepolicy\f[R](1) \- ++\f[B]tss2_authorizepolicy\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_authorizepolicy\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_authorizepolicy\f[R](1) \- This command signs a given policy ++\f[B]tss2_authorizepolicy\f[R](1) - This command signs a given policy + with a given key such that the policy can be referenced from other + policies that contain a corresponding PolicyAuthorize elements. + The signature is done using the TPM signing schemes as specified in the +-cryptographic profile (cf., \f[B]fapi\-profile(5)\f[R]). ++cryptographic profile (cf., \f[B]fapi-profile(5)\f[R]). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-policyPath\f[R]=\f[I]STRING\f[R]: Path of the +-new policy. ++\f[B]-P\f[R], \f[B]--policyPath\f[R]=\f[I]STRING\f[R]: Path of the new ++policy. + .RS 2 + .PP + A policyPath is composed of two elements, separated by \[lq]/\[rq]. +@@ -39,25 +39,24 @@ The second path element identifies the policy or policy template using a + meaningful name. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-keyPath\f[R]=\f[I]STRING\f[R]: Path of the +-signing key. ++\f[B]-p\f[R], \f[B]--keyPath\f[R]=\f[I]STRING\f[R]: Path of the signing ++key. + .IP \[bu] 2 +-\f[B]\-r\f[R], \f[B]\-\-policyRef\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdin): A byte buffer to be included in the signature. ++\f[B]-r\f[R], \f[B]--policyRef\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdin): A byte buffer to be included in the signature. + Optional parameter. + .SH COMMON OPTIONS + .PP + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -66,13 +65,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_authorizepolicy \-\-keyPath=HS/SRK/myPolicySignKey \-\-policyPath=/policy/pcr\-policy \-\-policyRef=policyRef.file ++tss2_authorizepolicy --keyPath=HS/SRK/myPolicySignKey --policyPath=/policy/pcr-policy --policyRef=policyRef.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_changeauth.1 b/man/man1/tss2_changeauth.1 +index 20acd5b..b0c0828 100644 +--- a/man/man1/tss2_changeauth.1 ++++ b/man/man1/tss2_changeauth.1 +@@ -1,35 +1,35 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_changeauth" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_changeauth" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_changeauth\f[R](1) \- This command changes the authorization ++\f[B]tss2_changeauth\f[R](1) - This command changes the authorization + data of an entity referred to by the path. + .SH SYNOPSIS + .PP + \f[B]tss2_changeauth\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_changeauth\f[R](1) \- ++\f[B]tss2_changeauth\f[R](1) - + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-a\f[R], \f[B]\-\-authValue\f[R]=\f[I]STRING\f[R]: ++\f[B]-a\f[R], \f[B]--authValue\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP +-The new UTF\-8 password. ++The new UTF-8 password. + Optional parameter. + If it is neglected then the user is queried interactively for a + password. +@@ -37,12 +37,12 @@ To set no password, this option should be used with the empty string + (\[dq]\[dq]). + The maximum password size is determined by the digest size of the chosen + name hash algorithm in the cryptographic profile (cf., +-\f[B]fapi\-profile(5)\f[R]). ++\f[B]fapi-profile(5)\f[R]). + For example, choosing SHA256 as hash algorithm, allows passwords of a + maximum size of 32 characters. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-entityPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--entityPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path identifying the entity to modify. +@@ -52,14 +52,13 @@ The path identifying the entity to modify. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -68,21 +67,21 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLES + .SS Change a password for an entity HS/SRK/myRSACryptKey to M1 + .IP + .nf + \f[C] +-tss2_changeauth \-\-entityPath=HS/SRK/myRSACryptKey \-\-authValue=M1 ++tss2_changeauth --entityPath=HS/SRK/myRSACryptKey --authValue=M1 + \f[R] + .fi + .SS Change a password for an entity HS/SRK/myRSACryptKey and ask the user to enter the password. + .IP + .nf + \f[C] +-tss2_changeauth \-\-entityPath=HS/SRK/myRSACryptKey ++tss2_changeauth --entityPath=HS/SRK/myRSACryptKey + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_createkey.1 b/man/man1/tss2_createkey.1 +index 9f54be2..bc4cfb6 100644 +--- a/man/man1/tss2_createkey.1 ++++ b/man/man1/tss2_createkey.1 +@@ -1,67 +1,67 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_createkey" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_createkey" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_createkey\f[R](1) \- ++\f[B]tss2_createkey\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_createkey\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_createkey\f[R](1) \- This commands creates a key inside the +-TPM and stores it in the FAPI metadata store and if requested +-persistently inside the TPM. ++\f[B]tss2_createkey\f[R](1) - This commands creates a key inside the TPM ++and stores it in the FAPI metadata store and if requested persistently ++inside the TPM. + Depending on the specified key type, cryptographic algorithms and + parameters for the created key are determined by the corresponding +-cryptographic profile (cf., \f[B]fapi\-profile(5)\f[R]). ++cryptographic profile (cf., \f[B]fapi-profile(5)\f[R]). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path to the new key. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-type\f[R]=\f[I]STRING\f[R]: ++\f[B]-t\f[R], \f[B]--type\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the intended usage. + Optional parameter. +-Types may be any comma\-separated combination of: ++Types may be any comma-separated combination of: + .IP + .nf + \f[C] +-\- \[dq]sign\[dq]: Sets the sign attribute of a key. +-\- \[dq]decrypt\[dq]: Sets the decrypt attribute of a key. +-\- Hint: If neither sign nor decrypt are provided, both attributes are set. +-\- \[dq]restricted\[dq]: Sets the restricted attribute of a key. +-\- Hint: If restricted is set, sign or decrypt (but not both) need to be set. +-\- \[dq]exportable\[dq]: Clears the fixedTPM and fixedParent attributes of a key or ++- \[dq]sign\[dq]: Sets the sign attribute of a key. ++- \[dq]decrypt\[dq]: Sets the decrypt attribute of a key. ++- Hint: If neither sign nor decrypt are provided, both attributes are set. ++- \[dq]restricted\[dq]: Sets the restricted attribute of a key. ++- Hint: If restricted is set, sign or decrypt (but not both) need to be set. ++- \[dq]exportable\[dq]: Clears the fixedTPM and fixedParent attributes of a key or + sealed object. +-\- \[dq]noda\[dq]: Sets the noda attribute of a key or NV index. +-\- \[dq]system\[dq]: Stores the data blobs and metadata for a created key or seal +- in the system\-wide directory instead of user\[aq]s personal directory. +-\- A hexadecimal number (e.g. \[dq]0x81000001\[dq]): Marks a key object to be ++- \[dq]noda\[dq]: Sets the noda attribute of a key or NV index. ++- \[dq]system\[dq]: Stores the data blobs and metadata for a created key or seal ++ in the system-wide directory instead of user\[aq]s personal directory. ++- A hexadecimal number (e.g. \[dq]0x81000001\[dq]): Marks a key object to be + made persistent and sets the persistent object handle to this value. + \f[R] + .fi + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-policyPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-P\f[R], \f[B]--policyPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The policy to be associated with the new key. +@@ -74,10 +74,10 @@ The second path element identifies the policy or policy template using a + meaningful name. + .RE + .IP \[bu] 2 +-\f[B]\-a\f[R], \f[B]\-\-authValue\f[R]=\f[I]STRING\f[R]: ++\f[B]-a\f[R], \f[B]--authValue\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP +-The new UTF\-8 password. ++The new UTF-8 password. + Optional parameter. + If it is neglected then the user is queried interactively for a + password. +@@ -85,7 +85,7 @@ To set no password, this option should be used with the empty string + (\[dq]\[dq]). + The maximum password size is determined by the digest size of the chosen + name hash algorithm in the cryptographic profile (cf., +-\f[B]fapi\-profile(5)\f[R]). ++\f[B]fapi-profile(5)\f[R]). + For example, choosing SHA256 as hash algorithm, allows passwords of a + maximum size of 32 characters. + .RE +@@ -94,14 +94,13 @@ maximum size of 32 characters. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -110,28 +109,28 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .SS Create a key without password + .IP + .nf + \f[C] +-tss2_createkey \-\-path=HS/SRK/myRsaCryptKey \-\-type=\[dq]noDa, decrypt\[dq] \-\-authValue=\[dq]\[dq] ++tss2_createkey --path=HS/SRK/myRsaCryptKey --type=\[dq]noDa, decrypt\[dq] --authValue=\[dq]\[dq] + \f[R] + .fi + .SS Create a key, ask for password on the command line + .IP + .nf + \f[C] +-tss2_createkey \-\-path=HS/SRK/myRsaCryptKey \-\-type=\[dq]noDa, decrypt\[dq] ++tss2_createkey --path=HS/SRK/myRsaCryptKey --type=\[dq]noDa, decrypt\[dq] + \f[R] + .fi + .SS Create a key with password \[lq]abc\[rq]. + .IP + .nf + \f[C] +-tss2_createkey \-\-path=HS/SRK/myRsaCryptKey \-\-type=\[dq]noDa, decrypt\[dq] \-\-authValue=abc ++tss2_createkey --path=HS/SRK/myRsaCryptKey --type=\[dq]noDa, decrypt\[dq] --authValue=abc + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_createnv.1 b/man/man1/tss2_createnv.1 +index 9f0ca45..8e7692f 100644 +--- a/man/man1/tss2_createnv.1 ++++ b/man/man1/tss2_createnv.1 +@@ -1,32 +1,32 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_createnv" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_createnv" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_createnv\f[R](1) \- ++\f[B]tss2_createnv\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_createnv\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_createnv\f[R](1) \- This command creates an NV index in the ++\f[B]tss2_createnv\f[R](1) - This command creates an NV index in the + TPM. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Path of the new NV space. +@@ -37,31 +37,31 @@ The second path element identifies the NV handle range for the nv + object. + This includes the following values: Owner, TPM, Platform, + Endorsement_Certificate, Platform_Certificate, Component_OEM, TPM_OEM, +-Platform_OEM, PC\-Client, Server, Virtualized_Platform, MPWG, Embedded. +-The third path element identifies the actual NV\-Index using a +-meaningful name. ++Platform_OEM, PC-Client, Server, Virtualized_Platform, MPWG, Embedded. ++The third path element identifies the actual NV-Index using a meaningful ++name. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-type\f[R]=\f[I]STRING\f[R]: ++\f[B]-t\f[R], \f[B]--type\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the intended usage. + Optional parameter. +-Types may be any comma\-separated combination of: ++Types may be any comma-separated combination of: + .IP + .nf + \f[C] +-\- \[dq]noda\[dq]: Sets the noda attribute of a key or NV index. +-\- \[dq]bitfield\[dq]: Sets the NV type to bitfield. +-\- \[dq]counter\[dq]: Sets the NV type to counter. +-\- \[dq]pcr\[dq]: Sets the NV type to pcr\-like behavior. +-\- Hint: If none of the previous three keywords is provided a regular NV ++- \[dq]noda\[dq]: Sets the noda attribute of a key or NV index. ++- \[dq]bitfield\[dq]: Sets the NV type to bitfield. ++- \[dq]counter\[dq]: Sets the NV type to counter. ++- \[dq]pcr\[dq]: Sets the NV type to pcr-like behavior. ++- Hint: If none of the previous three keywords is provided a regular NV + index is created. + \f[R] + .fi + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-size\f[R]=\f[I]INTEGER\f[R]: ++\f[B]-s\f[R], \f[B]--size\f[R]=\f[I]INTEGER\f[R]: + .RS 2 + .PP + The size in bytes of the NV index to be created. +@@ -69,7 +69,7 @@ Can be omitted if size can be inferred from the type; e.g.\ an NV index + of type counter has a size of 8 bytes. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-policyPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-P\f[R], \f[B]--policyPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the policy to be associated with the new NV space. +@@ -82,10 +82,10 @@ The second path element identifies the policy or policy template using a + meaningful name. + .RE + .IP \[bu] 2 +-\f[B]\-a\f[R], \f[B]\-\-authValue\f[R]=\f[I]STRING\f[R]: ++\f[B]-a\f[R], \f[B]--authValue\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP +-The new UTF\-8 password. ++The new UTF-8 password. + Optional parameter. + If it is neglected then the user is queried interactively for a + password. +@@ -93,7 +93,7 @@ To set no password, this option should be used with the empty string + (\[dq]\[dq]). + The maximum password size is determined by the digest size of the chosen + name hash algorithm in the cryptographic profile (cf., +-\f[B]fapi\-profile(5)\f[R]). ++\f[B]fapi-profile(5)\f[R]). + For example, choosing SHA256 as hash algorithm, allows passwords of a + maximum size of 32 characters. + .RE +@@ -102,14 +102,13 @@ maximum size of 32 characters. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -118,13 +117,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_createnv \-\-authValue=abc \-\-path=/nv/Owner/myNV \-\-size=20 \-\-type=\[dq]noDa\[dq] ++tss2_createnv --authValue=abc --path=/nv/Owner/myNV --size=20 --type=\[dq]noDa\[dq] + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_createseal.1 b/man/man1/tss2_createseal.1 +index 6d6b027..ce9d7dd 100644 +--- a/man/man1/tss2_createseal.1 ++++ b/man/man1/tss2_createseal.1 +@@ -1,62 +1,62 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_createseal" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_createseal" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_createseal\f[R](1) \- ++\f[B]tss2_createseal\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_createseal\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_createseal\f[R](1) \- This command creates a sealed object and ++\f[B]tss2_createseal\f[R](1) - This command creates a sealed object and + stores it in the FAPI metadata store. +-If no data is provided (i.e.\ a NULL\-pointer) then the TPM generates ++If no data is provided (i.e.\ a NULL-pointer) then the TPM generates + random data and fills the sealed object. + TPM signing schemes are used as specified in the cryptographic profile +-(cf., \f[B]fapi\-profile(5)\f[R]). ++(cf., \f[B]fapi-profile(5)\f[R]). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path to the new key. + .RE + .IP \[bu] 2 +-\f[B]\-t\f[R], \f[B]\-\-type\f[R]=\f[I]STRING\f[R]: ++\f[B]-t\f[R], \f[B]--type\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the intended usage. + Optional parameter. +-Types may be any comma\-separated combination of: ++Types may be any comma-separated combination of: + .IP + .nf + \f[C] +-\- \[dq]exportable\[dq]: Clears the fixedTPM and fixedParent attributes of a key or ++- \[dq]exportable\[dq]: Clears the fixedTPM and fixedParent attributes of a key or + sealed object. +-\- \[dq]noda\[dq]: Sets the noda attribute of a key or NV index. +-\- \[dq]system\[dq]: Stores the data blobs and metadata for a created key or seal +- in the system\-wide directory instead of user\[aq]s personal directory. +-\- A hexadecimal number (e.g. \[dq]0x81000001\[dq]): Marks a key object to be ++- \[dq]noda\[dq]: Sets the noda attribute of a key or NV index. ++- \[dq]system\[dq]: Stores the data blobs and metadata for a created key or seal ++ in the system-wide directory instead of user\[aq]s personal directory. ++- A hexadecimal number (e.g. \[dq]0x81000001\[dq]): Marks a key object to be + made persistent and sets the persistent object handle to this value. + \f[R] + .fi + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-policyPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-P\f[R], \f[B]--policyPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the policy to be associated with the new key. +@@ -69,10 +69,10 @@ The second path element identifies the policy or policy template using a + meaningful name. + .RE + .IP \[bu] 2 +-\f[B]\-a\f[R], \f[B]\-\-authValue\f[R]=\f[I]STRING\f[R]: ++\f[B]-a\f[R], \f[B]--authValue\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP +-The new UTF\-8 password. ++The new UTF-8 password. + Optional parameter. + If it is neglected then the user is queried interactively for a + password. +@@ -80,41 +80,40 @@ To set no password, this option should be used with the empty string + (\[dq]\[dq]). + The maximum password size is determined by the digest size of the chosen + name hash algorithm in the cryptographic profile (cf., +-\f[B]fapi\-profile(5)\f[R]). ++\f[B]fapi-profile(5)\f[R]). + For example, choosing SHA256 as hash algorithm, allows passwords of a + maximum size of 32 characters. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-data\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdin): ++\f[B]-i\f[R], \f[B]--data\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdin): + .RS 2 + .PP + The data to be sealed by the TPM. + Optional parameter. +-Must not be used together with \-\-size. ++Must not be used together with --size. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-size\f[R]=\f[I]INTEGER\f[R]: ++\f[B]-s\f[R], \f[B]--size\f[R]=\f[I]INTEGER\f[R]: + .RS 2 + .PP + Determines the number of random bytes the TPM should generate and seal. + Optional parameter. + Must not be \[lq]0\[rq]. +-Must no be used together with \-\-data. ++Must no be used together with --data. + .RE + .SH COMMON OPTIONS + .PP + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -123,14 +122,14 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .SS Create a key with password \[lq]abc\[rq] and read sealing data from file. + .IP + .nf + \f[C] +-tss2_createseal \-\-path=HS/SRK/mySealKey \-\-type=\[dq]noDa\[dq] \-\-authValue=abc \-\-data=data.file ++tss2_createseal --path=HS/SRK/mySealKey --type=\[dq]noDa\[dq] --authValue=abc --data=data.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_decrypt.1 b/man/man1/tss2_decrypt.1 +index e99592f..d3b8695 100644 +--- a/man/man1/tss2_decrypt.1 ++++ b/man/man1/tss2_decrypt.1 +@@ -1,54 +1,53 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_decrypt" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_decrypt" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_decrypt\f[R](1) \- decrypts data ++\f[B]tss2_decrypt\f[R](1) - decrypts data + .SH SYNOPSIS + .PP + \f[B]tss2_decrypt\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_decrypt\f[R](1) \- This command decrypts data that was ++\f[B]tss2_decrypt\f[R](1) - This command decrypts data that was + encrypted using tss2_encrypt using the TPM decryption schemes as +-specified in the cryptographic profile (cf., +-\f[B]fapi\-profile(5)\f[R]). ++specified in the cryptographic profile (cf., \f[B]fapi-profile(5)\f[R]). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-keyPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--keyPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the decryption key. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-cipherText\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdin): ++\f[B]-i\f[R], \f[B]--cipherText\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdin): + .RS 2 + .PP +-The JSON\-encoded cipherText. ++The JSON-encoded cipherText. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force Overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-plainText\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-o\f[R], \f[B]--plainText\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP + Returns the decrypted data. +@@ -59,14 +58,13 @@ Optional parameter. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -75,13 +73,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +- tss2_decrypt \-\-keyPath=HS/SRK/myRSACrypt \-\-cipherText=cipherText.file \-\-plainText=plainText.file ++ tss2_decrypt --keyPath=HS/SRK/myRSACrypt --cipherText=cipherText.file --plainText=plainText.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_delete.1 b/man/man1/tss2_delete.1 +index 7362af7..cfdaa58 100644 +--- a/man/man1/tss2_delete.1 ++++ b/man/man1/tss2_delete.1 +@@ -1,45 +1,45 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_delete" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_delete" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_delete\f[R](1) \- ++\f[B]tss2_delete\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_delete\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_delete\f[R](1) \- This command deletes the given key, policy +-or NV from the FAPI metadata store and the TPM. ++\f[B]tss2_delete\f[R](1) - This command deletes the given key, policy or ++NV from the FAPI metadata store and the TPM. + Depending on the entity type, one of the following actions are taken: + .IP + .nf + \f[C] +-\- Non\-persistent key: Flush from TPM (if loaded) and delete public and private blobs from keystore. +-\- Persistent keys: Evict from TPM and delete public and private blobs from keystore +-\- Primary keys: Flush from TPM and delete public blob from keystore +-\- NV index: Undefine NV index from TPM and delete public blob from FAPI metadata store +-\- Policies: Delete entry from policy store +-\- Hierarchy, PCR: These are not deletable +-\- Special keys ek, srk: These are not deletable ++- Non-persistent key: Flush from TPM (if loaded) and delete public and private blobs from keystore. ++- Persistent keys: Evict from TPM and delete public and private blobs from keystore ++- Primary keys: Flush from TPM and delete public blob from keystore ++- NV index: Undefine NV index from TPM and delete public blob from FAPI metadata store ++- Policies: Delete entry from policy store ++- Hierarchy, PCR: These are not deletable ++- Special keys ek, srk: These are not deletable + \f[R] + .fi + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path to the entity to delete. +@@ -49,14 +49,13 @@ The path to the entity to delete. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -65,14 +64,14 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .SH Deletes storage hierarchy (HS) and everything below it: + .IP + .nf + \f[C] +-tss2_delete \-\-path=/HS ++tss2_delete --path=/HS + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_encrypt.1 b/man/man1/tss2_encrypt.1 +index 9e132a4..e7df97c 100644 +--- a/man/man1/tss2_encrypt.1 ++++ b/man/man1/tss2_encrypt.1 +@@ -1,70 +1,69 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_encrypt" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_encrypt" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_encrypt\f[R](1) \- encrypts data ++\f[B]tss2_encrypt\f[R](1) - encrypts data + .SH SYNOPSIS + .PP + \f[B]tss2_encrypt\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_encrypt\f[R](1) \- This command encrypts the provided data for ++\f[B]tss2_encrypt\f[R](1) - This command encrypts the provided data for + a target key using the TPM encryption schemes as specified in the +-cryptographic profile (cf., \f[B]fapi\-profile(5)\f[R]). ++cryptographic profile (cf., \f[B]fapi-profile(5)\f[R]). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-keyPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--keyPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the encryption key. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-plainText\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdin): ++\f[B]-i\f[R], \f[B]--plainText\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdin): + .RS 2 + .PP + The data to be encrypted. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-cipherText\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-o\f[R], \f[B]--cipherText\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP +-Returns the JSON\-encoded ciphertext. ++Returns the JSON-encoded ciphertext. + .RE + .SH COMMON OPTIONS + .PP + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -73,13 +72,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +- tss2_encrypt \-\-keyPath=HS/SRK/myRSACrypt \-\-plainText=plainText.file \-\-cipherText=cipherText.file ++ tss2_encrypt --keyPath=HS/SRK/myRSACrypt --plainText=plainText.file --cipherText=cipherText.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_exportkey.1 b/man/man1/tss2_exportkey.1 +index 39b35db..6ae7552 100644 +--- a/man/man1/tss2_exportkey.1 ++++ b/man/man1/tss2_exportkey.1 +@@ -1,36 +1,36 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_exportkey" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_exportkey" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_exportkey\f[R](1) \- ++\f[B]tss2_exportkey\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_exportkey\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_exportkey\f[R](1) \- This command will duplicate a key and ++\f[B]tss2_exportkey\f[R](1) - This command will duplicate a key and + encrypt it using the public key of a new parent. +-The exported data will contain the re\-wrapped key pointed to by the ++The exported data will contain the re-wrapped key pointed to by the + pathOfKeyToDuplicate and then the JSON encoded policy. + Encryption is done according to TPM encryption schemes specified in the +-cryptographic profile (cf., \f[B]fapi\-profile(5)\f[R]). ++cryptographic profile (cf., \f[B]fapi-profile(5)\f[R]). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-e\f[R] \f[B]\-\-pathToPublicKeyOfNewParent\f[R]=\f[I]STRING\f[R]: ++\f[B]-e\f[R] \f[B]--pathToPublicKeyOfNewParent\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path to the public key of the new parent. +@@ -39,20 +39,20 @@ Optional parameter. + If omitted only the public key will exported. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-exportedData\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-o\f[R], \f[B]--exportedData\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP + Returns the exported subtree. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-pathOfKeyToDuplicate\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--pathOfKeyToDuplicate\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path to the root of the subtree to export. +@@ -62,14 +62,13 @@ The path to the root of the subtree to export. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -78,13 +77,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_exportkey \-\-pathOfKeyToDuplicate=HS/SRK/myRSADecrypt \-\-exportedData=exportedData.file ++tss2_exportkey --pathOfKeyToDuplicate=HS/SRK/myRSADecrypt --exportedData=exportedData.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_exportpolicy.1 b/man/man1/tss2_exportpolicy.1 +index 836efb8..8304730 100644 +--- a/man/man1/tss2_exportpolicy.1 ++++ b/man/man1/tss2_exportpolicy.1 +@@ -1,45 +1,45 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_policyexport" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_policyexport" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_policyexport\f[R](1) \- ++\f[B]tss2_policyexport\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_policyexport\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_policyexport\f[R](1) \- This commands exports a policy ++\f[B]tss2_policyexport\f[R](1) - This commands exports a policy + associated with a key in JSON encoding. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-jsonPolicy\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-o\f[R], \f[B]--jsonPolicy\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP +-Returns the JSON\-encoded policy. ++Returns the JSON-encoded policy. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path of the key. +@@ -49,14 +49,13 @@ The path of the key. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -65,13 +64,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_exportpolicy \-\-path=HS/SRK/myRSASign \-\-jsonPolicy=jsonPolicy.json ++tss2_exportpolicy --path=HS/SRK/myRSASign --jsonPolicy=jsonPolicy.json + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_getappdata.1 b/man/man1/tss2_getappdata.1 +index 5663628..e834b90 100644 +--- a/man/man1/tss2_getappdata.1 ++++ b/man/man1/tss2_getappdata.1 +@@ -1,6 +1,6 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_getappdata" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_getappdata" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +@@ -10,36 +10,36 @@ + \f[B]tss2_getappdata\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_getappdata\f[R](1) \- This command returns the previously ++\f[B]tss2_getappdata\f[R](1) - This command returns the previously + stored application data for an object. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Path of the object for which the application data will be loaded. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-appData\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdout): ++\f[B]-o\f[R], \f[B]--appData\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdout): + .RS 2 + .PP + Returns a copy of the stored data. +@@ -50,14 +50,13 @@ Optional parameter. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -66,13 +65,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_getappdata \-\-path=HS/SRK/myRSACrypt \-\-appData=appData.file ++tss2_getappdata --path=HS/SRK/myRSACrypt --appData=appData.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_getcertificate.1 b/man/man1/tss2_getcertificate.1 +index 99833c4..3d44e53 100644 +--- a/man/man1/tss2_getcertificate.1 ++++ b/man/man1/tss2_getcertificate.1 +@@ -1,45 +1,45 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_getcertificate" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_getcertificate" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_getcertificate\f[R](1) \- ++\f[B]tss2_getcertificate\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_getcertificate\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_getcertificate\f[R](1) \- This command returns the PEM encoded ++\f[B]tss2_getcertificate\f[R](1) - This command returns the PEM encoded + X.509 certificate associated with the key at path. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The entity whose certificate is requested. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-x509certData\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-o\f[R], \f[B]--x509certData\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP + Returns the PEM encoded certificate. +@@ -50,14 +50,13 @@ If no certificate is stored, then an empty string is returned. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -66,13 +65,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_getcertificate \-\-path=HS/SRK/myRSACrypt \-\-x509certData=x509certData.file ++tss2_getcertificate --path=HS/SRK/myRSACrypt --x509certData=x509certData.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_getdescription.1 b/man/man1/tss2_getdescription.1 +index c0bd95c..d8be54f 100644 +--- a/man/man1/tss2_getdescription.1 ++++ b/man/man1/tss2_getdescription.1 +@@ -1,6 +1,6 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_getdescription" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_getdescription" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +@@ -10,37 +10,37 @@ + \f[B]tss2_getdescription\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_getdescription\f[R](1) \- This command returns the previously ++\f[B]tss2_getdescription\f[R](1) - This command returns the previously + stored application data for an object. + If no description is present, an empty string is returned. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path of the object for which the description will be loaded. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-description\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-o\f[R], \f[B]--description\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP + Returns the stored description. +@@ -50,14 +50,13 @@ Returns the stored description. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -66,13 +65,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_getdescription \-\-path=HS/SRK \-\-description=description.file ++tss2_getdescription --path=HS/SRK --description=description.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_getinfo.1 b/man/man1/tss2_getinfo.1 +index 6bb1980..d39a638 100644 +--- a/man/man1/tss2_getinfo.1 ++++ b/man/man1/tss2_getinfo.1 +@@ -1,40 +1,40 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_getinfo" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_getinfo" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_getinfo\f[R](1) \- ++\f[B]tss2_getinfo\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_getinfo\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_getinfo\f[R](1) \- This command returns a UTF\-8 string ++\f[B]tss2_getinfo\f[R](1) - This command returns a UTF-8 string + identifying the version of the FAPI, the TPM, configurations and other + relevant information in a human readable format. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-info\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdout): ++\f[B]-o\f[R], \f[B]--info\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdout): + .RS 2 + .PP + Returns the FAPI and TPM information. +@@ -44,14 +44,13 @@ Returns the FAPI and TPM information. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -60,13 +59,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_getinfo \-\-info=info.file ++tss2_getinfo --info=info.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_getplatformcertificates.1 b/man/man1/tss2_getplatformcertificates.1 +index a3c06fa..9b0aca6 100644 +--- a/man/man1/tss2_getplatformcertificates.1 ++++ b/man/man1/tss2_getplatformcertificates.1 +@@ -1,42 +1,42 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_getplatformcertificates" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_getplatformcertificates" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_getplatformcertificates\f[R](1) \- ++\f[B]tss2_getplatformcertificates\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_getplatformcertificates\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_getplatformcertificates\f[R](1) \- This command returns the +-set of platform certificates concatenated in a continuous buffer if the ++\f[B]tss2_getplatformcertificates\f[R](1) - This command returns the set ++of platform certificates concatenated in a continuous buffer if the + platform provides platform certificates. + Platform certificates for TPM 2.0 can consist not only of a single +-certificate but also a series of so\-called delta certificates. ++certificate but also a series of so-called delta certificates. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-certificates\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-o\f[R], \f[B]--certificates\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP + Returns a continuous buffer containing the concatenated platform +@@ -47,14 +47,13 @@ certificates. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -63,13 +62,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_getplatformcertificates \-\-certificates=certificates.file ++tss2_getplatformcertificates --certificates=certificates.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_getrandom.1 b/man/man1/tss2_getrandom.1 +index 3e51233..631e073 100644 +--- a/man/man1/tss2_getrandom.1 ++++ b/man/man1/tss2_getrandom.1 +@@ -1,50 +1,50 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_getrandom" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_getrandom" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_getrandom\f[R](1) \- # SYNOPSIS ++\f[B]tss2_getrandom\f[R](1) - # SYNOPSIS + .PP + \f[B]tss2_getrandom\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_getrandom\f[R](1) \- This command uses the TPM to create an ++\f[B]tss2_getrandom\f[R](1) - This command uses the TPM to create an + array of random bytes. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-n\f[R], \f[B]\-\-numBytes\f[R]=\f[I]INTEGER\f[R]: ++\f[B]-n\f[R], \f[B]--numBytes\f[R]=\f[I]INTEGER\f[R]: + .RS 2 + .PP + The number of bytes requested by the caller. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-data\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdout): ++\f[B]-o\f[R], \f[B]--data\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdout): + .RS 2 + .PP + The returned random bytes. + .RE + .IP \[bu] 2 +-\f[B]\-\-hex\f[R] ++\f[B]--hex\f[R] + .RS 2 + .PP + Convert the output data to hex format without a leading \[lq]0x\[rq]. +@@ -54,14 +54,13 @@ Convert the output data to hex format without a leading \[lq]0x\[rq]. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -70,13 +69,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +- tss2_getrandom \-\-numBytes=20 \-\-data=\- | hexdump \-C ++ tss2_getrandom --numBytes=20 --data=- | hexdump -C + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_gettpm2object.1 b/man/man1/tss2_gettpm2object.1 +index 131e3ee..1930db2 100644 +--- a/man/man1/tss2_gettpm2object.1 ++++ b/man/man1/tss2_gettpm2object.1 +@@ -1,6 +1,6 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_gettpm2object" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_gettpm2object" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +@@ -10,23 +10,23 @@ + \f[B]tss2_gettpm2object\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_gettpm2object\f[R](1) \- With this command for FAPI objects ++\f[B]tss2_gettpm2object\f[R](1) - With this command for FAPI objects + context files which can be used by tpm2 tool commands can be created. + For persistent object only the textual representation of the handle + number as hex number will be written and for keys a tpm2 tool context + file will be written. + If the default TCTI differs from the FAPI profile the default the tcti +-can be defined with the \-T (\[en]tcti) option. ++can be defined with the -T (\[en]tcti) option. + \f[B]Note\f[R] To avoid wrong nv_written state in keystore before + writing data to the NV ram with tpm2_nvwrite, at least an empty string + should be written with tss2_nvwrite. +@@ -34,20 +34,20 @@ should be written with tss2_nvwrite. + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Path of the object for which the application data will be loaded. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-context\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdout): ++\f[B]-c\f[R], \f[B]--context\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdout): + .RS 2 + .PP + The returned key context or handle. +@@ -57,14 +57,13 @@ The returned key context or handle. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -73,14 +72,14 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLES + .IP + .nf + \f[C] +-tss2_gettpm2object \-\-path=/HS/SRK/myRSACrypt \-\-key\-context=mykey.ctx +-tss2_gettpm2object \-\-path=/nv/Owner/mynv \-c\- ++tss2_gettpm2object --path=/HS/SRK/myRSACrypt --key-context=mykey.ctx ++tss2_gettpm2object --path=/nv/Owner/mynv -c- + \f[R] + .fi + .PP +@@ -88,7 +87,7 @@ The command can be used in options of tpm2 commands: + .IP + .nf + \f[C] +-handle=$(tss2_gettpm2object \-\-path=/nv/Owner/mynv \-c\-) ++handle=$(tss2_gettpm2object --path=/nv/Owner/mynv -c-) + tpm2_nvread $handle + \f[R] + .fi +diff --git a/man/man1/tss2_gettpmblobs.1 b/man/man1/tss2_gettpmblobs.1 +index 83f833a..063a464 100644 +--- a/man/man1/tss2_gettpmblobs.1 ++++ b/man/man1/tss2_gettpmblobs.1 +@@ -1,63 +1,63 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_gettpmblobs" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_gettpmblobs" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_gettpmblobs\f[R](1) \- ++\f[B]tss2_gettpmblobs\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_gettpmblobs\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_gettpmblobs\f[R](1) \- This command returns the public and ++\f[B]tss2_gettpmblobs\f[R](1) - This command returns the public and + private blobs of an object, such that they could be loaded by a +-low\-level API (e.g.\ ESAPI). ++low-level API (e.g.\ ESAPI). + It also returns the policy associated with these blobs in JSON format. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path of the object for which the blobs will be returned. + .RE + .IP \[bu] 2 +-\f[B]\-u\f[R], \f[B]\-\-tpm2bPublic\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-u\f[R], \f[B]--tpm2bPublic\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP + The returned public area of the object as a marshalled TPM2B_PUBLIC. + Optional parameter. + .RE + .IP \[bu] 2 +-\f[B]\-r\f[R], \f[B]\-\-tpm2bPrivate\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-r\f[R], \f[B]--tpm2bPrivate\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP + The returned private area of the object as a marshalled TPM2B_PRIVATE. + Optional parameter. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-policy\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdout): ++\f[B]-l\f[R], \f[B]--policy\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdout): + .RS 2 + .PP + The returned policy associated with the object, encoded in JSON. +@@ -68,14 +68,13 @@ Optional parameter. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -84,13 +83,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_gettpmblobs \-\-path=HS/SRK/myRSACrypt \-\-tpm2bPublic=tpm2bPublic.file \-\-tpm2bPrivate=tpm2bPrivate.file \-\-policy=policy.file ++tss2_gettpmblobs --path=HS/SRK/myRSACrypt --tpm2bPublic=tpm2bPublic.file --tpm2bPrivate=tpm2bPrivate.file --policy=policy.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_import.1 b/man/man1/tss2_import.1 +index 057be58..888e77e 100644 +--- a/man/man1/tss2_import.1 ++++ b/man/man1/tss2_import.1 +@@ -1,39 +1,39 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_import" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_import" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_import\f[R](1) \- ++\f[B]tss2_import\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_import\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_import\f[R](1) \- This command imports a JSON encoded key, ++\f[B]tss2_import\f[R](1) - This command imports a JSON encoded key, + policy or policy template and stores it under the provided path. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path of the new object. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-importData\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdin): ++\f[B]-i\f[R], \f[B]--importData\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdin): + .RS 2 + .PP + The data to be imported. +@@ -43,14 +43,13 @@ The data to be imported. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -59,19 +58,19 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_import \-\-path=/policy/duplicate\-policy \-\-importData=importData.json ++tss2_import --path=/policy/duplicate-policy --importData=importData.json + \f[R] + .fi + .IP + .nf + \f[C] +-tss2_import \-\-path=/ext/key \-\-importData=importData.file ++tss2_import --path=/ext/key --importData=importData.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_list.1 b/man/man1/tss2_list.1 +index f24a0d4..fa5c931 100644 +--- a/man/man1/tss2_list.1 ++++ b/man/man1/tss2_list.1 +@@ -1,38 +1,38 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_list" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_list" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_list\f[R](1) \- ++\f[B]tss2_list\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_list\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_list\f[R](1) \- This command enumerates all objects in the +-FAPI metadata store in a given a path. ++\f[B]tss2_list\f[R](1) - This command enumerates all objects in the FAPI ++metadata store in a given a path. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-searchPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--searchPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path identifying the root of the search. +@@ -40,27 +40,26 @@ Optional parameter. + If omitted, all entities will be searched. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-pathList\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] ++\f[B]-o\f[R], \f[B]--pathList\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] + (for stdout): + .RS 2 + .PP +-Returns the colon\-separated list of paths. ++Returns the colon-separated list of paths. + Optional parameter. +-If omitted, results will be printed to \f[I]\-\f[R] (stdout). ++If omitted, results will be printed to \f[I]-\f[R] (stdout). + .RE + .SH COMMON OPTIONS + .PP + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -69,8 +68,8 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLES + .SS List all entities and print results to stdout + .IP +@@ -83,7 +82,7 @@ tss2_list + .IP + .nf + \f[C] +-tss2_list \-\-searchPath=HS \-\-pathList=output.file ++tss2_list --searchPath=HS --pathList=output.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_nvextend.1 b/man/man1/tss2_nvextend.1 +index d57747a..cdd7a46 100644 +--- a/man/man1/tss2_nvextend.1 ++++ b/man/man1/tss2_nvextend.1 +@@ -1,46 +1,46 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_nvextend" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_nvextend" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_nvextend\f[R](1) \- ++\f[B]tss2_nvextend\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_nvextend\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_nvextend\f[R](1) \- This command performs an extend operation ++\f[B]tss2_nvextend\f[R](1) - This command performs an extend operation + on an NV index (i.e.\ an NV index that behaves similar to a PCR). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-data\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdin): ++\f[B]-i\f[R], \f[B]--data\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdin): + .RS 2 + .PP + The data to be extended into the NV space. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-nvPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--nvPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the NV space to write. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-logData\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdin): ++\f[B]-l\f[R], \f[B]--logData\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdin): + .RS 2 + .PP + A JSON representation of data to be written to the PCR\[cq]s event log. +@@ -51,14 +51,13 @@ Optional parameter. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -67,13 +66,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_nvextend \-\-nvPath=/nv/Owner/NvExtend \-\-data=data.file \-\-logData=logData.file ++tss2_nvextend --nvPath=/nv/Owner/NvExtend --data=data.file --logData=logData.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_nvincrement.1 b/man/man1/tss2_nvincrement.1 +index ff2c984..ddabc65 100644 +--- a/man/man1/tss2_nvincrement.1 ++++ b/man/man1/tss2_nvincrement.1 +@@ -1,32 +1,32 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_nvincrement" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_nvincrement" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_nvincrement\f[R](1) \- ++\f[B]tss2_nvincrement\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_nvincrement\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_nvincrement\f[R](1) \- This command increments by 1 an NV +-index that is of type counter. ++\f[B]tss2_nvincrement\f[R](1) - This command increments by 1 an NV index ++that is of type counter. + .SH OPTIONS + .PP + These are the availabe options: + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-nvPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--nvPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the NV space to increment. +@@ -36,14 +36,13 @@ Identifies the NV space to increment. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -52,13 +51,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_nvincrement \-\-nvPath=/nv/Owner/myNVcounter ++tss2_nvincrement --nvPath=/nv/Owner/myNVcounter + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_nvread.1 b/man/man1/tss2_nvread.1 +index 984ce09..574ebbe 100644 +--- a/man/man1/tss2_nvread.1 ++++ b/man/man1/tss2_nvread.1 +@@ -1,52 +1,52 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_nvread" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_nvread" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_nvread\f[R](1) \- ++\f[B]tss2_nvread\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_nvread\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_nvread\f[R](1) \- This command reads the entire data from an +-NV index of the TPM. ++\f[B]tss2_nvread\f[R](1) - This command reads the entire data from an NV ++index of the TPM. + .SH OPTIONS + .PP + These are the availabe options: + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-data\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdout): ++\f[B]-o\f[R], \f[B]--data\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdout): + .RS 2 + .PP + Returns the value read from the NV space. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-nvPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--nvPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the NV space to read. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-logData\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdout): ++\f[B]-l\f[R], \f[B]--logData\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdout): + .RS 2 + .PP + Returns the JSON encoded log, if the NV index is of type +@@ -58,14 +58,13 @@ Optional parameter. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -74,13 +73,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_nvread \-\-nvPath=/nv/Owner/myNV \-\-data=data.file ++tss2_nvread --nvPath=/nv/Owner/myNV --data=data.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_nvsetbits.1 b/man/man1/tss2_nvsetbits.1 +index 05199d1..e7fb570 100644 +--- a/man/man1/tss2_nvsetbits.1 ++++ b/man/man1/tss2_nvsetbits.1 +@@ -1,27 +1,27 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_nvsetbits" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_nvsetbits" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_nvsetbits\f[R](1) \- ++\f[B]tss2_nvsetbits\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_nvsetbits\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_nvsetbits\f[R](1) \- This command sets bits in an NV Index +-that was created as a bit field. ++\f[B]tss2_nvsetbits\f[R](1) - This command sets bits in an NV Index that ++was created as a bit field. + Any number of bits from 0 to 64 may be set. + The contents of bitmap are ORed with the current contents of the NV + Index. +@@ -29,13 +29,13 @@ Index. + .PP + These are the availabe options: + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-bitmap\f[R]=\f[I]BITS\f[R]: ++\f[B]-i\f[R], \f[B]--bitmap\f[R]=\f[I]BITS\f[R]: + .RS 2 + .PP + A mask indicating which bits to set in the NV space. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-nvPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--nvPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the NV space to write. +@@ -45,14 +45,13 @@ Identifies the NV space to write. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -61,13 +60,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_nvsetbits \-\-nvPath=/nv/Owner/NvBitmap \-\-bitmap=0x0102030405060608 ++tss2_nvsetbits --nvPath=/nv/Owner/NvBitmap --bitmap=0x0102030405060608 + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_nvwrite.1 b/man/man1/tss2_nvwrite.1 +index 854a037..fb3324b 100644 +--- a/man/man1/tss2_nvwrite.1 ++++ b/man/man1/tss2_nvwrite.1 +@@ -1,26 +1,26 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_nvwrite" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_nvwrite" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_nvwrite\f[R](1) \- ++\f[B]tss2_nvwrite\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_nvwrite\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_nvwrite\f[R](1) \- This command writes data to a ++\f[B]tss2_nvwrite\f[R](1) - This command writes data to a + \[lq]regular\[rq] (not pin, extend or counter) NV index. + Only the full index can be written, partial writes are not allowed. + If the provided data is smaller than the NV index\[cq]s size, then it is +@@ -29,14 +29,14 @@ padded up with zero bytes at the end. + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-data\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdin): ++\f[B]-i\f[R], \f[B]--data\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdin): + .RS 2 + .PP + The data to write to the NV space. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-nvPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--nvPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the NV space to write to. +@@ -46,14 +46,13 @@ Identifies the NV space to write to. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -62,13 +61,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_nvwrite \-\-nvPath=/nv/Owner/myNV \-\-data=data.file ++tss2_nvwrite --nvPath=/nv/Owner/myNV --data=data.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_pcrextend.1 b/man/man1/tss2_pcrextend.1 +index 579b202..8f74be8 100644 +--- a/man/man1/tss2_pcrextend.1 ++++ b/man/man1/tss2_pcrextend.1 +@@ -1,27 +1,27 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_pcrextend" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_pcrextend" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_pcrextend\f[R](1) \- ++\f[B]tss2_pcrextend\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_pcrextend\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_pcrextend\f[R](1) \- This command extends the data into the +-PCR listed. ++\f[B]tss2_pcrextend\f[R](1) - This command extends the data into the PCR ++listed. + The parameter logData is extended into the PCR log. + If the logData is NULL, only the PCR extend takes place. + All PCRs currently active in the TPM are extended. +@@ -29,19 +29,19 @@ All PCRs currently active in the TPM are extended. + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-x\f[R], \f[B]\-\-pcr\f[R]=\f[I]INTEGER\f[R]: ++\f[B]-x\f[R], \f[B]--pcr\f[R]=\f[I]INTEGER\f[R]: + .PP + The PCR to extend. + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-data\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdin): ++\f[B]-i\f[R], \f[B]--data\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdin): + .RS 2 + .PP + The event data to be extended. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-logData\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdin): ++\f[B]-l\f[R], \f[B]--logData\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdin): + .RS 2 + .PP + Contains a JSON representation of data to be written to the PCR\[cq]s +@@ -53,14 +53,13 @@ Optional parameter. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -69,13 +68,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_pcrextend \-\-pcr=16 \-\-data=data.file \-\-logData=logData.file ++tss2_pcrextend --pcr=16 --data=data.file --logData=logData.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_pcrread.1 b/man/man1/tss2_pcrread.1 +index 7e5c18f..f506253 100644 +--- a/man/man1/tss2_pcrread.1 ++++ b/man/man1/tss2_pcrread.1 +@@ -1,34 +1,34 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_pcrread" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_pcrread" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_pcrread\f[R](1) \- ++\f[B]tss2_pcrread\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_pcrread\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_pcrread\f[R](1) \- This command provides a PCRs value and ++\f[B]tss2_pcrread\f[R](1) - This command provides a PCRs value and + corresponding event log. + The PCR bank to be used per PCR is defined in the cryptographic profile +-(cf., \f[B]fapi\-profile(5)\f[R]). ++(cf., \f[B]fapi-profile(5)\f[R]). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-pcrValue\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] ++\f[B]-o\f[R], \f[B]--pcrValue\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] + (for stdout): + .RS 2 + .PP +@@ -36,20 +36,20 @@ Returns PCR digest. + Optional parameter. + .RE + .IP \[bu] 2 +-\f[B]\-x\f[R], \f[B]\-\-pcrIndex\f[R]=\f[I]INTEGER\f[R]: ++\f[B]-x\f[R], \f[B]--pcrIndex\f[R]=\f[I]INTEGER\f[R]: + .RS 2 + .PP + Identifies the PCR to read. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output files. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-pcrLog\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdout): ++\f[B]-l\f[R], \f[B]--pcrLog\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdout): + .RS 2 + .PP + Returns the PCR log for that PCR. +@@ -60,12 +60,12 @@ with the following content. + .IP + .nf + \f[C] +-\- recnum: Unique record number +-\- pcr: PCR index +-\- digest: The digests +-\- type: The type of event. At the moment the only possible value is: \[dq]LINUX_IMA\[dq] (legacy IMA) +-\- eventDigest: Digest of the event; e.g. the digest of the measured file +-\- eventName: Name of the event; e.g. the name of the measured file. ++- recnum: Unique record number ++- pcr: PCR index ++- digest: The digests ++- type: The type of event. At the moment the only possible value is: \[dq]LINUX_IMA\[dq] (legacy IMA) ++- eventDigest: Digest of the event; e.g. the digest of the measured file ++- eventName: Name of the event; e.g. the name of the measured file. + \f[R] + .fi + .RE +@@ -74,14 +74,13 @@ with the following content. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -90,13 +89,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_pcrread \-\-pcrIndex=16 \-\-pcrValue=pcrValue.file \-\-pcrLog=pcrLog.file ++tss2_pcrread --pcrIndex=16 --pcrValue=pcrValue.file --pcrLog=pcrLog.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_provision.1 b/man/man1/tss2_provision.1 +index 0c63ff1..1aca193 100644 +--- a/man/man1/tss2_provision.1 ++++ b/man/man1/tss2_provision.1 +@@ -1,26 +1,26 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_provision" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_provision" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_provision\f[R](1) \- ++\f[B]tss2_provision\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_provision\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_provision\f[R](1) \- This command provisions a FAPI instance ++\f[B]tss2_provision\f[R](1) - This command provisions a FAPI instance + and its associated TPM. + The steps taken are: + .IP \[bu] 2 +@@ -37,7 +37,7 @@ nv indices found and name the entries accordingly. + .IP \[bu] 2 + Create the SRK (storage primary key) inside the TPM and make it + persistent if required by the cryptographic profile (cf., +-\f[B]fapi\-profile(5)\f[R]) and store its metadata in the system\-wide ++\f[B]fapi-profile(5)\f[R]) and store its metadata in the system-wide + FAPI metadata store. + Note that the SRK will not have an authorization value associated. + .PP +@@ -47,21 +47,21 @@ persistent. + .PP + The paths of the different metadata storages for keys and nv indices are + configured in the FAPI configuration file (cf., +-\f[B]fapi\-config(5)\f[R]). ++\f[B]fapi-config(5)\f[R]). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-E\f[R], \f[B]\-\-authValueEh\f[R]=\f[I]STRING\f[R]: The ++\f[B]-E\f[R], \f[B]--authValueEh\f[R]=\f[I]STRING\f[R]: The + authorization value for the privacy admin, i.e.\ the endorsement + hierarchy. + Optional parameter. + .IP \[bu] 2 +-\f[B]\-S\f[R], \f[B]\-\-authValueSh\f[R]=\f[I]STRING\f[R]: The ++\f[B]-S\f[R], \f[B]--authValueSh\f[R]=\f[I]STRING\f[R]: The + authorization value for the owner, i.e.\ the storage hierarchy. + Optional parameter. + .IP \[bu] 2 +-\f[B]\-L\f[R], \f[B]\-\-authValueLockout\f[R]=\f[I]STRING\f[R]: The ++\f[B]-L\f[R], \f[B]--authValueLockout\f[R]=\f[I]STRING\f[R]: The + authorization value for the lockout authorization. + Optional parameter. + .SH COMMON OPTIONS +@@ -69,14 +69,13 @@ Optional parameter. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -85,8 +84,8 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf +diff --git a/man/man1/tss2_quote.1 b/man/man1/tss2_quote.1 +index 4ed2878..115d77a 100644 +--- a/man/man1/tss2_quote.1 ++++ b/man/man1/tss2_quote.1 +@@ -1,49 +1,49 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_quote" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_quote" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_quote\f[R](1) \- ++\f[B]tss2_quote\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_quote\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_quote\f[R](1) \- This command performs an attestation using +-the TPM. ++\f[B]tss2_quote\f[R](1) - This command performs an attestation using the ++TPM. + The PCR bank for each provided PCR index and signing scheme are set in +-the cryptographic profile (cf., \f[B]fapi\-profile(5)\f[R]). ++the cryptographic profile (cf., \f[B]fapi-profile(5)\f[R]). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-x\f[R], \f[B]\-\-pcrList\f[R]=\f[I]STRING\f[R]: ++\f[B]-x\f[R], \f[B]--pcrList\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + An array holding the PCR indices to quote against. + .RE + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-qualifyingData\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdin): ++\f[B]-Q\f[R], \f[B]--qualifyingData\f[R]=\f[I]FILENAME\f[R] or ++\f[I]-\f[R] (for stdin): + .RS 2 + .PP + A nonce provided by the caller to ensure freshness of the signature. + Optional parameter. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-pcrLog\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdout): ++\f[B]-l\f[R], \f[B]--pcrLog\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdout): + .RS 2 + .PP + Returns the PCR log for the chosen PCR. +@@ -54,46 +54,46 @@ with the following content. + .IP + .nf + \f[C] +-\- recnum: Unique record number +-\- pcr: PCR index +-\- digest: The digests +-\- type: The type of event. At the moment the only possible value is: \[dq]LINUX_IMA\[dq] (legacy IMA) +-\- eventDigest: Digest of the event; e.g. the digest of the measured file +-\- eventName: Name of the event; e.g. the name of the measured file. ++- recnum: Unique record number ++- pcr: PCR index ++- digest: The digests ++- type: The type of event. At the moment the only possible value is: \[dq]LINUX_IMA\[dq] (legacy IMA) ++- eventDigest: Digest of the event; e.g. the digest of the measured file ++- eventName: Name of the event; e.g. the name of the measured file. + \f[R] + .fi + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-keyPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--keyPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the signing key. + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-quoteInfo\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-q\f[R], \f[B]--quoteInfo\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP +-Returns a JSON\-encoded structure holding the inputs to the quote ++Returns a JSON-encoded structure holding the inputs to the quote + operation. + This includes the digest value and PCR values. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-signature\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-o\f[R], \f[B]--signature\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP + Returns the signature over the quoted material. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-certificate\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-c\f[R], \f[B]--certificate\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP + The certificate associated with keyPath in PEM format. +@@ -104,14 +104,13 @@ Optional parameter. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -120,13 +119,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_quote \-\-keyPath=HS/SRK/quotekey \-\-pcrList=\[dq]10,16\[dq] \-\-qualifyingData=qualifyingData.file \-\-signature=signature.file \-\-pcrLog=pcrLog.file \-\-certificate=certificate.file \-\-quoteInfo=quoteInfo.info ++tss2_quote --keyPath=HS/SRK/quotekey --pcrList=\[dq]10,16\[dq] --qualifyingData=qualifyingData.file --signature=signature.file --pcrLog=pcrLog.file --certificate=certificate.file --quoteInfo=quoteInfo.info + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_setappdata.1 b/man/man1/tss2_setappdata.1 +index e069ed7..a38800e 100644 +--- a/man/man1/tss2_setappdata.1 ++++ b/man/man1/tss2_setappdata.1 +@@ -1,6 +1,6 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_setappdata" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_setappdata" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +@@ -10,17 +10,17 @@ + \f[B]tss2_setappdata\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_setappdata\f[R](1) \- This command allows an application to ++\f[B]tss2_setappdata\f[R](1) - This command allows an application to + associate an arbitrary data blob with a given object. + The data is stored and can be returned with tss2_getappdata. + Previously stored data is overwritten by this function. +@@ -29,14 +29,14 @@ If empty data is passed in, the stored data is deleted. + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Path of the object for which the appData will be stored. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-appData\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdin): ++\f[B]-i\f[R], \f[B]--appData\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdin): + .RS 2 + .PP + The data to be stored. +@@ -48,14 +48,13 @@ If omitted, stored data is deleted. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -64,13 +63,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_setappdata \-\-path=HS/SRK/myRSACrypt \-\-appData=appData.file ++tss2_setappdata --path=HS/SRK/myRSACrypt --appData=appData.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_setcertificate.1 b/man/man1/tss2_setcertificate.1 +index faa7a2c..35eaa62 100644 +--- a/man/man1/tss2_setcertificate.1 ++++ b/man/man1/tss2_setcertificate.1 +@@ -1,39 +1,39 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_setcertificate" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_setcertificate" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_setcertificate\f[R](1) \- ++\f[B]tss2_setcertificate\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_setcertificate\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_setcertificate\f[R](1) \- This command associates an x509 ++\f[B]tss2_setcertificate\f[R](1) - This command associates an x509 + certificate in PEM encoding into the path of a key. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the entity to be associated with the certificate. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-x509certData\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdin): ++\f[B]-i\f[R], \f[B]--x509certData\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdin): + .RS 2 + .PP + The PEM encoded certificate. +@@ -45,14 +45,13 @@ If omitted, then the stored x509 certificate is removed. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -61,13 +60,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_setcertificate \-\-path=HS/SRK/myRSACrypt \-\-x509certData=x509certData.file ++tss2_setcertificate --path=HS/SRK/myRSACrypt --x509certData=x509certData.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_setdescription.1 b/man/man1/tss2_setdescription.1 +index 6d4589c..9fd4656 100644 +--- a/man/man1/tss2_setdescription.1 ++++ b/man/man1/tss2_setdescription.1 +@@ -1,6 +1,6 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_setdescription" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_setdescription" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +@@ -10,18 +10,18 @@ + \f[B]tss2_setdescription\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_setdescription\f[R](1) \- This command allows an application +-to assign a human readable description to an object in the FAPI metadata ++\f[B]tss2_setdescription\f[R](1) - This command allows an application to ++assign a human readable description to an object in the FAPI metadata + store. + The stored data can be returned with tss2_getdescription. + Previously stored data is overwritten by this function. +@@ -30,7 +30,7 @@ If an empty description is passed in, the stored data is deleted. + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-description\f[R]=\f[I]STRING\f[R]: ++\f[B]-i\f[R], \f[B]--description\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The data to be stored as description for the object. +@@ -39,7 +39,7 @@ Previously stored descriptions are overwritten by this function. + If omitted any stored description is deleted. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path of the object for which the description will be stored. +@@ -49,14 +49,13 @@ The path of the object for which the description will be stored. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -65,13 +64,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_setdescription \-\-path=HS/SRK \-\-description=description ++tss2_setdescription --path=HS/SRK --description=description + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_sign.1 b/man/man1/tss2_sign.1 +index b00dc82..8b43b7a 100644 +--- a/man/man1/tss2_sign.1 ++++ b/man/man1/tss2_sign.1 +@@ -1,39 +1,39 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_sign" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_sign" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_sign\f[R](1) \- ++\f[B]tss2_sign\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_sign\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_sign\f[R](1) \- This command uses a key inside the TPM to sign ++\f[B]tss2_sign\f[R](1) - This command uses a key inside the TPM to sign + a digest value using the TPM signing schemes as specified in the +-cryptographic profile (cf., \f[B]fapi\-profile(5)\f[R]). ++cryptographic profile (cf., \f[B]fapi-profile(5)\f[R]). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-keyPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--keyPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path to the signing key. + .RE + .IP \[bu] 2 +-\f[B]\-s\f[R], \f[B]\-\-padding\f[R]=\f[I]STRING\f[R]: ++\f[B]-s\f[R], \f[B]--padding\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The padding scheme used. +@@ -41,40 +41,40 @@ Possible values are \[lq]RSA_SSA\[rq], \[lq]RSA_PSS\[rq] (case + insensitive). + Optional parameter. + If omitted, the default padding specified in the cryptographic profile +-(cf., \f[B]fapi\-profile(5)\f[R]) is used. ++(cf., \f[B]fapi-profile(5)\f[R]) is used. + .RE + .IP \[bu] 2 +-\f[B]\-c\f[R], \f[B]\-\-certificate\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-c\f[R], \f[B]--certificate\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP + The certificate associated with keyPath in PEM format. + Optional parameter. + .RE + .IP \[bu] 2 +-\f[B]\-d\f[R], \f[B]\-\-digest\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdin): ++\f[B]-d\f[R], \f[B]--digest\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdin): + .RS 2 + .PP + The data to be signed, already hashed. + .RE + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-k\f[R], \f[B]\-\-publicKey\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-k\f[R], \f[B]--publicKey\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP + The public key associated with keyPath in PEM format. + Optional parameter. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-signature\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdout): ++\f[B]-o\f[R], \f[B]--signature\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdout): + .RS 2 + .PP + Returns the signature in binary form. +@@ -84,14 +84,13 @@ Returns the signature in binary form. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -100,13 +99,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_sign \-\-keyPath=HS/SRK/myRSASign \-\-padding=\[dq]RSA_PSS\[dq] \-\-digest=digest.file \-\-signature=signature.file \-\-publicKey=publicKey.file ++tss2_sign --keyPath=HS/SRK/myRSASign --padding=\[dq]RSA_PSS\[dq] --digest=digest.file --signature=signature.file --publicKey=publicKey.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_unseal.1 b/man/man1/tss2_unseal.1 +index 91b8c06..7211b9b 100644 +--- a/man/man1/tss2_unseal.1 ++++ b/man/man1/tss2_unseal.1 +@@ -1,47 +1,47 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_unseal" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_unseal" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_unseal\f[R](1) \- ++\f[B]tss2_unseal\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_unseal\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_unseal\f[R](1) \- This command unseals data from a seal in the ++\f[B]tss2_unseal\f[R](1) - This command unseals data from a seal in the + FAPI metadata store. + The used decryption scheme is specified in the cryptographic profile +-(cf., \f[B]fapi\-profile(5)\f[R]). ++(cf., \f[B]fapi-profile(5)\f[R]). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-f\f[R], \f[B]\-\-force\f[R]: ++\f[B]-f\f[R], \f[B]--force\f[R]: + .RS 2 + .PP + Force overwriting the output file. + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-path\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--path\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Path of the object for which the blobs will be returned. + .RE + .IP \[bu] 2 +-\f[B]\-o\f[R], \f[B]\-\-data\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdout): ++\f[B]-o\f[R], \f[B]--data\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdout): + .RS 2 + .PP + The decrypted data after unsealing. +@@ -52,14 +52,13 @@ Optional parameter. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -68,13 +67,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_unseal \-\-path=HS/SRK/myRSACrypt \-\-data=data.file ++tss2_unseal --path=HS/SRK/myRSACrypt --data=data.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_verifyquote.1 b/man/man1/tss2_verifyquote.1 +index 6425787..ddfe07c 100644 +--- a/man/man1/tss2_verifyquote.1 ++++ b/man/man1/tss2_verifyquote.1 +@@ -1,26 +1,26 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_verifyquote" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_verifyquote" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_verifyquote\f[R](1) \- ++\f[B]tss2_verifyquote\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_verifyquote\f[R] [\f[I]OPTIONS\f[R]] + .SH SEE ALSO + .PP +-\f[B]fapi\-config(5)\f[R] to adjust Fapi parameters like the used ++\f[B]fapi-config(5)\f[R] to adjust Fapi parameters like the used + cryptographic profile and TCTI or directories for the Fapi metadata + storages. + .PP +-\f[B]fapi\-profile(5)\f[R] to determine the cryptographic algorithms and ++\f[B]fapi-profile(5)\f[R] to determine the cryptographic algorithms and + parameters for all keys and operations of a specific TPM interaction + like the name hash algorithm, the asymmetric signature algorithm, scheme + and parameters and PCR bank selection. + .SH DESCRIPTION + .PP +-\f[B]tss2_verifyquote\f[R](1) \- This command verifies that the data ++\f[B]tss2_verifyquote\f[R](1) - This command verifies that the data + returned by a quote is valid. + This includes + .IP \[bu] 2 +@@ -30,7 +30,7 @@ eventLog was provided) + Verifying the quoteInfo using the signature and the publicKeyPath + .PP + The used signature verification scheme is specified in the cryptographic +-profile (cf., \f[B]fapi\-profile(5)\f[R]). ++profile (cf., \f[B]fapi-profile(5)\f[R]). + .PP + An application using tss2_verifyquote() will further have to + .IP \[bu] 2 +@@ -41,16 +41,16 @@ Assess the eventLog entries\[cq] trustworthiness + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-Q\f[R], \f[B]\-\-qualifyingData\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdin): ++\f[B]-Q\f[R], \f[B]--qualifyingData\f[R]=\f[I]FILENAME\f[R] or ++\f[I]-\f[R] (for stdin): + .RS 2 + .PP + A nonce provided by the caller to ensure freshness of the signature. + Optional parameter. + .RE + .IP \[bu] 2 +-\f[B]\-l\f[R], \f[B]\-\-pcrLog\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdin): ++\f[B]-l\f[R], \f[B]--pcrLog\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdin): + .RS 2 + .PP + Returns the PCR event log for the chosen PCR. +@@ -61,33 +61,33 @@ with the following content. + .IP + .nf + \f[C] +-\- recnum: Unique record number +-\- pcr: PCR index +-\- digest: The digests +-\- type: The type of event. At the moment the only possible value is: \[dq]LINUX_IMA\[dq] (legacy IMA) +-\- eventDigest: Digest of the event; e.g. the digest of the measured file +-\- eventName: Name of the event; e.g. the name of the measured file. ++- recnum: Unique record number ++- pcr: PCR index ++- digest: The digests ++- type: The type of event. At the moment the only possible value is: \[dq]LINUX_IMA\[dq] (legacy IMA) ++- eventDigest: Digest of the event; e.g. the digest of the measured file ++- eventName: Name of the event; e.g. the name of the measured file. + \f[R] + .fi + .RE + .IP \[bu] 2 +-\f[B]\-q\f[R], \f[B]\-\-quoteInfo\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdin): ++\f[B]-q\f[R], \f[B]--quoteInfo\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdin): + .RS 2 + .PP +-The JSON\-encoded structure holding the inputs to the quote operation. ++The JSON-encoded structure holding the inputs to the quote operation. + This includes the digest value and PCR values. + .RE + .IP \[bu] 2 +-\f[B]\-k\f[R], \f[B]\-\-publicKeyPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-k\f[R], \f[B]--publicKeyPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Identifies the signing key. + MAY be a path to the public key hierarchy /ext. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-signature\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdin): ++\f[B]-i\f[R], \f[B]--signature\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdin): + .RS 2 + .PP + The signature over the quoted material. +@@ -97,14 +97,13 @@ The signature over the quoted material. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -113,13 +112,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +- tss2_verifyquote \-\-publicKeyPath=\[dq]ext/myNewParent\[dq] \-\-qualifyingData=qualifyingData.file \-\-quoteInfo=quoteInfo.file \-\-signature=signature.file \-\-pcrLog=pcrLog.file ++ tss2_verifyquote --publicKeyPath=\[dq]ext/myNewParent\[dq] --qualifyingData=qualifyingData.file --quoteInfo=quoteInfo.file --signature=signature.file --pcrLog=pcrLog.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_verifysignature.1 b/man/man1/tss2_verifysignature.1 +index 44f2747..9c22625 100644 +--- a/man/man1/tss2_verifysignature.1 ++++ b/man/man1/tss2_verifysignature.1 +@@ -1,39 +1,39 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_verifysignature" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_verifysignature" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_verifysignature\f[R](1) \- ++\f[B]tss2_verifysignature\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_verifysignature\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tss2_verifysignature\f[R](1) \- This command verifies a signature ++\f[B]tss2_verifysignature\f[R](1) - This command verifies a signature + using a public key found in the passed key path. + The used signature verification scheme is specified in the cryptographic +-profile (cf., \f[B]fapi\-profile(5)\f[R]). ++profile (cf., \f[B]fapi-profile(5)\f[R]). + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-d\f[R], \f[B]\-\-digest\f[R]=\f[I]FILENAME\f[R] or \f[I]\-\f[R] +-(for stdin): ++\f[B]-d\f[R], \f[B]--digest\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] (for ++stdin): + .RS 2 + .PP + The data that was signed, already hashed according to the cryptographic +-profile (cf., \f[B]fapi\-profile(5)\f[R]). ++profile (cf., \f[B]fapi-profile(5)\f[R]). + .RE + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-keyPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--keyPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + Path to the verification public key. + .RE + .IP \[bu] 2 +-\f[B]\-i\f[R], \f[B]\-\-signature\f[R]=\f[I]FILENAME\f[R] or +-\f[I]\-\f[R] (for stdin): ++\f[B]-i\f[R], \f[B]--signature\f[R]=\f[I]FILENAME\f[R] or \f[I]-\f[R] ++(for stdin): + .RS 2 + .PP + The signature to be verified. +@@ -43,14 +43,13 @@ The signature to be verified. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -59,13 +58,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_verifysignature \-\-keyPath=ext/myRSASign \-\-digest=digest.file \-\-signature=signature.file ++tss2_verifysignature --keyPath=ext/myRSASign --digest=digest.file --signature=signature.file + \f[R] + .fi + .SH RETURNS +diff --git a/man/man1/tss2_writeauthorizenv.1 b/man/man1/tss2_writeauthorizenv.1 +index 7bba2d6..d4e34e2 100644 +--- a/man/man1/tss2_writeauthorizenv.1 ++++ b/man/man1/tss2_writeauthorizenv.1 +@@ -1,29 +1,29 @@ +-.\" Automatically generated by Pandoc 2.5 ++.\" Automatically generated by Pandoc 2.9.2.1 + .\" +-.TH "tss2_writeauthorizenv" "1" "APRIL 2019" "tpm2\-tools" "General Commands Manual" ++.TH "tss2_writeauthorizenv" "1" "APRIL 2019" "tpm2-tools" "General Commands Manual" + .hy + .SH NAME + .PP +-\f[B]tss2_writeauthorizenv\f[R](1) \- ++\f[B]tss2_writeauthorizenv\f[R](1) - + .SH SYNOPSIS + .PP + \f[B]tss2_writeauthorizenv\f[R] [\f[I]OPTIONS\f[R]] + .SH DESCRIPTION + .PP +-\f[B]tss2_writeauthorizenv\f[R](1) \- This command writes the digest ++\f[B]tss2_writeauthorizenv\f[R](1) - This command writes the digest + value of a policy to an NV index such that this policy can be used in + other policies containing a corresponding PolicyAuthorizeNv element. + .SH OPTIONS + .PP + These are the available options: + .IP \[bu] 2 +-\f[B]\-p\f[R], \f[B]\-\-nvPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-p\f[R], \f[B]--nvPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path of the NV index. + .RE + .IP \[bu] 2 +-\f[B]\-P\f[R], \f[B]\-\-policyPath\f[R]=\f[I]STRING\f[R]: ++\f[B]-P\f[R], \f[B]--policyPath\f[R]=\f[I]STRING\f[R]: + .RS 2 + .PP + The path of the new policy. +@@ -33,14 +33,13 @@ The path of the new policy. + This collection of options are common to all tss2 programs and provide + information that many users may expect. + .IP \[bu] 2 +-\f[B]\-h\f[R], \f[B]\-\-help [man|no\-man]\f[R]: Display the tools +-manpage. ++\f[B]-h\f[R], \f[B]--help [man|no-man]\f[R]: Display the tools manpage. + By default, it attempts to invoke the manpager for the tool, however, on + failure will output a short tool summary. + This is the same behavior if the \[lq]man\[rq] option argument is + specified, however if explicit \[lq]man\[rq] is requested, the tool will + provide errors from man on stderr. +-If the \[lq]no\-man\[rq] option if specified, or the manpager fails, the ++If the \[lq]no-man\[rq] option if specified, or the manpager fails, the + short options will be output to stdout. + .RS 2 + .PP +@@ -49,13 +48,13 @@ installed or on \f[I]MANPATH\f[R], See \f[B]man\f[R](1) for more + details. + .RE + .IP \[bu] 2 +-\f[B]\-v\f[R], \f[B]\-\-version\f[R]: Display version information for +-this tool, supported tctis and exit. ++\f[B]-v\f[R], \f[B]--version\f[R]: Display version information for this ++tool, supported tctis and exit. + .SH EXAMPLE + .IP + .nf + \f[C] +-tss2_writeauthorizenv \-\-nvPath=/nv/Owner/myNV \-\-policyPath=/policy/pcr\-policy ++tss2_writeauthorizenv --nvPath=/nv/Owner/myNV --policyPath=/policy/pcr-policy + \f[R] + .fi + .SH RETURNS +diff --git a/man/tpm2_clear.1.md b/man/tpm2_clear.1.md +index 2ea07a4..ff13f05 100644 +--- a/man/tpm2_clear.1.md ++++ b/man/tpm2_clear.1.md +@@ -3,7 +3,7 @@ + # NAME + + **tpm2_clear**(1) - Clears lockout, endorsement and owner hierarchy +-authorization values. ++authorization values and other TPM data. + + # SYNOPSIS + +@@ -13,7 +13,13 @@ authorization values. + + **tpm2_clear**(1) - Send a clear command to the TPM to clear the 3 hierarchy + authorization values. As an argument takes the auth value for either platform or +-lockout hierarchy ++lockout hierarchy. Details of the changes performed to the TPM can be found ++in Part 3, "Commands", section of the TPM Library spec located at the URL below. ++ - https://trustedcomputinggroup.org/resource/tpm-library-specification ++ ++Please look for the version coresponding to your TPM support specification version ++and the TPM2_Clear command. The TPM's supported spec version can be found by ++issuing a `tpm2_getcap properties-fixed` in the `TPM_PT_REVISION` property. + + **NOTE**: All objects created under the respective hierarchies are lost. + +diff --git a/man/tpm2_create.1.md b/man/tpm2_create.1.md +index 14ba0d2..c707a90 100644 +--- a/man/tpm2_create.1.md ++++ b/man/tpm2_create.1.md +@@ -218,6 +218,16 @@ PEM files. + ```bash + tpm2_create -C primary.ctx -u obj.pub -r obj.priv -f pem -o obj.pem + ``` ++## Create a restricted RSA signing key ++ ++For a restricted signing key the scheme and null for the symmetric algorithm must be ++specified. ++ ++```bash ++tpm2_create -C primary.ctx -Grsa2048:rsapss:null \ ++ -a "fixedtpm|fixedparen|sensitivedataorigin|userwithauth|restricted|sign" \ ++ -r obj.priv -u obj.pub ++``` + + [returns](common/returns.md) + +diff --git a/man/tpm2_createek.1.md b/man/tpm2_createek.1.md +index 2753385..aac9531 100644 +--- a/man/tpm2_createek.1.md ++++ b/man/tpm2_createek.1.md +@@ -93,25 +93,30 @@ tpm2_createek -G ecc384 -c 0x81010002 + ``` + + ### Create a transient Endorsement Key, flush it, and reload it. ++Typically, when using the TPM, the interactions occur through a resource ++manager, like tpm2-abrmd(8). However, when interacting with the TPM directly, ++this scenario is possible. The below example assumes direct TPM access not ++brokered by a resource manager. Specifically we will use /dev/tpm0. ++ + ```bash +-tpm2_createek -G rsa -u ek.pub ++tpm2_createek -c ek.ctx -G rsa -u ek.pub -Tdevice:/dev/tpm0 + + # Check that it is loaded in transient memory +-tpm2_getcap handles-transient ++tpm2_getcap handles-transient -Tdevice:/dev/tpm0 + - 0x80000000 + + # Flush the handle +-tpm2_flushcontext 0x80000000 ++tpm2_flushcontext 0x80000000 -Tdevice:/dev/tpm0 + + # Note that it is flushed +-tpm2_getcap handles-transient ++tpm2_getcap handles-transient -Tdevice:/dev/tpm0 + + + # Reload it via loadexternal +-tpm2_loadexternal -C o -u ek.pub -c ek.ctx ++tpm2_loadexternal -C o -u ek.pub -c ek.ctx -Tdevice:/dev/tpm0 + + # Check that it is re-loaded in transient memory +-tpm2_getcap handles-transient ++tpm2_getcap handles-transient -Tdevice:/dev/tpm0 + - 0x80000000 + + ``` +diff --git a/man/tpm2_duplicate.1.md b/man/tpm2_duplicate.1.md +index 3c38dbe..4463f96 100644 +--- a/man/tpm2_duplicate.1.md ++++ b/man/tpm2_duplicate.1.md +@@ -21,9 +21,15 @@ These options control the key importation process: + + * **-G**, **\--wrapper-algorithm**=_ALGORITHM_: + +- The symmetric algorithm to be used for the inner wrapper. Supports: ++ The symmetric algorithm to be used for the inner wrapper if -U is not used. ++ Supports: + * aes - AES 128 in CFB mode. + * null - none ++ The key algorithm associated with the public parent if -U is used. ++ ++ * **-G**, **\--key-algorithm**=_ALGORITHM_: ++ ++ The key algorithm associated with the public parent if -U is used. + + * **-i**, **\--encryptionkey-in**=_FILE_: + +@@ -45,6 +51,8 @@ These options control the key importation process: + + Specifies the file path to the public key of the parent object on the + destination TPM. This should be a `TPM2B_PUBLIC` formatted file. ++ This public key is used for the wrapping of a PEM or DER key ++ which will be exported for a remote TPM. + + * **-k**, **\--private-key**=_FILE_: + +@@ -77,6 +85,15 @@ These options control the key importation process: + + The object to be duplicated. + ++ * **-a**, **\--attributes**=_ATTRIBUTES_: ++ ++ The object attributes, optional. The default for created objects is: ++ ++ `TPMA_OBJECT_SIGN_ENCRYPT|TPMA_OBJECT_DECRYPT|TPMA_OBJECT_USERWITHAUTH` ++ ++ Note: If a policy is specified without an auth value then `TPMA_OBJECT_USERWITHAUTH` ++ is turned down. ++ + * **\--cphash**=_FILE_ + + File path to record the hash of the command parameters. This is commonly +diff --git a/man/tpm2_ecdhkeygen.1.md b/man/tpm2_ecdhkeygen.1.md +index a79557d..1e84791 100644 +--- a/man/tpm2_ecdhkeygen.1.md ++++ b/man/tpm2_ecdhkeygen.1.md +@@ -28,7 +28,7 @@ shared secret value using the parameters from a ECC public key. + * **-o**, **\--output**=_FILE_ + + Specify file path to save the calculated ecdh secret or Z point. +- ++ + * **\--cphash**=_FILE_ + + File path to record the hash of the command parameters. This is commonly +diff --git a/man/tpm2_ecdhzgen.1.md b/man/tpm2_ecdhzgen.1.md +index f03ec6a..9b83863 100644 +--- a/man/tpm2_ecdhzgen.1.md ++++ b/man/tpm2_ecdhzgen.1.md +@@ -29,7 +29,11 @@ resultant point (Z = (xZ , yZ) ≔ [hds]QB; where h is the cofactor of the curve + + * **-u**, **\--public**=_FILE_: + +- Output ECC point Q. ++ Input ECC point Q. ++ ++ * **-k**, **\--public-key**=_FILE_: ++ ++ Input ECC public key with point Q. + + * **-o**, **\--output**=_FILE_ + +@@ -40,7 +44,7 @@ resultant point (Z = (xZ , yZ) ≔ [hds]QB; where h is the cofactor of the curve + File path to record the hash of the command parameters. This is commonly + termed as cpHash. NOTE: When this option is selected, The tool will not + actually execute the command, it simply returns a cpHash. +- ++ + ## References + + [algorithm specifiers](common/alg.md) details the options for specifying +diff --git a/man/tpm2_ecephemeral.1.md b/man/tpm2_ecephemeral.1.md +index 0277301..bfea936 100644 +--- a/man/tpm2_ecephemeral.1.md ++++ b/man/tpm2_ecephemeral.1.md +@@ -33,7 +33,7 @@ exchange protocol. + File path to record the hash of the command parameters. This is commonly + termed as cpHash. NOTE: When this option is selected, The tool will not + actually execute the command, it simply returns a cpHash. +- ++ + ## References + + [algorithm specifiers](common/alg.md) details the options for specifying +diff --git a/man/tpm2_encodeobject.1.md b/man/tpm2_encodeobject.1.md +index 2e83fa7..5c290ea 100644 +--- a/man/tpm2_encodeobject.1.md ++++ b/man/tpm2_encodeobject.1.md +@@ -86,7 +86,7 @@ The final step, is encoding the public and private portions of the object into a + PEM format. + + ```bash +-tpm2_encodeobject -C primary.ctx -u key.pub -r key.priv -c priv.pem ++tpm2_encodeobject -C primary.ctx -u key.pub -r key.priv -o priv.pem + ``` + + The generated `priv.pem` can be used together with `pub.pem` created in the +diff --git a/man/tpm2_geteccparameters.1.md b/man/tpm2_geteccparameters.1.md +index cb45e99..1bcf5be 100644 +--- a/man/tpm2_geteccparameters.1.md ++++ b/man/tpm2_geteccparameters.1.md +@@ -29,7 +29,7 @@ identified by its TCG-assigned curveID. + File path to record the hash of the command parameters. This is commonly + termed as cpHash. NOTE: When this option is selected, The tool will not + actually execute the command, it simply returns a cpHash. +- ++ + ## References + + [algorithm specifiers](common/alg.md) details the options for specifying +diff --git a/man/tpm2_getekcertificate.1.md b/man/tpm2_getekcertificate.1.md +index 8cfdcc7..0b5450b 100644 +--- a/man/tpm2_getekcertificate.1.md ++++ b/man/tpm2_getekcertificate.1.md +@@ -30,7 +30,7 @@ conditions dictating the certificate location lookup. + tpmEPSgenerated bit is SET AND manufacturer is INTC. + + Note: +- ++ + In this operation information is provided regarding additional software to + be run as part of the re-provisioning/ re-certification service. + +@@ -84,6 +84,12 @@ conditions dictating the certificate location lookup. + This flags the tool to output the EK certificate as is received from the + source: NV/ Web-Hosting. + ++ * **-E**, **\--encoding**=_ENCODING_: ++ ++ Specifies the encoding format to use explicitly. Normally, the default ++ method is the one used by Intel unless an AMD fTPM is detected, in which ++ case the AMD-specific encoding is used. Use 'a' for AMD and 'i' for Intel. ++ + * **ARGUMENT** the command line argument specifies the URL address for the EK + certificate portal. This forces the tool to not look for the EK certificates + on the NV indices. +diff --git a/man/tpm2_import.1.md b/man/tpm2_import.1.md +index b60f3dd..f34a8ab 100644 +--- a/man/tpm2_import.1.md ++++ b/man/tpm2_import.1.md +@@ -23,7 +23,7 @@ These options control the key importation process: + + The algorithm used by the key to be imported. Supports: + * **aes** - AES 128, 192 or 256 key. +- * **rsa** - RSA 1024 or 2048 key. ++ * **rsa** - RSA 1024, 2048, 3072, or 4096 key. + * **ecc** - ECC NIST P192, P224, P256, P384 or P521 public and private key. + * **hmac** - HMAC key. + +diff --git a/man/tpm2_pcrallocate.1.md b/man/tpm2_pcrallocate.1.md +index 9eff800..eb8a543 100644 +--- a/man/tpm2_pcrallocate.1.md ++++ b/man/tpm2_pcrallocate.1.md +@@ -33,13 +33,13 @@ The new allocations become effective after the next reboot. + "authorization formatting standards", see section "Authorization Formatting". + + * **ARGUMENT** the command line argument specifies the PCR allocation. +- ++ + * **\--cphash**=_FILE_ + + File path to record the hash of the command parameters. This is commonly + termed as cpHash. NOTE: When this option is selected, The tool will not + actually execute the command, it simply returns a cpHash. +- ++ + ## References + + [context object format](common/ctxobj.md) details the methods for specifying +diff --git a/man/tpm2_pcrevent.1.md b/man/tpm2_pcrevent.1.md +index d2f3726..79ff293 100644 +--- a/man/tpm2_pcrevent.1.md ++++ b/man/tpm2_pcrevent.1.md +@@ -41,7 +41,7 @@ These options control extending the pcr: + File path to record the hash of the command parameters. This is commonly + termed as cpHash. NOTE: When this option is selected, The tool will not + actually execute the command, it simply returns a cpHash. +- ++ + [common options](common/options.md) + + [common tcti options](common/tcti.md) +diff --git a/man/tpm2_pcrread.1.md b/man/tpm2_pcrread.1.md +index fa030a2..4cc59da 100644 +--- a/man/tpm2_pcrread.1.md ++++ b/man/tpm2_pcrread.1.md +@@ -41,7 +41,7 @@ sha256 : + * **-o**, **\--output**=_FILE_: + + The output file to write the PCR values in binary format, optional. +- ++ + * **\--cphash**=_FILE_ + + File path to record the hash of the command parameters. This is commonly +diff --git a/man/tpm2_policypcr.1.md b/man/tpm2_policypcr.1.md +index 7f3cb68..5628b80 100644 +--- a/man/tpm2_policypcr.1.md ++++ b/man/tpm2_policypcr.1.md +@@ -34,7 +34,8 @@ usages. The PCR data factored into the policy can be specified in one of 3 ways: + + * **-l**, **\--pcr-list**=_PCR_: + +- The list of PCR banks and selected PCRs' ids for each bank. ++ The list of PCR banks and selected PCRs' ids for each bank. Forward ++ sealing values can be specified. + + * **-S**, **\--session**=_FILE_: + +diff --git a/man/tpm2_policyrestart.1.md b/man/tpm2_policyrestart.1.md +index b742e36..31713b0 100644 +--- a/man/tpm2_policyrestart.1.md ++++ b/man/tpm2_policyrestart.1.md +@@ -25,7 +25,7 @@ would still need to satisfy the policy. + Optional, A session file from **tpm2_startauthsession**(1)'s **-S** option. + This session is used in lieu of starting a session and using the PCR policy + options. +- ++ + * **\--cphash**=_FILE_ + + File path to record the hash of the command parameters. This is commonly +diff --git a/man/tpm2_tr_encode.1.md b/man/tpm2_tr_encode.1.md +new file mode 100644 +index 0000000..2312363 +--- /dev/null ++++ b/man/tpm2_tr_encode.1.md +@@ -0,0 +1,58 @@ ++% tpm2_tr_encode(1) tpm2-tools | General Commands Manual ++ ++# NAME ++ ++**tpm2_tr_encode**(1) - Encodes a peristent handle and `TPM2B_NAME` as a serialized `ESYS_TR` as ++output. ++ ++# SYNOPSIS ++ ++**tpm2_tr_encode** [*OPTIONS*] ++ ++# DESCRIPTION ++ ++**tpm2_tr_encode**(1) - Encodes a peristent TPM2 handle along with a populated `TPM2B_PUBLIC` as ++a serialized `ESYS_TR`. This is useful for moving a public and handle from one environment ++where a TPM is not available to another environment with a TPM and make use of it through the ++ESAPI API or tpm2-tools(1). ++ ++# OPTIONS ++ ++ * **-c**, **\--object-context**=_OBJECT_: ++ ++ Persistent handle. ++ ++[pubkey options](common/pubkey.md) ++ ++ Public key format. ++ ++ * **-o**, **\--output**=_FILE_: ++ ++ The output file path, recording the serialized `ESYS_TR`. ++ ++ ++## References ++ ++[context object format](common/ctxobj.md) details the methods for specifying ++_OBJECT_. ++ ++[common options](common/options.md) collection of common options that provide ++information many users may expect. ++ ++[common tcti options](common/tcti.md) collection of options used to configure ++the various known TCTI modules. ++ ++# EXAMPLES ++ ++## Serialize a public and handle as an ESYS_TR ++ ++```bash ++tpm2_createprimary -c primary.ctx ++tpm2_evictcontrol -c primary.ctx -o primary.tr 0x81000002 ++tpm2_readpublic -c primary.tr -o primary.pub ++tpm2_tr_encode -c 0x81000002 -u primary.pub -o primary2.tr ++``` ++ ++[returns](common/returns.md) ++ ++[footer](common/footer.md) +diff --git a/man/tpm2_verifysignature.1.md b/man/tpm2_verifysignature.1.md +index b8361f4..d62cdc2 100644 +--- a/man/tpm2_verifysignature.1.md ++++ b/man/tpm2_verifysignature.1.md +@@ -92,7 +92,7 @@ tpm2_load -C primary.ctx -u rsa.pub -r rsa.priv -c rsa.ctx + + echo "my message > message.dat + +-tpm2_sign -c rsa.ctx -g sha256 -m message.dat -s sig.rssa ++tpm2_sign -c rsa.ctx -g sha256 -s sig.rssa message.dat + + tpm2_verifysignature -c rsa.ctx -g sha256 -m message.dat -s sig.rssa + ``` +diff --git a/missing b/missing +index 625aeb1..1fe1611 100755 +--- a/missing ++++ b/missing +@@ -3,7 +3,7 @@ + + scriptversion=2018-03-07.03; # UTC + +-# Copyright (C) 1996-2018 Free Software Foundation, Inc. ++# Copyright (C) 1996-2021 Free Software Foundation, Inc. + # Originally written by Fran,cois Pinard , 1996. + + # This program is free software; you can redistribute it and/or modify +diff --git a/src_vars.mk b/src_vars.mk +index 71e7b47..ebd438e 100644 +--- a/src_vars.mk ++++ b/src_vars.mk +@@ -1,7 +1,7 @@ + LIB_C = lib/files.c lib/log.c lib/object.c lib/pcr.c lib/tool_rc.c lib/tpm2.c lib/tpm2_alg_util.c lib/tpm2_attr_util.c lib/tpm2_auth_util.c lib/tpm2_capability.c lib/tpm2_cc_util.c lib/tpm2_convert.c lib/tpm2_ctx_mgmt.c lib/tpm2_errata.c lib/tpm2_eventlog.c lib/tpm2_eventlog_yaml.c lib/tpm2_hash.c lib/tpm2_hierarchy.c lib/tpm2_identity_util.c lib/tpm2_kdfa.c lib/tpm2_kdfe.c lib/tpm2_openssl.c lib/tpm2_options.c lib/tpm2_policy.c lib/tpm2_session.c lib/tpm2_tool_output.c lib/tpm2_util.c + LIB_H = lib/efi_event.h lib/files.h lib/log.h lib/object.h lib/pcr.h lib/tool_rc.h lib/tpm2.h lib/tpm2_alg_util.h lib/tpm2_attr_util.h lib/tpm2_auth_util.h lib/tpm2_capability.h lib/tpm2_cc_util.h lib/tpm2_convert.h lib/tpm2_ctx_mgmt.h lib/tpm2_errata.h lib/tpm2_eventlog.h lib/tpm2_eventlog_yaml.h lib/tpm2_hash.h lib/tpm2_header.h lib/tpm2_hierarchy.h lib/tpm2_identity_util.h lib/tpm2_kdfa.h lib/tpm2_kdfe.h lib/tpm2_nv_util.h lib/tpm2_openssl.h lib/tpm2_options.h lib/tpm2_policy.h lib/tpm2_session.h lib/tpm2_systemdeps.h lib/tpm2_tool_output.h lib/tpm2_util.h + LIB_SRC = $(LIB_C) $(LIB_H) +-SYSTEM_TESTS = test/integration/tests/X509certutil.sh test/integration/tests/abrmd_extended-sessions.sh test/integration/tests/abrmd_nvundefinespecial.sh test/integration/tests/abrmd_policyauthorize.sh test/integration/tests/abrmd_policyauthorizenv.sh test/integration/tests/abrmd_policyauthvalue.sh test/integration/tests/abrmd_policycommandcode.sh test/integration/tests/abrmd_policycountertimer.sh test/integration/tests/abrmd_policycphash.sh test/integration/tests/abrmd_policyduplicationselect.sh test/integration/tests/abrmd_policynamehash.sh test/integration/tests/abrmd_policynv.sh test/integration/tests/abrmd_policynvwritten.sh test/integration/tests/abrmd_policyor.sh test/integration/tests/abrmd_policypassword.sh test/integration/tests/abrmd_policypcr.sh test/integration/tests/abrmd_policysecret.sh test/integration/tests/abrmd_policysigned.sh test/integration/tests/abrmd_policytemplate.sh test/integration/tests/abrmd_policyticket.sh test/integration/tests/activecredential.sh test/integration/tests/attestation.sh test/integration/tests/certify.sh test/integration/tests/certifycreation.sh test/integration/tests/changeauth.sh test/integration/tests/changeeps.sh test/integration/tests/changepps.sh test/integration/tests/checkquote.sh test/integration/tests/clear.sh test/integration/tests/clearcontrol.sh test/integration/tests/clockrateadjust.sh test/integration/tests/commandaudit.sh test/integration/tests/create.sh test/integration/tests/createak.sh test/integration/tests/createek.sh test/integration/tests/createpolicy.sh test/integration/tests/createprimary.sh test/integration/tests/dictionarylockout.sh test/integration/tests/duplicate.sh test/integration/tests/ecc.sh test/integration/tests/encodeobject.sh test/integration/tests/encryptdecrypt.sh test/integration/tests/eventlog.sh test/integration/tests/evictcontrol.sh test/integration/tests/flushcontext.sh test/integration/tests/getcap.sh test/integration/tests/getekcertificate.sh test/integration/tests/getpolicydigest.sh test/integration/tests/getrandom.sh test/integration/tests/gettestresult.sh test/integration/tests/gettime.sh test/integration/tests/hash.sh test/integration/tests/hierarchycontrol.sh test/integration/tests/hmac.sh test/integration/tests/import.sh test/integration/tests/import_tpm.sh test/integration/tests/incrementalselftest.sh test/integration/tests/load.sh test/integration/tests/loadexternal.sh test/integration/tests/makecredential.sh test/integration/tests/nv.sh test/integration/tests/nvcertify.sh test/integration/tests/nvinc.sh test/integration/tests/output_formats.sh test/integration/tests/pcrallocate.sh test/integration/tests/pcrevent.sh test/integration/tests/pcrextend.sh test/integration/tests/pcrlist.sh test/integration/tests/pcrreset.sh test/integration/tests/pcrs_format.sh test/integration/tests/print.sh test/integration/tests/quote.sh test/integration/tests/rc_decode.sh test/integration/tests/readclock.sh test/integration/tests/readpublic.sh test/integration/tests/rsadecrypt.sh test/integration/tests/rsaencrypt.sh test/integration/tests/selftest.sh test/integration/tests/send-tcti-cmd.sh test/integration/tests/send.sh test/integration/tests/sessionaudit.sh test/integration/tests/sessionconfig.sh test/integration/tests/setclock.sh test/integration/tests/setprimarypolicy.sh test/integration/tests/sign.sh test/integration/tests/startup.sh test/integration/tests/stirrandom.sh test/integration/tests/symlink.sh test/integration/tests/testparms.sh test/integration/tests/toggle_options.sh test/integration/tests/unseal.sh test/integration/tests/verifysignature.sh ++SYSTEM_TESTS = test/integration/tests/X509certutil.sh test/integration/tests/abrmd_extended-sessions.sh test/integration/tests/abrmd_nvundefinespecial.sh test/integration/tests/abrmd_policyauthorize.sh test/integration/tests/abrmd_policyauthorizenv.sh test/integration/tests/abrmd_policyauthvalue.sh test/integration/tests/abrmd_policycommandcode.sh test/integration/tests/abrmd_policycountertimer.sh test/integration/tests/abrmd_policycphash.sh test/integration/tests/abrmd_policyduplicationselect.sh test/integration/tests/abrmd_policynamehash.sh test/integration/tests/abrmd_policynv.sh test/integration/tests/abrmd_policynvwritten.sh test/integration/tests/abrmd_policyor.sh test/integration/tests/abrmd_policypassword.sh test/integration/tests/abrmd_policypcr.sh test/integration/tests/abrmd_policysecret.sh test/integration/tests/abrmd_policysigned.sh test/integration/tests/abrmd_policytemplate.sh test/integration/tests/abrmd_policyticket.sh test/integration/tests/activecredential.sh test/integration/tests/attestation.sh test/integration/tests/certify.sh test/integration/tests/certifycreation.sh test/integration/tests/changeauth.sh test/integration/tests/changeeps.sh test/integration/tests/changepps.sh test/integration/tests/checkquote.sh test/integration/tests/clear.sh test/integration/tests/clearcontrol.sh test/integration/tests/clockrateadjust.sh test/integration/tests/commandaudit.sh test/integration/tests/create.sh test/integration/tests/createak.sh test/integration/tests/createek.sh test/integration/tests/createpolicy.sh test/integration/tests/createprimary.sh test/integration/tests/dictionarylockout.sh test/integration/tests/duplicate.sh test/integration/tests/ecc.sh test/integration/tests/encodeobject.sh test/integration/tests/encryptdecrypt.sh test/integration/tests/eventlog.sh test/integration/tests/evictcontrol.sh test/integration/tests/flushcontext.sh test/integration/tests/forward-seal.sh test/integration/tests/getcap.sh test/integration/tests/getekcertificate.sh test/integration/tests/getpolicydigest.sh test/integration/tests/getrandom.sh test/integration/tests/gettestresult.sh test/integration/tests/gettime.sh test/integration/tests/hash.sh test/integration/tests/hierarchycontrol.sh test/integration/tests/hmac.sh test/integration/tests/import.sh test/integration/tests/import_tpm.sh test/integration/tests/incrementalselftest.sh test/integration/tests/load.sh test/integration/tests/loadexternal.sh test/integration/tests/makecredential.sh test/integration/tests/nv.sh test/integration/tests/nvcertify.sh test/integration/tests/nvinc.sh test/integration/tests/output_formats.sh test/integration/tests/pcrallocate.sh test/integration/tests/pcrevent.sh test/integration/tests/pcrextend.sh test/integration/tests/pcrlist.sh test/integration/tests/pcrreset.sh test/integration/tests/pcrs_format.sh test/integration/tests/print.sh test/integration/tests/quote.sh test/integration/tests/rc_decode.sh test/integration/tests/readclock.sh test/integration/tests/readpublic.sh test/integration/tests/rsadecrypt.sh test/integration/tests/rsaencrypt.sh test/integration/tests/selftest.sh test/integration/tests/send-tcti-cmd.sh test/integration/tests/send.sh test/integration/tests/sessionaudit.sh test/integration/tests/sessionconfig.sh test/integration/tests/setclock.sh test/integration/tests/setprimarypolicy.sh test/integration/tests/sign.sh test/integration/tests/startup.sh test/integration/tests/stirrandom.sh test/integration/tests/symlink.sh test/integration/tests/testparms.sh test/integration/tests/toggle_options.sh test/integration/tests/tr_encode.sh test/integration/tests/unseal.sh test/integration/tests/verifysignature.sh + ALL_SYSTEM_TESTS = $(SYSTEM_TESTS) + FAPI_TESTS = test/integration/fapi/fapi-authorize-policy.sh test/integration/fapi/fapi-authorize-policy_ecc.sh test/integration/fapi/fapi-branch-select.sh test/integration/fapi/fapi-branch-select_ecc.sh test/integration/fapi/fapi-encrypt-decrypt.sh test/integration/fapi/fapi-encrypt-decrypt_ecc.sh test/integration/fapi/fapi-export-key.sh test/integration/fapi/fapi-export-key_ecc.sh test/integration/fapi/fapi-export-policy.sh test/integration/fapi/fapi-export-policy_ecc.sh test/integration/fapi/fapi-get-info.sh test/integration/fapi/fapi-get-info_ecc.sh test/integration/fapi/fapi-get-platform-certificates.sh test/integration/fapi/fapi-get-platform-certificates_ecc.sh test/integration/fapi/fapi-get-random.sh test/integration/fapi/fapi-get-random_ecc.sh test/integration/fapi/fapi-get-tpm-blobs.sh test/integration/fapi/fapi-get-tpm-blobs_ecc.sh test/integration/fapi/fapi-gettpm2object.sh test/integration/fapi/fapi-gettpm2object_ecc.sh test/integration/fapi/fapi-key-change-auth.sh test/integration/fapi/fapi-key-change-auth_ecc.sh test/integration/fapi/fapi-list.sh test/integration/fapi/fapi-list_ecc.sh test/integration/fapi/fapi-nv-extend.sh test/integration/fapi/fapi-nv-extend_ecc.sh test/integration/fapi/fapi-nv-increment.sh test/integration/fapi/fapi-nv-increment_ecc.sh test/integration/fapi/fapi-nv-set-bits.sh test/integration/fapi/fapi-nv-set-bits_ecc.sh test/integration/fapi/fapi-nv-write-authorize.sh test/integration/fapi/fapi-nv-write-authorize_ecc.sh test/integration/fapi/fapi-nv-write-read-policy-or.sh test/integration/fapi/fapi-nv-write-read-policy-or2.sh test/integration/fapi/fapi-nv-write-read-policy-or2_ecc.sh test/integration/fapi/fapi-nv-write-read-policy-or_ecc.sh test/integration/fapi/fapi-nv-write-read.sh test/integration/fapi/fapi-nv-write-read_ecc.sh test/integration/fapi/fapi-pcr-extend-read.sh test/integration/fapi/fapi-pcr-extend-read_ecc.sh test/integration/fapi/fapi-policy_signed.sh test/integration/fapi/fapi-policy_signed_delegation.sh test/integration/fapi/fapi-policy_signed_delegation_ecc.sh test/integration/fapi/fapi-policy_signed_ecc.sh test/integration/fapi/fapi-provision.sh test/integration/fapi/fapi-provision_ecc.sh test/integration/fapi/fapi-quote-verify.sh test/integration/fapi/fapi-quote-verify_ecc.sh test/integration/fapi/fapi-seal-unseal.sh test/integration/fapi/fapi-seal-unseal_ecc.sh test/integration/fapi/fapi-set-get-app-data.sh test/integration/fapi/fapi-set-get-app-data_ecc.sh test/integration/fapi/fapi-set-get-certificate.sh test/integration/fapi/fapi-set-get-certificate_ecc.sh test/integration/fapi/fapi-set-get-description.sh test/integration/fapi/fapi-set-get-description_ecc.sh test/integration/fapi/fapi-sign-verify.sh test/integration/fapi/fapi-sign-verify_ecc.sh test/integration/fapi/fapi-testing-template.sh test/integration/fapi/fapi-testing-template_ecc.sh + ALL_FAPI_TESTS = $(FAPI_TESTS) +diff --git a/test-driver b/test-driver +index b8521a4..be73b80 100755 +--- a/test-driver ++++ b/test-driver +@@ -3,7 +3,7 @@ + + scriptversion=2018-03-07.03; # UTC + +-# Copyright (C) 2011-2018 Free Software Foundation, Inc. ++# Copyright (C) 2011-2021 Free Software Foundation, Inc. + # + # This program is free software; you can redistribute it and/or modify + # it under the terms of the GNU General Public License as published by +@@ -42,11 +42,13 @@ print_usage () + { + cat <$log_file 2>&1 ++# Test script is run here. We create the file first, then append to it, ++# to ameliorate tests themselves also writing to the log file. Our tests ++# don't, but others can (automake bug#35762). ++: >"$log_file" ++"$@" >>"$log_file" 2>&1 + estatus=$? + + if test $enable_hard_errors = no && test $estatus -eq 99; then +@@ -126,7 +131,7 @@ esac + # know whether the test passed or failed simply by looking at the '.log' + # file, without the need of also peaking into the corresponding '.trs' + # file (automake bug#11814). +-echo "$res $test_name (exit status: $estatus)" >>$log_file ++echo "$res $test_name (exit status: $estatus)" >>"$log_file" + + # Report outcome to console. + echo "${col}${res}${std}: $test_name" +diff --git a/test/integration/fixtures/event-moklisttrusted-hex.yaml b/test/integration/fixtures/event-moklisttrusted-hex.yaml +new file mode 100644 +index 0000000..9526b35 +--- /dev/null ++++ b/test/integration/fixtures/event-moklisttrusted-hex.yaml +@@ -0,0 +1,874 @@ ++--- ++- content_type: pcclient_std ++ pcr: 0 ++ recnum: 1 ++ content: ++ event_type: EV_NO_ACTION ++ event_data: 53706563204944204576656e743033000000000000020002010000000b00200000 ++ digests: ++ - hashAlg: sha1 ++ digest: '0000000000000000000000000000000000000000' ++- content: ++ event_type: EV_S_CRTM_VERSION ++ event_data: '0000' ++ content_type: pcclient_std ++ pcr: 0 ++ recnum: 2 ++ digests: ++ - hashAlg: sha256 ++ digest: 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 ++- content: ++ event_type: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ event_data: '000082000000000000000e0000000000' ++ content_type: pcclient_std ++ pcr: 0 ++ recnum: 3 ++ digests: ++ - hashAlg: sha256 ++ digest: df32b6fc4e8a153713feba580b9ca6da6efa8cb23dd907f0e543d1f4c5be3c14 ++- content: ++ event_type: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ event_data: '00009000000000000000c00000000000' ++ content_type: pcclient_std ++ pcr: 0 ++ recnum: 4 ++ digests: ++ - hashAlg: sha256 ++ digest: da36c15e1184901ad53ec231d441224d2fff5ff168d8972fe71efca4e150b502 ++- content: ++ event_type: EV_EFI_VARIABLE_DRIVER_CONFIG ++ event_data: 61dfe48bca93d211aa0d00e098032b8c0a00000000000000010000000000000053006500630075007200650042006f006f00740001 ++ content_type: pcclient_std ++ pcr: 7 ++ recnum: 0 ++ digests: ++ - hashAlg: sha256 ++ digest: ccfc4bb32888a345bc8aeadaba552b627d99348c767681ab3141f5b01e40a40e ++- content: ++ event_type: EV_EFI_VARIABLE_DRIVER_CONFIG ++ event_data: 61dfe48bca93d211aa0d00e098032b8c0200000000000000d00300000000000050004b00a159c0a5e494a74a87b5ab155c2bf072d003000000000000b403000061dfe48bca93d211aa0d00e098032b8c308203a030820288a003020102020900fef588e8f396c0f1300d06092a864886f70d01010b05003051312b302906035504031322526564204861742053656375726520426f6f742028504b2f4b454b206b65792031293122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d301e170d3134313033313131313533375a170d3337313032353131313533375a3051312b302906035504031322526564204861742053656375726520426f6f742028504b2f4b454b206b65792031293122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100901f847b8dbceb9726826d88ab8ac98c6870f9df4b07b237830b02c86768309ee3f0f0994ab85957c641f6388bfe664c49e93737922e98011e5b1450e6a88d250df586e6ab30cb4016ea8d8b1686704337f2cec091df71148e990e89b64c6d241e8ce42f4f25d0ba06f8c6e8191876731d816da8d805cf3ac87b28c836a3160d298c999a68dcabc04d8dbf5abb2ba9394b04971cf936bbc53a8604aeafd4827be0abde490568fcf6ae681a6c904d57193c646603f6c7529bf794cf936aa168c9aacf996bbcaa5e08e7391cf7f80fba067ef1cbe876ddfe22daad3a5e5b34eab3c9e04d04297eb860b905efb5d91758561660b93032f0364ac3f2798d124070f30203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604143ce960e3ff19a10a7ba342f48d422eb4d59c72ec301f0603551d230418301680143ce960e3ff19a10a7ba342f48d422eb4d59c72ec300d06092a864886f70d01010b050003820101005c4d9288b4825f1dad8b11ecdf06a67aa52b9f37550c8d6e0500adb70c418969cfd665069b5178d2adc7bf9cdc05737fe71e3913b4eab6307d4075ab9c430bdfb0c21bbf30e0f4fec0db622198f6c5afde3b4f490ae61ef986b03f0dd6d44637db54745eff11c260c67058c51c6fecb2d86e6fc3bc338738a4f344649c343b28942678279f1617e83b690a25a973367e9e375cece83fdb91f912b33dcee7dd15c3ae8c0520619b95de9baffab15c1ce597e7c3341185f58a2726a47036ec0cf6833d90f736f3f9f315d49062be53b4afd349afeff473e87b76e4442a37ba81a4990c3a312471a0e4e4b71acb47e4aa22cfef756180e343b7485773113d789b69 ++ content_type: pcclient_std ++ pcr: 7 ++ recnum: 1 ++ digests: ++ - hashAlg: sha256 ++ digest: 36a1f8ab7581531938784aa5bf73aac6973e3ba6a60cd89f24020fcb7961fc3e ++- content: ++ event_type: EV_EFI_VARIABLE_DRIVER_CONFIG ++ event_data: 61dfe48bca93d211aa0d00e098032b8c0300000000000000e8090000000000004b0045004b00a159c0a5e494a74a87b5ab155c2bf072d003000000000000b4030000a3a8baa01d04a848bc87c36d121b5e3d308203a030820288a003020102020900fef588e8f396c0f1300d06092a864886f70d01010b05003051312b302906035504031322526564204861742053656375726520426f6f742028504b2f4b454b206b65792031293122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d301e170d3134313033313131313533375a170d3337313032353131313533375a3051312b302906035504031322526564204861742053656375726520426f6f742028504b2f4b454b206b65792031293122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100901f847b8dbceb9726826d88ab8ac98c6870f9df4b07b237830b02c86768309ee3f0f0994ab85957c641f6388bfe664c49e93737922e98011e5b1450e6a88d250df586e6ab30cb4016ea8d8b1686704337f2cec091df71148e990e89b64c6d241e8ce42f4f25d0ba06f8c6e8191876731d816da8d805cf3ac87b28c836a3160d298c999a68dcabc04d8dbf5abb2ba9394b04971cf936bbc53a8604aeafd4827be0abde490568fcf6ae681a6c904d57193c646603f6c7529bf794cf936aa168c9aacf996bbcaa5e08e7391cf7f80fba067ef1cbe876ddfe22daad3a5e5b34eab3c9e04d04297eb860b905efb5d91758561660b93032f0364ac3f2798d124070f30203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604143ce960e3ff19a10a7ba342f48d422eb4d59c72ec301f0603551d230418301680143ce960e3ff19a10a7ba342f48d422eb4d59c72ec300d06092a864886f70d01010b050003820101005c4d9288b4825f1dad8b11ecdf06a67aa52b9f37550c8d6e0500adb70c418969cfd665069b5178d2adc7bf9cdc05737fe71e3913b4eab6307d4075ab9c430bdfb0c21bbf30e0f4fec0db622198f6c5afde3b4f490ae61ef986b03f0dd6d44637db54745eff11c260c67058c51c6fecb2d86e6fc3bc338738a4f344649c343b28942678279f1617e83b690a25a973367e9e375cece83fdb91f912b33dcee7dd15c3ae8c0520619b95de9baffab15c1ce597e7c3341185f58a2726a47036ec0cf6833d90f736f3f9f315d49062be53b4afd349afeff473e87b76e4442a37ba81a4990c3a312471a0e4e4b71acb47e4aa22cfef756180e343b7485773113d789b69a159c0a5e494a74a87b5ab155c2bf0721806000000000000fc050000bd9afa775903324dbd6028f4e78f784b308205e8308203d0a003020102020a610ad188000000000003300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632343230343132395a170d3236303632343230353132395a308180310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312a3028060355040313214d6963726f736f667420436f72706f726174696f6e204b454b204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4e8b58abfad5726b026c3eae7fb577a44025d070dda4ae5742ae6b00fec6debec7fb9e35a63327c11174f0ee30ba73815938ec6f5e084b19a9b2ce7f5b791d609e1e2c004a8ac301cdf48f306509a64a7517fc8854f8f2086cefe2fe19fff82c0ede9cdcef4536a623a0b43b9e225fdfe05f9d4c414ab11e223898d70b7a41d4decaee59cfa16c2d7c1cbd4e8c42fe599ee248b03ec8df28beac34afb4311120b7eb547926cdce60489ebf53304eb10012a71e5f983133cff25092f687646ffba4fbedcad712a58aafb0ed2793de49b653bcc292a9ffc7259a2ebae92eff6351380c602ece45fcc9d76cdef6392c1af79408479877fe352a8e89d7b07698f150203010001a382014f3082014b301006092b06010401823715010403020100301d0603551d0e0416041462fc43cda03ea4cb6712d25bd955ac7bccb68a5f301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100d48488f514941802ca2a3cfb2a921c0cd7a0d1f1e85266a8eea2b5757a9000aa2da4765aea79b7b9376a517b1064f6e164f20267bef7a81b78bdbace8858640cd657c819a35f05d6dbc6d069ce484b32b7eb5dd230f5c0f5b8ba7807a32bfe9bdb345684ec82caae4125709c6be9fe900fd7961fe5e7941fb22a0c8d4bff2829107bf7d77ca5d176b905c879ed0f90929cc2fedf6f7e6c0f7bd4c145dd345196390fe55e56d8180596f407a642b3a077fd0819f27156cc9f8623a487cba6fd587ed4696715917e81f27f13e50d8b8a3c8784ebe3cebd43e5ad2d84938e6a2b5a7c44fa52aa81c82d1cbbe052df0011f89a3dc160b0e133b5a388d165190a1ae7ac7ca4c182874e38b12f0dc514876ffd8d2ebc39b6e7e6c3e0e4cd2784ef9442ef298b9046413b811b67d8f9435965cb0dbcfd00924ff4753ba7a924fc50414079e02d4f0a6a27766e52ed96697baf0ff78705d045c2ad5314811ffb3004aa373661da4a691b34d868edd602cf6c940cd3cf6c2279adb1f0bc03a24660a9c407c22182f1fdf2e8793260bfd8aca522144bcac1d84beb7d3f5735b2e64f75b4b060032253ae91791dd69b411f15865470b2de0d350f7cb03472ba97603bf079eba2b21c5da216b887c5e91bf6b597256f389fe391fa8a7998c3690eb7a31c200597f8ca14ae00d7c4f3c01410756b34a01bb59960f35cb0c5574e36d23284bf9e ++ content_type: pcclient_std ++ pcr: 7 ++ recnum: 2 ++ digests: ++ - hashAlg: sha256 ++ digest: 1c1acab9b9e89496e453e6d5a9d3ef0c3632cd99496016fcc0c1e435c62bf421 ++- content: ++ event_type: EV_EFI_VARIABLE_DRIVER_CONFIG ++ event_data: cbb219d73a3d9645a3bcdad00e67656f0200000000000000470c00000000000064006200a159c0a5e494a74a87b5ab155c2bf0720706000000000000eb050000bd9afa775903324dbd6028f4e78f784b308205d7308203bfa003020102020a61077656000000000008300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3131313031393138343134325a170d3236313031393138353134325a308184310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312e302c060355040313254d6963726f736f66742057696e646f77732050726f64756374696f6e20504341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100dd0cbba2e42e09e3e7c5f79669bc0021bd693333efad04cb5480ee0683bbc52084d9f7d28bf338b0aba4ad2d7c627905ffe34a3f04352070e3c4e76be09cc03675e98a31dd8d70e5dc37b5744696285b8760232cbfdc47a567f751279e72eb07a6c9b91e3b53357ce5d3ec27b9871cfeb9c923096fa84691c16e963c41d3cba33f5d026a4dec691f25285c36fffd43150a94e019b4cfdfc212e2c25b27ee2778308b5b2a096b22895360162cc0681d53baec49f39d618c85680973445d7da2542bdd79f715cf355d6c1c2b5ccebc9c238b6f6eb526d93613c34fd627aeb9323b41922ce1c7cd77e8aa544ef75c0b048765b44318a8b2e06d1977ec5a24fa48030203010001a38201433082013f301006092b06010401823715010403020100301d0603551d0e04160414a92902398e16c49778cd90f99e4f9ae17c55af53301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014d5f656cb8fe8a25c6268d13d94905bd7ce9a18c430560603551d1f044f304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f4365724175745f323031302d30362d32332e63726c305a06082b06010505070101044e304c304a06082b06010505073002863e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f4365724175745f323031302d30362d32332e637274300d06092a864886f70d01010b0500038202010014fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597ea159c0a5e494a74a87b5ab155c2bf072400600000000000024060000bd9afa775903324dbd6028f4e78f784b30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 ++ content_type: pcclient_std ++ pcr: 7 ++ recnum: 3 ++ digests: ++ - hashAlg: sha256 ++ digest: 644aacf6f4015125233c459bc9e40f3fc82ccd14abb047dc50b7913c8095d1d7 ++- content: ++ event_type: EV_EFI_VARIABLE_DRIVER_CONFIG ++ event_data: cbb219d73a3d9645a3bcdad00e67656f03000000000000004c000000000000006400620078002616c4c14c509240aca941f9369343284c0000000000000030000000a3a8baa01d04a848bc87c36d121b5e3de3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ++ content_type: pcclient_std ++ pcr: 7 ++ recnum: 4 ++ digests: ++ - hashAlg: sha256 ++ digest: 1963d580fcc0cede165e23837b55335eebe18750c0b795883386026ea071e3c6 ++- content: ++ event_type: EV_SEPARATOR ++ event_data: '00000000' ++ content_type: pcclient_std ++ pcr: 7 ++ recnum: 5 ++ digests: ++ - hashAlg: sha256 ++ digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 ++- content: ++ event_type: EV_EFI_BOOT_SERVICES_DRIVER ++ event_data: 1800757d0000000040950200000000000000000000000000340000000000000002010c00d041030a0000000001010600000101010600000004081800000000000022010000000000ffa70200000000007fff0400 ++ content_type: pcclient_std ++ pcr: 2 ++ recnum: 0 ++ digests: ++ - hashAlg: sha256 ++ digest: 05131aaccf79e17ce81e239ca3fd2f7706889c207abba05a7f6cbe37723b7507 ++- content: ++ event_type: EV_EFI_VARIABLE_BOOT ++ event_data: 61dfe48bca93d211aa0d00e098032b8c0900000000000000060000000000000042006f006f0074004f007200640065007200020001000000 ++ content_type: pcclient_std ++ pcr: 1 ++ recnum: 0 ++ digests: ++ - hashAlg: sha256 ++ digest: 8c765cd796a40f961d239dc8d469917b278e18316fe8ee9bbe2a5737e294204d ++- content: ++ event_type: EV_EFI_VARIABLE_BOOT ++ event_data: 61dfe48bca93d211aa0d00e098032b8c08000000000000009a0000000000000042006f006f00740030003000300032000100000062005200650064002000480061007400200045006e007400650072007000720069007300650020004c0069006e0075007800000004012a0001000000000800000000000000c0120000000000efebe332780a8740b320948b8e06b02f0202040434005c004500460049005c007200650064006800610074005c007300680069006d007800360034002e0065006600690000007fff0400 ++ content_type: pcclient_std ++ pcr: 1 ++ recnum: 1 ++ digests: ++ - hashAlg: sha256 ++ digest: 9192f6ceff32199e626ee22ab37b88cd5b2b74acc65134443da18e81c8ec09ff ++- content: ++ event_type: EV_EFI_VARIABLE_BOOT ++ event_data: 61dfe48bca93d211aa0d00e098032b8c0800000000000000540000000000000042006f006f0074003000300030003100010000001c00550045004600490020004d006900730063002000440065007600690063006500000002010c00d041030a000000000101060003010101060000007fff04004eac0881119f594d850ee21a522c59b2 ++ content_type: pcclient_std ++ pcr: 1 ++ recnum: 2 ++ digests: ++ - hashAlg: sha256 ++ digest: 37d0b6681d44cc3f1e28d695fe6aacbf49048712b946b9810f73b583437843ac ++- content: ++ event_type: EV_EFI_VARIABLE_BOOT ++ event_data: 61dfe48bca93d211aa0d00e098032b8c08000000000000003e0000000000000042006f006f0074003000300030003000090100002c0055006900410070007000000004071400c9bdb87cebf8344faaea3ee4af6516a10406140021aa2c4614760345836e8ab6f46623317fff0400 ++ content_type: pcclient_std ++ pcr: 1 ++ recnum: 3 ++ digests: ++ - hashAlg: sha256 ++ digest: 3197be1e300fa1600d1884c3a4bd4a90a15405bfb546cf2e6cf6095f8c362a93 ++- content: ++ event_type: EV_EFI_ACTION ++ event_data: 43616c6c696e6720454649204170706c69636174696f6e2066726f6d20426f6f74204f7074696f6e ++ content_type: pcclient_std ++ pcr: 4 ++ recnum: 0 ++ digests: ++ - hashAlg: sha256 ++ digest: 3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba ++- content: ++ event_type: EV_SEPARATOR ++ event_data: '00000000' ++ content_type: pcclient_std ++ pcr: 0 ++ recnum: 5 ++ digests: ++ - hashAlg: sha256 ++ digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 ++- content: ++ event_type: EV_SEPARATOR ++ event_data: '00000000' ++ content_type: pcclient_std ++ pcr: 1 ++ recnum: 4 ++ digests: ++ - hashAlg: sha256 ++ digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 ++- content: ++ event_type: EV_SEPARATOR ++ event_data: '00000000' ++ content_type: pcclient_std ++ pcr: 2 ++ recnum: 1 ++ digests: ++ - hashAlg: sha256 ++ digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 ++- content: ++ event_type: EV_SEPARATOR ++ event_data: '00000000' ++ content_type: pcclient_std ++ pcr: 3 ++ recnum: 0 ++ digests: ++ - hashAlg: sha256 ++ digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 ++- content: ++ event_type: EV_SEPARATOR ++ event_data: '00000000' ++ content_type: pcclient_std ++ pcr: 4 ++ recnum: 1 ++ digests: ++ - hashAlg: sha256 ++ digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 ++- content: ++ event_type: EV_SEPARATOR ++ event_data: '00000000' ++ content_type: pcclient_std ++ pcr: 5 ++ recnum: 0 ++ digests: ++ - hashAlg: sha256 ++ digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 ++- content: ++ event_type: EV_SEPARATOR ++ event_data: '00000000' ++ content_type: pcclient_std ++ pcr: 6 ++ recnum: 0 ++ digests: ++ - hashAlg: sha256 ++ digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 ++- content: ++ event_type: EV_EFI_VARIABLE_AUTHORITY ++ event_data: cbb219d73a3d9645a3bcdad00e67656f0200000000000000240600000000000064006200bd9afa775903324dbd6028f4e78f784b30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 ++ content_type: pcclient_std ++ pcr: 7 ++ recnum: 6 ++ digests: ++ - hashAlg: sha256 ++ digest: 4d4a8e2c74133bbdc01a16eaf2dbb5d575afeb36f5d8dfcf609ae043909e2ee9 ++- content: ++ event_type: EV_EFI_GPT_EVENT ++ event_data: 4546492050415254000001005c000000dd2cb9f9000000000100000000000000ffff7f02000000002200000000000000deff7f02000000008533b77bb7402f46a5fd4e4b67e399a302000000000000008000000080000000555e8be2040000000000000028732ac11ff8d211ba4b00a0c93ec93befebe332780a8740b320948b8e06b02f0008000000000000ffc712000000000000000000000000004500460049002000530079007300740065006d00200050006100720074006900740069006f006e000000000000000000000000000000000000000000000000000000000000000000af3dc60f838472478e793d69d8477de40600081562a840409e5f850b0c5293ff00c8120000000000ffc732000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006dfd5706aba4c44384e50933c84b4f4f828fb19a4726624494ba4a29ea3bb00e00c8320000000000ffc77200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af3dc60f838472478e793d69d8477de47904c181d6c5994f9f685bbee604106f00c8720000000000fff77f02000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ++ content_type: pcclient_std ++ pcr: 5 ++ recnum: 1 ++ digests: ++ - hashAlg: sha256 ++ digest: b401858d924d7c9d39e32bc3a539bb79c83bfac9f4c4c8b45cc59d427e9afc19 ++- content: ++ event_type: EV_EFI_BOOT_SERVICES_APPLICATION ++ event_data: 18a00c7d0000000030720e000000000000000000000000007a0000000000000002010c00d041030a0000000001010600030101010600000004012a0001000000000800000000000000c0120000000000efebe332780a8740b320948b8e06b02f0202040434005c004500460049005c007200650064006800610074005c007300680069006d007800360034002e0065006600690000007fff0400 ++ content_type: pcclient_std ++ pcr: 4 ++ recnum: 2 ++ digests: ++ - hashAlg: sha256 ++ digest: 5af24fa7419a5bb4cebe934221c3155cb3918773c5b7033d59cddda344f3ebf5 ++- content: ++ event_type: EV_IPL ++ event_data: 4d6f6b4c69737400 ++ content_type: pcclient_std ++ pcr: 14 ++ recnum: 0 ++ digests: ++ - hashAlg: sha256 ++ digest: 69bbddbe5a4480b7ab2e5632638b978bba978e66d04b677b3fd4ad2e5c7e1c5b ++- content: ++ event_type: EV_IPL ++ event_data: 4d6f6b4c6973745800 ++ content_type: pcclient_std ++ pcr: 14 ++ recnum: 1 ++ digests: ++ - hashAlg: sha256 ++ digest: 8d8a3aae50d5d25838c95c034aadce7b548c9a952eb7925e366eda537c59c3b0 ++- content: ++ event_type: EV_EFI_VARIABLE_AUTHORITY ++ event_data: 50ab5d6046e00043abb63dd810dd8b230900000000000000120000000000000053006200610074004c006500760065006c00736261742c312c323032313033303231380a ++ content_type: pcclient_std ++ pcr: 7 ++ recnum: 7 ++ digests: ++ - hashAlg: sha256 ++ digest: 922e939a5565798a5ef12fe09d8b49bf951a8e7f89a0cca7a51636693d41a34d ++- content: ++ event_type: EV_EFI_VARIABLE_AUTHORITY ++ event_data: 50ab5d6046e00043abb63dd810dd8b230e0000000000000001000000000000004d006f006b004c00690073007400540072007500730074006500640001 ++ content_type: pcclient_std ++ pcr: 7 ++ recnum: 8 ++ digests: ++ - hashAlg: sha256 ++ digest: 5f62a2107fa11ce0485fd252d2e6c603cb8ed075861f9513bfed0a26bf6ed62b ++- content: ++ event_type: EV_IPL ++ event_data: 4d6f6b4c6973745472757374656400 ++ content_type: pcclient_std ++ pcr: 14 ++ recnum: 2 ++ digests: ++ - hashAlg: sha256 ++ digest: 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a ++- content: ++ event_type: EV_EFI_VARIABLE_AUTHORITY ++ event_data: 50ab5d6046e00043abb63dd810dd8b23040000000000000098030000000000005300680069006d00308203943082027ca00302010202090083730d2b7280d15a300d06092a864886f70d01010b0500305f31163014060355040a0c0d526564204861742c20496e632e3121301f06035504030c18526564204861742053656375726520426f6f7420434120353122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d301e170d3230303630393038313533365a170d3338303131383038313533365a305f31163014060355040a0c0d526564204861742c20496e632e3121301f06035504030c18526564204861742053656375726520426f6f7420434120353122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cebaea41171c81a18809bfa1d4a9fa532e9d9ebcfc3b289c3052a00bf4000f36c88341f6a9c915496564d5b2769e58c12e1eeacf93386b47d6ba92c5f800e777a55769df41b1c4905b2d20c174aa038680b6a459efa988445e5240d47715a104859ceff3c69ff30f0fd68446e466dc266ad6d88a6e474acae34c431574997a06328ce033bfe5f846673dea0e943bbf3ddd8bf67f308c45540ba4de23355a997305d880e765141a07302c7386b02da3a636a64d815d91a767bbea3b5b828a9ccf83da31d1543416bc1907172a944ef0cecf0dbaf4fbe4d44889238b8cdc8e4513d77aa8d5e5840313520206c2d590763ab5d7b89d7ab0c9d09869fb8e0d01f5850203010001a3533051301d0603551d0e04160414cc6fa5e72868ba494e939bbd680b9144769a9f8f301f0603551d23041830168014cc6fa5e72868ba494e939bbd680b9144769a9f8f300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101001de75e426a66cc723e9b5cc9afa3ca542eed64abc0b917be27a91e58b1593c4d1174d1971a520584058ad9f085c8f5ec8f9ce9e7086dbb3acbfa6f3c33e6784d75bddfc095729f0350d2752a7cb481e08762945cefcf6bda3ae3bf6e18743455500c22518eaa5830bebd3e304db697b5131b6daf6c183b714a09a18917a7e718f56d51b1d310c80ed6e43219024b1ab2d2dc29a326951d0106e452697806d3304444b07577cc54ade46e2222ff5dff93060cf9983a9c39b70c81d0f3f807a7098b6f9c8ae1adfc419850a65f0bbaa57f1cfc838d06592e9e6ebff43ec31a746625948a5dbf21b6139b9f67f87edc421f4c0edd88737d8c95d03f77c190b864f1 ++ content_type: pcclient_std ++ pcr: 7 ++ recnum: 9 ++ digests: ++ - hashAlg: sha256 ++ digest: 92291e21a601f9a142e256dfc85b516a43b1e929212eafda55458f6f9be7f0a1 ++- content: ++ event_type: EV_EFI_BOOT_SERVICES_APPLICATION ++ event_data: 1810d77c00000000788626000000000000000000000000003800000000000000040434005c004500460049005c007200650064006800610074005c0067007200750062007800360034002e0065006600690000007fff0400 ++ content_type: pcclient_std ++ pcr: 4 ++ recnum: 3 ++ digests: ++ - hashAlg: sha256 ++ digest: a4858d1a47abce57039f498475d96b1e29c9c0489458ea45fc1c3ef2599eea16 ++- content: ++ event_type: EV_IPL ++ event_data: 286864302c67707431292f4546492f7265646861742f677275622e63666700 ++ content_type: pcclient_std ++ pcr: 9 ++ recnum: 0 ++ digests: ++ - hashAlg: sha256 ++ digest: 1e9dc05f52ce1ee96bfbe2c8e4a5a650a8ca7564f5ec05258e8ac7a490e5c0d6 ++- content: ++ event_type: EV_IPL ++ event_data: 286864302c67707431292f4546492f7265646861742f677275622e63666700 ++ content_type: pcclient_std ++ pcr: 9 ++ recnum: 1 ++ digests: ++ - hashAlg: sha256 ++ digest: 1e9dc05f52ce1ee96bfbe2c8e4a5a650a8ca7564f5ec05258e8ac7a490e5c0d6 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20736561726368202d2d6e6f2d666c6f707079202d2d66732d75756964202d2d7365743d6465762065643565393339382d316138662d346165322d613862382d63346364363737613735396600 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 0 ++ digests: ++ - hashAlg: sha256 ++ digest: a449b867e6234d067b572dd6d119d7a58e9792992a5f4c65fccfd9699a6128ac ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20736574207072656669783d286864302c67707432292f677275623200 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 1 ++ digests: ++ - hashAlg: sha256 ++ digest: 8848d9559c4b88724d1ca23ace56550cf497428733fdc13462e1092e04f819b2 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a206578706f727420286864302c67707432292f677275623200 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 2 ++ digests: ++ - hashAlg: sha256 ++ digest: ff53bb1b64407630089072060dadd651c37b29fab7eafdb6c22212104101d616 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20636f6e66696766696c6520286864302c67707432292f67727562322f677275622e63666700 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 3 ++ digests: ++ - hashAlg: sha256 ++ digest: 6c37371ba140d53352f0a269edd9f4748964ffe8204f47d0155c082a0f214815 ++- content: ++ event_type: EV_IPL ++ event_data: 286864302c67707432292f67727562322f677275622e63666700 ++ content_type: pcclient_std ++ pcr: 9 ++ recnum: 2 ++ digests: ++ - hashAlg: sha256 ++ digest: e406f33b6c2268c4b370a0f2445a61c40cff8f9496057056f2fe28d8bfb2a7e3 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a207365742070616765723d3100 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 4 ++ digests: ++ - hashAlg: sha256 ++ digest: fc1ac040fc293ed95e4594b67c4378a832d67c8951a3a5e7032e919eb99c5f88 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b202d6620286864302c67707432292f67727562322f67727562656e76205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 5 ++ digests: ++ - hashAlg: sha256 ++ digest: b3fa538baf79d1c124c21e7c4b7816563ad00e726d72bdf775d7d8c1171ebff2 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a206c6f61645f656e76202d6620286864302c67707432292f67727562322f67727562656e7600 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 6 ++ digests: ++ - hashAlg: sha256 ++ digest: 06c0ff22313606eef3c6082214f8c0a2b813fb987dfd4c98033080276eb08745 ++- content: ++ event_type: EV_IPL ++ event_data: 286864302c67707432292f67727562322f67727562656e7600 ++ content_type: pcclient_std ++ pcr: 9 ++ recnum: 3 ++ digests: ++ - hashAlg: sha256 ++ digest: b1ae111cb224346a7342648d107b5394ce808c7892c117a063a3a9a31c6ccd23 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b20205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 7 ++ digests: ++ - hashAlg: sha256 ++ digest: ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a207365742064656661756c743d35346534653233353336353234633532396236366534393164666337373237342d352e31342e302d3133302e656c392e7838365f363400 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 8 ++ digests: ++ - hashAlg: sha256 ++ digest: 9cda6c923e6ecc7a57f10f30168810e381695d20ef53f59c04d004aaa4e46237 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b207879203d207879205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 9 ++ digests: ++ - hashAlg: sha256 ++ digest: 4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a206d656e75656e7472795f69645f6f7074696f6e3d2d2d696400 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 10 ++ digests: ++ - hashAlg: sha256 ++ digest: '09f17d4dfb4b97f16246632c21b1ac2125c95c148899eee5069fbb1b34365513' ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a206578706f7274206d656e75656e7472795f69645f6f7074696f6e00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 11 ++ digests: ++ - hashAlg: sha256 ++ digest: 4af0bb370c9e3b7982027d02e04c935e32d52b528007476bfc50d36d1b86815e ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b20205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 12 ++ digests: ++ - hashAlg: sha256 ++ digest: ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a2073657269616c202d2d73706565643d31313532303000 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 13 ++ digests: ++ - hashAlg: sha256 ++ digest: 1022afd472d62cf10a33afe3e9a3769af2334ada5f5ebd238b428f0d90a497aa ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a207465726d696e616c5f696e7075742073657269616c20636f6e736f6c6500 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 14 ++ digests: ++ - hashAlg: sha256 ++ digest: '092ef58da5a532249d7ee58b0d6f0772b3cb39fb24b653ccafe3ddf50d9c49a8' ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a207465726d696e616c5f6f75747075742073657269616c20636f6e736f6c6500 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 15 ++ digests: ++ - hashAlg: sha256 ++ digest: c81593b0a6c83009cd0c757a681399d7dc491453e042b7b368b530074e5c39b9 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b207879203d207879205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 16 ++ digests: ++ - hashAlg: sha256 ++ digest: 4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a207365742074696d656f75745f7374796c653d6d656e7500 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 17 ++ digests: ++ - hashAlg: sha256 ++ digest: 1c568398cf2e4a9df58875bbd79dffe058ec45be0b74512fa919a2fe7db4a609 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a207365742074696d656f75743d3500 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 18 ++ digests: ++ - hashAlg: sha256 ++ digest: 71a5b3b21ac3862f40fabb745a9649c3a1d34249b9706524c90b2480c298beb0 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b202d6620286864302c67707432292f67727562322f757365722e636667205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 19 ++ digests: ++ - hashAlg: sha256 ++ digest: e3b86ac73bb68db33745fd1cac2ca1d6bbbefb39ac1cca848bc9bc800114e7e5 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20696e736d6f6420696e6372656d656e7400 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 20 ++ digests: ++ - hashAlg: sha256 ++ digest: 29b7ae3acc4da64c4380feaea03c4a761c88bfbb74b3a79ac68a4e2822bbff2f ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b202d6e20202d612030203d2030205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 21 ++ digests: ++ - hashAlg: sha256 ++ digest: 55cf6566869a451dbd91b65abbbd92b35b62e8009e9136e8df11846a287b93ae ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20696e736d6f6420706172745f67707400 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 22 ++ digests: ++ - hashAlg: sha256 ++ digest: 62cd76d31ca3d10d742e46c6ff171046ce19dd90f361a827fec6571e59c24794 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20696e736d6f642078667300 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 23 ++ digests: ++ - hashAlg: sha256 ++ digest: 39c36226c5af91f9ee4969786436cc8ad87252b22b55c006bb8ef98a0eaef85d ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20736561726368202d2d6e6f2d666c6f707079202d2d66732d75756964202d2d7365743d726f6f742065643565393339382d316138662d346165322d613862382d63346364363737613735396600 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 24 ++ digests: ++ - hashAlg: sha256 ++ digest: 96d10df2fba642d434781baf243b25e910759c649db2c81fce017759a2e733f3 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20696e736d6f6420706172745f67707400 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 25 ++ digests: ++ - hashAlg: sha256 ++ digest: 62cd76d31ca3d10d742e46c6ff171046ce19dd90f361a827fec6571e59c24794 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20696e736d6f642066617400 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 26 ++ digests: ++ - hashAlg: sha256 ++ digest: c8fabb4ae6637fa9a9037444c80a55b1a2d2da2c2b9b8842b7810379877955f6 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20736561726368202d2d6e6f2d666c6f707079202d2d66732d75756964202d2d7365743d626f6f7420454532432d3436453800 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 27 ++ digests: ++ - hashAlg: sha256 ++ digest: 839290aa76a4b0d6bfe0a8d3908116f4991e2e81c9f1ff0c395b907692944ffe ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b202d7a20205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 28 ++ digests: ++ - hashAlg: sha256 ++ digest: 4e7a22f96bae467df0f26975e0bf7614d6b92993301c65bae6a85c6530e460bf ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20736574206b65726e656c6f7074733d726f6f743d555549443d31306437663039662d373835322d346237352d613262362d32333535643939623433373620726f20726573756d653d555549443d63333961343761362d616161642d343566392d383766312d32366265363666653261323420636f6e736f6c653d74747953302c3131353230302000 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 29 ++ digests: ++ - hashAlg: sha256 ++ digest: 799852ff506d6ce018c30e57166e6e04f450a16f9df958737e1e1473046fb8e0 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20696e736d6f6420626c7363666700 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 30 ++ digests: ++ - hashAlg: sha256 ++ digest: 822e637a86c14c686c7beda98067089103cfb97984033b6d607d9feb82f0d234 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20626c7363666700 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 31 ++ digests: ++ - hashAlg: sha256 ++ digest: 05a5577cb6b242b7b5aff400fd90224598d1e354937fadc90f954cab3dc78519 ++- content: ++ event_type: EV_IPL ++ event_data: 286864302c67707432292f6c6f616465722f656e74726965732f2f35346534653233353336353234633532396236366534393164666337373237342d352e31342e302d3133302e656c392e7838365f36342e636f6e6600 ++ content_type: pcclient_std ++ pcr: 9 ++ recnum: 4 ++ digests: ++ - hashAlg: sha256 ++ digest: ad40d8033aa535ebbb889e4cfc0b9330cb91333662df4faad83afb5a4679ff4b ++- content: ++ event_type: EV_IPL ++ event_data: 286864302c67707432292f6c6f616465722f656e74726965732f2f35346534653233353336353234633532396236366534393164666337373237342d302d7265736375652e636f6e6600 ++ content_type: pcclient_std ++ pcr: 9 ++ recnum: 5 ++ digests: ++ - hashAlg: sha256 ++ digest: 0f091ad303dc1b251381cce9debaf422871c8f57aae37f4604fe11f1a7d043c8 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b2030203d2031202d6f2030203d2031205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 32 ++ digests: ++ - hashAlg: sha256 ++ digest: eb866bcea8420a022810dd2c940e9647b149c7c4702755aa08dea821b5a67756 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20736574206d656e755f686964655f6f6b3d3000 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 33 ++ digests: ++ - hashAlg: sha256 ++ digest: bc7b76a012f77212c24c2db187fb8474dbb2f6567186a64c3550b30f4ffc4363 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b2030203d2031205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 34 ++ digests: ++ - hashAlg: sha256 ++ digest: 73685e16907fb87cb70065627b206b7142631e929ac4285418fb56399b607079 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b2030203d2031205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 35 ++ digests: ++ - hashAlg: sha256 ++ digest: 73685e16907fb87cb70065627b206b7142631e929ac4285418fb56399b607079 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a2073657420626f6f745f737563636573733d3000 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 36 ++ digests: ++ - hashAlg: sha256 ++ digest: d4468e9ea1b6827517d1f626f8c34b364007a3611c2a17fbf51bc7e7eaa49138 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20736176655f656e7620626f6f745f7375636365737320626f6f745f696e64657465726d696e61746500 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 37 ++ digests: ++ - hashAlg: sha256 ++ digest: 11ad30ffc650e4c3b13a3e434111a5bc12fb00699138c06e80d132124b61a86b ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b207879203d207879205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 38 ++ digests: ++ - hashAlg: sha256 ++ digest: 4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b20205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 39 ++ digests: ++ - hashAlg: sha256 ++ digest: ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b20656669203d20656669205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 40 ++ digests: ++ - hashAlg: sha256 ++ digest: 5d487e285706b36d48eff03e56383e4692de24b867b38fcb3c5896fd222a5957 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a206d656e75656e7472792055454649204669726d776172652053657474696e6773202d2d696420756566692d6669726d77617265207b0a0909667773657475700a097d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 41 ++ digests: ++ - hashAlg: sha256 ++ digest: fb84aff84de5bcc528ede92bec117fa8cea46362c5d2ea946e44299a968ffac7 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b202d6620286864302c67707432292f67727562322f637573746f6d2e636667205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 42 ++ digests: ++ - hashAlg: sha256 ++ digest: 2772cd3a066fe5a53ee59546d123304f52ede2f0225dfbe9e14d7d1b33f732a5 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b202d7a20286864302c67707432292f6772756232202d61202d6620286864302c67707432292f67727562322f637573746f6d2e636667205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 43 ++ digests: ++ - hashAlg: sha256 ++ digest: 8b9a38d95384b44889dbcbcdb5fa13679511d4b0f69078d554e7a95ba78dcd5c ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a206c6f61645f766964656f00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 44 ++ digests: ++ - hashAlg: sha256 ++ digest: 7626abd8be7442c2e575364a3e95cb3a3b533c58afbba402d2bdabdff85d29c7 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a205b207879203d207879205d00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 45 ++ digests: ++ - hashAlg: sha256 ++ digest: 4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20696e736d6f6420616c6c5f766964656f00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 46 ++ digests: ++ - hashAlg: sha256 ++ digest: d71353f5368eb2c1280590928128979bd96ea8db1e8c81493f7878383b76ab3b ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20736574206766787061796c6f61643d6b65657000 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 47 ++ digests: ++ - hashAlg: sha256 ++ digest: 15a5018b0177cf9c49c0b97911df67e7f2c193d3613e3fc4c9eb98a2b5d06fcc ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20696e736d6f6420677a696f00 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 48 ++ digests: ++ - hashAlg: sha256 ++ digest: 6c4674d4c652ee67b98a6206d7541ccbf2d5dc0a18dae31ad66e82c794c49784 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a206c696e757820286864302c67707432292f766d6c696e757a2d352e31342e302d3133302e656c392e7838365f363420726f6f743d555549443d31306437663039662d373835322d346237352d613262362d32333535643939623433373620726f20726573756d653d555549443d63333961343761362d616161642d343566392d383766312d32366265363666653261323420636f6e736f6c653d74747953302c31313532303020696d615f61707072616973653d66697820696d615f63616e6f6e6963616c5f666d7420696d615f706f6c6963793d74636220696d615f74656d706c6174653d696d612d6e6700 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 49 ++ digests: ++ - hashAlg: sha256 ++ digest: 753adbf2c98996166c82e7834c1f7af48987739bec81e3948b2017955c50705c ++- content: ++ event_type: EV_IPL ++ event_data: 286864302c67707432292f766d6c696e757a2d352e31342e302d3133302e656c392e7838365f363400 ++ content_type: pcclient_std ++ pcr: 9 ++ recnum: 6 ++ digests: ++ - hashAlg: sha256 ++ digest: 0114cf38d49a529321c6dc4cef08424418efe3384494ff0a8fde04eee9a608bd ++- content: ++ event_type: EV_EFI_BOOT_SERVICES_APPLICATION ++ event_data: 40b6077a000000003876ac000000000000000000000000000000000000000000 ++ content_type: pcclient_std ++ pcr: 4 ++ recnum: 4 ++ digests: ++ - hashAlg: sha256 ++ digest: 55ca5219d41971e1dcdb75b3624e63f96f8bafd4edf57007f60343b9dec3a4da ++- content: ++ event_type: EV_EFI_BOOT_SERVICES_APPLICATION ++ event_data: 8095b178000000003876ac000000000000000000000000000000000000000000 ++ content_type: pcclient_std ++ pcr: 4 ++ recnum: 5 ++ digests: ++ - hashAlg: sha256 ++ digest: 55ca5219d41971e1dcdb75b3624e63f96f8bafd4edf57007f60343b9dec3a4da ++- content: ++ event_type: EV_IPL ++ event_data: 6b65726e656c5f636d646c696e653a20286864302c67707432292f766d6c696e757a2d352e31342e302d3133302e656c392e7838365f363420726f6f743d555549443d31306437663039662d373835322d346237352d613262362d32333535643939623433373620726f20726573756d653d555549443d63333961343761362d616161642d343566392d383766312d32366265363666653261323420636f6e736f6c653d74747953302c31313532303020696d615f61707072616973653d66697820696d615f63616e6f6e6963616c5f666d7420696d615f706f6c6963793d74636220696d615f74656d706c6174653d696d612d6e6700 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 50 ++ digests: ++ - hashAlg: sha256 ++ digest: 6fed7c51f16551db907d6ac192194735c33cd2aad9e80b7124dbae6c49e92fe3 ++- content: ++ event_type: EV_IPL ++ event_data: 677275625f636d643a20696e6974726420286864302c67707432292f696e697472616d66732d352e31342e302d3133302e656c392e7838365f36342e696d6700 ++ content_type: pcclient_std ++ pcr: 8 ++ recnum: 51 ++ digests: ++ - hashAlg: sha256 ++ digest: 4284fb7e9806b80b5ffd8ac0db1b55806ad915e08830c08423f1dc79857ad230 ++- content: ++ event_type: EV_IPL ++ event_data: 286864302c67707432292f696e697472616d66732d352e31342e302d3133302e656c392e7838365f36342e696d6700 ++ content_type: pcclient_std ++ pcr: 9 ++ recnum: 7 ++ digests: ++ - hashAlg: sha256 ++ digest: 3b88d84f382249264ef0e9c6baeed69484b163b913db7a127dd7775be146225d ++- content: ++ event_type: EV_EFI_ACTION ++ event_data: 4578697420426f6f7420536572766963657320496e766f636174696f6e ++ content_type: pcclient_std ++ pcr: 5 ++ recnum: 2 ++ digests: ++ - hashAlg: sha256 ++ digest: d8043d6b7b85ad358eb3b6ae6a873ab7ef23a26352c5dc4faa5aeedacf5eb41b ++- content: ++ event_type: EV_EFI_ACTION ++ event_data: 4578697420426f6f742053657276696365732052657475726e656420776974682053756363657373 ++ content_type: pcclient_std ++ pcr: 5 ++ recnum: 3 ++ digests: ++ - hashAlg: sha256 ++ digest: b54f7542cbd872a81a9d9dea839b2b8d747c7ebd5ea6615c40f42f44a6dbeba0 +diff --git a/test/integration/fixtures/event-pretty/event-arch-linux.bin.yaml b/test/integration/fixtures/event-pretty/event-arch-linux.bin.yaml +new file mode 100644 +index 0000000..744189a +--- /dev/null ++++ b/test/integration/fixtures/event-pretty/event-arch-linux.bin.yaml +@@ -0,0 +1,686 @@ ++--- ++version: 2 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 37 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 2 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c42fedad268200cb1d15f97841c344e79dae3320" ++ - AlgorithmId: sha256 ++ Digest: "d4720b4009438213b803568017f903093f6bea8ab47d283db32b6eabedbbf155" ++ EventSize: 16 ++ Event: "1efb6b540c1d5540a4ad4ef4bf17b83a" ++- EventNum: 2 ++ PCRIndex: 0 ++ EventType: EV_POST_CODE ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6b4f7011c3028cec0195a595f466515b33a82498" ++ - AlgorithmId: sha256 ++ Digest: "cffddf06708f2ccb64b958cdd2a57bba0e2812937b9f7bbfc001780259919219" ++ EventSize: 16 ++ Event: ++ BlobBase: 0xffa90000 ++ BlobLength: 0x350000 ++- EventNum: 3 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2f20112a3f55398b208e0c42681389b4cb5b1823" ++ - AlgorithmId: sha256 ++ Digest: "ce9ce386b52e099f3019e512a0d6062d6b560efe4ff3e5661c7525e2f9c263df" ++ EventSize: 52 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 0 ++ UnicodeName: SecureBoot ++ VariableData: ++ Enabled: 'No' ++- EventNum: 4 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "07c78f14aa2b98367011b004da3184d6a9797bf0" ++ - AlgorithmId: sha256 ++ Digest: "5a8857c9b84ba16d96f738d82078d729ddcbbf8f37414988a334b7a6676618af" ++ EventSize: 864 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 828 ++ UnicodeName: PK ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 828 ++ SignatureHeaderSize: 0 ++ SignatureSize: 800 ++ Keys: ++ - SignatureOwner: 198bf991-38fd-4ebc-8e31-7bdbebbe0ca0 ++ SignatureData: 3082030c308201f4a003020102020900a77b8d32a15982a4300d06092a864886f70d01010b0500301a3118301606035504030c0f4a6f65205269636865792028504b293020170d3138303932333031333135365a180f32313138303833303031333135365a301a3118301606035504030c0f4a6f65205269636865792028504b2930820122300d06092a864886f70d01010105000382010f003082010a0282010100b9515f43871585b1542cf2e1e0accb725d27bbbbf32635a07effe0b4798c01d8e0903d7ee7fff05fdb8f2c8ff74453896c91292104a65d4fd613d50b09465c5891420960cdb0d17bab7278e02161a0091896ca42259d825e3167ae85cbfd2f2245cc42ebbcdb1b40b2e4a26327487d7f0f95a231d9a954ddcbdcce3b6d4fe54ee8ff5f19e0f200c430c236bc9a55d880d3f2e7fe6b0bf09518ec525058a1ecc70fb73f17daf37f082860b3d17fc9a77a087161e0e92015aea5b673d85a144d26289e26ce35fa7bc27f32f0a61030bce4c5d7afc42cdf58c151a54bb50db39b100946317d261391740c7743599f071d2fee75b82c63b723b27c22955fde1664230203010001a3533051301d0603551d0e04160414b8c3f94cf0f6d74d286bde70bcb6d6fc890b1020301f0603551d23041830168014b8c3f94cf0f6d74d286bde70bcb6d6fc890b1020300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010096cc2623f1f6ca83ecc1f97869d4df4277161efa1e2b3b2145907ba4d3ecc08b760be41ebcf122eabb4a49f194bf6b2ec2c282dad751ba3349b6ed852e6b81158721e84965dcc2fa641487008831e02c47388a3a6247b7b6995e4999322a6863eb78f6fd139e1bc6e04106bc179339788f4315cfbbc9f41aef30dd2a8c1b42aca715060bdf9c8af15800778a27ad3ec11ba010c9d355020c0b88fe5720edb8331b7b35c9c2118bf57caf9a83fdd21fcf95a5223149ac4adbc8ad26632361eb0bb72f720733d1fa87acf8515095ae61fa3830616991655fd5d21ec0f8b52f98eaffa83d7b4ea2dd4a2b451df3731e1ab34c09926144c267285422e789d1cb0d8a ++- EventNum: 5 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "52f38b592534395cfdccf805aafccc2cec035d29" ++ - AlgorithmId: sha256 ++ Digest: "301c7f60b96d59e0bf4d820032fbccc3fd21069bf45611541cc59be2e69353db" ++ EventSize: 2428 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 2390 ++ UnicodeName: KEK ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 830 ++ SignatureHeaderSize: 0 ++ SignatureSize: 802 ++ Keys: ++ - SignatureOwner: 198bf991-38fd-4ebc-8e31-7bdbebbe0ca0 ++ SignatureData: 3082030e308201f6a003020102020900be080ebd4704921d300d06092a864886f70d01010b0500301b3119301706035504030c104a6f652052696368657920284b454b293020170d3138303932333031333231395a180f32313138303833303031333231395a301b3119301706035504030c104a6f652052696368657920284b454b2930820122300d06092a864886f70d01010105000382010f003082010a0282010100ab3ca2875cf2d562a5a2516c087df6bd20d4b25bb95df92ad4ff657be317d86c022ce3d2af549cb5bc115bf93f15686be76223f5697dc1034c74bea8500665694d5a5211f10843b5038b61dcf36475cff1f105a9d9604917bccd84f1208aacde8f9dbc5b8a0a3a20127a1cf09b40d9eb9b79435f9142f167e9b505941da232f4dc1e9b3a2b7cfc445f93ef4aa5a544a71e75c34679b400ca8e31fd76a7392e3bceb79b84abe833d9258649ffcb48627754cf7c4e78a8e9fb48dcc57837c082efd89fc561f3befbd362aa774be1fa6e6279434f71ec3d084425d3f81fa4ccc20efdcb3ca7cc78ace20263c4c564450ca1a89a4b8b2deb97de646e3a8f82d0a9a90203010001a3533051301d0603551d0e04160414fb071ef998f896276b07bd4f20294422fc73fc0f301f0603551d23041830168014fb071ef998f896276b07bd4f20294422fc73fc0f300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100a4d561d9b654a77e0c572f2fcf20f88d9691c3d3342f8d4c5279aee4523838ec215166e938a9f1953609fb70b1b1918703d0c7216a46629052e9ed880359c705ffc16fa6d1aeff3dfcbdfd331979c083f5f97241d0c3cc97a8bad5af62c1d7523f2d6278891ea20afb016fd1b15ab80dbdba0153bcdc2d837c413e0dac7ba38dbb46fbf5d46635392522c2091c31c78feadab66fabb6224f39ce57f6a1d46d1f6d8d34348f7c90d6e94e0df45035aa46901b044cc56c50a44f35dbbceeedb10cc667eda23af36b3de5475659934a22ebbab58515510a2cb483a29dfdc8a1b2ee6440181691570f61dc4bd5ed9230b2b77aaf2eec5138a3387ecf3c0ee34244a1 ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1560 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1532 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 308205e8308203d0a003020102020a610ad188000000000003300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632343230343132395a170d3236303632343230353132395a308180310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312a3028060355040313214d6963726f736f667420436f72706f726174696f6e204b454b204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4e8b58abfad5726b026c3eae7fb577a44025d070dda4ae5742ae6b00fec6debec7fb9e35a63327c11174f0ee30ba73815938ec6f5e084b19a9b2ce7f5b791d609e1e2c004a8ac301cdf48f306509a64a7517fc8854f8f2086cefe2fe19fff82c0ede9cdcef4536a623a0b43b9e225fdfe05f9d4c414ab11e223898d70b7a41d4decaee59cfa16c2d7c1cbd4e8c42fe599ee248b03ec8df28beac34afb4311120b7eb547926cdce60489ebf53304eb10012a71e5f983133cff25092f687646ffba4fbedcad712a58aafb0ed2793de49b653bcc292a9ffc7259a2ebae92eff6351380c602ece45fcc9d76cdef6392c1af79408479877fe352a8e89d7b07698f150203010001a382014f3082014b301006092b06010401823715010403020100301d0603551d0e0416041462fc43cda03ea4cb6712d25bd955ac7bccb68a5f301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100d48488f514941802ca2a3cfb2a921c0cd7a0d1f1e85266a8eea2b5757a9000aa2da4765aea79b7b9376a517b1064f6e164f20267bef7a81b78bdbace8858640cd657c819a35f05d6dbc6d069ce484b32b7eb5dd230f5c0f5b8ba7807a32bfe9bdb345684ec82caae4125709c6be9fe900fd7961fe5e7941fb22a0c8d4bff2829107bf7d77ca5d176b905c879ed0f90929cc2fedf6f7e6c0f7bd4c145dd345196390fe55e56d8180596f407a642b3a077fd0819f27156cc9f8623a487cba6fd587ed4696715917e81f27f13e50d8b8a3c8784ebe3cebd43e5ad2d84938e6a2b5a7c44fa52aa81c82d1cbbe052df0011f89a3dc160b0e133b5a388d165190a1ae7ac7ca4c182874e38b12f0dc514876ffd8d2ebc39b6e7e6c3e0e4cd2784ef9442ef298b9046413b811b67d8f9435965cb0dbcfd00924ff4753ba7a924fc50414079e02d4f0a6a27766e52ed96697baf0ff78705d045c2ad5314811ffb3004aa373661da4a691b34d868edd602cf6c940cd3cf6c2279adb1f0bc03a24660a9c407c22182f1fdf2e8793260bfd8aca522144bcac1d84beb7d3f5735b2e64f75b4b060032253ae91791dd69b411f15865470b2de0d350f7cb03472ba97603bf079eba2b21c5da216b887c5e91bf6b597256f389fe391fa8a7998c3690eb7a31c200597f8ca14ae00d7c4f3c01410756b34a01bb59960f35cb0c5574e36d23284bf9e ++- EventNum: 6 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "e8025df1eca6637d24259be9cdc5c7b921c24dcc" ++ - AlgorithmId: sha256 ++ Digest: "db1db3e6f2ee6684e5b5169f52df55526a3f2dc7904edfd3bb3dc3aa94bfdda5" ++ EventSize: 4691 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 4655 ++ UnicodeName: db ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 828 ++ SignatureHeaderSize: 0 ++ SignatureSize: 800 ++ Keys: ++ - SignatureOwner: 198bf991-38fd-4ebc-8e31-7bdbebbe0ca0 ++ SignatureData: 3082030c308201f4a003020102020900d8bf861a9dc5a6ec300d06092a864886f70d01010b0500301a3118301606035504030c0f4a6f652052696368657920284442293020170d3138303932333031333233315a180f32313138303833303031333233315a301a3118301606035504030c0f4a6f6520526963686579202844422930820122300d06092a864886f70d01010105000382010f003082010a0282010100a04760d90981998b8aea54265d330b1d63b7672d37d27096f47d9666b38181114ca65fa968c0a4513aea62b6c5f03f76067c03f760ab519ab5dfd58d83701138f74aa7e2bfbd5c09a456661b353aa9fa8e0a4e0ece1d7fffeedd619a8c1befe8f853f360ab5e336b891b9f55cfbc831d7b49e889a7980fe55798bf81507c44728d84bba80e4a167340d73f49e3d946dcc58599ea7d3982b5e232c312827e781bcb8d948ec93524832d87a5593373a448a256febfeb76aafc094e27ecfd2e69dc9db2be80dee26d493dfd875ec565a05d591cb8d9f5a44f90144015ddc1b704a816b31346ca92210c49265ef8eb395322be860a9c4d50c0f7225b76b574680c2f0203010001a3533051301d0603551d0e04160414c51e8894342341ccfd3dd8211bf32330d24b5f8d301f0603551d23041830168014c51e8894342341ccfd3dd8211bf32330d24b5f8d300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101002cc1b478114337888466906e1e4553fd40b9ba9310b62fcf51a5113e7afc21cc1208da6e3d7792052d8527ac99b0b99766925f37e9353715e733fef003ce7cfd1520f26383e95349d0b8293a0c7715a88c8312208fa457d463dbee32838af951b5f9bc22bcfe7848ecd8229febe36592a5f74da20740fb110b2d96400ecf4c6c1d88fef59c3f5b2984ee0e18eb9ff0d687f7b08e1a18e3146b6272ab2b1315faa527a475e8a72807f372737749513df3e3b1046113d7d8366ae60494958ddce48ee5346ec193728d7e41fdf563af3fa9eabff9c7a2f3313c8e0653e1c9b097e39ef50f15e7257d22195dc1c30897b2d5914df32cd5e878e64a77122718ec36b1 ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1543 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1515 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 308205d7308203bfa003020102020a61077656000000000008300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3131313031393138343134325a170d3236313031393138353134325a308184310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312e302c060355040313254d6963726f736f66742057696e646f77732050726f64756374696f6e20504341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100dd0cbba2e42e09e3e7c5f79669bc0021bd693333efad04cb5480ee0683bbc52084d9f7d28bf338b0aba4ad2d7c627905ffe34a3f04352070e3c4e76be09cc03675e98a31dd8d70e5dc37b5744696285b8760232cbfdc47a567f751279e72eb07a6c9b91e3b53357ce5d3ec27b9871cfeb9c923096fa84691c16e963c41d3cba33f5d026a4dec691f25285c36fffd43150a94e019b4cfdfc212e2c25b27ee2778308b5b2a096b22895360162cc0681d53baec49f39d618c85680973445d7da2542bdd79f715cf355d6c1c2b5ccebc9c238b6f6eb526d93613c34fd627aeb9323b41922ce1c7cd77e8aa544ef75c0b048765b44318a8b2e06d1977ec5a24fa48030203010001a38201433082013f301006092b06010401823715010403020100301d0603551d0e04160414a92902398e16c49778cd90f99e4f9ae17c55af53301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014d5f656cb8fe8a25c6268d13d94905bd7ce9a18c430560603551d1f044f304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f4365724175745f323031302d30362d32332e63726c305a06082b06010505070101044e304c304a06082b06010505073002863e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f4365724175745f323031302d30362d32332e637274300d06092a864886f70d01010b0500038202010014fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1600 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1572 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 2551513ad36c0ab88c70acc158f8428545909f25ec737f9aec01e8c0d19ee52a ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 11a40d7e935a507450a6d61f51ee97987a49534a1c2d2db3e505e3d15b3faa21 ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 4fa56bb60171c9f50d8887bed590a5c19c2e7cccbeeb3eb80795ef11a19c5aec ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 83608b6648271f097c95612eb161a49359197fb4e4355cd3a1fad0c02065dd4d ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 0e9b0272ddd11c5f095a7ddcd0110d214639b9388af7417b26ea93029a84c33d ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 27ca924d7c397268299a8f17be5db52177731944bbdcc4c69b581ee4b5a131c6 ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: df7d74f21ae3f28369bf290833be7f0851dad0ee8cca987e8171de69ee4c642a ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 4879e82ab193737a212a4c531efdaad560a8a064e41de6d465c0b8c6254c8300 ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 493e1b0abe3356c73608b45a0b1c71387fb6854a1fbe8312b8d23f28639893de ++- EventNum: 7 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9e04b683b1ade74270dc6083dd716acc63a33310" ++ - AlgorithmId: sha256 ++ Digest: "a044b4ce4a4dca9af312c897dc56ee1727c385eb88f7cfb9092b8265029d5b1e" ++ EventSize: 3762 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 3724 ++ UnicodeName: dbx ++ VariableData: ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 3724 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 80b4d96931bf0d02fd91a61e19d14f1da452e66db2408ca8604d411f92659f0a ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: f52f83a3fa9cfbd6920f722824dbe4034534d25b8507246b3b957dac6e1bce7a ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: c5d9d8a186e2c82d09afaa2a6f7f2e73870d3e64f72c4e08ef67796a840f0fbd ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 363384d14d1f2e0b7815626484c459ad57a318ef4396266048d058c5a19bbf76 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 1aec84b84b6c65a51220a9be7181965230210d62d6d33c48999c6b295a2b0a06 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: e6ca68e94146629af03f69c2f86e6bef62f930b37c6fbcc878b78df98c0334e5 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: c3a99a460da464a057c3586d83cef5f4ae08b7103979ed8932742df0ed530c66 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 58fb941aef95a25943b3fb5f2510a0df3fe44c58c95e0ab80487297568ab9771 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 5391c3a2fb112102a6aa1edc25ae77e19f5d6f09cd09eeb2509922bfcd5992ea ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: d626157e1d6a718bc124ab8da27cbb65072ca03a7b6b257dbdcbbd60f65ef3d1 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: d063ec28f67eba53f1642dbf7dff33c6a32add869f6013fe162e2c32f1cbe56d ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 29c6eb52b43c3aa18b2cd8ed6ea8607cef3cfae1bafe1165755cf2e614844a44 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 90fbe70e69d633408d3e170c6832dbb2d209e0272527dfb63d49d29572a6f44c ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 075eea060589548ba060b2feed10da3c20c7fe9b17cd026b94e8a683b8115238 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 07e6c6a858646fb1efc67903fe28b116011f2367fe92e6be2b36999eff39d09e ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 09df5f4e511208ec78b96d12d08125fdb603868de39f6f72927852599b659c26 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 0bbb4392daac7ab89b30a4ac657531b97bfaab04f90b0dafe5f9b6eb90a06374 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 0c189339762df336ab3dd006a463df715a39cfb0f492465c600e6c6bd7bd898c ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 0d0dbeca6f29eca06f331a7d72e4884b12097fb348983a2a14a0d73f4f10140f ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 0dc9f3fb99962148c3ca833632758d3ed4fc8d0b0007b95b31e6528f2acd5bfc ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 106faceacfecfd4e303b74f480a08098e2d0802b936f8ec774ce21f31686689c ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 174e3a0b5b43c6a607bbd3404f05341e3dcf396267ce94f8b50e2e23a9da920c ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 18333429ff0562ed9f97033e1148dceee52dbe2e496d5410b5cfd6c864d2d10f ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 2b99cf26422e92fe365fbf4bc30d27086c9ee14b7a6fff44fb2f6b9001699939 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 2bbf2ca7b8f1d91f27ee52b6fb2a5dd049b85a2b9b529c5d6662068104b055f8 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 2c73d93325ba6dcbe589d4a4c63c5b935559ef92fbf050ed50c4e2085206f17d ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 2e70916786a6f773511fa7181fab0f1d70b557c6322ea923b2a8d3b92b51af7d ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 306628fa5477305728ba4a467de7d0387a54f569d3769fce5e75ec89d28d1593 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 3608edbaf5ad0f41a414a1777abf2faf5e670334675ec3995e6935829e0caad2 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 3841d221368d1583d75c0a02e62160394d6c4e0a6760b6f607b90362bc855b02 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 3fce9b9fdf3ef09d5452b0f95ee481c2b7f06d743a737971558e70136ace3e73 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 4397daca839e7f63077cb50c92df43bc2d2fb2a8f59f26fc7a0e4bd4d9751692 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 47cc086127e2069a86e03a6bef2cd410f8c55a6d6bdb362168c31b2ce32a5adf ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 518831fe7382b514d03e15c621228b8ab65479bd0cbfa3c5c1d0f48d9c306135 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 5ae949ea8855eb93e439dbc65bda2e42852c2fdf6789fa146736e3c3410f2b5c ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 6b1d138078e4418aa68deb7bb35e066092cf479eeb8ce4cd12e7d072ccb42f66 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 6c8854478dd559e29351b826c06cb8bfef2b94ad3538358772d193f82ed1ca11 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 6f1428ff71c9db0ed5af1f2e7bbfcbab647cc265ddf5b293cdb626f50a3a785e ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 71f2906fd222497e54a34662ab2497fcc81020770ff51368e9e3d9bfcbfd6375 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 726b3eb654046a30f3f83d9b96ce03f670e9a806d1708a0371e62dc49d2c23c1 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 72e0bd1867cf5d9d56ab158adf3bddbc82bf32a8d8aa1d8c5e2f6df29428d6d8 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 7827af99362cfaf0717dade4b1bfe0438ad171c15addc248b75bf8caa44bb2c5 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 81a8b965bb84d3876b9429a95481cc955318cfaa1412d808c8a33bfd33fff0e4 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 82db3bceb4f60843ce9d97c3d187cd9b5941cd3de8100e586f2bda5637575f67 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 895a9785f617ca1d7ed44fc1a1470b71f3f1223862d9ff9dcc3ae2df92163daf ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 8ad64859f195b5f58dafaa940b6a6167acd67a886e8f469364177221c55945b9 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 8bf434b49e00ccf71502a2cd900865cb01ec3b3da03c35be505fdf7bd563f521 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 8d8ea289cfe70a1c07ab7365cb28ee51edd33cf2506de888fbadd60ebf80481c ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 9998d363c491be16bd74ba10b94d9291001611736fdca643a36664bc0f315a42 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 9e4a69173161682e55fde8fef560eb88ec1ffedcaf04001f66c0caf707b2b734 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: a6b5151f3655d3a2af0d472759796be4a4200e5495a7d869754c4848857408a7 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: a7f32f508d4eb0fead9a087ef94ed1ba0aec5de6f7ef6ff0a62b93bedf5d458d ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: ad6826e1946d26d3eaf3685c88d97d85de3b4dcb3d0ee2ae81c70560d13c5720 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: aeebae3151271273ed95aa2e671139ed31a98567303a332298f83709a9d55aa1 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: afe2030afb7d2cda13f9fa333a02e34f6751afec11b010dbcd441fdf4c4002b3 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: b54f1ee636631fad68058d3b0937031ac1b90ccb17062a391cca68afdbe40d55 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: b8f078d983a24ac433216393883514cd932c33af18e7dd70884c8235f4275736 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: b97a0889059c035ff1d54b6db53b11b9766668d9f955247c028b2837d7a04cd9 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: bc87a668e81966489cb508ee805183c19e6acd24cf17799ca062d2e384da0ea7 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: c409bdac4775add8db92aa22b5b718fb8c94a1462c1fe9a416b95d8a3388c2fc ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: c617c1a8b1ee2a811c28b5a81b4c83d7c98b5b0c27281d610207ebe692c2967f ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: c90f336617b8e7f983975413c997f10b73eb267fd8a10cb9e3bdbfc667abdb8b ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: cb6b858b40d3a098765815b592c1514a49604fafd60819da88d7a76e9778fef7 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: ce3bfabe59d67ce8ac8dfd4a16f7c43ef9c224513fbc655957d735fa29f540ce ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: d8cbeb9735f5672b367e4f96cdc74969615d17074ae96c724d42ce0216f8f3fa ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: e92c22eb3b5642d65c1ec2caf247d2594738eebb7fb3841a44956f59e2b0d1fa ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: fddd6e3d29ea84c7743dad4a1bdbc700b5fec1b391f932409086acc71dd6dbd8 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: fe63a84f782cc9d3fcf2ccf9fc11fbd03760878758d26285ed12669bdc6e6d01 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: fecfb232d12e994b6d485d2c7167728aa5525984ad5ca61e7516221f079a1436 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: ca171d614a8d7e121c93948cd0fe55d39981f9d11aa96e03450a415227c2c65b ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 55b99b0de53dbcfe485aa9c737cf3fb616ef3d91fab599aa7cab19eda763b5ba ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 77dd190fa30d88ff5e3b011a0ae61e6209780c130b535ecb87e6f0888a0b6b2f ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: c83cb13922ad99f560744675dd37cc94dcad5a1fcba6472fee341171d939e884 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 3b0287533e0cc3d0ec1aa823cbf0a941aad8721579d1c499802dd1c3a636b8a9 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 939aeef4f5fa51e23340c3f2e49048ce8872526afdf752c3a7f3a3f2bc9f6049 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 64575bd912789a2e14ad56f6341f52af6bf80cf94400785975e9f04e2d64d745 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 45c7c8ae750acfbb48fc37527d6412dd644daed8913ccd8a24c94d856967df8e ++- EventNum: 8 ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 9 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5e58cd33cbf6f6058139e716508bbf5d03f2c94f" ++ - AlgorithmId: sha256 ++ Digest: "2de50158a70fa60bcb0eff4f8ad5d5a8d6e4a808bfbe5446b74464163191a8bf" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0xb6bf9018 ++ ImageLengthInMemory: 133728 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: 'PciRoot(0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Offset(0xf250,0x201ff)' ++- EventNum: 10 ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 11 ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 12 ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 13 ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 14 ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 15 ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 16 ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 17 ++ PCRIndex: 5 ++ EventType: EV_EFI_GPT_EVENT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a30700c4eccddd14eb6c80b8c16474c4519e2a70" ++ - AlgorithmId: sha256 ++ Digest: "dcc6b7eaf2b013c6a37c720fe1d5098b5daf56ac9922f222125df7a1126b9596" ++ EventSize: 484 ++ Event: ++ Header: ++ Signature: "EFI PART" ++ Revision: 0x10000 ++ HeaderSize: 92 ++ HeaderCRC32: 0x986df596 ++ MyLBA: 0x1 ++ AlternateLBA: 0x1dcf32af ++ FirstUsableLBA: 0x22 ++ LastUsableLBA: 0x1dcf328e ++ DiskGUID: f9f4bb69-5418-46bb-9501-2d615a3edc79 ++ PartitionEntryLBA: 0x2 ++ NumberOfPartitionEntry: 128 ++ SizeOfPartitionEntry: 128 ++ PartitionEntryArrayCRC32: 0xe4012e1b ++ NumberOfPartitions: 3 ++ Partitions: ++ - PartitionTypeGUID: c12a7328-f81f-11d2-ba4b-00a0c93ec93b ++ UniquePartitionGUID: 1a504613-19b5-4b44-a83d-d926d40daa1c ++ StartingLBA: 0x800 ++ EndingLBA: 0x807ff ++ Attributes: 0x0 ++ PartitionName: "EFI System" ++ - PartitionTypeGUID: a19d880f-05fc-4d3b-a006-743f0f84911e ++ UniquePartitionGUID: c3fe0624-3db7-44f4-941e-49e6823d5a30 ++ StartingLBA: 0x80800 ++ EndingLBA: 0x1d24594e ++ Attributes: 0x0 ++ PartitionName: "Linux RAID" ++ - PartitionTypeGUID: 0fc63daf-8483-4772-8e79-3d69d8477de4 ++ UniquePartitionGUID: 07ca55d3-efba-43a7-aea7-334c379e6b70 ++ StartingLBA: 0x1d246000 ++ EndingLBA: 0x1dcf328e ++ Attributes: 0x0 ++ PartitionName: "Linux filesystem" ++- EventNum: 18 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "359b9b1edab9f2841d8fd4312d8528079a3777b4" ++ - AlgorithmId: sha256 ++ Digest: "66c174f6bcd22cea3a37bb47d9669da541f0488b9be9abca33323ac31838d68e" ++ EventSize: 56 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 9 ++ VariableDataLength: 6 ++ UnicodeName: BootOrder ++ VariableData: ++ - Boot0000 ++ - Boot0003 ++ - Boot0002 ++- EventNum: 19 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "0113948871b7c34c97695e6351b1acf39f8e8291" ++ - AlgorithmId: sha256 ++ Digest: "6fff79a21c2c8f94652fb0fc53c37da0aa4ea839ebd945566b804f8c6c4f0162" ++ EventSize: 208 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 160 ++ UnicodeName: Boot0000 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 116 ++ Description: "Linux Boot Manager" ++ DevicePath: 'HD(1,GPT,1a504613-19b5-4b44-a83d-d926d40daa1c,0x800,0x80000)/File(\EFI\SYSTEMD\SYSTEMD-BOOTX64.EFI)' ++- EventNum: 20 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "39d79e549dc8ce20c55b44733dd7c73d21bd159a" ++ - AlgorithmId: sha256 ++ Digest: "d865a2d13db7529aaae8105153650c4557a33f471650e4099b5178d21f6516bf" ++ EventSize: 168 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 120 ++ UnicodeName: Boot0003 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 94 ++ Description: "UEFI OS" ++ DevicePath: 'HD(1,GPT,1a504613-19b5-4b44-a83d-d926d40daa1c,0x800,0x80000)/File(\EFI\BOOT\BOOTX64.EFI)' ++- EventNum: 21 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "72411782e0c50340e583ff814e236de1364bd2af" ++ - AlgorithmId: sha256 ++ Digest: "a5428f6cb55f36175733db8f1ead37be44cca8cfe027268d0cb893d862078ca0" ++ EventSize: 232 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 184 ++ UnicodeName: Boot0002 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 140 ++ Description: "Linux Boot Manager" ++ DevicePath: 'VenHw(99e275e7-75a0-4b37-a2e6-c5385e6c00cb)' ++- EventNum: 22 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c429e591c3d5542d366037d5dee18bc178e58535" ++ - AlgorithmId: sha256 ++ Digest: "d51e9d20c0e180d8fdded3e7d5e05b4ab8e87b2f30e6995632a14e399332103b" ++ EventSize: 176 ++ Event: ++ ImageLocationInMemory: 0xb616b018 ++ ImageLengthInMemory: 96725 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 144 ++ DevicePath: 'PciRoot(0x0)/Pci(0x17,0x0)/Sata(1,65535,0)/HD(1,GPT,1a504613-19b5-4b44-a83d-d926d40daa1c,0x800,0x80000)/File(\EFI\SYSTEMD\SYSTEMD-BOOTX64.EFI)' ++- EventNum: 23 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8fce1cd38d7b7dd55d6e841dab1629aee55cd212" ++ - AlgorithmId: sha256 ++ Digest: "6c1b73563471cd9082ea3d149fa4668cd8f1a0c315531d4bf513bc5ede8939a5" ++ EventSize: 148 ++ Event: ++ ImageLocationInMemory: 0xb5763018 ++ ImageLengthInMemory: 9180448 ++ ImageLinkTimeAddress: 0x1000000 ++ LengthOfDevicePath: 116 ++ DevicePath: 'PciRoot(0x0)/Pci(0x17,0x0)/Sata(1,65535,0)/HD(1,GPT,1a504613-19b5-4b44-a83d-d926d40daa1c,0x800,0x80000)/File(\vmlinuz-linux-lts)' ++- EventNum: 24 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7fd3abec2afe8e68028be79cfc143a56c9918e69" ++ - AlgorithmId: sha256 ++ Digest: "362d5603871294a44287df0c3c63c120972e5b3897704315b99cf8406ac413b6" ++ EventSize: 365 ++ Event: ++ String: "i\0n\0i\0t\0r\0d\0=\0\\\0i\0n\0t\0e\0l\0-\0u\0c\0o\0d\0e\0.\0i\0m\0g\0 \0i\0n\0i\0t\0r\0d\0=\0\\\0i\0n\0i\0t\0r\0a\0m\0f\0s\0-\0l\0i\0n\0u\0x\0-\0l\0t\0s\0.\0i\0m\0g\0 \0c\0r\0y\0p\0t\0d\0e\0v\0i\0c\0e\0=\0U\0U\0I\0D\0=\05\04\06\05\03\06\09\0a\0-\09\09\06\0d\0-\04\02\0c\0a\0-\09\0a\0d\04\0-\09\01\0d\00\00\08\02\0e\00\0b\03\04\0:\0c\0r\0y\0p\0t\0r\0o\0o\0t\0 \0r\0o\0o\0t\0=\0/\0d\0e\0v\0/\0m\0a\0p\0p\0e\0r\0/\0c\0r\0y\0p\0t\0r\0o\0o\0t\0 \0r\0w\0 \0i\0n\0t\0e\0l\0_\0i\0o\0m\0m\0u\0=\0o\0n\0 \0i\0o\0m\0m\0u\0=\0p\0t\0 \0l\01\0t\0f\0=\0o\0f\0f\0\0" ++pcrs: ++ sha1: ++ 0 : 0xa0487b0d95387d4a30560edf5f041307bf4a1dcc ++ 1 : 0x56b71c334a5b67d3b7b3343e3241dff5a1ad87bf ++ 2 : 0x01098a68e44e4fbd0af3b9a836b1b79e78c4f6f5 ++ 3 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 4 : 0x2845117447a59571c424c1d0824c25112b902eb7 ++ 5 : 0x0dfa5ca60508ac5214515b20ed3e66289514fcb6 ++ 6 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 7 : 0x029c700c2fa2bc83cbf3ce4ee501ad4d984ec5ae ++ 8 : 0xaa99fc93faa0777f42da6e1ae77a0653b5005619 ++ sha256: ++ 0 : 0x758b773d94feabf52ef5a4c00a7ad2c80d8d6e6d9d58756150be9bc973da9087 ++ 1 : 0xbfda688a5d320123fddb3fc70b746bc17647e2e7f2f96e130d429542bf4622d5 ++ 2 : 0x65dee4a48cde677aa89fa83c5c35e883fda658f743853e3ebad504ca6702f7c5 ++ 3 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 4 : 0x7672cbacaf6568fd1767a29cce541602ad91360dbd753a16b0d64021e619d65d ++ 5 : 0x202522f005ef625588bb7c9e21335ba96a63c5086306138885b3bb2c381730ca ++ 6 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 7 : 0x3b4a4db44b7a872524055364e62e897ae678e0d47ab0809f65c3a4ed77f66ab9 ++ 8 : 0x47591b43af431963eaeb5238a5c42eda1eb0014c27f7de7ae483066a2d2a2e61 +diff --git a/test/integration/fixtures/event-pretty/event-bootorder.bin.yaml b/test/integration/fixtures/event-pretty/event-bootorder.bin.yaml +new file mode 100644 +index 0000000..e961df3 +--- /dev/null ++++ b/test/integration/fixtures/event-pretty/event-bootorder.bin.yaml +@@ -0,0 +1,1392 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 37 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 2 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1489f923c4dca729178b3e3233458550d8dddf29" ++ - AlgorithmId: sha256 ++ Digest: "96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7" ++ EventSize: 2 ++ Event: "0000" ++- EventNum: 2 ++ PCRIndex: 0 ++ EventType: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6488855f69f459ef2e2038344ec566ca4bcad690" ++ - AlgorithmId: sha256 ++ Digest: "163240b109aa840ad3c3409a19b5c3488994b831d3e5ab0bca99aef11d95281f" ++ EventSize: 16 ++ Event: ++ BlobBase: 0x820000 ++ BlobLength: 0xe0000 ++- EventNum: 3 ++ PCRIndex: 0 ++ EventType: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "fad74ec73e2093b46d934e57bb15eb07dab2daa4" ++ - AlgorithmId: sha256 ++ Digest: "0893258878179ebb61ea991f3e058a3b9352512086e683eb0458d31e45e474f7" ++ EventSize: 16 ++ Event: ++ BlobBase: 0x900000 ++ BlobLength: 0xb00000 ++- EventNum: 4 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "57cd4dc19442475aa82743484f3b1caa88e142b8" ++ - AlgorithmId: sha256 ++ Digest: "115aa827dbccfb44d216ad9ecfda56bdea620b860a94bed5b7a27bba1c4d02d8" ++ EventSize: 53 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 1 ++ UnicodeName: SecureBoot ++ VariableData: "00" ++- EventNum: 5 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9b1387306ebb7ff8e795e7be77563666bbf4516e" ++ - AlgorithmId: sha256 ++ Digest: "dea7b80ab53a3daaa24d5cc46c64e1fa9ffd03739f90aadbd8c0867c4a5b4890" ++ EventSize: 36 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 0 ++ UnicodeName: PK ++- EventNum: 6 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9afa86c507419b8570c62167cb9486d9fc809758" ++ - AlgorithmId: sha256 ++ Digest: "e670e121fcebd473b8bc41bb801301fc1d9afa33904f06f7149b74f12c47a68f" ++ EventSize: 38 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 0 ++ UnicodeName: KEK ++- EventNum: 7 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5bf8faa078d40ffbd03317c93398b01229a0e1e0" ++ - AlgorithmId: sha256 ++ Digest: "baf89a3ccace52750c5f0128351e0422a41597a1adfd50822aa363b9d124ea7c" ++ EventSize: 36 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 0 ++ UnicodeName: db ++- EventNum: 8 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "734424c9fe8fc71716c42096f4b74c88733b175e" ++ - AlgorithmId: sha256 ++ Digest: "9f75b6823bff6af1024a4e2036719cdd548d3cbc2bf1de8e7ef4d0ed01f94bf9" ++ EventSize: 38 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 0 ++ UnicodeName: dbx ++- EventNum: 9 ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 10 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "94f73ca3598b5b7fff3b295b5788cbbfcd27a10c" ++ - AlgorithmId: sha256 ++ Digest: "2b37dc2f75e2db4099e0dd546e6bbb05d1be905f8cd449baafc86353bda5dd54" ++ EventSize: 78 ++ Event: ++ ImageLocationInMemory: 0xbeeed018 ++ ImageLengthInMemory: 205768 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 46 ++ DevicePath: 'PciRoot(0x0)/Pci(0x3,0x0)/Offset(0x15c00,0x47fff)' ++- EventNum: 11 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "94f73ca3598b5b7fff3b295b5788cbbfcd27a10c" ++ - AlgorithmId: sha256 ++ Digest: "2b37dc2f75e2db4099e0dd546e6bbb05d1be905f8cd449baafc86353bda5dd54" ++ EventSize: 78 ++ Event: ++ ImageLocationInMemory: 0xbeeed018 ++ ImageLengthInMemory: 205768 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 46 ++ DevicePath: 'PciRoot(0x0)/Pci(0x4,0x0)/Offset(0x15c00,0x47fff)' ++- EventNum: 12 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ea3f530d2b261b5a945812c15858c09de04abe9c" ++ - AlgorithmId: sha256 ++ Digest: "263d99957c7b574c63a265b32da7fff8b8ad831828946bfbff650d7074dd9198" ++ EventSize: 56 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 9 ++ VariableDataLength: 6 ++ UnicodeName: BootOrder ++ VariableData: "010000000200" ++- EventNum: 13 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2a9a2be325bb21a601ecc332059d1326bda65629" ++ - AlgorithmId: sha256 ++ Digest: "d381b8aa422440ccf1edfd12e58e8ad0074e4b9735fad17d27783f24ec33ff26" ++ EventSize: 126 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 78 ++ UnicodeName: Boot0001 ++ VariableData: "010000001600550045004600490020004d006900730063002000440065007600690063006500000002010c00d041030a000000000101060000067fff04004eac0881119f594d850ee21a522c59b2" ++- EventNum: 14 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "22a4f6ee9af6dba01d3528deb64b74b582fc182b" ++ - AlgorithmId: sha256 ++ Digest: "3197be1e300fa1600d1884c3a4bd4a90a15405bfb546cf2e6cf6095f8c362a93" ++ EventSize: 110 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 62 ++ UnicodeName: Boot0000 ++ VariableData: "090100002c0055006900410070007000000004071400c9bdb87cebf8344faaea3ee4af6516a10406140021aa2c4614760345836e8ab6f46623317fff0400" ++- EventNum: 15 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "df5d6605cb8f4366d745a8464cfb26c1efdc305c" ++ - AlgorithmId: sha256 ++ Digest: "4d387b02d63b2f4cd7f667feb0a387fe47a10a3e26bf3533ddd001c605f3dec5" ++ EventSize: 136 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 88 ++ UnicodeName: Boot0002 ++ VariableData: "010000002c00450046004900200049006e007400650072006e0061006c0020005300680065006c006c00000004071400c9bdb87cebf8344faaea3ee4af6516a10406140083a5047c3e9e1c4fad65e05268d0b4d17fff0400" ++- EventNum: 16 ++ PCRIndex: 4 ++ EventType: EV_EFI_ACTION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cd0fdb4531a6ec41be2753ba042637d6e5f7f256" ++ - AlgorithmId: sha256 ++ Digest: "3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba" ++ EventSize: 40 ++ Event: |- ++ Calling EFI Application from Boot Option ++- EventNum: 17 ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 18 ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 19 ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 20 ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 21 ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 22 ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 23 ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 24 ++ PCRIndex: 5 ++ EventType: EV_EFI_GPT_EVENT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d35cb7d68eaa9de91261f18f3077b7ba9dd32974" ++ - AlgorithmId: sha256 ++ Digest: "2b406513198abc7ffebdec8a744c1a8b828fe07489e000dbde27bf237aca3de2" ++ EventSize: 484 ++ Event: "4546492050415254000001005c000000d8b2b15d000000000100000000000000ff5f6604000000002200000000000000de5f660400000000a21b0807c97c63468ecf4692ccb7e3ec02000000000000008000000080000000160e4f720300000000000000af3dc60f838472478e793d69d8477de47010a9784677964382b8ffc7ba90d8890078030000000000de5f66040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004861682149646f6e744e656564454649daf9d10afb18ac429f39fbba46240cbd0008000000000000ff27000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028732ac11ff8d211ba4b00a0c93ec93b98e759c36a59b642b6f6eca290429d990028000000000000ff770300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ++- EventNum: 25 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d0e6f939f1304a83975f34ff678da573ae2b3ee5" ++ - AlgorithmId: sha256 ++ Digest: "007f4c95125713b112093e21663e2d23e3c1ae9ce4b5de0d58a297332336a2d8" ++ EventSize: 144 ++ Event: ++ ImageLocationInMemory: 0xbec2b018 ++ ImageLengthInMemory: 1334816 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 112 ++ DevicePath: 'PciRoot(0x0)/Pci(0x6,0x0)/HD(15,GPT,c359e798-596a-42b6-b6f6-eca290429d99,0x2800,0x35000)/File(\EFI\BOOT\BOOTX64.EFI)' ++- EventNum: 26 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "26040ba214343fb89f2f82599675474f092d506d" ++ - AlgorithmId: sha256 ++ Digest: "70fd78ce1d6de8d0cc7d5ca74e2e69e03cb92762d8a19d63a61b50070d41593f" ++ EventSize: 41 ++ Event: ++ ImageLocationInMemory: 0x0 ++ ImageLengthInMemory: 0 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 0 ++ DevicePath: '' ++- EventNum: 27 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5bb3e7b9b843fa3bf11e7a85877c095031f6242f" ++ - AlgorithmId: sha256 ++ Digest: "b2166ffbf190a9bb3809a5a1dcb44bb5f3de6b44c2c27f1e4220a83f92d0c06a" ++ EventSize: 69 ++ Event: ++ String: "grub_cmd: [ -z (hd0,gpt15)/boot/grub -o ! -e (hd0,gpt15)/boot/grub ]\0" ++- EventNum: 28 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "74bebd5904e1e03e1b33c6b282f02c1495a6399a" ++ - AlgorithmId: sha256 ++ Digest: "204e96107885ed140d3e8dbef893e1c64e4a3d9924db6c2ab247a36daadef64a" ++ EventSize: 59 ++ Event: ++ String: "grub_cmd: [ -e (hd0,gpt15)/boot/grub/x86_64-efi/grub.cfg ]\0" ++- EventNum: 29 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d213ef93b23586b61de14638c1777ec837604074" ++ - AlgorithmId: sha256 ++ Digest: "172b207a85a5f584b99ce06ae8fd97eec2df94b1c8ad305cf144d9bff797bccf" ++ EventSize: 48 ++ Event: ++ String: "grub_cmd: [ -e (hd0,gpt15)/boot/grub/grub.cfg ]\0" ++- EventNum: 30 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "89390cd4a7a4db44da0828e0b25850e74ae1b5a2" ++ - AlgorithmId: sha256 ++ Digest: "d2d0bcff3471ed8513c735eae972e18b64697980124f3634ba71ccd304f73b22" ++ EventSize: 48 ++ Event: ++ String: "grub_cmd: source (hd0,gpt15)/boot/grub/grub.cfg\0" ++- EventNum: 31 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "e7dfe5cc66a86749c2035e148e5d05e7208d7bd7" ++ - AlgorithmId: sha256 ++ Digest: "3193758bf575102eeea79b1f7a7bef60772effcb7e9ca8b5fd42e33c9e8953bf" ++ EventSize: 31 ++ Event: ++ String: "(hd0,gpt15)/boot/grub/grub.cfg\0" ++- EventNum: 32 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "dc67bcc9abc2411af92a6b61683d09b888ab9b6c" ++ - AlgorithmId: sha256 ++ Digest: "154a0f30f044fc2e043ad9330b5cf5f3970422281ad8fe902dd1d0b42aa07b54" ++ EventSize: 76 ++ Event: ++ String: "grub_cmd: search.fs_uuid d64f335d-4d71-46c8-9379-3375973830f3 root hd0,gpt1\0" ++- EventNum: 33 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c90fdbd8bc3928f93d41ef4176a3415df2d584eb" ++ - AlgorithmId: sha256 ++ Digest: "679845b798116003dcee938a7e87a07c7b7dd42b5349e54632bbfa82a740541b" ++ EventSize: 42 ++ Event: ++ String: "grub_cmd: set prefix=(hd0,gpt1)/boot/grub\0" ++- EventNum: 34 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7f7e85909fb37d150f57822c0ad3b636e7853aff" ++ - AlgorithmId: sha256 ++ Digest: "5137257cdcec140bce7e0c83c1000df3f7ecf18de11bde46b8d32f49ba657791" ++ EventSize: 44 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/command.lst\0" ++- EventNum: 35 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f091655c7ac7314eb0df21931415de47628d621f" ++ - AlgorithmId: sha256 ++ Digest: "32fc7f5de8c0a5dc0b1e7eb609ca31a77eb3475539e1d97a4543dca1b9b26c57" ++ EventSize: 39 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/fs.lst\0" ++- EventNum: 36 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ff00d28114398cf1a052329494d63aceeb8ff29a" ++ - AlgorithmId: sha256 ++ Digest: "1b766f38a94927fe9b7bc1e809f0363e778e14c601e800faea271a2e75d3fc43" ++ EventSize: 43 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/crypto.lst\0" ++- EventNum: 37 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "66b726c6d64bc109d3948a9528f502ea94938ef4" ++ - AlgorithmId: sha256 ++ Digest: "46f888c52f36baf9b62d60bc8d06426a314aad5a0ff86a4362a91c2512a1df9c" ++ EventSize: 45 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/terminal.lst\0" ++- EventNum: 38 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1284bee568af2e320e6a03dce30144182be7d51e" ++ - AlgorithmId: sha256 ++ Digest: "874d063ee6d5776d8474fcbaed76cdd44f32572d8454338fef7138347e866d7d" ++ EventSize: 51 ++ Event: ++ String: "grub_cmd: configfile (hd0,gpt1)/boot/grub/grub.cfg\0" ++- EventNum: 39 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6629b50b4251a5dad59be69a1dfa3b9cd77371f5" ++ - AlgorithmId: sha256 ++ Digest: "457040ecfb2efcb062b4b833ed45d8f9c5773f09697eb71d7d64705677fddcae" ++ EventSize: 30 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/grub.cfg\0" ++- EventNum: 40 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3e5cd7ea0fdc2e2b2f956d41f9090ee3732fb833" ++ - AlgorithmId: sha256 ++ Digest: "7e2b3493baa3f9e4c6a836282d1e66b5855692169dee44d46fe20d11dbc17381" ++ EventSize: 46 ++ Event: ++ String: "grub_cmd: [ -s (hd0,gpt1)/boot/grub/grubenv ]\0" ++- EventNum: 41 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d824837898575ca2fcae32fed643e00b84d62611" ++ - AlgorithmId: sha256 ++ Digest: "42439fda5143449c668430706de270c764912b08766180e594bcd75d961da46c" ++ EventSize: 29 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/grubenv\0" ++- EventNum: 42 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3c4e9b1198ecc160aff6022c0f96b5b22fab1469" ++ - AlgorithmId: sha256 ++ Digest: "0e3a17e0c48e42d79f4d1576e7f787c911239510586505c326143b9b268bdd65" ++ EventSize: 32 ++ Event: ++ String: "grub_cmd: set have_grubenv=true\0" ++- EventNum: 43 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "453dee6ce82bd80ea89bd8085724ae9784ff0f1b" ++ - AlgorithmId: sha256 ++ Digest: "f8b99f77983990e8804864cade91f361b5b6600cc2832febaef878ac8b44d27e" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: load_env\0" ++- EventNum: 44 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d824837898575ca2fcae32fed643e00b84d62611" ++ - AlgorithmId: sha256 ++ Digest: "42439fda5143449c668430706de270c764912b08766180e594bcd75d961da46c" ++ EventSize: 29 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/grubenv\0" ++- EventNum: 45 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "69ac3a89588aa0a95d8ff937642868a0ccfe2c09" ++ - AlgorithmId: sha256 ++ Digest: "492fe6f726b0b3b92fce889eaba1aab7be7c5a373c7438557b3ea49ba98d4940" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ 1 = 2 ]\0" ++- EventNum: 46 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "aa0c1b41d0046552dea2a47b1f8e592716137f4a" ++ - AlgorithmId: sha256 ++ Digest: "5935716bf513717f6b6931f3f8e40962606850cfc43d25ff2ca4754dcc13dceb" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ 1 = 1 ]\0" ++- EventNum: 47 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d8f3601c7085b0e7d08c2b5925720404d9b799d1" ++ - AlgorithmId: sha256 ++ Digest: "6b59ff87625a202766cd5d6172f00dd63378823bf413a551a628f874bbb642cf" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: set next_entry=\0" ++- EventNum: 48 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "aa78b63e975d20ee4af7e4bfa0c8314ca2e72862" ++ - AlgorithmId: sha256 ++ Digest: "4a6e5876f2d88fa867f1099e143631ad94a37484e682790d9e1848b92a07abee" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: set prev_entry=\0" ++- EventNum: 49 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "69634430fcd587c877479d7390cd3eacfc2f27cc" ++ - AlgorithmId: sha256 ++ Digest: "fdcca48e2c9aab6cbe435b5cda9b395d67aa165516b62e7e5ce3a50ac039ac32" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: save_env prev_entry\0" ++- EventNum: 50 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "710cbf237c9abd071ca91c4104324800bec7b0fb" ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 51 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "710cbf237c9abd071ca91c4104324800bec7b0fb" ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 52 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "75409120452bbbee30abe289af973ecdd7e0ef6b" ++ - AlgorithmId: sha256 ++ Digest: "3a118940bf2675007df3368cb6d45cf2756f328d3e75daf69a971dd21bd1bc58" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: set default=0\0" ++- EventNum: 53 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 54 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "bd5209e50c09650ffcf5c2d12a8be8277e438023" ++ - AlgorithmId: sha256 ++ Digest: "09f17d4dfb4b97f16246632c21b1ac2125c95c148899eee5069fbb1b34365513" ++ EventSize: 35 ++ Event: ++ String: "grub_cmd: menuentry_id_option=--id\0" ++- EventNum: 55 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6248599bae0d78ccbda185ed2fce0182ed41e297" ++ - AlgorithmId: sha256 ++ Digest: "4af0bb370c9e3b7982027d02e04c935e32d52b528007476bfc50d36d1b86815e" ++ EventSize: 37 ++ Event: ++ String: "grub_cmd: export menuentry_id_option\0" ++- EventNum: 56 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "710cbf237c9abd071ca91c4104324800bec7b0fb" ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 57 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7dc272da02b00e0ee2958961bb99a2e3196ec24a" ++ - AlgorithmId: sha256 ++ Digest: "df24f1cae6b428fdd09bc14b06df255f93060ff05d56c3127724168596f73d5f" ++ EventSize: 33 ++ Event: ++ String: "grub_cmd: terminal_input console\0" ++- EventNum: 58 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "155e201c47f534b1201190d61e9d178a525540e6" ++ - AlgorithmId: sha256 ++ Digest: "fed7c930939012174a23271f9fa177a39891cd1baf6ccd22bccce96acd0514d1" ++ EventSize: 34 ++ Event: ++ String: "grub_cmd: terminal_output console\0" ++- EventNum: 59 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "aa0c1b41d0046552dea2a47b1f8e592716137f4a" ++ - AlgorithmId: sha256 ++ Digest: "5935716bf513717f6b6931f3f8e40962606850cfc43d25ff2ca4754dcc13dceb" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ 1 = 1 ]\0" ++- EventNum: 60 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "4f44a4a7a7523e637715ea96d38b3614bb6c22d8" ++ - AlgorithmId: sha256 ++ Digest: "d3a793f471b6bfe8d783f5e629314cad4763d48986a8cd4df25475334b40f49b" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: set timeout=0\0" ++- EventNum: 61 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "0d570854895a5a9ce25dc6c25026278c2d1a6367" ++ - AlgorithmId: sha256 ++ Digest: "207cda95fd859189d016c7c2cc03b9c05672984589e4809e1dcee665d629cf7d" ++ EventSize: 44 ++ Event: ++ String: "grub_cmd: set menu_color_normal=white/black\0" ++- EventNum: 62 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d4a516aec1bccafec65420d98fcb243aa465d837" ++ - AlgorithmId: sha256 ++ Digest: "6f18799fe0ecb5c4bb4c0695a3094dc9841c940c3b463e14c25e444246348a2a" ++ EventSize: 52 ++ Event: ++ String: "grub_cmd: set menu_color_highlight=black/light-gray\0" ++- EventNum: 63 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ecdcad74115ad02c9d8440f27b4e0689d76774e7" ++ - AlgorithmId: sha256 ++ Digest: "6cf48a4c26fa07a4c8ae470218b37d52b0ff3095c23c35a3bb8872b87c883ebe" ++ EventSize: 60 ++ Event: ++ String: "grub_cmd: set partuuid=78a91070-7746-4396-82b8-ffc7ba90d889\0" ++- EventNum: 64 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ffc5ff69933dd9a11ca68638ce3658ef0d2269ca" ++ - AlgorithmId: sha256 ++ Digest: "947920653060a5560f1c4a13befe97d2c3d13c1f36effb24c29f57d1e53edbb5" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: [ 1 != 1 ]\0" ++- EventNum: 65 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "b22f5db5791853fce95f8623ab479d81483b71dc" ++ - AlgorithmId: sha256 ++ Digest: "5618ae564712085435199ecf654a3ab87e1c1fd87a1823c780d7f0f677dd7b5d" ++ EventSize: 34 ++ Event: ++ String: "grub_cmd: set linux_gfx_mode=text\0" ++- EventNum: 66 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9deef0fa444e59d7a08e615f25628826e7feddf9" ++ - AlgorithmId: sha256 ++ Digest: "22e041251eb54eeb3270245759aa3e8bd3b77a647db988b681b1eafc6960aa45" ++ EventSize: 32 ++ Event: ++ String: "grub_cmd: export linux_gfx_mode\0" ++- EventNum: 67 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ca904a776c820180356d1f6d200588daa7fa64b7" ++ - AlgorithmId: sha256 ++ Digest: "461ab8369f3a3d8b10c911724a3f4e0f242ec9155565ba6116a2290c8f321b84" ++ EventSize: 1023 ++ Event: ++ String: "grub_cmd: menuentry Ubuntu --class ubuntu --class gnu-linux --class gnu --class os --id gnulinux-simple-d64f335d-4d71-46c8-9379-3375973830f3 {\n\ ++ \trecordfail\n\ ++ \tload_video\n\ ++ \tgfxmode $linux_gfx_mode\n\ ++ \tinsmod gzio\n\ ++ \tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \tinsmod part_gpt\n\ ++ \tinsmod ext2\n\ ++ \tset root='hd0,gpt1'\n\ ++ \tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 d64f335d-4d71-46c8-9379-3375973830f3\n\ ++ \telse\n\ ++ \t\x20\x20search --no-floppy --fs-uuid --set=root d64f335d-4d71-46c8-9379-3375973830f3\n\ ++ \tfi\n\ ++ \tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\x20\x20linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0\n\ ++ \t\x20\x20initrd /boot/initrd.img-5.4.0-45-generic\n\ ++ \telse\n\ ++ \t\x20\x20linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0 panic=-1\n\ ++ \tfi\n\ ++ \tinitrdfail\n\ ++ }\0" ++- EventNum: 68 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "e0a4b6ed5d77ec6442f5fe4248e10fafbbf558f6" ++ - AlgorithmId: sha256 ++ Digest: "180e24f477566b850732c77bf45ee0460552451c391d111a31b31ae5d7be9d14" ++ EventSize: 2484 ++ Event: ++ String: "grub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-d64f335d-4d71-46c8-9379-3375973830f3 {\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.4.0-45-generic' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-45-generic-advanced-d64f335d-4d71-46c8-9379-3375973830f3' {\n\ ++ \t\trecordfail\n\ ++ \t\tload_video\n\ ++ \t\tgfxmode $linux_gfx_mode\n\ ++ \t\tinsmod gzio\n\ ++ \t\tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 d64f335d-4d71-46c8-9379-3375973830f3\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root d64f335d-4d71-46c8-9379-3375973830f3\n\ ++ \t\tfi\n\ ++ \t\techo 'Loading Linux 5.4.0-45-generic ...'\n\ ++ \t\tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0\n\ ++ \t\t\x20\x20echo 'Loading initial ramdisk ...'\n\ ++ \t\t\x20\x20initrd /boot/initrd.img-5.4.0-45-generic\n\ ++ \t\telse\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0 panic=-1\n\ ++ \t\tfi\n\ ++ \t\tinitrdfail\n\ ++ \t}\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.4.0-45-generic (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-45-generic-recovery-d64f335d-4d71-46c8-9379-3375973830f3' {\n\ ++ \t\trecordfail\n\ ++ \t\tload_video\n\ ++ \t\tinsmod gzio\n\ ++ \t\tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 d64f335d-4d71-46c8-9379-3375973830f3\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root d64f335d-4d71-46c8-9379-3375973830f3\n\ ++ \t\tfi\n\ ++ \t\techo 'Loading Linux 5.4.0-45-generic ...'\n\ ++ \t\tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro recovery nomodeset dis_ucode_ldr biosdevname=0 net.ifnames=0\n\ ++ \t\t\x20\x20echo 'Loading initial ramdisk ...'\n\ ++ \t\t\x20\x20initrd /boot/initrd.img-5.4.0-45-generic\n\ ++ \t\telse\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro recovery nomodeset dis_ucode_ldr biosdevname=0 net.ifnames=0 panic=-1\n\ ++ \t\tfi\n\ ++ \t\tinitrdfail\n\ ++ \t}\n\ ++ }\0" ++- EventNum: 69 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "273f5c80c12e935c1d37c2cfe3e161bc42d79d8e" ++ - AlgorithmId: sha256 ++ Digest: "1ea37430950c837021ebcc02f98c12018c31e593e366429436e1353584c7ec72" ++ EventSize: 49 ++ Event: ++ String: "grub_cmd: [ -f (hd0,gpt1)/boot/grub/custom.cfg ]\0" ++- EventNum: 70 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a3326df3194201575e51c3b9a1c8d5d17aeff2d0" ++ - AlgorithmId: sha256 ++ Digest: "d5478d9057580531bf6ff37383b01bb78e1279c20a23721aa3a67ad0d1ca35db" ++ EventSize: 76 ++ Event: ++ String: "grub_cmd: [ -z (hd0,gpt1)/boot/grub -a -f (hd0,gpt1)/boot/grub/custom.cfg ]\0" ++- EventNum: 71 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "17c76a65ebda6aa310da041aabbcd6483bf00df4" ++ - AlgorithmId: sha256 ++ Digest: "bf5d10a466c0f77818990a9d0fdcc8fa2c4561ba92912d5fbc9d4ac1e31a00fb" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: setparams Ubuntu\0" ++- EventNum: 72 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "98d066f8ffd046bacb38b106188cbe7fe9ada729" ++ - AlgorithmId: sha256 ++ Digest: "a57e067e286efc4eea89659d40f13a38cc1792e4277bed820ded674c94bf2ead" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: recordfail\0" ++- EventNum: 73 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "bac17085fef5043662a50cef18bf366844c074ff" ++ - AlgorithmId: sha256 ++ Digest: "64bda8f65b1585d7868248a292c449660cc8f75075c10d87ae59a4db401ce119" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: set recordfail=1\0" ++- EventNum: 74 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "55cfd6463ef334abb6b48080b33ec063a9c051eb" ++ - AlgorithmId: sha256 ++ Digest: "cfa4676ffe751d1547e77a8d66a033b59b3eed3400d9b3a305d2601891ab0e59" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ -n true ]\0" ++- EventNum: 75 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d31e5f156b716d7835b261891644bb5f7f65e285" ++ - AlgorithmId: sha256 ++ Digest: "4e7a22f96bae467df0f26975e0bf7614d6b92993301c65bae6a85c6530e460bf" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ -z ]\0" ++- EventNum: 76 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "925ee69b7c8ac4937cbe47d5c85351d869b4e8d7" ++ - AlgorithmId: sha256 ++ Digest: "ce2cc20777ba8d3bc75b662163c3abe370344d4bae17d75fb5bd408d1fb6badf" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: save_env recordfail\0" ++- EventNum: 77 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8fe59e66d6ec198420477f24f791e929f153e144" ++ - AlgorithmId: sha256 ++ Digest: "7626abd8be7442c2e575364a3e95cb3a3b533c58afbba402d2bdabdff85d29c7" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: load_video\0" ++- EventNum: 78 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 79 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "59ced343b060b7df54fa7ba251ef877940601ee4" ++ - AlgorithmId: sha256 ++ Digest: "d71353f5368eb2c1280590928128979bd96ea8db1e8c81493f7878383b76ab3b" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: insmod all_video\0" ++- EventNum: 80 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9e12ea97e4dadf46b29402cc55eacd227ee3f364" ++ - AlgorithmId: sha256 ++ Digest: "6efe5245f640eb0b7e601bc996652d06902a4bbd1b34b902903fc217a826f30e" ++ EventSize: 23 ++ Event: ++ String: "grub_cmd: gfxmode text\0" ++- EventNum: 81 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "75538862ec020d327e306ea27c200bddae3406eb" ++ - AlgorithmId: sha256 ++ Digest: "c89c80d69cfeedad50036743cb6964f8ed5ef494dff379a57c46345a327ebb64" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: set gfxpayload=text\0" ++- EventNum: 82 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2058b2755fa0eb1e9c76399a4fa797b0675da67e" ++ - AlgorithmId: sha256 ++ Digest: "ce014fbd540f5a1796d7b9def2294a75114f28ccd23c556c9e7ba1b4a38a0557" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: [ text = keep ]\0" ++- EventNum: 83 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6568ee5d89e912eb995ad4c82d000ab8d0b4548e" ++ - AlgorithmId: sha256 ++ Digest: "09e725869682d71dba50ef98b2f78022466e9c0173f5f4bcc4f0f863067e65f8" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: set vt_handoff=\0" ++- EventNum: 84 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ba509ca38210f0683c477c9dc40e4c4f653e1dfb" ++ - AlgorithmId: sha256 ++ Digest: "6c4674d4c652ee67b98a6206d7541ccbf2d5dc0a18dae31ad66e82c794c49784" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: insmod gzio\0" ++- EventNum: 85 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2de845dce8a51c8fddbaa04686760093325b7569" ++ - AlgorithmId: sha256 ++ Digest: "18865468f2e4bd9f0cc4ffdda1335f405d06df8d6ff183b373f50e08e81f924d" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: [ xefi = xxen ]\0" ++- EventNum: 86 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a4e1c6f50579b47c964111d1ea2170e6f923c941" ++ - AlgorithmId: sha256 ++ Digest: "62cd76d31ca3d10d742e46c6ff171046ce19dd90f361a827fec6571e59c24794" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: insmod part_gpt\0" ++- EventNum: 87 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "af3f07abac9e5c56b82f09ab98328905aabbf6ef" ++ - AlgorithmId: sha256 ++ Digest: "b838a4d2860c81058105fbb1907a1fb7f60b65591b099b3b000d9b31d8d2fb20" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: insmod ext2\0" ++- EventNum: 88 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cbf1bcb38df72c190b4db0d27ee96eca3c7a9e44" ++ - AlgorithmId: sha256 ++ Digest: "20df4eb78bbf966925af51ad614806aa3ad6f146a9a0c85ac2582a3eaa9a30ca" ++ EventSize: 28 ++ Event: ++ String: "grub_cmd: set root=hd0,gpt1\0" ++- EventNum: 89 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 90 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9beaa2097e4493a4bb31f11a3f6d8f958b3429b2" ++ - AlgorithmId: sha256 ++ Digest: "1781ff193c82654750367a4fc175c77e971e4c53517470ddb02afa23a40290f4" ++ EventSize: 156 ++ Event: ++ String: "grub_cmd: search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 d64f335d-4d71-46c8-9379-3375973830f3\0" ++- EventNum: 91 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "aa0c1b41d0046552dea2a47b1f8e592716137f4a" ++ - AlgorithmId: sha256 ++ Digest: "5935716bf513717f6b6931f3f8e40962606850cfc43d25ff2ca4754dcc13dceb" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ 1 = 1 ]\0" ++- EventNum: 92 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "b6f8fec26a7eb65f3927aa43af6e8ec1846ee688" ++ - AlgorithmId: sha256 ++ Digest: "d78fa3dd0776f200df573cff8c4fd68f5091ed7ad3a6437db8b0db3325c6b0ed" ++ EventSize: 156 ++ Event: ++ String: "grub_cmd: linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0\0" ++- EventNum: 93 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8a0b7b8226ad59b5ac4381ca4afd38709d8448eb" ++ - AlgorithmId: sha256 ++ Digest: "6f6461546ce9fbee0b33dcad75f6f5534ecf907a397f29b5c8c0d93093b6e4e2" ++ EventSize: 31 ++ Event: ++ String: "/boot/vmlinuz-5.4.0-45-generic\0" ++- EventNum: 94 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3130fdda238d47b4164505d920baca259ce81219" ++ - AlgorithmId: sha256 ++ Digest: "5f8193381b94ebb69a821609308177d3fa8d1fb6fbd817266a61e4ff77d154ef" ++ EventSize: 156 ++ Event: ++ String: "kernel_cmdline: /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0\0" ++- EventNum: 95 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c92cb595ef1e034296cdba12b58df0c15e4fbb3b" ++ - AlgorithmId: sha256 ++ Digest: "4bdfca86598a2eca99da0d5d8d7eb437a4009db929616f243a41936c4460d446" ++ EventSize: 51 ++ Event: ++ String: "grub_cmd: initrd /boot/initrd.img-5.4.0-45-generic\0" ++- EventNum: 96 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "186473f3819194651227f49e5f389db7b7cae751" ++ - AlgorithmId: sha256 ++ Digest: "46109c40d06946c299a8efc66c93fe882df02ce8f7ae0546571d6eaa02457552" ++ EventSize: 34 ++ Event: ++ String: "/boot/initrd.img-5.4.0-45-generic\0" ++- EventNum: 97 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8c6944c5ed9f1516843fd5f5bc32941b1306e7db" ++ - AlgorithmId: sha256 ++ Digest: "76bc6c6d70ce34a24bda263584ed03d0fd5d94f90ca206dd5e500b0fe98b3df2" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: initrdfail\0" ++- EventNum: 98 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "55cfd6463ef334abb6b48080b33ec063a9c051eb" ++ - AlgorithmId: sha256 ++ Digest: "cfa4676ffe751d1547e77a8d66a033b59b3eed3400d9b3a305d2601891ab0e59" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ -n true ]\0" ++- EventNum: 99 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "86365ebcde91a88bd1c97b4864e7058e66d97e7a" ++ - AlgorithmId: sha256 ++ Digest: "3602091ace7833250a353f8e3d7b79f1efcabb25ac761f5764f6a4403eec4974" ++ EventSize: 54 ++ Event: ++ String: "grub_cmd: [ -n 78a91070-7746-4396-82b8-ffc7ba90d889 ]\0" ++- EventNum: 100 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a3a5563acacd3a3545f38b1efec4328b19e1db6d" ++ - AlgorithmId: sha256 ++ Digest: "50be723e27218e2db23928b27f224484c593978e2073b88ff455eb0caa481260" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: [ -z 1 ]\0" ++- EventNum: 101 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9f1950c2967bc0668269446aa91b2f1e2b088862" ++ - AlgorithmId: sha256 ++ Digest: "a05839fd9bfebe3bde7739df6a1983a0008d37e25a47ffa6a164b4a22050c80f" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: save_env initrdfail\0" ++- EventNum: 102 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "443a6b7b82b7af564f2e393cd9d5a388b7fa4a98" ++ - AlgorithmId: sha256 ++ Digest: "d8043d6b7b85ad358eb3b6ae6a873ab7ef23a26352c5dc4faa5aeedacf5eb41b" ++ EventSize: 29 ++ Event: |- ++ Exit Boot Services Invocation ++- EventNum: 103 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "475545ddc978d7bfd036facc7e2e987f48189f0d" ++ - AlgorithmId: sha256 ++ Digest: "b54f7542cbd872a81a9d9dea839b2b8d747c7ebd5ea6615c40f42f44a6dbeba0" ++ EventSize: 40 ++ Event: |- ++ Exit Boot Services Returned with Success ++pcrs: ++ sha1: ++ 0 : 0x74c8f4bec7f58dea3941ce46e688440cce91cf5c ++ 1 : 0x293a334523288b61943f3101008ad5ca1f56e127 ++ 2 : 0x64bdfedc3a257a7dbc5bf9e94692ec6033f1dc76 ++ 3 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 4 : 0x13f0dcc5114f14c3df03cf437d7181f256e07a01 ++ 5 : 0x461d7b57e3c62d7a2cda4e4acdec3908c866432e ++ 6 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 7 : 0x518bd167271fbb64589c61e43d8c0165861431d8 ++ 8 : 0x43aaff1eb3b4ec57d1a5c1427f6ae4748fe40cd8 ++ 9 : 0xf1ec9df00222a772a04fa20afbd7e707ac3ad677 ++ sha256: ++ 0 : 0x804c3cb76b471627372c8e5ebd068d1f8f8af088af43dc9de620af652f11116f ++ 1 : 0x61137129a04703282cd3a002a6cd3694e09c68115cbe1e11f4efa892685648d9 ++ 2 : 0x6bb89e2dc338e478b9b58d7c987c67fd2b09435be88195decc1e6ecf6e719d8e ++ 3 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 4 : 0xa01755784426c92d1d22a4305319644855ba0204dcc46ed920d74473defffe42 ++ 5 : 0x8017b57031d6bb5a8e830949ca3c04bcaafe196d6de802697c9fb0acb38f2dac ++ 6 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 7 : 0x65caf8dd1e0ea7a6347b635d2b379c93b9a1351edc2afc3ecda700e534eb3068 ++ 8 : 0xf5ce9866af7ad692ed3afe642b65992d6f5d93389ddb119b49eef3a9fe54a1c1 ++ 9 : 0xd734aa05ed0dfe770bcf88e0ff26113bb3aab42e2e8b8f287aa84aee86acefa1 +diff --git a/test/integration/fixtures/event-pretty/event-gce-ubuntu-2104-log.bin.yaml b/test/integration/fixtures/event-pretty/event-gce-ubuntu-2104-log.bin.yaml +new file mode 100644 +index 0000000..b553ab3 +--- /dev/null ++++ b/test/integration/fixtures/event-pretty/event-gce-ubuntu-2104-log.bin.yaml +@@ -0,0 +1,1919 @@ ++--- ++version: 2 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 41 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 3 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ - Algorithm[2]: ++ algorithmId: sha384 ++ digestSize: 48 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3f708bdbaff2006655b540360e16474c100c1310" ++ - AlgorithmId: sha256 ++ Digest: "d0fcf11a32a8fbf5a4e1a58cd74dd2357d07e7503b5b6afd5a7989a98e17be7f" ++ - AlgorithmId: sha384 ++ Digest: "6d01b1822e08428dcf9234f6a78ac5cb49f49bc1c4393f3717319d8161218bb614df8af7a68c14cea682616589bf0963" ++ EventSize: 48 ++ Event: "47004300450020005600690072007400750061006c0020004600690072006d0077006100720065002000760031000000" ++- EventNum: 2 ++ PCRIndex: 0 ++ EventType: EV_NONHOST_INFO ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9e8af742718df04092551f27c117723769acfe7e" ++ - AlgorithmId: sha256 ++ Digest: "7b74dea34ce9b49755ab1babe8bac9ad528d3d5addec4e2fa298e3ae68fd276f" ++ - AlgorithmId: sha384 ++ Digest: "a74de6271fa4ad2b7b1846f1d40c28eb103f5ee055abc9883f2ca7d9bedf8ec8c848fce5aa0ad22f1750ce78f5bbf15e" ++ EventSize: 32 ++ Event: "474345204e6f6e486f7374496e666f0000000000000000000000000000000000" ++- EventNum: 3 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "57cd4dc19442475aa82743484f3b1caa88e142b8" ++ - AlgorithmId: sha256 ++ Digest: "115aa827dbccfb44d216ad9ecfda56bdea620b860a94bed5b7a27bba1c4d02d8" ++ - AlgorithmId: sha384 ++ Digest: "cfa4e2c606f572627bf06d5669cc2ab1128358d27b45bc63ee9ea56ec109cfafb7194006f847a6a74b5eaed6b73332ec" ++ EventSize: 53 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 1 ++ UnicodeName: SecureBoot ++ VariableData: ++ Enabled: 'No' ++- EventNum: 4 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5abd9412abf33e34a79b3d1a93d350e742d8ecd8" ++ - AlgorithmId: sha256 ++ Digest: "0bdbbbe39766588565c5cc98a2aeb6e44a9178c9f1935bd241f38372448418bb" ++ - AlgorithmId: sha384 ++ Digest: "a763553c9606770cd3a5e607f8e0c1ef01cdf2555af753fa3a1f6afe43eb7b2a0af4a6f80fd8e4dd10459668f3b011e0" ++ EventSize: 842 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 806 ++ UnicodeName: PK ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 806 ++ SignatureHeaderSize: 0 ++ SignatureSize: 778 ++ Keys: ++ - SignatureOwner: d281fad2-8d88-47a4-9792-5baa47bb1b89 ++ SignatureData: 308202f6308201dea003020102020900d54a14e867835dea300d06092a864886f70d01010b05003010310e300c06035504030c056e6577706b301e170d3138303832313231353131355a170d3138303932303231353131355a3010310e300c06035504030c056e6577706b30820122300d06092a864886f70d01010105000382010f003082010a0282010100ccb9d5087cf86d6b63ea1702c962f40b93c9fe90e39d7c2c45ce85015252487cfb4326bf0da589b0f2dd13c736e87f6995aa8c6fd0a2236f34c24fb19e6bc6fa151bb894c19c8e70879142ce69210f937dda759fbf31172050c1ef8023fbbe3b56e30ad747ea9d30afd45da9036389a2fc39e196a187c33d0326b2d3a26cecc897d7ceda18eab2953cb3040707ce028acfda3a5110883f25b04b3eccddf9dadb51d591169a1da107bd88e2f112b4f1b30092b7e367e6ad8c6adc273f1ddcd44e6cc116bdefde562ada1359600979d3a97c578dfd519061379d7f7de4b76e95f0529b439edc483c1dcdbc399f12a3e8470d46b836dc92b395a8ce4ae34623584b0203010001a3533051301d0603551d0e041604149850840342f32fdb97822728977431465e60cbc5301f0603551d230418301680149850840342f32fdb97822728977431465e60cbc5300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101008aa11e52113f17aae7bdb024ab8bad32b049fd7b34cb3b8076603d8edcca6b69c25b94e8b8139c8c2cd7bcac7d8259c3b511c42ea26c16a5ec981df003312336f8cb3083673a3a1f2b622117602cbaf52ef9286eca6670582886678f69846c002758259c501405e970b8606e54854aaf086d8f451ba65b34fc264d1c3c81e1bb242e79e013d1c8ac7cd97f3847114381196b335057e3739ea67f87ddc3e24afc737b4b070987c78309365aea698740840c2c94802f3dae3dcb70c40335c2b93e7108b2a3c6add8243f7d60ab186fa0ee7a1b9acf759fe84cabcd5187685833b2d901bc04021038252a984b1d45fb67339b259c3fac1ba44344cccdd3c80b6ee1 ++- EventNum: 5 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f0501c79b607cc42e9142ee85a74d9c27669c0e2" ++ - AlgorithmId: sha256 ++ Digest: "622647d8138f5b8a64087d2d2e6682c162097b6c1315a6b7225a6657c256b582" ++ - AlgorithmId: sha384 ++ Digest: "c000a71b17a6054093ed791ece8b1556973ddef6da91bf0aeb5792b3c842423742b52943a58bdf2328a434937e327888" ++ EventSize: 1598 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 1560 ++ UnicodeName: KEK ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1560 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1532 ++ Keys: ++ - SignatureOwner: d281fad2-8d88-47a4-9792-5baa47bb1b89 ++ SignatureData: 308205e8308203d0a003020102020a610ad188000000000003300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632343230343132395a170d3236303632343230353132395a308180310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312a3028060355040313214d6963726f736f667420436f72706f726174696f6e204b454b204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4e8b58abfad5726b026c3eae7fb577a44025d070dda4ae5742ae6b00fec6debec7fb9e35a63327c11174f0ee30ba73815938ec6f5e084b19a9b2ce7f5b791d609e1e2c004a8ac301cdf48f306509a64a7517fc8854f8f2086cefe2fe19fff82c0ede9cdcef4536a623a0b43b9e225fdfe05f9d4c414ab11e223898d70b7a41d4decaee59cfa16c2d7c1cbd4e8c42fe599ee248b03ec8df28beac34afb4311120b7eb547926cdce60489ebf53304eb10012a71e5f983133cff25092f687646ffba4fbedcad712a58aafb0ed2793de49b653bcc292a9ffc7259a2ebae92eff6351380c602ece45fcc9d76cdef6392c1af79408479877fe352a8e89d7b07698f150203010001a382014f3082014b301006092b06010401823715010403020100301d0603551d0e0416041462fc43cda03ea4cb6712d25bd955ac7bccb68a5f301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100d48488f514941802ca2a3cfb2a921c0cd7a0d1f1e85266a8eea2b5757a9000aa2da4765aea79b7b9376a517b1064f6e164f20267bef7a81b78bdbace8858640cd657c819a35f05d6dbc6d069ce484b32b7eb5dd230f5c0f5b8ba7807a32bfe9bdb345684ec82caae4125709c6be9fe900fd7961fe5e7941fb22a0c8d4bff2829107bf7d77ca5d176b905c879ed0f90929cc2fedf6f7e6c0f7bd4c145dd345196390fe55e56d8180596f407a642b3a077fd0819f27156cc9f8623a487cba6fd587ed4696715917e81f27f13e50d8b8a3c8784ebe3cebd43e5ad2d84938e6a2b5a7c44fa52aa81c82d1cbbe052df0011f89a3dc160b0e133b5a388d165190a1ae7ac7ca4c182874e38b12f0dc514876ffd8d2ebc39b6e7e6c3e0e4cd2784ef9442ef298b9046413b811b67d8f9435965cb0dbcfd00924ff4753ba7a924fc50414079e02d4f0a6a27766e52ed96697baf0ff78705d045c2ad5314811ffb3004aa373661da4a691b34d868edd602cf6c940cd3cf6c2279adb1f0bc03a24660a9c407c22182f1fdf2e8793260bfd8aca522144bcac1d84beb7d3f5735b2e64f75b4b060032253ae91791dd69b411f15865470b2de0d350f7cb03472ba97603bf079eba2b21c5da216b887c5e91bf6b597256f389fe391fa8a7998c3690eb7a31c200597f8ca14ae00d7c4f3c01410756b34a01bb59960f35cb0c5574e36d23284bf9e ++- EventNum: 6 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "0915a210049c2781fba26180600fb32217c7c972" ++ - AlgorithmId: sha256 ++ Digest: "62ba0f38c3848a9462f98774c586e9d954e72921b3a5254124b63632ccaf8f5a" ++ - AlgorithmId: sha384 ++ Digest: "3509cd62ba8fbef6fae05bee7c3c1ae528f328120879d37f778c3611f9bbf1eaf362423ad89bc8a69283ad2821c5fc37" ++ EventSize: 3179 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 3143 ++ UnicodeName: db ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1600 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1572 ++ Keys: ++ - SignatureOwner: d281fad2-8d88-47a4-9792-5baa47bb1b89 ++ SignatureData: 30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1543 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1515 ++ Keys: ++ - SignatureOwner: d281fad2-8d88-47a4-9792-5baa47bb1b89 ++ SignatureData: 308205d7308203bfa003020102020a61077656000000000008300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3131313031393138343134325a170d3236313031393138353134325a308184310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312e302c060355040313254d6963726f736f66742057696e646f77732050726f64756374696f6e20504341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100dd0cbba2e42e09e3e7c5f79669bc0021bd693333efad04cb5480ee0683bbc52084d9f7d28bf338b0aba4ad2d7c627905ffe34a3f04352070e3c4e76be09cc03675e98a31dd8d70e5dc37b5744696285b8760232cbfdc47a567f751279e72eb07a6c9b91e3b53357ce5d3ec27b9871cfeb9c923096fa84691c16e963c41d3cba33f5d026a4dec691f25285c36fffd43150a94e019b4cfdfc212e2c25b27ee2778308b5b2a096b22895360162cc0681d53baec49f39d618c85680973445d7da2542bdd79f715cf355d6c1c2b5ccebc9c238b6f6eb526d93613c34fd627aeb9323b41922ce1c7cd77e8aa544ef75c0b048765b44318a8b2e06d1977ec5a24fa48030203010001a38201433082013f301006092b06010401823715010403020100301d0603551d0e04160414a92902398e16c49778cd90f99e4f9ae17c55af53301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014d5f656cb8fe8a25c6268d13d94905bd7ce9a18c430560603551d1f044f304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f4365724175745f323031302d30362d32332e63726c305a06082b06010505070101044e304c304a06082b06010505073002863e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f4365724175745f323031302d30362d32332e637274300d06092a864886f70d01010b0500038202010014fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e ++- EventNum: 7 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "734424c9fe8fc71716c42096f4b74c88733b175e" ++ - AlgorithmId: sha256 ++ Digest: "9f75b6823bff6af1024a4e2036719cdd548d3cbc2bf1de8e7ef4d0ed01f94bf9" ++ - AlgorithmId: sha384 ++ Digest: "18cc6e01f0c6ea99aa23f8a280423e94ad81d96d0aeb5180504fc0f7a40cb3619dd39bd6a95ec1680a86ed6ab0f9828d" ++ EventSize: 38 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 0 ++ UnicodeName: dbx ++ VariableData: ++- EventNum: 8 ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 9 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "b6a0ebef70ae24d9fe913dd0c6d2b4e0d80dc049" ++ - AlgorithmId: sha256 ++ Digest: "415093c7a014e1aba1f54f87ae7747228f31cbf4ed40a68476d48a4651551be3" ++ - AlgorithmId: sha384 ++ Digest: "17ac1475128af46c9ea8f807632543c44415306dd06cca9efc8ecf3913146c3095f47ba61d93bcf0618de8759fc13989" ++ EventSize: 58 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 9 ++ VariableDataLength: 8 ++ UnicodeName: BootOrder ++ VariableData: ++ - Boot0003 ++ - Boot0000 ++ - Boot0001 ++ - Boot0002 ++- EventNum: 10 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "dde878cdae43d75a4799189ae872ba915cea8905" ++ - AlgorithmId: sha256 ++ Digest: "81b4afa14fa6dd52a1d528671d197fbdd24ebd7d9c8cf9af83c1341710953b2d" ++ - AlgorithmId: sha384 ++ Digest: "53de75d2a6230b37a0f7dd1cdb8c0b08b4c138c3a53eaa1a547cde643c1fda1e0a0224e444c74e2d62e6c06131c2ee55" ++ EventSize: 166 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 118 ++ UnicodeName: Boot0003 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 98 ++ Description: "ubuntu" ++ DevicePath: 'HD(15,GPT,6ea6f740-25ef-4269-838d-1a6f21ebf27f,0x2800,0x35000)/File(\EFI\ubuntu\shimx64.efi)' ++- EventNum: 11 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "22a4f6ee9af6dba01d3528deb64b74b582fc182b" ++ - AlgorithmId: sha256 ++ Digest: "3197be1e300fa1600d1884c3a4bd4a90a15405bfb546cf2e6cf6095f8c362a93" ++ - AlgorithmId: sha384 ++ Digest: "23ada07f5261f12f34a0bd8e46760962d6b4d576a416f1fea1c64bc656b1d28eacf7047ae6e967c58fd2a98bfa74c298" ++ EventSize: 110 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 62 ++ UnicodeName: Boot0000 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 44 ++ Description: "UiApp" ++ DevicePath: 'FvVol(7cb8bdc9-f8eb-4f34-aaea-3ee4af6516a1)/FvFile(462caa21-7614-4503-836e-8ab6f4662331)' ++- EventNum: 12 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1deddbe8c4412b10f998870099d4067be3da37f4" ++ - AlgorithmId: sha256 ++ Digest: "a8b06578022cffbeffdd688cf545207c1a039630ab6665d72aa98d257cf2db36" ++ - AlgorithmId: sha384 ++ Digest: "9ca06fa06fbd36593f57c008963ad83985714d9674964e447247285bc60b43286e1ce06da50a1dab88f507bb132f4b9e" ++ EventSize: 156 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 108 ++ UnicodeName: Boot0001 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 30 ++ Description: "UEFI Google PersistentDisk " ++ DevicePath: 'PciRoot(0x0)/Pci(0x3,0x0)/SCSI(1,0)' ++- EventNum: 13 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3197898dc01b3d5e97a774aeca14ec921b1af49f" ++ - AlgorithmId: sha256 ++ Digest: "a13a898b836634a61c2c011e61e7ced4ea1c5aefbdae5a9ada39acaf8497acba" ++ - AlgorithmId: sha384 ++ Digest: "8018a1de7cd3d787648f7a2c781745ca78b47dd9f6a33351ae0e27e06373111a445b67f3d944f3ac5da6344bcbf86907" ++ EventSize: 131 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 83 ++ UnicodeName: Boot0002 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 33 ++ Description: "VirtScsi(0,3,0) Disk" ++ DevicePath: 'BBS(HD,VirtScsi(0,3,0) Disk,0x0)' ++- EventNum: 14 ++ PCRIndex: 4 ++ EventType: EV_EFI_ACTION ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cd0fdb4531a6ec41be2753ba042637d6e5f7f256" ++ - AlgorithmId: sha256 ++ Digest: "3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba" ++ - AlgorithmId: sha384 ++ Digest: "77a0dab2312b4e1e57a84d865a21e5b2ee8d677a21012ada819d0a98988078d3d740f6346bfe0abaa938ca20439a8d71" ++ EventSize: 40 ++ Event: |- ++ Calling EFI Application from Boot Option ++- EventNum: 15 ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 16 ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 17 ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 18 ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 19 ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 20 ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 21 ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 22 ++ PCRIndex: 5 ++ EventType: EV_EFI_GPT_EVENT ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "50eecfcec250c8b1d356a9217e0dd79c0f2a6e1a" ++ - AlgorithmId: sha256 ++ Digest: "2d1e69a4adbf5f58c957fdb6aedc86ea037a0f5016003c7513ada83525852362" ++ - AlgorithmId: sha384 ++ Digest: "72d16133b50db63de38da942d1ae8de3e68339b22ef23a6c15d0209627d18f26c94c9dd2aa2a5f210231742ca9f1ae2d" ++ EventSize: 484 ++ Event: ++ Header: ++ Signature: "EFI PART" ++ Revision: 0x10000 ++ HeaderSize: 92 ++ HeaderCRC32: 0x7e4c86d1 ++ MyLBA: 0x1 ++ AlternateLBA: 0x13fffff ++ FirstUsableLBA: 0x22 ++ LastUsableLBA: 0x13fffde ++ DiskGUID: cb2b7180-7317-44b2-b13d-ea395dabb1a7 ++ PartitionEntryLBA: 0x2 ++ NumberOfPartitionEntry: 128 ++ SizeOfPartitionEntry: 128 ++ PartitionEntryArrayCRC32: 0x4f717292 ++ NumberOfPartitions: 3 ++ Partitions: ++ - PartitionTypeGUID: 0fc63daf-8483-4772-8e79-3d69d8477de4 ++ UniquePartitionGUID: bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ++ StartingLBA: 0x37800 ++ EndingLBA: 0x13fffde ++ Attributes: 0x0 ++ PartitionName: "" ++ - PartitionTypeGUID: 21686148-6449-6e6f-744e-656564454649 ++ UniquePartitionGUID: 9faed655-11db-4854-bb3c-87170ce39bd6 ++ StartingLBA: 0x800 ++ EndingLBA: 0x27ff ++ Attributes: 0x0 ++ PartitionName: "" ++ - PartitionTypeGUID: c12a7328-f81f-11d2-ba4b-00a0c93ec93b ++ UniquePartitionGUID: 6ea6f740-25ef-4269-838d-1a6f21ebf27f ++ StartingLBA: 0x2800 ++ EndingLBA: 0x377ff ++ Attributes: 0x0 ++ PartitionName: "" ++- EventNum: 23 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "92e6ec17937f600b9ec7f23adf4ea5553b4e2364" ++ - AlgorithmId: sha256 ++ Digest: "d99c93fcb042dbe52707bbde371c75fcf081dd5b0c88a195d44cc57536f6f521" ++ - AlgorithmId: sha384 ++ Digest: "d8811e9c08119168b156255c6d695614d1593422bc5044186d29c1aaaa86fff0a633f324ac1ac1122e547479ce50a75a" ++ EventSize: 156 ++ Event: ++ ImageLocationInMemory: 0xbdde4018 ++ ImageLengthInMemory: 955072 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 124 ++ DevicePath: 'PciRoot(0x0)/Pci(0x3,0x0)/SCSI(1,0)/HD(15,GPT,6ea6f740-25ef-4269-838d-1a6f21ebf27f,0x2800,0x35000)/File(\EFI\ubuntu\shimx64.efi)' ++- EventNum: 24 ++ PCRIndex: 14 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "68bcec6001e5c3f2fbdd9aa9aa91da92fc893f29" ++ - AlgorithmId: sha256 ++ Digest: "2f196b05a0564764cca674175ecd97898e74ed3891c7c63ce6f17dc82603164a" ++ - AlgorithmId: sha384 ++ Digest: "053357ea65185f010b8caa1fc265cfd5e80c7cc781254fa3f1e5ea9d345a87003cf761472a2f0423f15297f55cfe248f" ++ EventSize: 8 ++ Event: ++ String: "MokList\0" ++- EventNum: 25 ++ PCRIndex: 14 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "e284bf593c56945bcb057c6b6470a2fe577ac1be" ++ - AlgorithmId: sha256 ++ Digest: "6c29c7fb3c9e800e1d16bed2fa9ca691feacbc308959cdefaef04a5a4ae213c4" ++ - AlgorithmId: sha384 ++ Digest: "5978bf6aa483f562bf18f46e1e865e35f3b6f4284733c7444a060602c0e9910397f4d6dfcaf7082894ce849077f128c1" ++ EventSize: 9 ++ Event: ++ String: "MokListX\0" ++- EventNum: 26 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "15875d39b8872f8aff3a92fc9f9e40ac75268e04" ++ - AlgorithmId: sha256 ++ Digest: "922e939a5565798a5ef12fe09d8b49bf951a8e7f89a0cca7a51636693d41a34d" ++ - AlgorithmId: sha384 ++ Digest: "f143e2948d63fcd3442e841bb36a7e180871f0a8946541961fe9d12e70d0727874600956264dba531e2edd8729c5eb38" ++ EventSize: 68 ++ Event: ++ VariableName: 605dab50-e046-4300-abb6-3dd810dd8b23 ++ UnicodeNameLength: 9 ++ VariableDataLength: 18 ++ UnicodeName: SbatLevel ++ VariableData: ++ String: "sbat,1,2021030218\n" ++- EventNum: 27 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "4f9604e61091095594c206c8a404afe187a92586" ++ - AlgorithmId: sha256 ++ Digest: "b0a836fec2faf4a9bea0e1a5f1945bc86ddc03ac98ce0ae172ed9b1e536d7595" ++ - AlgorithmId: sha384 ++ Digest: "bbcdda8a6d872385b10802434eb8de1ac7b92dbaddf18bc1d7ea24fcc71b45291db5cc7b930a29c93405d6aecdb70683" ++ EventSize: 88 ++ Event: ++ ImageLocationInMemory: 0xbd23a018 ++ ImageLengthInMemory: 1718144 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 56 ++ DevicePath: 'File(\EFI\ubuntu\grubx64.efi)' ++- EventNum: 28 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "af62033e4dacde359d80f7b1720e3dbcdb5f35f7" ++ - AlgorithmId: sha256 ++ Digest: "f604450f3c810e0dd17b5136aced8c612ce8ec6d8cefa7fcf705cce8e69908df" ++ - AlgorithmId: sha384 ++ Digest: "1ef3cc75a524bfb7ea72a5d7c139b75a3e8da87c724a2b54aff9122a9c4706ff0fc812af1bc2ea930fd238104d798325" ++ EventSize: 32 ++ Event: ++ String: "(hd0,gpt15)/EFI/ubuntu/grub.cfg\0" ++- EventNum: 29 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "4e2b524b079af00b681bf224f75c3570ef603e6a" ++ - AlgorithmId: sha256 ++ Digest: "211e321017e1e3b8976b64602f33c267ebe925d7d27f0eacc7102596b545a0a4" ++ - AlgorithmId: sha384 ++ Digest: "ec7c3b4aae280d870cf4b970b521e3351f57b2cd69b5e6696cc3a6014b258692d330c6fec08298ab66adb3d386624803" ++ EventSize: 67 ++ Event: ++ String: "grub_cmd: search.fs_uuid c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a root\0" ++- EventNum: 30 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c90fdbd8bc3928f93d41ef4176a3415df2d584eb" ++ - AlgorithmId: sha256 ++ Digest: "679845b798116003dcee938a7e87a07c7b7dd42b5349e54632bbfa82a740541b" ++ - AlgorithmId: sha384 ++ Digest: "c72923093dd8b083105397c639763c931800fe96d4e379d980d043c7f8aba3c8f60dada07d9b2a8cebd9762638211365" ++ EventSize: 42 ++ Event: ++ String: "grub_cmd: set prefix=(hd0,gpt1)/boot/grub\0" ++- EventNum: 31 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7f7e85909fb37d150f57822c0ad3b636e7853aff" ++ - AlgorithmId: sha256 ++ Digest: "5137257cdcec140bce7e0c83c1000df3f7ecf18de11bde46b8d32f49ba657791" ++ - AlgorithmId: sha384 ++ Digest: "0ab1f13106b96ec5605b11e504cb8d3a597747f51fe0332a74408c7f9065cb6b654ef2a8c90afa6b8755bcfc5a1f1182" ++ EventSize: 44 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/command.lst\0" ++- EventNum: 32 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f091655c7ac7314eb0df21931415de47628d621f" ++ - AlgorithmId: sha256 ++ Digest: "32fc7f5de8c0a5dc0b1e7eb609ca31a77eb3475539e1d97a4543dca1b9b26c57" ++ - AlgorithmId: sha384 ++ Digest: "73e17c3ea36dea576f107728630b937f74006954f2be9143eb124b76706173d7d9a68c32e7c90f74b0ff5ced89603914" ++ EventSize: 39 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/fs.lst\0" ++- EventNum: 33 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ff00d28114398cf1a052329494d63aceeb8ff29a" ++ - AlgorithmId: sha256 ++ Digest: "1b766f38a94927fe9b7bc1e809f0363e778e14c601e800faea271a2e75d3fc43" ++ - AlgorithmId: sha384 ++ Digest: "c7d01ae51404411a65b0d26a601a01d63b914e7477825d5ecd87840a36434c6bd956725441b82a66b6581c36bd38fad4" ++ EventSize: 43 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/crypto.lst\0" ++- EventNum: 34 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "66b726c6d64bc109d3948a9528f502ea94938ef4" ++ - AlgorithmId: sha256 ++ Digest: "46f888c52f36baf9b62d60bc8d06426a314aad5a0ff86a4362a91c2512a1df9c" ++ - AlgorithmId: sha384 ++ Digest: "800824fd124df10eeafd6bba36c596c33afbb527e3006b58c19fadced47b03c8ae92f89ef3caef2346b3bd545cfdd8de" ++ EventSize: 45 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/terminal.lst\0" ++- EventNum: 35 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1284bee568af2e320e6a03dce30144182be7d51e" ++ - AlgorithmId: sha256 ++ Digest: "874d063ee6d5776d8474fcbaed76cdd44f32572d8454338fef7138347e866d7d" ++ - AlgorithmId: sha384 ++ Digest: "ab8c53accc47ffef55c4b607725b4bdac7eb63e4ed7ec2d56550eb0b974ae546b5dfb6b119b9c6569f4737ad9ad79dbb" ++ EventSize: 51 ++ Event: ++ String: "grub_cmd: configfile (hd0,gpt1)/boot/grub/grub.cfg\0" ++- EventNum: 36 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "35a61aeb146c7d0f13fab9d135f969926e515610" ++ - AlgorithmId: sha256 ++ Digest: "60b17900690b284a561dfd1b23c4ea861dc78517a04be80f0419ce3e2da41692" ++ - AlgorithmId: sha384 ++ Digest: "b6530120db1db3760f49810e897b016f067d3452a74e6b83d3c059034884949fe1bcd3e8b99e25c5cda3a5d36909d9a1" ++ EventSize: 30 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/grub.cfg\0" ++- EventNum: 37 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3e5cd7ea0fdc2e2b2f956d41f9090ee3732fb833" ++ - AlgorithmId: sha256 ++ Digest: "7e2b3493baa3f9e4c6a836282d1e66b5855692169dee44d46fe20d11dbc17381" ++ - AlgorithmId: sha384 ++ Digest: "56bbcd8647a6e5bfe7c8716f3610cefff4aca1b4c31def4ad9f47f7a6cee68bb831fe474026630bed7d053e12aa9751e" ++ EventSize: 46 ++ Event: ++ String: "grub_cmd: [ -s (hd0,gpt1)/boot/grub/grubenv ]\0" ++- EventNum: 38 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cff2c89594431f0c3c508fd97f8bb4d2eca36937" ++ - AlgorithmId: sha256 ++ Digest: "2d963f969fbd116484ad1f6aa6b6b3eae710aa4c5e759f7d7ce58eb0565e9db6" ++ - AlgorithmId: sha384 ++ Digest: "6c6e9ced736b9b1f2d98f0e00af20032817aa9f0eb92cc19ca6d8de7d76a2d612fcdd02e21cd9bd86a1c031be6378884" ++ EventSize: 29 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/grubenv\0" ++- EventNum: 39 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3c4e9b1198ecc160aff6022c0f96b5b22fab1469" ++ - AlgorithmId: sha256 ++ Digest: "0e3a17e0c48e42d79f4d1576e7f787c911239510586505c326143b9b268bdd65" ++ - AlgorithmId: sha384 ++ Digest: "541c82f4046719d9bda2729278af735f44e40d779dc860b69b6fc9e4ddc3d1233830fb101dc487f9524ccf5aa152f5f5" ++ EventSize: 32 ++ Event: ++ String: "grub_cmd: set have_grubenv=true\0" ++- EventNum: 40 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "453dee6ce82bd80ea89bd8085724ae9784ff0f1b" ++ - AlgorithmId: sha256 ++ Digest: "f8b99f77983990e8804864cade91f361b5b6600cc2832febaef878ac8b44d27e" ++ - AlgorithmId: sha384 ++ Digest: "b0f5c156e035813aeb78d5ec47d4a6c2d0651c884384987907340fd18b45384cdab8cb460b5475427c848868b132887b" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: load_env\0" ++- EventNum: 41 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cff2c89594431f0c3c508fd97f8bb4d2eca36937" ++ - AlgorithmId: sha256 ++ Digest: "2d963f969fbd116484ad1f6aa6b6b3eae710aa4c5e759f7d7ce58eb0565e9db6" ++ - AlgorithmId: sha384 ++ Digest: "6c6e9ced736b9b1f2d98f0e00af20032817aa9f0eb92cc19ca6d8de7d76a2d612fcdd02e21cd9bd86a1c031be6378884" ++ EventSize: 29 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/grubenv\0" ++- EventNum: 42 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "b4e99b40d2dddcdf68e8aa439e18dd5ebacbffc9" ++ - AlgorithmId: sha256 ++ Digest: "d2b92983e66aff99982fe5af55e0f9277dc0f8879934e17b00147e1f4156179e" ++ - AlgorithmId: sha384 ++ Digest: "1b2d9a89f98d0d60ee47648b016de86c2c7840b26bd31248be74c3146a07e0c83e889887fe212a121943ddbdab5d3246" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: [ = 2 ]\0" ++- EventNum: 43 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "05ba452bf00b7f880528b35d02e9077f89c08538" ++ - AlgorithmId: sha256 ++ Digest: "82a4a14e43a4f76118ae63285d0af05af139f260fae57b2c20737a1c1df3382b" ++ - AlgorithmId: sha384 ++ Digest: "ae1061c45b3c25c89cea3f7ddee4640f8e776086f7d62fb4b9c1d56148a1be04bf11de6a395344567b538c6df06d079e" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: [ = 1 ]\0" ++- EventNum: 44 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "710cbf237c9abd071ca91c4104324800bec7b0fb" ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ - AlgorithmId: sha384 ++ Digest: "222e2570e52f72bb99f3ef97cb751dd4de0f3a545583ea4d66015680673f74bb27031bd0ca5cb3b58a25ec78ce8f4851" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 45 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "75409120452bbbee30abe289af973ecdd7e0ef6b" ++ - AlgorithmId: sha256 ++ Digest: "3a118940bf2675007df3368cb6d45cf2756f328d3e75daf69a971dd21bd1bc58" ++ - AlgorithmId: sha384 ++ Digest: "6bf6242f8eb0ca7217c6e3a5d4c6a62e5858440264e84696cd67306ef2db8cf625952d5fd9061daadefd181039479740" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: set default=0\0" ++- EventNum: 46 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ - AlgorithmId: sha384 ++ Digest: "10b1f8d036aefd32ce770311ea00426e147b3daee378dd0679aeda81963b2c5389178787962ce9ea08e5571701cce94a" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 47 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "bd5209e50c09650ffcf5c2d12a8be8277e438023" ++ - AlgorithmId: sha256 ++ Digest: "09f17d4dfb4b97f16246632c21b1ac2125c95c148899eee5069fbb1b34365513" ++ - AlgorithmId: sha384 ++ Digest: "8661953f518c898cb9407c831fa60654fdaf9804d25d99cbc31fd15255b532bad044c390b7a63b2961eed1e9beac6603" ++ EventSize: 35 ++ Event: ++ String: "grub_cmd: menuentry_id_option=--id\0" ++- EventNum: 48 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6248599bae0d78ccbda185ed2fce0182ed41e297" ++ - AlgorithmId: sha256 ++ Digest: "4af0bb370c9e3b7982027d02e04c935e32d52b528007476bfc50d36d1b86815e" ++ - AlgorithmId: sha384 ++ Digest: "952dce390ea9e283ee7b3defb664fc8d7f942a9598bd8b6d20a9843b28786ec7c27f6bafa28c0c16013cfb88dbb7b568" ++ EventSize: 37 ++ Event: ++ String: "grub_cmd: export menuentry_id_option\0" ++- EventNum: 49 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "710cbf237c9abd071ca91c4104324800bec7b0fb" ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ - AlgorithmId: sha384 ++ Digest: "222e2570e52f72bb99f3ef97cb751dd4de0f3a545583ea4d66015680673f74bb27031bd0ca5cb3b58a25ec78ce8f4851" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 50 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7dc272da02b00e0ee2958961bb99a2e3196ec24a" ++ - AlgorithmId: sha256 ++ Digest: "df24f1cae6b428fdd09bc14b06df255f93060ff05d56c3127724168596f73d5f" ++ - AlgorithmId: sha384 ++ Digest: "5cd34cee9ce24ca6e401a80ecb4654031bfbcfe5c5b21c19f2d990676f8453e89a69ecf4a153c2b025ff7ba4b03a2e2a" ++ EventSize: 33 ++ Event: ++ String: "grub_cmd: terminal_input console\0" ++- EventNum: 51 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "155e201c47f534b1201190d61e9d178a525540e6" ++ - AlgorithmId: sha256 ++ Digest: "fed7c930939012174a23271f9fa177a39891cd1baf6ccd22bccce96acd0514d1" ++ - AlgorithmId: sha384 ++ Digest: "a47d5422ef1405120a2246a55bc4e6f60de6f4aa0410dc205d5e80ba9dce7ab480ac93a026d1751202b2e68ba3a0694c" ++ EventSize: 34 ++ Event: ++ String: "grub_cmd: terminal_output console\0" ++- EventNum: 52 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "05ba452bf00b7f880528b35d02e9077f89c08538" ++ - AlgorithmId: sha256 ++ Digest: "82a4a14e43a4f76118ae63285d0af05af139f260fae57b2c20737a1c1df3382b" ++ - AlgorithmId: sha384 ++ Digest: "ae1061c45b3c25c89cea3f7ddee4640f8e776086f7d62fb4b9c1d56148a1be04bf11de6a395344567b538c6df06d079e" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: [ = 1 ]\0" ++- EventNum: 53 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ - AlgorithmId: sha384 ++ Digest: "10b1f8d036aefd32ce770311ea00426e147b3daee378dd0679aeda81963b2c5389178787962ce9ea08e5571701cce94a" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 54 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "58795e8592d9ff3b6b39add68ddba958eff547a2" ++ - AlgorithmId: sha256 ++ Digest: "61caa54fc24ba8b3e79be63f375a08f374244e4ede8e0d6080060aa3fa5f7fbb" ++ - AlgorithmId: sha384 ++ Digest: "9f76cda76fd82e4b45a00f258357a71046172ea7dee437017ad0d94b489f7d8b021f121044e7886542f5dc8a1cf15617" ++ EventSize: 35 ++ Event: ++ String: "grub_cmd: set timeout_style=hidden\0" ++- EventNum: 55 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9d31b8e60e42fe9361ef5990996db527824f9022" ++ - AlgorithmId: sha256 ++ Digest: "cdf593a612aaaaeb957243bb1e8e27d96f4c726ec523cd38290382bdf1faf54d" ++ - AlgorithmId: sha384 ++ Digest: "9c452ba5b9a6104c8ed813cc0692b7e69c76c0ff1ce99fc0f38940f540b465b86b1e8f556885eb5acce9f10e6cef1b0d" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: set timeout=0.1\0" ++- EventNum: 56 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "55cfd6463ef334abb6b48080b33ec063a9c051eb" ++ - AlgorithmId: sha256 ++ Digest: "cfa4676ffe751d1547e77a8d66a033b59b3eed3400d9b3a305d2601891ab0e59" ++ - AlgorithmId: sha384 ++ Digest: "934aafc99cb0a7cb1ef83c5a1eb01c31d60927f08b2ff72d2c05e0b4660ed1dd1e139738b3c5630502e629e8f593d7af" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ -n true ]\0" ++- EventNum: 57 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7a86009dc1f23867d8951bb95471618bde2d1918" ++ - AlgorithmId: sha256 ++ Digest: "2436afe3cb181454ab807d6ca526ed3132dc1759787f9ed3f2f148e86948e978" ++ - AlgorithmId: sha384 ++ Digest: "4cf726ecd422b56df71dca2f377cb2a4ee6d9ca1f5b44096f8fc6607b73b56d0effc393100c506a93327511a72cbf707" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ -n ]\0" ++- EventNum: 58 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5e1cea54b6044a1b5341cccdf101a5f9fbfc101b" ++ - AlgorithmId: sha256 ++ Digest: "681e45c7ba76e7c4bec5a79dead78461eb175b67656e03f4809aa012d275c823" ++ - AlgorithmId: sha384 ++ Digest: "21140b393213229d532701ca514452dbb33a28d37d1a62f424aadf68d3b87817cebd7f6cd183ebc2191ff427a5cc11ef" ++ EventSize: 51 ++ Event: ++ String: "grub_cmd: set initrdless_boot_fallback_triggered=0\0" ++- EventNum: 59 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "eb11507f1980d7ea78190040b49c79cf3a6c6b93" ++ - AlgorithmId: sha256 ++ Digest: "01ffa4a5eae6be98974c1b75e839f442eed9d9f5c1d65c03d355e04fc81d2873" ++ - AlgorithmId: sha384 ++ Digest: "8e0666266caf626cedc801ac78249b0e70cca2936ae65826a8b0baaca9c6aa9bc84e1156b02b7749ac1e7ad797c6fe6a" ++ EventSize: 54 ++ Event: ++ String: "grub_cmd: save_env initrdless_boot_fallback_triggered\0" ++- EventNum: 60 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "0d570854895a5a9ce25dc6c25026278c2d1a6367" ++ - AlgorithmId: sha256 ++ Digest: "207cda95fd859189d016c7c2cc03b9c05672984589e4809e1dcee665d629cf7d" ++ - AlgorithmId: sha384 ++ Digest: "697c60cddf7d386b91a21c6bd5005181777d52d625ae27fd61036ef4424c57d4b2b97552b484177d628761a396148dac" ++ EventSize: 44 ++ Event: ++ String: "grub_cmd: set menu_color_normal=white/black\0" ++- EventNum: 61 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d4a516aec1bccafec65420d98fcb243aa465d837" ++ - AlgorithmId: sha256 ++ Digest: "6f18799fe0ecb5c4bb4c0695a3094dc9841c940c3b463e14c25e444246348a2a" ++ - AlgorithmId: sha384 ++ Digest: "4eeef8dcc4a61638868d1dca696cad45913d3922b90ea7f264ba78f02e1f80095c9b668229ecff972c4cc586b14d9870" ++ EventSize: 52 ++ Event: ++ String: "grub_cmd: set menu_color_highlight=black/light-gray\0" ++- EventNum: 62 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f0ea058e7e94c1de682ed36c367c8e02c8a1fbd9" ++ - AlgorithmId: sha256 ++ Digest: "d892fc45719b7363b8121ef243a8abb7577db336676532876620fcc24c1d45a2" ++ - AlgorithmId: sha384 ++ Digest: "d280f592667201a4b811f185cfab0e290407db1982f30ff5036aa124ca64e5710bd457864b3f40924afd53452ee37daf" ++ EventSize: 60 ++ Event: ++ String: "grub_cmd: set partuuid=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f\0" ++- EventNum: 63 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "423287a40b914bb51497db32f9086697d1fb9e12" ++ - AlgorithmId: sha256 ++ Digest: "f0b4b3c23103828ea2fa05044a2cfce5efc9d15e99ffb9c61d7349c1303741af" ++ - AlgorithmId: sha384 ++ Digest: "7a5ac0796fa82f4efa88b6213985b213d878e64988066a9958760166cf85c5f4778a00a3cf84952c18a6cad3f38553cb" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ != 1 ]\0" ++- EventNum: 64 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "292cce90d28e1736a8e914e8540d9bf0e3cb3691" ++ - AlgorithmId: sha256 ++ Digest: "5d884e52d0e191d8821b77c7a853a89a2d05844743c8e98187b474d800f1c7e6" ++ - AlgorithmId: sha384 ++ Digest: "a5e07cfc9671766b7f9bb83873c6ff4bed7dfbb927d5b0273d2aebb930dba4630c372075a092dbd7c5495fafa7453ed0" ++ EventSize: 55 ++ Event: ++ String: "grub_cmd: [ -e (hd0,gpt1)/boot/grub/gfxblacklist.txt ]\0" ++- EventNum: 65 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3c478e70547a82a4000a6941b85af79242734271" ++ - AlgorithmId: sha256 ++ Digest: "c08a8b76f5bc9ce36f6af0d203c7c1d54be9cee4c74c7e4d52bf7821edcca28f" ++ - AlgorithmId: sha384 ++ Digest: "1754fc7f385a671597fbf1a2ad0c93c6748d29da5eaee6f40f7b7c5a2611c990da2d88620ecd1a866d03f89ec82a556b" ++ EventSize: 58 ++ Event: ++ String: "grub_cmd: hwmatch (hd0,gpt1)/boot/grub/gfxblacklist.txt 3\0" ++- EventNum: 66 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6bcfa9ba9fe5adc995142ad3074b66402dc0a7a6" ++ - AlgorithmId: sha256 ++ Digest: "a36de0798eb0ac94d6edf367749c0ced605c5b92d74b83312f94132434f549e5" ++ - AlgorithmId: sha384 ++ Digest: "5270439d089d97e0a03b28b358a87c3929665c1b6c93daf7a8b71d8cd5a52952ba821a0c2d440038628cda61712de01d" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ = 0 ]\0" ++- EventNum: 67 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "68977a27d93c5e2836f7c54d624dd48feec0f67d" ++ - AlgorithmId: sha256 ++ Digest: "f249e761a7e37510f8acf59142c117444c3aa1bc5a719ae7eab60d3b7109180a" ++ - AlgorithmId: sha384 ++ Digest: "e16fb8446b3d8cdc0e33185504b69e3d00d9646d5c71c42311c1dbaa996451a9f1910b70f8fa1d97e6a4ec3abe6bf48d" ++ EventSize: 34 ++ Event: ++ String: "grub_cmd: set linux_gfx_mode=keep\0" ++- EventNum: 68 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9deef0fa444e59d7a08e615f25628826e7feddf9" ++ - AlgorithmId: sha256 ++ Digest: "22e041251eb54eeb3270245759aa3e8bd3b77a647db988b681b1eafc6960aa45" ++ - AlgorithmId: sha384 ++ Digest: "f5e5365d6e97649411362c83e2e8808f7c19efa11d4f16d4ac66093214510beed55448882cbbdda8f0164688465905b0" ++ EventSize: 32 ++ Event: ++ String: "grub_cmd: export linux_gfx_mode\0" ++- EventNum: 69 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cf64c383ab75ebe55cb542af42efa01a47b86280" ++ - AlgorithmId: sha256 ++ Digest: "577db70e3460e11bdb32e3dc5374bb89736cf9397477dcc1e4d4fad162015900" ++ - AlgorithmId: sha384 ++ Digest: "ba3e98910b1f1d534da9d112008728603800e461c7410065a7ff6107e22e9ef8ffdc16950932febd36922d6d1a1df8ed" ++ EventSize: 1160 ++ Event: ++ String: "grub_cmd: menuentry Ubuntu --class ubuntu --class gnu-linux --class gnu --class os --id gnulinux-simple-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a {\n\ ++ \trecordfail\n\ ++ \tload_video\n\ ++ \tgfxmode $linux_gfx_mode\n\ ++ \tinsmod gzio\n\ ++ \tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \tinsmod part_gpt\n\ ++ \tinsmod ext2\n\ ++ \tset root='hd0,gpt1'\n\ ++ \tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \telse\n\ ++ \t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \tfi\n\ ++ \tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\x20\x20echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.'\n\ ++ \t\x20\x20linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0\n\ ++ \t\x20\x20initrd /boot/initrd.img-5.11.0-1008-gcp\n\ ++ \telse\n\ ++ \t\x20\x20echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.'\n\ ++ \t\x20\x20linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\n\ ++ \tfi\n\ ++ \tinitrdfail\n\ ++ }\0" ++- EventNum: 70 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "af6d6420510c54acb9bae20c45fc4fdd9eaa4ff6" ++ - AlgorithmId: sha256 ++ Digest: "5356e324ba760d7f33f96426fec805aa856c4960b540ad2fd53700403063e642" ++ - AlgorithmId: sha384 ++ Digest: "84dbd33027441f7e35b2aa4559eca8b55d59b4cbb8619c5e691dcb1b379784b1c7955823ea20cc61406b359f9f5db4ab" ++ EventSize: 5454 ++ Event: ++ String: "grub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a {\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.11.0-1008-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1008-gcp-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\trecordfail\n\ ++ \t\tload_video\n\ ++ \t\tgfxmode $linux_gfx_mode\n\ ++ \t\tinsmod gzio\n\ ++ \t\tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\techo 'Loading Linux 5.11.0-1008-gcp ...'\n\ ++ \t\tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0\n\ ++ \t\t\x20\x20echo 'Loading initial ramdisk ...'\n\ ++ \t\t\x20\x20initrd /boot/initrd.img-5.11.0-1008-gcp\n\ ++ \t\telse\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\n\ ++ \t\tfi\n\ ++ \t\tinitrdfail\n\ ++ \t}\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.11.0-1008-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1008-gcp-recovery-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\trecordfail\n\ ++ \t\tload_video\n\ ++ \t\tinsmod gzio\n\ ++ \t\tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\techo 'Loading Linux 5.11.0-1008-gcp ...'\n\ ++ \t\tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256\n\ ++ \t\t\x20\x20echo 'Loading initial ramdisk ...'\n\ ++ \t\t\x20\x20initrd /boot/initrd.img-5.11.0-1008-gcp\n\ ++ \t\telse\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1\n\ ++ \t\tfi\n\ ++ \t\tinitrdfail\n\ ++ \t}\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.11.0-1007-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1007-gcp-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\trecordfail\n\ ++ \t\tload_video\n\ ++ \t\tgfxmode $linux_gfx_mode\n\ ++ \t\tinsmod gzio\n\ ++ \t\tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\techo 'Loading Linux 5.11.0-1007-gcp ...'\n\ ++ \t\tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0\n\ ++ \t\t\x20\x20echo 'Loading initial ramdisk ...'\n\ ++ \t\t\x20\x20initrd /boot/initrd.img-5.11.0-1007-gcp\n\ ++ \t\telse\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\n\ ++ \t\tfi\n\ ++ \t\tinitrdfail\n\ ++ \t}\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.11.0-1007-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1007-gcp-recovery-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\trecordfail\n\ ++ \t\tload_video\n\ ++ \t\tinsmod gzio\n\ ++ \t\tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\techo 'Loading Linux 5.11.0-1007-gcp ...'\n\ ++ \t\tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256\n\ ++ \t\t\x20\x20echo 'Loading initial ramdisk ...'\n\ ++ \t\t\x20\x20initrd /boot/initrd.img-5.11.0-1007-gcp\n\ ++ \t\telse\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1\n\ ++ \t\tfi\n\ ++ \t\tinitrdfail\n\ ++ \t}\n\ ++ }\0" ++- EventNum: 71 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5d7f65b8d5132e408111dda7d05a00c80bee5bb1" ++ - AlgorithmId: sha256 ++ Digest: "5edb07405e8f25edc31321321014a3cdb3dc264835dd2b76ea94848416392cab" ++ - AlgorithmId: sha384 ++ Digest: "08749dcd94ec0ed4f8558679a5ee41179ecf47a44ea00b49415d1f1ca584bc1bc1001ffecf8660303009ccb88278598b" ++ EventSize: 717 ++ Event: ++ String: "grub_cmd: menuentry Ubuntu 21.04 (21.04) (on /dev/sda1) --class ubuntu --class gnu-linux --class gnu --class os --id osprober-gnulinux-simple-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a {\n\ ++ \tinsmod part_gpt\n\ ++ \tinsmod ext2\n\ ++ \tset root='hd0,gpt1'\n\ ++ \tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \telse\n\ ++ \t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \tfi\n\ ++ \tlinux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\n\ ++ \tinitrd /boot/initrd.img-5.11.0-1007-gcp\n\ ++ }\0" ++- EventNum: 72 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f6f8b410d3af65f7509e9fc09356db34359500ff" ++ - AlgorithmId: sha256 ++ Digest: "83f4f5f542b92465b12675543fe698418fc5fd5846abc6f94761be41514fb980" ++ - AlgorithmId: sha384 ++ Digest: "4e2a4f1fd7f20ac2af06039252e8e2bdaa16b5129b0af865ae560e18bba9a28852efa6655423b6d6099c245384096047" ++ EventSize: 2574 ++ Event: ++ String: "grub_cmd: submenu Advanced options for Ubuntu 21.04 (21.04) (on /dev/sda1) --id osprober-gnulinux-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a {\n\ ++ \tmenuentry 'Ubuntu (on /dev/sda1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-5.11.0-1007-gcp--c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\tlinux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\n\ ++ \t\tinitrd /boot/initrd.img-5.11.0-1007-gcp\n\ ++ \t}\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.11.0-1007-gcp (on /dev/sda1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-5.11.0-1007-gcp--c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\tlinux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\n\ ++ \t\tinitrd /boot/initrd.img-5.11.0-1007-gcp\n\ ++ \t}\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.11.0-1007-gcp (recovery mode) (on /dev/sda1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-5.11.0-1007-gcp-root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\tlinux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1\n\ ++ \t\tinitrd /boot/initrd.img-5.11.0-1007-gcp\n\ ++ \t}\n\ ++ }\0" ++- EventNum: 73 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c512092b0481234caa416ef7c196ab4e92b8e002" ++ - AlgorithmId: sha256 ++ Digest: "1c568398cf2e4a9df58875bbd79dffe058ec45be0b74512fa919a2fe7db4a609" ++ - AlgorithmId: sha384 ++ Digest: "25c0d8bcdfb40c73ce2820b8589c44b0b81b2501f7b7f9fd54585616b1b03adef28b6eb043e0ca69146a729ea029e626" ++ EventSize: 33 ++ Event: ++ String: "grub_cmd: set timeout_style=menu\0" ++- EventNum: 74 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "e8b3744ad947f0758b4486546f78fd6e5a5fad54" ++ - AlgorithmId: sha256 ++ Digest: "228f734cf81b603abcdb75f8ce4631e4c1d8f377778a442bccf2ede0bb68ee01" ++ - AlgorithmId: sha384 ++ Digest: "f303694e244f1e2193c193b22f5d252aadf600802004d75a1e9920922a4927f6649e83cf34e4d4bb1916d7223ba59b3a" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ 0.1 = 0 ]\0" ++- EventNum: 75 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3db846d3d718840d4dac10b86396a422ccd4d31f" ++ - AlgorithmId: sha256 ++ Digest: "716ce335760b546fad1e7f980a68b9ab64b9e0a050f2c2da4ebddb7d3ebea559" ++ - AlgorithmId: sha384 ++ Digest: "c30a0e3a9357f2867ae466fcf0d5023c62a237d41b125316aac3bf39d5f5229792d7da9b42602e4770453834fcc28bea" ++ EventSize: 75 ++ Event: ++ String: "grub_cmd: menuentry UEFI Firmware Settings --id uefi-firmware {\n\ ++ \tfwsetup\n\ ++ }\0" ++- EventNum: 76 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "273f5c80c12e935c1d37c2cfe3e161bc42d79d8e" ++ - AlgorithmId: sha256 ++ Digest: "1ea37430950c837021ebcc02f98c12018c31e593e366429436e1353584c7ec72" ++ - AlgorithmId: sha384 ++ Digest: "aed896a21fb16121568dd93ed2334c6a8415660b3495cd1ec9e8962e1f87639fd8cf41c94e8a48841be19a2bc103e100" ++ EventSize: 49 ++ Event: ++ String: "grub_cmd: [ -f (hd0,gpt1)/boot/grub/custom.cfg ]\0" ++- EventNum: 77 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a3326df3194201575e51c3b9a1c8d5d17aeff2d0" ++ - AlgorithmId: sha256 ++ Digest: "d5478d9057580531bf6ff37383b01bb78e1279c20a23721aa3a67ad0d1ca35db" ++ - AlgorithmId: sha384 ++ Digest: "fbb38645486103b1baa77a61576d342c27c0d02597649825cee44c16f658af2b0ad8aa4996e16b9b6c32b1e38f3bb41a" ++ EventSize: 76 ++ Event: ++ String: "grub_cmd: [ -z (hd0,gpt1)/boot/grub -a -f (hd0,gpt1)/boot/grub/custom.cfg ]\0" ++- EventNum: 78 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "17c76a65ebda6aa310da041aabbcd6483bf00df4" ++ - AlgorithmId: sha256 ++ Digest: "bf5d10a466c0f77818990a9d0fdcc8fa2c4561ba92912d5fbc9d4ac1e31a00fb" ++ - AlgorithmId: sha384 ++ Digest: "a30a7be4fb9beb8b2282ff1414d0a47eb11b36471a2628d4284bd9ae8e8a74a8e15f0a1e84b413636db7692a4a60cc1a" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: setparams Ubuntu\0" ++- EventNum: 79 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "98d066f8ffd046bacb38b106188cbe7fe9ada729" ++ - AlgorithmId: sha256 ++ Digest: "a57e067e286efc4eea89659d40f13a38cc1792e4277bed820ded674c94bf2ead" ++ - AlgorithmId: sha384 ++ Digest: "b0bb85ff789f25dd63e341736b94f4bf3acd1cff1c1df60bd3ffca5789eb737d2817a39af66de46640134bfbbb20dad7" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: recordfail\0" ++- EventNum: 80 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "bac17085fef5043662a50cef18bf366844c074ff" ++ - AlgorithmId: sha256 ++ Digest: "64bda8f65b1585d7868248a292c449660cc8f75075c10d87ae59a4db401ce119" ++ - AlgorithmId: sha384 ++ Digest: "b353cf9833059be9abadf180d83abeb5eeeec00843b3f22476bb5db0ba2f4361a0260af3460aecb3c124eda90b6ca7a2" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: set recordfail=1\0" ++- EventNum: 81 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "55cfd6463ef334abb6b48080b33ec063a9c051eb" ++ - AlgorithmId: sha256 ++ Digest: "cfa4676ffe751d1547e77a8d66a033b59b3eed3400d9b3a305d2601891ab0e59" ++ - AlgorithmId: sha384 ++ Digest: "934aafc99cb0a7cb1ef83c5a1eb01c31d60927f08b2ff72d2c05e0b4660ed1dd1e139738b3c5630502e629e8f593d7af" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ -n true ]\0" ++- EventNum: 82 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d31e5f156b716d7835b261891644bb5f7f65e285" ++ - AlgorithmId: sha256 ++ Digest: "4e7a22f96bae467df0f26975e0bf7614d6b92993301c65bae6a85c6530e460bf" ++ - AlgorithmId: sha384 ++ Digest: "fef379383e771fed457fecfc7148e008c90234d0526b282690c57c93802cc9623c25923689de1c2fcb62669f10e3e1e1" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ -z ]\0" ++- EventNum: 83 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "925ee69b7c8ac4937cbe47d5c85351d869b4e8d7" ++ - AlgorithmId: sha256 ++ Digest: "ce2cc20777ba8d3bc75b662163c3abe370344d4bae17d75fb5bd408d1fb6badf" ++ - AlgorithmId: sha384 ++ Digest: "022e47c5e49bf3c934f488fcc07318489550a64db62aa07ca044c9dd9c2a0ff90637641b7c87bd77e3383e70039ea0fa" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: save_env recordfail\0" ++- EventNum: 84 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8fe59e66d6ec198420477f24f791e929f153e144" ++ - AlgorithmId: sha256 ++ Digest: "7626abd8be7442c2e575364a3e95cb3a3b533c58afbba402d2bdabdff85d29c7" ++ - AlgorithmId: sha384 ++ Digest: "cbb709d13faf7d16f191751ae275f22a003503389e2e490a60cff78beb3cd546222d591904d51987487f03cdbd41e479" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: load_video\0" ++- EventNum: 85 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ - AlgorithmId: sha384 ++ Digest: "10b1f8d036aefd32ce770311ea00426e147b3daee378dd0679aeda81963b2c5389178787962ce9ea08e5571701cce94a" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 86 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "59ced343b060b7df54fa7ba251ef877940601ee4" ++ - AlgorithmId: sha256 ++ Digest: "d71353f5368eb2c1280590928128979bd96ea8db1e8c81493f7878383b76ab3b" ++ - AlgorithmId: sha384 ++ Digest: "147bbdcd0704d1942b2171a097e7b08384f106cac76f7d5737e5fee2bc2e38dedb821b91e09ac184b46bb4dc86b4a8af" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: insmod all_video\0" ++- EventNum: 87 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "13ad1a8ddf647c8148f1739b6081d7838816b59f" ++ - AlgorithmId: sha256 ++ Digest: "2fa8065d9ee309384d35f8d530186b776d26e1bb5632f89a46d56e93b140282b" ++ - AlgorithmId: sha384 ++ Digest: "f27a8ddb553135ee8002572775ae390b1bc7443ebbe11b863cd79ae66b2065cd02e98cfb170b897112986a88cd071ef8" ++ EventSize: 23 ++ Event: ++ String: "grub_cmd: gfxmode keep\0" ++- EventNum: 88 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2e1c676ddd9b16f0d720cd5c66d85732de7b77b6" ++ - AlgorithmId: sha256 ++ Digest: "15a5018b0177cf9c49c0b97911df67e7f2c193d3613e3fc4c9eb98a2b5d06fcc" ++ - AlgorithmId: sha384 ++ Digest: "7c5ea1b10ba69215090e2490e10f9d2db5f6a5b0eb6e08d366cceb8acb4478857242221cf56323a493d1b3a958fa137c" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: set gfxpayload=keep\0" ++- EventNum: 89 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5241b5dfa58679895d95f79ffa0a5f42ba4b55ea" ++ - AlgorithmId: sha256 ++ Digest: "b55d84bbb0a00f175ebbc6ca167f18dd6a9cb49b141535bfcc6c4ef9c53b1866" ++ - AlgorithmId: sha384 ++ Digest: "f7c74459bb0d16f8ae24911858879c7fcab3b8af909d811d945e09f7b16977bd65a819128d0b5c88ff29cb76f381bdd6" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: [ keep = keep ]\0" ++- EventNum: 90 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "886e1d072aa199f4f6d21499067e0a148ae8046b" ++ - AlgorithmId: sha256 ++ Digest: "141dcfd03b1736e86f617122e7f31cffe89f7cf0faa773f1bced28f7f0c1fa13" ++ - AlgorithmId: sha384 ++ Digest: "8bc8e8c561f27f5988be9e69da2a00f626c7d3c735f599abcf27f83c02530ca76847dc5e15007f490e2f417a24b2f457" ++ EventSize: 38 ++ Event: ++ String: "grub_cmd: set vt_handoff=vt.handoff=7\0" ++- EventNum: 91 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ba509ca38210f0683c477c9dc40e4c4f653e1dfb" ++ - AlgorithmId: sha256 ++ Digest: "6c4674d4c652ee67b98a6206d7541ccbf2d5dc0a18dae31ad66e82c794c49784" ++ - AlgorithmId: sha384 ++ Digest: "862ae797615324fd5c153dfbfcb226391262855ed2db2969f98456f0da17b6aa1c8aa2e2fe90bc1567295786a83c5371" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: insmod gzio\0" ++- EventNum: 92 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2de845dce8a51c8fddbaa04686760093325b7569" ++ - AlgorithmId: sha256 ++ Digest: "18865468f2e4bd9f0cc4ffdda1335f405d06df8d6ff183b373f50e08e81f924d" ++ - AlgorithmId: sha384 ++ Digest: "995dbf6286dc9d47f0eee049a465847bb1e4cb1fa91deffb00dde832d2e00b109049c0f2edd6ad66525227758138a601" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: [ xefi = xxen ]\0" ++- EventNum: 93 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a4e1c6f50579b47c964111d1ea2170e6f923c941" ++ - AlgorithmId: sha256 ++ Digest: "62cd76d31ca3d10d742e46c6ff171046ce19dd90f361a827fec6571e59c24794" ++ - AlgorithmId: sha384 ++ Digest: "cac0f0b93ee7eaa45e36cda3faf3d0a5f5fc92ec4d24c3af4ad9584669598f34b603c211b220e56be52bdbc3a2f74ffb" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: insmod part_gpt\0" ++- EventNum: 94 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "af3f07abac9e5c56b82f09ab98328905aabbf6ef" ++ - AlgorithmId: sha256 ++ Digest: "b838a4d2860c81058105fbb1907a1fb7f60b65591b099b3b000d9b31d8d2fb20" ++ - AlgorithmId: sha384 ++ Digest: "e142a594d988fda5a65b1424a4a48c2cf4b036dd779d4ae299af45b7d33b0bfe07a4a969d3c0da72c2ba53f9eeeaf7a6" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: insmod ext2\0" ++- EventNum: 95 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cbf1bcb38df72c190b4db0d27ee96eca3c7a9e44" ++ - AlgorithmId: sha256 ++ Digest: "20df4eb78bbf966925af51ad614806aa3ad6f146a9a0c85ac2582a3eaa9a30ca" ++ - AlgorithmId: sha384 ++ Digest: "fbcdbcd1cc73f5ff594f1c8b21ecd6f5d62a0fd2f217da2fb7bcc75887c14c1232d162c53c05c914a84152d52d9ff68e" ++ EventSize: 28 ++ Event: ++ String: "grub_cmd: set root=hd0,gpt1\0" ++- EventNum: 96 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ - AlgorithmId: sha384 ++ Digest: "10b1f8d036aefd32ce770311ea00426e147b3daee378dd0679aeda81963b2c5389178787962ce9ea08e5571701cce94a" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 97 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d9d9de0269fb4f896105cac2f61eafa5f07a3715" ++ - AlgorithmId: sha256 ++ Digest: "4c6e3f3d149a959a42df7ae14e07665fc07faf0c18c54179fa9d460d54379266" ++ - AlgorithmId: sha384 ++ Digest: "44d9ad511c25d0f9cc6d5afd966a01ab022e2dc4999c56f110f26cdf5abcd369681618024ab313c886662e9db6915d96" ++ EventSize: 156 ++ Event: ++ String: "grub_cmd: search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\0" ++- EventNum: 98 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "05ba452bf00b7f880528b35d02e9077f89c08538" ++ - AlgorithmId: sha256 ++ Digest: "82a4a14e43a4f76118ae63285d0af05af139f260fae57b2c20737a1c1df3382b" ++ - AlgorithmId: sha384 ++ Digest: "ae1061c45b3c25c89cea3f7ddee4640f8e776086f7d62fb4b9c1d56148a1be04bf11de6a395344567b538c6df06d079e" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: [ = 1 ]\0" ++- EventNum: 99 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "01542096822d860040cf654f637eba149752e9e2" ++ - AlgorithmId: sha256 ++ Digest: "d1bbd7d573d636850a1a9efbcfac9e589f1bcd34f617b16bc7872275ea036c3d" ++ - AlgorithmId: sha384 ++ Digest: "2164d946e27c14eed101898c7ed88f7699292963b92d40d8ea3085b43284a57b3f3dfb83ac0945eb28ae70dd5ffd5184" ++ EventSize: 68 ++ Event: ++ String: "grub_cmd: echo GRUB_FORCE_PARTUUID set, attempting initrdless boot.\0" ++- EventNum: 100 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a72252f8c4a8332df162e7cd38feee3e4f17f311" ++ - AlgorithmId: sha256 ++ Digest: "7b35f08bff2e48a1b53a65d899a1c435a432488bc28e37639966477af0ae2ab2" ++ - AlgorithmId: sha384 ++ Digest: "c35c072afd08eabbe3acf4deed5f758d64f0c63657340d2b11991d001c8c93ce675cc3e758f41505c8ab075ca4d4dff3" ++ EventSize: 161 ++ Event: ++ String: "grub_cmd: linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\0" ++- EventNum: 101 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f6558a5d3c7c55b82f279124a3725991f8563c7f" ++ - AlgorithmId: sha256 ++ Digest: "38c6396eb70b84aef13f06384a37b7e7bfa77a14e3bde632a76c90acb65c1d97" ++ - AlgorithmId: sha384 ++ Digest: "1a09841f50d46e01e34db7db403824d2e5792411949f2ada78681c4c9b2666ec4729c4c019e69840bad921df227ba143" ++ EventSize: 30 ++ Event: ++ String: "/boot/vmlinuz-5.11.0-1008-gcp\0" ++- EventNum: 102 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c18eca5aee83e674879191584fb45b970b9f0b56" ++ - AlgorithmId: sha256 ++ Digest: "8e08c2b0645412c96b630c8273f78520ebe30be31ce7e9c92bf0e405596d134c" ++ - AlgorithmId: sha384 ++ Digest: "1f192c54174eb7d21824179a6803e1cd0a0dacafe1cb8b6d885c2440141d5e3f39099c669e6c526dffc4a1d945988c4c" ++ EventSize: 161 ++ Event: ++ String: "kernel_cmdline: /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\0" ++- EventNum: 103 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8c6944c5ed9f1516843fd5f5bc32941b1306e7db" ++ - AlgorithmId: sha256 ++ Digest: "76bc6c6d70ce34a24bda263584ed03d0fd5d94f90ca206dd5e500b0fe98b3df2" ++ - AlgorithmId: sha384 ++ Digest: "73d5fcf7750e63d42ab36b31da800a479873e4383ec2d8428ed572fa08429eccfbd63ebf7d342ba19a7ee828ed33d395" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: initrdfail\0" ++- EventNum: 104 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "55cfd6463ef334abb6b48080b33ec063a9c051eb" ++ - AlgorithmId: sha256 ++ Digest: "cfa4676ffe751d1547e77a8d66a033b59b3eed3400d9b3a305d2601891ab0e59" ++ - AlgorithmId: sha384 ++ Digest: "934aafc99cb0a7cb1ef83c5a1eb01c31d60927f08b2ff72d2c05e0b4660ed1dd1e139738b3c5630502e629e8f593d7af" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ -n true ]\0" ++- EventNum: 105 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d25eda264090bec15a2bfee2a9942a2cf6404e61" ++ - AlgorithmId: sha256 ++ Digest: "e997fcfc7bf155f28498714bece340531b221ca2598d7444d8dbc1aac6717deb" ++ - AlgorithmId: sha384 ++ Digest: "fa49d94c3497a24eeb1184b00c8aa69659132993997da06d35f349a246245a846436f4b1df9f1e9cdee9a02f40070dc8" ++ EventSize: 54 ++ Event: ++ String: "grub_cmd: [ -n bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ]\0" ++- EventNum: 106 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d31e5f156b716d7835b261891644bb5f7f65e285" ++ - AlgorithmId: sha256 ++ Digest: "4e7a22f96bae467df0f26975e0bf7614d6b92993301c65bae6a85c6530e460bf" ++ - AlgorithmId: sha384 ++ Digest: "fef379383e771fed457fecfc7148e008c90234d0526b282690c57c93802cc9623c25923689de1c2fcb62669f10e3e1e1" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ -z ]\0" ++- EventNum: 107 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "701f26890cfca800349839dcb7913dc84bd57bd1" ++ - AlgorithmId: sha256 ++ Digest: "6b2c97f60740ba1ed873c8a1344792aefe3ba93ed8f20db8e89193526cff5fbb" ++ - AlgorithmId: sha384 ++ Digest: "c9320c7d11fa8ba02fbf8fe0e952e2bf0b98478bb278e78b32e8af5f2fcade0ef682e200818ff2e84f279bab4e22b207" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: set initrdfail=1\0" ++- EventNum: 108 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7a86009dc1f23867d8951bb95471618bde2d1918" ++ - AlgorithmId: sha256 ++ Digest: "2436afe3cb181454ab807d6ca526ed3132dc1759787f9ed3f2f148e86948e978" ++ - AlgorithmId: sha384 ++ Digest: "4cf726ecd422b56df71dca2f377cb2a4ee6d9ca1f5b44096f8fc6607b73b56d0effc393100c506a93327511a72cbf707" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ -n ]\0" ++- EventNum: 109 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9f1950c2967bc0668269446aa91b2f1e2b088862" ++ - AlgorithmId: sha256 ++ Digest: "a05839fd9bfebe3bde7739df6a1983a0008d37e25a47ffa6a164b4a22050c80f" ++ - AlgorithmId: sha384 ++ Digest: "902625d0fdf460a02c0c993eb960c9b8ad2acd3099ea2304eb3fea5816b3263dd98955f34aa8948e0234e864b7470cad" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: save_env initrdfail\0" ++- EventNum: 110 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "443a6b7b82b7af564f2e393cd9d5a388b7fa4a98" ++ - AlgorithmId: sha256 ++ Digest: "d8043d6b7b85ad358eb3b6ae6a873ab7ef23a26352c5dc4faa5aeedacf5eb41b" ++ - AlgorithmId: sha384 ++ Digest: "214b0bef1379756011344877743fdc2a5382bac6e70362d624ccf3f654407c1b4badf7d8f9295dd3dabdef65b27677e0" ++ EventSize: 29 ++ Event: |- ++ Exit Boot Services Invocation ++- EventNum: 111 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "475545ddc978d7bfd036facc7e2e987f48189f0d" ++ - AlgorithmId: sha256 ++ Digest: "b54f7542cbd872a81a9d9dea839b2b8d747c7ebd5ea6615c40f42f44a6dbeba0" ++ - AlgorithmId: sha384 ++ Digest: "0a2e01c85deae718a530ad8c6d20a84009babe6c8989269e950d8cf440c6e997695e64d455c4174a652cd080f6230b74" ++ EventSize: 40 ++ Event: |- ++ Exit Boot Services Returned with Success ++pcrs: ++ sha1: ++ 0 : 0x0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea ++ 1 : 0x36c6b7436c37243c5f6744b73ced4df1287cd16a ++ 2 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 3 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 4 : 0x8d9868b66afcf4039eaf8ef5228556d9f313659f ++ 5 : 0xb0eaa45a496e0d933f63e97fd2362192dd48e369 ++ 6 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 7 : 0x777795cbdeca679f7749d8d09fc12941dcc9912a ++ 8 : 0x5dfae5320ea06ddd1c62d296844a9b4b32b49972 ++ 9 : 0xf53869ab9015b5ad736e5f00e44fdfee2fdfde27 ++ 14 : 0xcd3734d2bdfcfba9e443ac02c03c812ffcceb255 ++ sha256: ++ 0 : 0x24af52a4f429b71a3184a6d64cddad17e54ea030e2aa6576bf3a5a3d8bd3328f ++ 1 : 0xf7dab5fda6b082e0ec1a12c43dd996ee409111422cda752a784620313039db19 ++ 2 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 3 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 4 : 0x295aeaeacad1d507930bab18418f905eeda633ea67b2ab94c5e5fd3a4d47ac58 ++ 5 : 0xe4f1359accfe48b19af7d38e98a3f373116b55b7f7a6f58f826f409a91d9fd28 ++ 6 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 7 : 0xca37324eeffabd318d30a20f15bf27ce25dc33e2c9856279ff6c2ced58b02efa ++ 8 : 0x2f2559cae74bb441d75afea5edb78d9a645db9f4bf8dea84bab0861ce6032e18 ++ 9 : 0x9f27883322aaaf043662c27542d9685790c687ea554e4e2ae30f0e099a2e4889 ++ 14 : 0x8351c65483c5419079e8c96758dd2130bee075d71fea226f68ec4eb5bfc71983 ++ sha384: ++ 0 : 0x8be2d39fecef6e883d467379c57847437cfa03a6f7f7f78dcb2a05a479db4b4749ececedd105b760bc8313abccf1dfb6 ++ 1 : 0x382f8b0c004009344620c720690011386c383af66e38437f6f44854426a8a7a1d8eb8c9ffcc5c61b9b39729446c34042 ++ 2 : 0x518923b0f955d08da077c96aaba522b9decede61c599cea6c41889cfbea4ae4d50529d96fe4d1afdafb65e7f95bf23c4 ++ 3 : 0x518923b0f955d08da077c96aaba522b9decede61c599cea6c41889cfbea4ae4d50529d96fe4d1afdafb65e7f95bf23c4 ++ 4 : 0x6bb9f97fa6a24844a6976c6196dcf766574c2062923d2ccbb9e04a365f36a986c798342cb9720d919b0f6a72a1aaab3e ++ 5 : 0x6c1b5fbc7598002e1c48171baf44ffc24c001ba16d25356fb2c06fe8bc3aa73ca78bb658fc4eb5952d5862ee7097ea86 ++ 6 : 0x518923b0f955d08da077c96aaba522b9decede61c599cea6c41889cfbea4ae4d50529d96fe4d1afdafb65e7f95bf23c4 ++ 7 : 0x79ca6795f9f8cb4f8653f64370dcdcc845e2d7be213424c1295bb4626ec436436bcca9decd0bd989b7218ea24af40313 ++ 8 : 0xedf46c2b7278fb9a7e9f0f9ef4bfdcafe156ff687ce039069b9cb9c11cae76d72ad881212ef748cf868138516d22edae ++ 9 : 0xb22f00a43ff104a75b333718cb822311654d33d42154b70c57a90a42c9674fff79e8ca016c2656aa7c92be41ebc57a64 ++ 14 : 0xb8b567350264af771620c027a7b166896385885029f5e5b2feb9a0c62b7ffdfc276b702373b26b3aa589ab675ee8654d +diff --git a/test/integration/fixtures/event-pretty/event-moklisttrusted.bin.yaml b/test/integration/fixtures/event-pretty/event-moklisttrusted.bin.yaml +new file mode 100644 +index 0000000..1b29b15 +--- /dev/null ++++ b/test/integration/fixtures/event-pretty/event-moklisttrusted.bin.yaml +@@ -0,0 +1,1164 @@ ++--- ++version: 2 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 33 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 1 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7" ++ EventSize: 2 ++ Event: "0000" ++- EventNum: 2 ++ PCRIndex: 0 ++ EventType: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df32b6fc4e8a153713feba580b9ca6da6efa8cb23dd907f0e543d1f4c5be3c14" ++ EventSize: 16 ++ Event: ++ BlobBase: 0x820000 ++ BlobLength: 0xe0000 ++- EventNum: 3 ++ PCRIndex: 0 ++ EventType: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "da36c15e1184901ad53ec231d441224d2fff5ff168d8972fe71efca4e150b502" ++ EventSize: 16 ++ Event: ++ BlobBase: 0x900000 ++ BlobLength: 0xc00000 ++- EventNum: 4 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ccfc4bb32888a345bc8aeadaba552b627d99348c767681ab3141f5b01e40a40e" ++ EventSize: 53 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 1 ++ UnicodeName: SecureBoot ++ VariableData: ++ Enabled: 'Yes' ++- EventNum: 5 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "36a1f8ab7581531938784aa5bf73aac6973e3ba6a60cd89f24020fcb7961fc3e" ++ EventSize: 1012 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 976 ++ UnicodeName: PK ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 976 ++ SignatureHeaderSize: 0 ++ SignatureSize: 948 ++ Keys: ++ - SignatureOwner: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ SignatureData: 308203a030820288a003020102020900fef588e8f396c0f1300d06092a864886f70d01010b05003051312b302906035504031322526564204861742053656375726520426f6f742028504b2f4b454b206b65792031293122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d301e170d3134313033313131313533375a170d3337313032353131313533375a3051312b302906035504031322526564204861742053656375726520426f6f742028504b2f4b454b206b65792031293122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100901f847b8dbceb9726826d88ab8ac98c6870f9df4b07b237830b02c86768309ee3f0f0994ab85957c641f6388bfe664c49e93737922e98011e5b1450e6a88d250df586e6ab30cb4016ea8d8b1686704337f2cec091df71148e990e89b64c6d241e8ce42f4f25d0ba06f8c6e8191876731d816da8d805cf3ac87b28c836a3160d298c999a68dcabc04d8dbf5abb2ba9394b04971cf936bbc53a8604aeafd4827be0abde490568fcf6ae681a6c904d57193c646603f6c7529bf794cf936aa168c9aacf996bbcaa5e08e7391cf7f80fba067ef1cbe876ddfe22daad3a5e5b34eab3c9e04d04297eb860b905efb5d91758561660b93032f0364ac3f2798d124070f30203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604143ce960e3ff19a10a7ba342f48d422eb4d59c72ec301f0603551d230418301680143ce960e3ff19a10a7ba342f48d422eb4d59c72ec300d06092a864886f70d01010b050003820101005c4d9288b4825f1dad8b11ecdf06a67aa52b9f37550c8d6e0500adb70c418969cfd665069b5178d2adc7bf9cdc05737fe71e3913b4eab6307d4075ab9c430bdfb0c21bbf30e0f4fec0db622198f6c5afde3b4f490ae61ef986b03f0dd6d44637db54745eff11c260c67058c51c6fecb2d86e6fc3bc338738a4f344649c343b28942678279f1617e83b690a25a973367e9e375cece83fdb91f912b33dcee7dd15c3ae8c0520619b95de9baffab15c1ce597e7c3341185f58a2726a47036ec0cf6833d90f736f3f9f315d49062be53b4afd349afeff473e87b76e4442a37ba81a4990c3a312471a0e4e4b71acb47e4aa22cfef756180e343b7485773113d789b69 ++- EventNum: 6 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "1c1acab9b9e89496e453e6d5a9d3ef0c3632cd99496016fcc0c1e435c62bf421" ++ EventSize: 2574 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 2536 ++ UnicodeName: KEK ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 976 ++ SignatureHeaderSize: 0 ++ SignatureSize: 948 ++ Keys: ++ - SignatureOwner: a0baa8a3-041d-48a8-bc87-c36d121b5e3d ++ SignatureData: 308203a030820288a003020102020900fef588e8f396c0f1300d06092a864886f70d01010b05003051312b302906035504031322526564204861742053656375726520426f6f742028504b2f4b454b206b65792031293122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d301e170d3134313033313131313533375a170d3337313032353131313533375a3051312b302906035504031322526564204861742053656375726520426f6f742028504b2f4b454b206b65792031293122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100901f847b8dbceb9726826d88ab8ac98c6870f9df4b07b237830b02c86768309ee3f0f0994ab85957c641f6388bfe664c49e93737922e98011e5b1450e6a88d250df586e6ab30cb4016ea8d8b1686704337f2cec091df71148e990e89b64c6d241e8ce42f4f25d0ba06f8c6e8191876731d816da8d805cf3ac87b28c836a3160d298c999a68dcabc04d8dbf5abb2ba9394b04971cf936bbc53a8604aeafd4827be0abde490568fcf6ae681a6c904d57193c646603f6c7529bf794cf936aa168c9aacf996bbcaa5e08e7391cf7f80fba067ef1cbe876ddfe22daad3a5e5b34eab3c9e04d04297eb860b905efb5d91758561660b93032f0364ac3f2798d124070f30203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604143ce960e3ff19a10a7ba342f48d422eb4d59c72ec301f0603551d230418301680143ce960e3ff19a10a7ba342f48d422eb4d59c72ec300d06092a864886f70d01010b050003820101005c4d9288b4825f1dad8b11ecdf06a67aa52b9f37550c8d6e0500adb70c418969cfd665069b5178d2adc7bf9cdc05737fe71e3913b4eab6307d4075ab9c430bdfb0c21bbf30e0f4fec0db622198f6c5afde3b4f490ae61ef986b03f0dd6d44637db54745eff11c260c67058c51c6fecb2d86e6fc3bc338738a4f344649c343b28942678279f1617e83b690a25a973367e9e375cece83fdb91f912b33dcee7dd15c3ae8c0520619b95de9baffab15c1ce597e7c3341185f58a2726a47036ec0cf6833d90f736f3f9f315d49062be53b4afd349afeff473e87b76e4442a37ba81a4990c3a312471a0e4e4b71acb47e4aa22cfef756180e343b7485773113d789b69 ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1560 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1532 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 308205e8308203d0a003020102020a610ad188000000000003300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632343230343132395a170d3236303632343230353132395a308180310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312a3028060355040313214d6963726f736f667420436f72706f726174696f6e204b454b204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4e8b58abfad5726b026c3eae7fb577a44025d070dda4ae5742ae6b00fec6debec7fb9e35a63327c11174f0ee30ba73815938ec6f5e084b19a9b2ce7f5b791d609e1e2c004a8ac301cdf48f306509a64a7517fc8854f8f2086cefe2fe19fff82c0ede9cdcef4536a623a0b43b9e225fdfe05f9d4c414ab11e223898d70b7a41d4decaee59cfa16c2d7c1cbd4e8c42fe599ee248b03ec8df28beac34afb4311120b7eb547926cdce60489ebf53304eb10012a71e5f983133cff25092f687646ffba4fbedcad712a58aafb0ed2793de49b653bcc292a9ffc7259a2ebae92eff6351380c602ece45fcc9d76cdef6392c1af79408479877fe352a8e89d7b07698f150203010001a382014f3082014b301006092b06010401823715010403020100301d0603551d0e0416041462fc43cda03ea4cb6712d25bd955ac7bccb68a5f301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100d48488f514941802ca2a3cfb2a921c0cd7a0d1f1e85266a8eea2b5757a9000aa2da4765aea79b7b9376a517b1064f6e164f20267bef7a81b78bdbace8858640cd657c819a35f05d6dbc6d069ce484b32b7eb5dd230f5c0f5b8ba7807a32bfe9bdb345684ec82caae4125709c6be9fe900fd7961fe5e7941fb22a0c8d4bff2829107bf7d77ca5d176b905c879ed0f90929cc2fedf6f7e6c0f7bd4c145dd345196390fe55e56d8180596f407a642b3a077fd0819f27156cc9f8623a487cba6fd587ed4696715917e81f27f13e50d8b8a3c8784ebe3cebd43e5ad2d84938e6a2b5a7c44fa52aa81c82d1cbbe052df0011f89a3dc160b0e133b5a388d165190a1ae7ac7ca4c182874e38b12f0dc514876ffd8d2ebc39b6e7e6c3e0e4cd2784ef9442ef298b9046413b811b67d8f9435965cb0dbcfd00924ff4753ba7a924fc50414079e02d4f0a6a27766e52ed96697baf0ff78705d045c2ad5314811ffb3004aa373661da4a691b34d868edd602cf6c940cd3cf6c2279adb1f0bc03a24660a9c407c22182f1fdf2e8793260bfd8aca522144bcac1d84beb7d3f5735b2e64f75b4b060032253ae91791dd69b411f15865470b2de0d350f7cb03472ba97603bf079eba2b21c5da216b887c5e91bf6b597256f389fe391fa8a7998c3690eb7a31c200597f8ca14ae00d7c4f3c01410756b34a01bb59960f35cb0c5574e36d23284bf9e ++- EventNum: 7 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "644aacf6f4015125233c459bc9e40f3fc82ccd14abb047dc50b7913c8095d1d7" ++ EventSize: 3179 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 3143 ++ UnicodeName: db ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1543 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1515 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 308205d7308203bfa003020102020a61077656000000000008300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3131313031393138343134325a170d3236313031393138353134325a308184310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312e302c060355040313254d6963726f736f66742057696e646f77732050726f64756374696f6e20504341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100dd0cbba2e42e09e3e7c5f79669bc0021bd693333efad04cb5480ee0683bbc52084d9f7d28bf338b0aba4ad2d7c627905ffe34a3f04352070e3c4e76be09cc03675e98a31dd8d70e5dc37b5744696285b8760232cbfdc47a567f751279e72eb07a6c9b91e3b53357ce5d3ec27b9871cfeb9c923096fa84691c16e963c41d3cba33f5d026a4dec691f25285c36fffd43150a94e019b4cfdfc212e2c25b27ee2778308b5b2a096b22895360162cc0681d53baec49f39d618c85680973445d7da2542bdd79f715cf355d6c1c2b5ccebc9c238b6f6eb526d93613c34fd627aeb9323b41922ce1c7cd77e8aa544ef75c0b048765b44318a8b2e06d1977ec5a24fa48030203010001a38201433082013f301006092b06010401823715010403020100301d0603551d0e04160414a92902398e16c49778cd90f99e4f9ae17c55af53301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014d5f656cb8fe8a25c6268d13d94905bd7ce9a18c430560603551d1f044f304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f4365724175745f323031302d30362d32332e63726c305a06082b06010505070101044e304c304a06082b06010505073002863e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f4365724175745f323031302d30362d32332e637274300d06092a864886f70d01010b0500038202010014fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1600 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1572 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 ++- EventNum: 8 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "1963d580fcc0cede165e23837b55335eebe18750c0b795883386026ea071e3c6" ++ EventSize: 114 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 76 ++ UnicodeName: dbx ++ VariableData: ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: a0baa8a3-041d-48a8-bc87-c36d121b5e3d ++ SignatureData: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ++- EventNum: 9 ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 10 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "05131aaccf79e17ce81e239ca3fd2f7706889c207abba05a7f6cbe37723b7507" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x7d750018 ++ ImageLengthInMemory: 169280 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: 'PciRoot(0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Offset(0x12200,0x2a7ff)' ++- EventNum: 11 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "8c765cd796a40f961d239dc8d469917b278e18316fe8ee9bbe2a5737e294204d" ++ EventSize: 56 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 9 ++ VariableDataLength: 6 ++ UnicodeName: BootOrder ++ VariableData: ++ - Boot0002 ++ - Boot0001 ++ - Boot0000 ++- EventNum: 12 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "9192f6ceff32199e626ee22ab37b88cd5b2b74acc65134443da18e81c8ec09ff" ++ EventSize: 202 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 154 ++ UnicodeName: Boot0002 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 98 ++ Description: "Red Hat Enterprise Linux" ++ DevicePath: 'HD(1,GPT,32e3ebef-0a78-4087-b320-948b8e06b02f,0x800,0x12c000)/File(\EFI\redhat\shimx64.efi)' ++- EventNum: 13 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "37d0b6681d44cc3f1e28d695fe6aacbf49048712b946b9810f73b583437843ac" ++ EventSize: 132 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 84 ++ UnicodeName: Boot0001 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 28 ++ Description: "UEFI Misc Device" ++ DevicePath: 'PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)' ++- EventNum: 14 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "3197be1e300fa1600d1884c3a4bd4a90a15405bfb546cf2e6cf6095f8c362a93" ++ EventSize: 110 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 62 ++ UnicodeName: Boot0000 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 44 ++ Description: "UiApp" ++ DevicePath: 'FvVol(7cb8bdc9-f8eb-4f34-aaea-3ee4af6516a1)/FvFile(462caa21-7614-4503-836e-8ab6f4662331)' ++- EventNum: 15 ++ PCRIndex: 4 ++ EventType: EV_EFI_ACTION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba" ++ EventSize: 40 ++ Event: |- ++ Calling EFI Application from Boot Option ++- EventNum: 16 ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 17 ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 18 ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 19 ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 20 ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 21 ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 22 ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 23 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4d4a8e2c74133bbdc01a16eaf2dbb5d575afeb36f5d8dfcf609ae043909e2ee9" ++ EventSize: 1608 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 1572 ++ UnicodeName: db ++ VariableData: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 ++- EventNum: 24 ++ PCRIndex: 5 ++ EventType: EV_EFI_GPT_EVENT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "b401858d924d7c9d39e32bc3a539bb79c83bfac9f4c4c8b45cc59d427e9afc19" ++ EventSize: 612 ++ Event: ++ Header: ++ Signature: "EFI PART" ++ Revision: 0x10000 ++ HeaderSize: 92 ++ HeaderCRC32: 0xf9b92cdd ++ MyLBA: 0x1 ++ AlternateLBA: 0x27fffff ++ FirstUsableLBA: 0x22 ++ LastUsableLBA: 0x27fffde ++ DiskGUID: 7bb73385-40b7-462f-a5fd-4e4b67e399a3 ++ PartitionEntryLBA: 0x2 ++ NumberOfPartitionEntry: 128 ++ SizeOfPartitionEntry: 128 ++ PartitionEntryArrayCRC32: 0xe28b5e55 ++ NumberOfPartitions: 4 ++ Partitions: ++ - PartitionTypeGUID: c12a7328-f81f-11d2-ba4b-00a0c93ec93b ++ UniquePartitionGUID: 32e3ebef-0a78-4087-b320-948b8e06b02f ++ StartingLBA: 0x800 ++ EndingLBA: 0x12c7ff ++ Attributes: 0x0 ++ PartitionName: "EFI System Partition" ++ - PartitionTypeGUID: 0fc63daf-8483-4772-8e79-3d69d8477de4 ++ UniquePartitionGUID: 15080006-a862-4040-9e5f-850b0c5293ff ++ StartingLBA: 0x12c800 ++ EndingLBA: 0x32c7ff ++ Attributes: 0x0 ++ PartitionName: "" ++ - PartitionTypeGUID: 0657fd6d-a4ab-43c4-84e5-0933c84b4f4f ++ UniquePartitionGUID: 9ab18f82-2647-4462-94ba-4a29ea3bb00e ++ StartingLBA: 0x32c800 ++ EndingLBA: 0x72c7ff ++ Attributes: 0x0 ++ PartitionName: "" ++ - PartitionTypeGUID: 0fc63daf-8483-4772-8e79-3d69d8477de4 ++ UniquePartitionGUID: 81c10479-c5d6-4f99-9f68-5bbee604106f ++ StartingLBA: 0x72c800 ++ EndingLBA: 0x27ff7ff ++ Attributes: 0x0 ++ PartitionName: "" ++- EventNum: 25 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "5af24fa7419a5bb4cebe934221c3155cb3918773c5b7033d59cddda344f3ebf5" ++ EventSize: 154 ++ Event: ++ ImageLocationInMemory: 0x7d0ca018 ++ ImageLengthInMemory: 946736 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 122 ++ DevicePath: 'PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/HD(1,GPT,32e3ebef-0a78-4087-b320-948b8e06b02f,0x800,0x12c000)/File(\EFI\redhat\shimx64.efi)' ++- EventNum: 26 ++ PCRIndex: 14 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "69bbddbe5a4480b7ab2e5632638b978bba978e66d04b677b3fd4ad2e5c7e1c5b" ++ EventSize: 8 ++ Event: ++ String: "MokList\0" ++- EventNum: 27 ++ PCRIndex: 14 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "8d8a3aae50d5d25838c95c034aadce7b548c9a952eb7925e366eda537c59c3b0" ++ EventSize: 9 ++ Event: ++ String: "MokListX\0" ++- EventNum: 28 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "922e939a5565798a5ef12fe09d8b49bf951a8e7f89a0cca7a51636693d41a34d" ++ EventSize: 68 ++ Event: ++ VariableName: 605dab50-e046-4300-abb6-3dd810dd8b23 ++ UnicodeNameLength: 9 ++ VariableDataLength: 18 ++ UnicodeName: SbatLevel ++ VariableData: ++ String: "sbat,1,2021030218\n" ++- EventNum: 29 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "5f62a2107fa11ce0485fd252d2e6c603cb8ed075861f9513bfed0a26bf6ed62b" ++ EventSize: 61 ++ Event: ++ VariableName: 605dab50-e046-4300-abb6-3dd810dd8b23 ++ UnicodeNameLength: 14 ++ VariableDataLength: 1 ++ UnicodeName: MokListTrusted ++ VariableData: ++ Enabled: 'Yes' ++- EventNum: 30 ++ PCRIndex: 14 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a" ++ EventSize: 15 ++ Event: ++ String: "MokListTrusted\0" ++- EventNum: 31 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "92291e21a601f9a142e256dfc85b516a43b1e929212eafda55458f6f9be7f0a1" ++ EventSize: 960 ++ Event: ++ VariableName: 605dab50-e046-4300-abb6-3dd810dd8b23 ++ UnicodeNameLength: 4 ++ VariableDataLength: 920 ++ UnicodeName: Shim ++ VariableData: ++ - SignatureOwner: 94038230-8230-7c02-a003-020102020900 ++ SignatureData: 83730d2b7280d15a300d06092a864886f70d01010b0500305f31163014060355040a0c0d526564204861742c20496e632e3121301f06035504030c18526564204861742053656375726520426f6f7420434120353122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d301e170d3230303630393038313533365a170d3338303131383038313533365a305f31163014060355040a0c0d526564204861742c20496e632e3121301f06035504030c18526564204861742053656375726520426f6f7420434120353122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cebaea41171c81a18809bfa1d4a9fa532e9d9ebcfc3b289c3052a00bf4000f36c88341f6a9c915496564d5b2769e58c12e1eeacf93386b47d6ba92c5f800e777a55769df41b1c4905b2d20c174aa038680b6a459efa988445e5240d47715a104859ceff3c69ff30f0fd68446e466dc266ad6d88a6e474acae34c431574997a06328ce033bfe5f846673dea0e943bbf3ddd8bf67f308c45540ba4de23355a997305d880e765141a07302c7386b02da3a636a64d815d91a767bbea3b5b828a9ccf83da31d1543416bc1907172a944ef0cecf0dbaf4fbe4d44889238b8cdc8e4513d77aa8d5e5840313520206c2d590763ab5d7b89d7ab0c9d09869fb8e0d01f5850203010001a3533051301d0603551d0e04160414cc6fa5e72868ba494e939bbd680b9144769a9f8f301f0603551d23041830168014cc6fa5e72868ba494e939bbd680b9144769a9f8f300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101001de75e426a66cc723e9b5cc9afa3ca542eed64abc0b917be27a91e58b1593c4d1174d1971a520584058ad9f085c8f5ec8f9ce9e7086dbb3acbfa6f3c33e6784d75bddfc095729f0350d2752a7cb481e08762945cefcf6bda3ae3bf6e18743455500c22518eaa5830bebd3e304db697b5131b6daf6c183b714a09a18917a7e718f56d51b1d310c80ed6e43219024b1ab2d2dc29a326951d0106e452697806d3304444b07577cc54ade46e2222ff5dff93060cf9983a9c39b70c81d0f3f807a7098b6f9c8ae1adfc419850a65f0bbaa57f1cfc838d06592e9e6ebff43ec31a746625948a5dbf21b6139b9f67f87edc421f4c0edd88737d8c95d03f77c190b864f1 ++- EventNum: 32 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "a4858d1a47abce57039f498475d96b1e29c9c0489458ea45fc1c3ef2599eea16" ++ EventSize: 88 ++ Event: ++ ImageLocationInMemory: 0x7cd71018 ++ ImageLengthInMemory: 2524792 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 56 ++ DevicePath: 'File(\EFI\redhat\grubx64.efi)' ++- EventNum: 33 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "1e9dc05f52ce1ee96bfbe2c8e4a5a650a8ca7564f5ec05258e8ac7a490e5c0d6" ++ EventSize: 31 ++ Event: ++ String: "(hd0,gpt1)/EFI/redhat/grub.cfg\0" ++- EventNum: 34 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "1e9dc05f52ce1ee96bfbe2c8e4a5a650a8ca7564f5ec05258e8ac7a490e5c0d6" ++ EventSize: 31 ++ Event: ++ String: "(hd0,gpt1)/EFI/redhat/grub.cfg\0" ++- EventNum: 35 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "a449b867e6234d067b572dd6d119d7a58e9792992a5f4c65fccfd9699a6128ac" ++ EventSize: 86 ++ Event: ++ String: "grub_cmd: search --no-floppy --fs-uuid --set=dev ed5e9398-1a8f-4ae2-a8b8-c4cd677a759f\0" ++- EventNum: 36 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "8848d9559c4b88724d1ca23ace56550cf497428733fdc13462e1092e04f819b2" ++ EventSize: 38 ++ Event: ++ String: "grub_cmd: set prefix=(hd0,gpt2)/grub2\0" ++- EventNum: 37 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ff53bb1b64407630089072060dadd651c37b29fab7eafdb6c22212104101d616" ++ EventSize: 34 ++ Event: ++ String: "grub_cmd: export (hd0,gpt2)/grub2\0" ++- EventNum: 38 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "6c37371ba140d53352f0a269edd9f4748964ffe8204f47d0155c082a0f214815" ++ EventSize: 47 ++ Event: ++ String: "grub_cmd: configfile (hd0,gpt2)/grub2/grub.cfg\0" ++- EventNum: 39 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "e406f33b6c2268c4b370a0f2445a61c40cff8f9496057056f2fe28d8bfb2a7e3" ++ EventSize: 26 ++ Event: ++ String: "(hd0,gpt2)/grub2/grub.cfg\0" ++- EventNum: 40 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "fc1ac040fc293ed95e4594b67c4378a832d67c8951a3a5e7032e919eb99c5f88" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: set pager=1\0" ++- EventNum: 41 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "b3fa538baf79d1c124c21e7c4b7816563ad00e726d72bdf775d7d8c1171ebff2" ++ EventSize: 42 ++ Event: ++ String: "grub_cmd: [ -f (hd0,gpt2)/grub2/grubenv ]\0" ++- EventNum: 42 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "06c0ff22313606eef3c6082214f8c0a2b813fb987dfd4c98033080276eb08745" ++ EventSize: 47 ++ Event: ++ String: "grub_cmd: load_env -f (hd0,gpt2)/grub2/grubenv\0" ++- EventNum: 43 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "b1ae111cb224346a7342648d107b5394ce808c7892c117a063a3a9a31c6ccd23" ++ EventSize: 25 ++ Event: ++ String: "(hd0,gpt2)/grub2/grubenv\0" ++- EventNum: 44 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 45 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "9cda6c923e6ecc7a57f10f30168810e381695d20ef53f59c04d004aaa4e46237" ++ EventSize: 77 ++ Event: ++ String: "grub_cmd: set default=54e4e23536524c529b66e491dfc77274-5.14.0-130.el9.x86_64\0" ++- EventNum: 46 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 47 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "09f17d4dfb4b97f16246632c21b1ac2125c95c148899eee5069fbb1b34365513" ++ EventSize: 35 ++ Event: ++ String: "grub_cmd: menuentry_id_option=--id\0" ++- EventNum: 48 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4af0bb370c9e3b7982027d02e04c935e32d52b528007476bfc50d36d1b86815e" ++ EventSize: 37 ++ Event: ++ String: "grub_cmd: export menuentry_id_option\0" ++- EventNum: 49 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 50 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "1022afd472d62cf10a33afe3e9a3769af2334ada5f5ebd238b428f0d90a497aa" ++ EventSize: 32 ++ Event: ++ String: "grub_cmd: serial --speed=115200\0" ++- EventNum: 51 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "092ef58da5a532249d7ee58b0d6f0772b3cb39fb24b653ccafe3ddf50d9c49a8" ++ EventSize: 40 ++ Event: ++ String: "grub_cmd: terminal_input serial console\0" ++- EventNum: 52 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "c81593b0a6c83009cd0c757a681399d7dc491453e042b7b368b530074e5c39b9" ++ EventSize: 41 ++ Event: ++ String: "grub_cmd: terminal_output serial console\0" ++- EventNum: 53 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 54 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "1c568398cf2e4a9df58875bbd79dffe058ec45be0b74512fa919a2fe7db4a609" ++ EventSize: 33 ++ Event: ++ String: "grub_cmd: set timeout_style=menu\0" ++- EventNum: 55 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "71a5b3b21ac3862f40fabb745a9649c3a1d34249b9706524c90b2480c298beb0" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: set timeout=5\0" ++- EventNum: 56 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "e3b86ac73bb68db33745fd1cac2ca1d6bbbefb39ac1cca848bc9bc800114e7e5" ++ EventSize: 43 ++ Event: ++ String: "grub_cmd: [ -f (hd0,gpt2)/grub2/user.cfg ]\0" ++- EventNum: 57 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "29b7ae3acc4da64c4380feaea03c4a761c88bfbb74b3a79ac68a4e2822bbff2f" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: insmod increment\0" ++- EventNum: 58 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "55cf6566869a451dbd91b65abbbd92b35b62e8009e9136e8df11846a287b93ae" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: [ -n -a 0 = 0 ]\0" ++- EventNum: 59 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "62cd76d31ca3d10d742e46c6ff171046ce19dd90f361a827fec6571e59c24794" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: insmod part_gpt\0" ++- EventNum: 60 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "39c36226c5af91f9ee4969786436cc8ad87252b22b55c006bb8ef98a0eaef85d" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: insmod xfs\0" ++- EventNum: 61 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "96d10df2fba642d434781baf243b25e910759c649db2c81fce017759a2e733f3" ++ EventSize: 87 ++ Event: ++ String: "grub_cmd: search --no-floppy --fs-uuid --set=root ed5e9398-1a8f-4ae2-a8b8-c4cd677a759f\0" ++- EventNum: 62 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "62cd76d31ca3d10d742e46c6ff171046ce19dd90f361a827fec6571e59c24794" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: insmod part_gpt\0" ++- EventNum: 63 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "c8fabb4ae6637fa9a9037444c80a55b1a2d2da2c2b9b8842b7810379877955f6" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: insmod fat\0" ++- EventNum: 64 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "839290aa76a4b0d6bfe0a8d3908116f4991e2e81c9f1ff0c395b907692944ffe" ++ EventSize: 60 ++ Event: ++ String: "grub_cmd: search --no-floppy --fs-uuid --set=boot EE2C-46E8\0" ++- EventNum: 65 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4e7a22f96bae467df0f26975e0bf7614d6b92993301c65bae6a85c6530e460bf" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ -z ]\0" ++- EventNum: 66 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "799852ff506d6ce018c30e57166e6e04f450a16f9df958737e1e1473046fb8e0" ++ EventSize: 146 ++ Event: ++ String: "grub_cmd: set kernelopts=root=UUID=10d7f09f-7852-4b75-a2b6-2355d99b4376 ro resume=UUID=c39a47a6-aaad-45f9-87f1-26be66fe2a24 console=ttyS0,115200 \0" ++- EventNum: 67 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "822e637a86c14c686c7beda98067089103cfb97984033b6d607d9feb82f0d234" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: insmod blscfg\0" ++- EventNum: 68 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "05a5577cb6b242b7b5aff400fd90224598d1e354937fadc90f954cab3dc78519" ++ EventSize: 17 ++ Event: ++ String: "grub_cmd: blscfg\0" ++- EventNum: 69 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ad40d8033aa535ebbb889e4cfc0b9330cb91333662df4faad83afb5a4679ff4b" ++ EventSize: 87 ++ Event: ++ String: "(hd0,gpt2)/loader/entries//54e4e23536524c529b66e491dfc77274-5.14.0-130.el9.x86_64.conf\0" ++- EventNum: 70 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "0f091ad303dc1b251381cce9debaf422871c8f57aae37f4604fe11f1a7d043c8" ++ EventSize: 74 ++ Event: ++ String: "(hd0,gpt2)/loader/entries//54e4e23536524c529b66e491dfc77274-0-rescue.conf\0" ++- EventNum: 71 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "eb866bcea8420a022810dd2c940e9647b149c7c4702755aa08dea821b5a67756" ++ EventSize: 29 ++ Event: ++ String: "grub_cmd: [ 0 = 1 -o 0 = 1 ]\0" ++- EventNum: 72 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "bc7b76a012f77212c24c2db187fb8474dbb2f6567186a64c3550b30f4ffc4363" ++ EventSize: 29 ++ Event: ++ String: "grub_cmd: set menu_hide_ok=0\0" ++- EventNum: 73 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "73685e16907fb87cb70065627b206b7142631e929ac4285418fb56399b607079" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ 0 = 1 ]\0" ++- EventNum: 74 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "73685e16907fb87cb70065627b206b7142631e929ac4285418fb56399b607079" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ 0 = 1 ]\0" ++- EventNum: 75 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "d4468e9ea1b6827517d1f626f8c34b364007a3611c2a17fbf51bc7e7eaa49138" ++ EventSize: 29 ++ Event: ++ String: "grub_cmd: set boot_success=0\0" ++- EventNum: 76 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "11ad30ffc650e4c3b13a3e434111a5bc12fb00699138c06e80d132124b61a86b" ++ EventSize: 51 ++ Event: ++ String: "grub_cmd: save_env boot_success boot_indeterminate\0" ++- EventNum: 77 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 78 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 79 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "5d487e285706b36d48eff03e56383e4692de24b867b38fcb3c5896fd222a5957" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: [ efi = efi ]\0" ++- EventNum: 80 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "fb84aff84de5bcc528ede92bec117fa8cea46362c5d2ea946e44299a968ffac7" ++ EventSize: 77 ++ Event: ++ String: "grub_cmd: menuentry UEFI Firmware Settings --id uefi-firmware {\n\ ++ \t\tfwsetup\n\ ++ \t}\0" ++- EventNum: 81 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "2772cd3a066fe5a53ee59546d123304f52ede2f0225dfbe9e14d7d1b33f732a5" ++ EventSize: 45 ++ Event: ++ String: "grub_cmd: [ -f (hd0,gpt2)/grub2/custom.cfg ]\0" ++- EventNum: 82 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "8b9a38d95384b44889dbcbcdb5fa13679511d4b0f69078d554e7a95ba78dcd5c" ++ EventSize: 68 ++ Event: ++ String: "grub_cmd: [ -z (hd0,gpt2)/grub2 -a -f (hd0,gpt2)/grub2/custom.cfg ]\0" ++- EventNum: 83 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "7626abd8be7442c2e575364a3e95cb3a3b533c58afbba402d2bdabdff85d29c7" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: load_video\0" ++- EventNum: 84 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 85 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "d71353f5368eb2c1280590928128979bd96ea8db1e8c81493f7878383b76ab3b" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: insmod all_video\0" ++- EventNum: 86 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "15a5018b0177cf9c49c0b97911df67e7f2c193d3613e3fc4c9eb98a2b5d06fcc" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: set gfxpayload=keep\0" ++- EventNum: 87 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "6c4674d4c652ee67b98a6206d7541ccbf2d5dc0a18dae31ad66e82c794c49784" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: insmod gzio\0" ++- EventNum: 88 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "753adbf2c98996166c82e7834c1f7af48987739bec81e3948b2017955c50705c" ++ EventSize: 247 ++ Event: ++ String: "grub_cmd: linux (hd0,gpt2)/vmlinuz-5.14.0-130.el9.x86_64 root=UUID=10d7f09f-7852-4b75-a2b6-2355d99b4376 ro resume=UUID=c39a47a6-aaad-45f9-87f1-26be66fe2a24 console=ttyS0,115200 ima_appraise=fix ima_canonical_fmt ima_policy=tcb ima_template=ima-ng\0" ++- EventNum: 89 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "0114cf38d49a529321c6dc4cef08424418efe3384494ff0a8fde04eee9a608bd" ++ EventSize: 41 ++ Event: ++ String: "(hd0,gpt2)/vmlinuz-5.14.0-130.el9.x86_64\0" ++- EventNum: 90 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "55ca5219d41971e1dcdb75b3624e63f96f8bafd4edf57007f60343b9dec3a4da" ++ EventSize: 32 ++ Event: ++ ImageLocationInMemory: 0x7a07b640 ++ ImageLengthInMemory: 11302456 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 0 ++ DevicePath: '' ++- EventNum: 91 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "55ca5219d41971e1dcdb75b3624e63f96f8bafd4edf57007f60343b9dec3a4da" ++ EventSize: 32 ++ Event: ++ ImageLocationInMemory: 0x78b19580 ++ ImageLengthInMemory: 11302456 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 0 ++ DevicePath: '' ++- EventNum: 92 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "6fed7c51f16551db907d6ac192194735c33cd2aad9e80b7124dbae6c49e92fe3" ++ EventSize: 247 ++ Event: ++ String: "kernel_cmdline: (hd0,gpt2)/vmlinuz-5.14.0-130.el9.x86_64 root=UUID=10d7f09f-7852-4b75-a2b6-2355d99b4376 ro resume=UUID=c39a47a6-aaad-45f9-87f1-26be66fe2a24 console=ttyS0,115200 ima_appraise=fix ima_canonical_fmt ima_policy=tcb ima_template=ima-ng\0" ++- EventNum: 93 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4284fb7e9806b80b5ffd8ac0db1b55806ad915e08830c08423f1dc79857ad230" ++ EventSize: 64 ++ Event: ++ String: "grub_cmd: initrd (hd0,gpt2)/initramfs-5.14.0-130.el9.x86_64.img\0" ++- EventNum: 94 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "3b88d84f382249264ef0e9c6baeed69484b163b913db7a127dd7775be146225d" ++ EventSize: 47 ++ Event: ++ String: "(hd0,gpt2)/initramfs-5.14.0-130.el9.x86_64.img\0" ++- EventNum: 95 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "d8043d6b7b85ad358eb3b6ae6a873ab7ef23a26352c5dc4faa5aeedacf5eb41b" ++ EventSize: 29 ++ Event: |- ++ Exit Boot Services Invocation ++- EventNum: 96 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "b54f7542cbd872a81a9d9dea839b2b8d747c7ebd5ea6615c40f42f44a6dbeba0" ++ EventSize: 40 ++ Event: |- ++ Exit Boot Services Returned with Success ++pcrs: ++ sha256: ++ 0 : 0xfcb620568efe4ac4e15f6dcbc6431cad79bc85c7f2f592e08dde0bf37da6df39 ++ 1 : 0xb2eb2c29be62e89089cf14b827e4feaaf08b48d19ba69981eb2fc43c50a332b1 ++ 2 : 0xf12eecdb5c80b81e5b0ee1d55794a6a6ddb58b8223039b7930134a8515690a17 ++ 3 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 4 : 0x83210a75db8818d9c65d688ce2b8aa9b3ff6dd7b23dd8fbee0c26dd0a7744c6a ++ 5 : 0x7631b54abc865ab7872445ec9cab5993504a5fc88e837eabed390048741e468d ++ 6 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 7 : 0x56c7ba6010e0a8a20c92e3d08baebcf2a7e6544fed33c3ea9523eaa6cd74537a ++ 8 : 0xf2e988cbd9116a83812fa6c1ce4ac70d286ea256c5d71ea15de404fa7b5ff5f1 ++ 9 : 0x82a2887b01c5d730c7059e677ff18d5496c646ea18ace9eb86347bb5f6eb79b9 ++ 14 : 0xa4dad77fb3b6cacbd20f556986c5d917f5e322c123af82d12c5e5b7ef7ae9938 +diff --git a/test/integration/fixtures/event-pretty/event-postcode.bin.yaml b/test/integration/fixtures/event-pretty/event-postcode.bin.yaml +new file mode 100644 +index 0000000..8932218 +--- /dev/null ++++ b/test/integration/fixtures/event-pretty/event-postcode.bin.yaml +@@ -0,0 +1,868 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 37 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 2 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c42fedad268200cb1d15f97841c344e79dae3320" ++ - AlgorithmId: sha256 ++ Digest: "d4720b4009438213b803568017f903093f6bea8ab47d283db32b6eabedbbf155" ++ EventSize: 16 ++ Event: "1efb6b540c1d5540a4ad4ef4bf17b83a" ++- EventNum: 2 ++ PCRIndex: 0 ++ EventType: EV_POST_CODE ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2ae338407a3d9304e82360e9891ac12b89e838a6" ++ - AlgorithmId: sha256 ++ Digest: "533a706b2c32ac3b42342959d4ff906135ebe9de52ecb4b0e0804c153aedcbe4" ++ EventSize: 16 ++ Event: ++ BlobBase: 0xff130000 ++ BlobLength: 0xa7f000 ++- EventNum: 3 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d4fdd1f14d4041494deb8fc990c45343d2277d08" ++ - AlgorithmId: sha256 ++ Digest: "ccfc4bb32888a345bc8aeadaba552b627d99348c767681ab3141f5b01e40a40e" ++ EventSize: 53 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 1 ++ UnicodeName: SecureBoot ++ VariableData: "01" ++- EventNum: 4 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "74695203091adbb40c8420f1b499a6ac1a723962" ++ - AlgorithmId: sha256 ++ Digest: "b161e0347f5f040997f97ff52642d43b3a87b986dae8d776d6af27e6468675e6" ++ EventSize: 1011 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 975 ++ UnicodeName: PK ++ VariableData: "a159c0a5e494a74a87b5ab155c2bf072cf03000000000000b30300005148dc265f19e14a9a19fbf883bbb35e3082039f30820287a00302010202103b98c74f9010d1a94c4383363dced485300d06092a864886f70d01010b05003072310c300a06035504061303555341310b300906035504080c0243413111300f06035504070c0853616e204a6f736531223020060355040a0c195375706572204d6963726f20436f6d707574657220496e632e311e301c06035504030c1553555045524d4943524f20504b2043412032303138301e170d3138313232303031343630345a170d3333313232303031353630335a3072310c300a06035504061303555341310b300906035504080c0243413111300f06035504070c0853616e204a6f736531223020060355040a0c195375706572204d6963726f20436f6d707574657220496e632e311e301c06035504030c1553555045524d4943524f20504b204341203230313830820122300d06092a864886f70d01010105000382010f003082010a0282010100b398bfed1fc069518e4daa9129ce319e1b628e022a15e4271bdace95eae234b9f35d5f41aef62b1d04655206371b2b10ad6a750efaee87d6785755c579986e3936a4eb1769eee7335bc2f0f9e596fbc7ee21db41f5a48a621983a3cb16ab74142c0b586272d0f9e2c95b3176ea0659ba37e43bca8f58b115f9a6cb718cb92269483f735763d5ca54e9ae894b3c4bb7b81ad666d88eee177cd96826d2b4721ccdcb3abd2e14a1941a0be7543b17eb944be4a23490939e50aa5e4dfb1f3491d4506f13a0a5104980cd9b8e452b7ec1b49285c768b2652f58287ccb95090810370a8cb5b5c41840a7ad87b2efa5c29404858802e7fa2be41707b5557e312a65fbad0203010001a331302f300e0603551d0f0101ff040403020186301d0603551d0e041604142f7f6b38d83ab463442ae8edd4f1ceba35688388300d06092a864886f70d01010b050003820101002ae10c936dc7137242fa482ffaef28320b39dd00e43e962a31fa33561b615bf80c7df84d18dbfacca8726595a214cb906028dc0a5b723a9d0e9c6583482224498930b40bf39eafbd5b938db74dec4ab46fe5a435e1f57841181d600b7dfc79de431bf9e916de1e22cd627781759bc07de67c1fab878cf7b978678697c47e2c32f2a273d650cbc446a93a18aa3a1e61086034c58cebb61ccf2081ab7bfcb0d8a582dda9139765e08e62004caa252afd665dedda4e47c29dd5fc69f1aaa6b32d66e0e70b98621e3f0c8f2c665355a987fbbf5f1c0e474c8af8d13d1e87c0ffc64ef39a03995e519fbd84f0760e1ae0973b8cf010386b4bca17fc1105b3b8b2c305" ++- EventNum: 5 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "13f02fbc7383ed7c89017e0b32f60e38e282056c" ++ - AlgorithmId: sha256 ++ Digest: "63c0ee78eb49b91ac213b03768a827ebf9b12370f65851b19a883bf32eaf2a14" ++ EventSize: 1598 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 1560 ++ UnicodeName: KEK ++ VariableData: "a159c0a5e494a74a87b5ab155c2bf0721806000000000000fc050000bd9afa775903324dbd6028f4e78f784b308205e8308203d0a003020102020a610ad188000000000003300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632343230343132395a170d3236303632343230353132395a308180310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312a3028060355040313214d6963726f736f667420436f72706f726174696f6e204b454b204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4e8b58abfad5726b026c3eae7fb577a44025d070dda4ae5742ae6b00fec6debec7fb9e35a63327c11174f0ee30ba73815938ec6f5e084b19a9b2ce7f5b791d609e1e2c004a8ac301cdf48f306509a64a7517fc8854f8f2086cefe2fe19fff82c0ede9cdcef4536a623a0b43b9e225fdfe05f9d4c414ab11e223898d70b7a41d4decaee59cfa16c2d7c1cbd4e8c42fe599ee248b03ec8df28beac34afb4311120b7eb547926cdce60489ebf53304eb10012a71e5f983133cff25092f687646ffba4fbedcad712a58aafb0ed2793de49b653bcc292a9ffc7259a2ebae92eff6351380c602ece45fcc9d76cdef6392c1af79408479877fe352a8e89d7b07698f150203010001a382014f3082014b301006092b06010401823715010403020100301d0603551d0e0416041462fc43cda03ea4cb6712d25bd955ac7bccb68a5f301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100d48488f514941802ca2a3cfb2a921c0cd7a0d1f1e85266a8eea2b5757a9000aa2da4765aea79b7b9376a517b1064f6e164f20267bef7a81b78bdbace8858640cd657c819a35f05d6dbc6d069ce484b32b7eb5dd230f5c0f5b8ba7807a32bfe9bdb345684ec82caae4125709c6be9fe900fd7961fe5e7941fb22a0c8d4bff2829107bf7d77ca5d176b905c879ed0f90929cc2fedf6f7e6c0f7bd4c145dd345196390fe55e56d8180596f407a642b3a077fd0819f27156cc9f8623a487cba6fd587ed4696715917e81f27f13e50d8b8a3c8784ebe3cebd43e5ad2d84938e6a2b5a7c44fa52aa81c82d1cbbe052df0011f89a3dc160b0e133b5a388d165190a1ae7ac7ca4c182874e38b12f0dc514876ffd8d2ebc39b6e7e6c3e0e4cd2784ef9442ef298b9046413b811b67d8f9435965cb0dbcfd00924ff4753ba7a924fc50414079e02d4f0a6a27766e52ed96697baf0ff78705d045c2ad5314811ffb3004aa373661da4a691b34d868edd602cf6c940cd3cf6c2279adb1f0bc03a24660a9c407c22182f1fdf2e8793260bfd8aca522144bcac1d84beb7d3f5735b2e64f75b4b060032253ae91791dd69b411f15865470b2de0d350f7cb03472ba97603bf079eba2b21c5da216b887c5e91bf6b597256f389fe391fa8a7998c3690eb7a31c200597f8ca14ae00d7c4f3c01410756b34a01bb59960f35cb0c5574e36d23284bf9e" ++- EventNum: 6 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "b0a330783903281d43a79ddc6b6bf7aceb3b10fa" ++ - AlgorithmId: sha256 ++ Digest: "a70c57a09bd713fa74a267c2fe5e5553c6c832d330fffaa12c3323c60b016048" ++ EventSize: 5223 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 5187 ++ UnicodeName: db ++ VariableData: "a159c0a5e494a74a87b5ab155c2bf072400600000000000024060000bd9afa775903324dbd6028f4e78f784b30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358a159c0a5e494a74a87b5ab155c2bf0720706000000000000eb050000bd9afa775903324dbd6028f4e78f784b308205d7308203bfa003020102020a61077656000000000008300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3131313031393138343134325a170d3236313031393138353134325a308184310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312e302c060355040313254d6963726f736f66742057696e646f77732050726f64756374696f6e20504341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100dd0cbba2e42e09e3e7c5f79669bc0021bd693333efad04cb5480ee0683bbc52084d9f7d28bf338b0aba4ad2d7c627905ffe34a3f04352070e3c4e76be09cc03675e98a31dd8d70e5dc37b5744696285b8760232cbfdc47a567f751279e72eb07a6c9b91e3b53357ce5d3ec27b9871cfeb9c923096fa84691c16e963c41d3cba33f5d026a4dec691f25285c36fffd43150a94e019b4cfdfc212e2c25b27ee2778308b5b2a096b22895360162cc0681d53baec49f39d618c85680973445d7da2542bdd79f715cf355d6c1c2b5ccebc9c238b6f6eb526d93613c34fd627aeb9323b41922ce1c7cd77e8aa544ef75c0b048765b44318a8b2e06d1977ec5a24fa48030203010001a38201433082013f301006092b06010401823715010403020100301d0603551d0e04160414a92902398e16c49778cd90f99e4f9ae17c55af53301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014d5f656cb8fe8a25c6268d13d94905bd7ce9a18c430560603551d1f044f304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f4365724175745f323031302d30362d32332e63726c305a06082b06010505070101044e304c304a06082b06010505073002863e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f4365724175745f323031302d30362d32332e637274300d06092a864886f70d01010b0500038202010014fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597ea159c0a5e494a74a87b5ab155c2bf07296030000000000007a0300005148dc265f19e14a9a19fbf883bbb35e308203663082024ea003020102020100300d06092a864886f70d01010b05003072310c300a06035504061303555341310b300906035504080c0243413111300f06035504070c0853616e204a6f736531223020060355040a0c195375706572204d6963726f20436f6d707574657220496e632e311e301c06035504030c1553555045524d4943524f20504b2043412032303138301e170d3138313231393030303030305a170d3333313231393030303030305a3077310c300a06035504061303555341310b300906035504080c0243413111300f06035504070c0853616e204a6f736531223020060355040a0c195375706572204d6963726f20436f6d707574657220496e632e3123302106035504030c1a53555045524d4943524f2050726f64756374204341203230313830820122300d06092a864886f70d01010105000382010f003082010a0282010100f1ca4d346a9b816d3f5852e7e7dae114ca309ea8c44f0d6ae069084d3d3539e4592d43d9289d0adc7033a28722aee91892d0dbe605a59f16af74a39b33eea1d2839a958c0b45f6b51c4af9182fc950ec9dec100be8e56e6fb89df08ab2ee123b9cc79046fbb257f1479e2657eaed1ee805397540096043ddec5bd238967d9069e7d3ad39ecebf45507976221a529bfbedf62ec1b1a00065b6c8541ab3f5055024ade1ee1d0a78b94cdb335c6e7de860c813f73296730ce16017b2e958fc69de3930f0c8018f71694aa60791df6094b9e1bf1d33fcc427256d2980629c1fefa5e0f38a557a663f30e6814a57f1cd9f5f553edfed1f6865320013e21a27c6f80070203010001a3023000300d06092a864886f70d01010b05000382010100365dc9c0f57f682738cbc02e279b0851975849d81cfa211fac7bc2c0bffad57bb9c8ca546507292146fc487dfaf3845b647d8671964e16bb8ea59ccb654462ecccba42b68bd8a4db98269ae408a70cdac93b80d363901e64a104127cc21a8de9def4f2d74067e5bad76d6e08c2355f1fdbab5d8ee0a17fd225aaa91a6f31c3a5c0e8f2a3b3475a6958383aa7bb64cc692710a2c40e7295e17e54e95be90cdd71adffb4b0b4280b485c0229942a589a2fb7623e3e1738361441483027642756a121da62b3efc0cbbe8d0267dcc866f2af1c4c4349052389c7628fc66aaf159a8cead746733b30b2a9fcb0737fd33b7cc7791a872b9dcc9498ac300a04259fe31aa159c0a5e494a74a87b5ab155c2bf07266040000000000004a0400005148dc265f19e14a9a19fbf883bbb35e308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604" ++- EventNum: 7 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9e04b683b1ade74270dc6083dd716acc63a33310" ++ - AlgorithmId: sha256 ++ Digest: "a044b4ce4a4dca9af312c897dc56ee1727c385eb88f7cfb9092b8265029d5b1e" ++ EventSize: 3762 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 3724 ++ UnicodeName: dbx ++ VariableData: "2616c4c14c509240aca941f9369343288c0e00000000000030000000bd9afa775903324dbd6028f4e78f784b80b4d96931bf0d02fd91a61e19d14f1da452e66db2408ca8604d411f92659f0abd9afa775903324dbd6028f4e78f784bf52f83a3fa9cfbd6920f722824dbe4034534d25b8507246b3b957dac6e1bce7abd9afa775903324dbd6028f4e78f784bc5d9d8a186e2c82d09afaa2a6f7f2e73870d3e64f72c4e08ef67796a840f0fbdbd9afa775903324dbd6028f4e78f784b363384d14d1f2e0b7815626484c459ad57a318ef4396266048d058c5a19bbf76bd9afa775903324dbd6028f4e78f784b1aec84b84b6c65a51220a9be7181965230210d62d6d33c48999c6b295a2b0a06bd9afa775903324dbd6028f4e78f784be6ca68e94146629af03f69c2f86e6bef62f930b37c6fbcc878b78df98c0334e5bd9afa775903324dbd6028f4e78f784bc3a99a460da464a057c3586d83cef5f4ae08b7103979ed8932742df0ed530c66bd9afa775903324dbd6028f4e78f784b58fb941aef95a25943b3fb5f2510a0df3fe44c58c95e0ab80487297568ab9771bd9afa775903324dbd6028f4e78f784b5391c3a2fb112102a6aa1edc25ae77e19f5d6f09cd09eeb2509922bfcd5992eabd9afa775903324dbd6028f4e78f784bd626157e1d6a718bc124ab8da27cbb65072ca03a7b6b257dbdcbbd60f65ef3d1bd9afa775903324dbd6028f4e78f784bd063ec28f67eba53f1642dbf7dff33c6a32add869f6013fe162e2c32f1cbe56dbd9afa775903324dbd6028f4e78f784b29c6eb52b43c3aa18b2cd8ed6ea8607cef3cfae1bafe1165755cf2e614844a44bd9afa775903324dbd6028f4e78f784b90fbe70e69d633408d3e170c6832dbb2d209e0272527dfb63d49d29572a6f44cbd9afa775903324dbd6028f4e78f784b075eea060589548ba060b2feed10da3c20c7fe9b17cd026b94e8a683b8115238bd9afa775903324dbd6028f4e78f784b07e6c6a858646fb1efc67903fe28b116011f2367fe92e6be2b36999eff39d09ebd9afa775903324dbd6028f4e78f784b09df5f4e511208ec78b96d12d08125fdb603868de39f6f72927852599b659c26bd9afa775903324dbd6028f4e78f784b0bbb4392daac7ab89b30a4ac657531b97bfaab04f90b0dafe5f9b6eb90a06374bd9afa775903324dbd6028f4e78f784b0c189339762df336ab3dd006a463df715a39cfb0f492465c600e6c6bd7bd898cbd9afa775903324dbd6028f4e78f784b0d0dbeca6f29eca06f331a7d72e4884b12097fb348983a2a14a0d73f4f10140fbd9afa775903324dbd6028f4e78f784b0dc9f3fb99962148c3ca833632758d3ed4fc8d0b0007b95b31e6528f2acd5bfcbd9afa775903324dbd6028f4e78f784b106faceacfecfd4e303b74f480a08098e2d0802b936f8ec774ce21f31686689cbd9afa775903324dbd6028f4e78f784b174e3a0b5b43c6a607bbd3404f05341e3dcf396267ce94f8b50e2e23a9da920cbd9afa775903324dbd6028f4e78f784b18333429ff0562ed9f97033e1148dceee52dbe2e496d5410b5cfd6c864d2d10fbd9afa775903324dbd6028f4e78f784b2b99cf26422e92fe365fbf4bc30d27086c9ee14b7a6fff44fb2f6b9001699939bd9afa775903324dbd6028f4e78f784b2bbf2ca7b8f1d91f27ee52b6fb2a5dd049b85a2b9b529c5d6662068104b055f8bd9afa775903324dbd6028f4e78f784b2c73d93325ba6dcbe589d4a4c63c5b935559ef92fbf050ed50c4e2085206f17dbd9afa775903324dbd6028f4e78f784b2e70916786a6f773511fa7181fab0f1d70b557c6322ea923b2a8d3b92b51af7dbd9afa775903324dbd6028f4e78f784b306628fa5477305728ba4a467de7d0387a54f569d3769fce5e75ec89d28d1593bd9afa775903324dbd6028f4e78f784b3608edbaf5ad0f41a414a1777abf2faf5e670334675ec3995e6935829e0caad2bd9afa775903324dbd6028f4e78f784b3841d221368d1583d75c0a02e62160394d6c4e0a6760b6f607b90362bc855b02bd9afa775903324dbd6028f4e78f784b3fce9b9fdf3ef09d5452b0f95ee481c2b7f06d743a737971558e70136ace3e73bd9afa775903324dbd6028f4e78f784b4397daca839e7f63077cb50c92df43bc2d2fb2a8f59f26fc7a0e4bd4d9751692bd9afa775903324dbd6028f4e78f784b47cc086127e2069a86e03a6bef2cd410f8c55a6d6bdb362168c31b2ce32a5adfbd9afa775903324dbd6028f4e78f784b518831fe7382b514d03e15c621228b8ab65479bd0cbfa3c5c1d0f48d9c306135bd9afa775903324dbd6028f4e78f784b5ae949ea8855eb93e439dbc65bda2e42852c2fdf6789fa146736e3c3410f2b5cbd9afa775903324dbd6028f4e78f784b6b1d138078e4418aa68deb7bb35e066092cf479eeb8ce4cd12e7d072ccb42f66bd9afa775903324dbd6028f4e78f784b6c8854478dd559e29351b826c06cb8bfef2b94ad3538358772d193f82ed1ca11bd9afa775903324dbd6028f4e78f784b6f1428ff71c9db0ed5af1f2e7bbfcbab647cc265ddf5b293cdb626f50a3a785ebd9afa775903324dbd6028f4e78f784b71f2906fd222497e54a34662ab2497fcc81020770ff51368e9e3d9bfcbfd6375bd9afa775903324dbd6028f4e78f784b726b3eb654046a30f3f83d9b96ce03f670e9a806d1708a0371e62dc49d2c23c1bd9afa775903324dbd6028f4e78f784b72e0bd1867cf5d9d56ab158adf3bddbc82bf32a8d8aa1d8c5e2f6df29428d6d8bd9afa775903324dbd6028f4e78f784b7827af99362cfaf0717dade4b1bfe0438ad171c15addc248b75bf8caa44bb2c5bd9afa775903324dbd6028f4e78f784b81a8b965bb84d3876b9429a95481cc955318cfaa1412d808c8a33bfd33fff0e4bd9afa775903324dbd6028f4e78f784b82db3bceb4f60843ce9d97c3d187cd9b5941cd3de8100e586f2bda5637575f67bd9afa775903324dbd6028f4e78f784b895a9785f617ca1d7ed44fc1a1470b71f3f1223862d9ff9dcc3ae2df92163dafbd9afa775903324dbd6028f4e78f784b8ad64859f195b5f58dafaa940b6a6167acd67a886e8f469364177221c55945b9bd9afa775903324dbd6028f4e78f784b8bf434b49e00ccf71502a2cd900865cb01ec3b3da03c35be505fdf7bd563f521bd9afa775903324dbd6028f4e78f784b8d8ea289cfe70a1c07ab7365cb28ee51edd33cf2506de888fbadd60ebf80481cbd9afa775903324dbd6028f4e78f784b9998d363c491be16bd74ba10b94d9291001611736fdca643a36664bc0f315a42bd9afa775903324dbd6028f4e78f784b9e4a69173161682e55fde8fef560eb88ec1ffedcaf04001f66c0caf707b2b734bd9afa775903324dbd6028f4e78f784ba6b5151f3655d3a2af0d472759796be4a4200e5495a7d869754c4848857408a7bd9afa775903324dbd6028f4e78f784ba7f32f508d4eb0fead9a087ef94ed1ba0aec5de6f7ef6ff0a62b93bedf5d458dbd9afa775903324dbd6028f4e78f784bad6826e1946d26d3eaf3685c88d97d85de3b4dcb3d0ee2ae81c70560d13c5720bd9afa775903324dbd6028f4e78f784baeebae3151271273ed95aa2e671139ed31a98567303a332298f83709a9d55aa1bd9afa775903324dbd6028f4e78f784bafe2030afb7d2cda13f9fa333a02e34f6751afec11b010dbcd441fdf4c4002b3bd9afa775903324dbd6028f4e78f784bb54f1ee636631fad68058d3b0937031ac1b90ccb17062a391cca68afdbe40d55bd9afa775903324dbd6028f4e78f784bb8f078d983a24ac433216393883514cd932c33af18e7dd70884c8235f4275736bd9afa775903324dbd6028f4e78f784bb97a0889059c035ff1d54b6db53b11b9766668d9f955247c028b2837d7a04cd9bd9afa775903324dbd6028f4e78f784bbc87a668e81966489cb508ee805183c19e6acd24cf17799ca062d2e384da0ea7bd9afa775903324dbd6028f4e78f784bc409bdac4775add8db92aa22b5b718fb8c94a1462c1fe9a416b95d8a3388c2fcbd9afa775903324dbd6028f4e78f784bc617c1a8b1ee2a811c28b5a81b4c83d7c98b5b0c27281d610207ebe692c2967fbd9afa775903324dbd6028f4e78f784bc90f336617b8e7f983975413c997f10b73eb267fd8a10cb9e3bdbfc667abdb8bbd9afa775903324dbd6028f4e78f784bcb6b858b40d3a098765815b592c1514a49604fafd60819da88d7a76e9778fef7bd9afa775903324dbd6028f4e78f784bce3bfabe59d67ce8ac8dfd4a16f7c43ef9c224513fbc655957d735fa29f540cebd9afa775903324dbd6028f4e78f784bd8cbeb9735f5672b367e4f96cdc74969615d17074ae96c724d42ce0216f8f3fabd9afa775903324dbd6028f4e78f784be92c22eb3b5642d65c1ec2caf247d2594738eebb7fb3841a44956f59e2b0d1fabd9afa775903324dbd6028f4e78f784bfddd6e3d29ea84c7743dad4a1bdbc700b5fec1b391f932409086acc71dd6dbd8bd9afa775903324dbd6028f4e78f784bfe63a84f782cc9d3fcf2ccf9fc11fbd03760878758d26285ed12669bdc6e6d01bd9afa775903324dbd6028f4e78f784bfecfb232d12e994b6d485d2c7167728aa5525984ad5ca61e7516221f079a1436bd9afa775903324dbd6028f4e78f784bca171d614a8d7e121c93948cd0fe55d39981f9d11aa96e03450a415227c2c65bbd9afa775903324dbd6028f4e78f784b55b99b0de53dbcfe485aa9c737cf3fb616ef3d91fab599aa7cab19eda763b5babd9afa775903324dbd6028f4e78f784b77dd190fa30d88ff5e3b011a0ae61e6209780c130b535ecb87e6f0888a0b6b2fbd9afa775903324dbd6028f4e78f784bc83cb13922ad99f560744675dd37cc94dcad5a1fcba6472fee341171d939e884bd9afa775903324dbd6028f4e78f784b3b0287533e0cc3d0ec1aa823cbf0a941aad8721579d1c499802dd1c3a636b8a9bd9afa775903324dbd6028f4e78f784b939aeef4f5fa51e23340c3f2e49048ce8872526afdf752c3a7f3a3f2bc9f6049bd9afa775903324dbd6028f4e78f784b64575bd912789a2e14ad56f6341f52af6bf80cf94400785975e9f04e2d64d745bd9afa775903324dbd6028f4e78f784b45c7c8ae750acfbb48fc37527d6412dd644daed8913ccd8a24c94d856967df8e" ++- EventNum: 8 ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 9 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1ed5faf8fa9dad50d625e1a6074768bf9a84310a" ++ - AlgorithmId: sha256 ++ Digest: "5e289969ac801159131e1f597da9e097abf0539692cb1b1b6199f4609ca81cac" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x64024018 ++ ImageLengthInMemory: 824656 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: 'PciRoot(0x1)/Pci(0x0,0x0)/Pci(0x0,0x0)/Offset(0x24638,0x645ff)' ++- EventNum: 10 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1ed5faf8fa9dad50d625e1a6074768bf9a84310a" ++ - AlgorithmId: sha256 ++ Digest: "5e289969ac801159131e1f597da9e097abf0539692cb1b1b6199f4609ca81cac" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x63f5a018 ++ ImageLengthInMemory: 824656 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: 'PciRoot(0x1)/Pci(0x0,0x0)/Pci(0x0,0x1)/Offset(0x24638,0x645ff)' ++- EventNum: 11 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1ed5faf8fa9dad50d625e1a6074768bf9a84310a" ++ - AlgorithmId: sha256 ++ Digest: "5e289969ac801159131e1f597da9e097abf0539692cb1b1b6199f4609ca81cac" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x63e8f018 ++ ImageLengthInMemory: 824656 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: 'PciRoot(0x7)/Pci(0x0,0x0)/Pci(0x0,0x0)/Offset(0x24638,0x645ff)' ++- EventNum: 12 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1ed5faf8fa9dad50d625e1a6074768bf9a84310a" ++ - AlgorithmId: sha256 ++ Digest: "5e289969ac801159131e1f597da9e097abf0539692cb1b1b6199f4609ca81cac" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x63dc4018 ++ ImageLengthInMemory: 824656 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: 'PciRoot(0x7)/Pci(0x0,0x0)/Pci(0x0,0x1)/Offset(0x24638,0x645ff)' ++- EventNum: 13 ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 14 ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 15 ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 16 ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 17 ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 18 ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 19 ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 20 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3fbcdfed545f8a229ff7ab955838c216bc73226e" ++ - AlgorithmId: sha256 ++ Digest: "81c2bf2cd2e222b0c5f8a78c860f1a94a4ae9683fc8bf1cc4ccd1ac95c3ec1f1" ++ EventSize: 82 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 9 ++ VariableDataLength: 32 ++ UnicodeName: BootOrder ++ VariableData: "03000400050006000700080009000a000b000c000d000e000f00100011001200" ++- EventNum: 21 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ab8f235cfec34cb945db379107964afb766d63a0" ++ - AlgorithmId: sha256 ++ Digest: "fea5577091d37bed72a87bb407cb56033c6e01d326fd6abc5e0e34e6f18ef669" ++ EventSize: 412 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 364 ++ UnicodeName: Boot0003 ++ VariableData: "01000000d60055004500460049003a0020005000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004300000002010c00d041030a03000000010106000000010106000000030b25000cc47aff601c000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 22 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a283f8148c1a2274d20ae232774e0d49d86352bb" ++ - AlgorithmId: sha256 ++ Digest: "bd7135d4382ec425c4bcd2883b4c3158e614b2fe6c34772b827908d645608e54" ++ EventSize: 412 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 364 ++ UnicodeName: Boot0004 ++ VariableData: "01000000d60055004500460049003a0020005000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004400000002010c00d041030a03000000010106000000010106000100030b25000cc47aff601d000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 23 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6079de507c12a31a519f0d6b2d8523a009939479" ++ - AlgorithmId: sha256 ++ Digest: "9e6f529175c70959d5fb6cd20e581c50a073b2706a84f8f6e0047e268c859a1f" ++ EventSize: 412 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 364 ++ UnicodeName: Boot0005 ++ VariableData: "01000000d60055004500460049003a0020005000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004500000002010c00d041030a03000000010106000000010106000200030b25000cc47aff601e000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 24 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "491c47728c2a764a713ca293dd86a3bcc6574acd" ++ - AlgorithmId: sha256 ++ Digest: "e1164ad4c9a72c7461b52147d07a919239f6cd3060371030147ea22d2f295e8b" ++ EventSize: 412 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 364 ++ UnicodeName: Boot0006 ++ VariableData: "01000000d60055004500460049003a0020005000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004600000002010c00d041030a03000000010106000000010106000300030b25000cc47aff601f000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 25 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cccd72d0384c263c30083350e922cd88455ae4af" ++ - AlgorithmId: sha256 ++ Digest: "d9166803ad7ec9bf31c784603e67d1871a8e78fdb731aa307a6a784f7247e210" ++ EventSize: 445 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 397 ++ UnicodeName: Boot0007 ++ VariableData: "01000000f70055004500460049003a0020005000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004300000002010c00d041030a03000000010106000000010106000000030b25000cc47aff601c000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 26 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "40799f11371d4622bdc9dc56df37275232198cdd" ++ - AlgorithmId: sha256 ++ Digest: "1a596869d57e235fc7ec6d1f6acd1bd1cbd2f9ec3440d6b3487bd324aaa19201" ++ EventSize: 445 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 397 ++ UnicodeName: Boot0008 ++ VariableData: "01000000f70055004500460049003a0020005000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004400000002010c00d041030a03000000010106000000010106000100030b25000cc47aff601d000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 27 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "27c7946f5b4dfed6d0eed64012ee65c2cad395c1" ++ - AlgorithmId: sha256 ++ Digest: "619b3c339875dd903a0421c4074391eca096aa640d73fc6c54a3dc37634d176d" ++ EventSize: 445 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 397 ++ UnicodeName: Boot0009 ++ VariableData: "01000000f70055004500460049003a0020005000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004500000002010c00d041030a03000000010106000000010106000200030b25000cc47aff601e000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 28 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9f65926fbb5e7aa9178e7184a0fa8213225ad8e0" ++ - AlgorithmId: sha256 ++ Digest: "6e11a6a0b05f717762254ffefa804f3891935e2718171cb808083ffb4d420910" ++ EventSize: 445 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 397 ++ UnicodeName: Boot000A ++ VariableData: "01000000f70055004500460049003a0020005000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004600000002010c00d041030a03000000010106000000010106000300030b25000cc47aff601f000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 29 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "43b8993cc724aef0ff74266de7f418afe4869af1" ++ - AlgorithmId: sha256 ++ Digest: "1a111c5eefbe71a0b88d3b4e3faea54e244b436efc17cee609c23f933cfdb928" ++ EventSize: 428 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 380 ++ UnicodeName: Boot000B ++ VariableData: "01000000de0055004500460049003a002000500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200320020002d002000390038003000330039004200380035003100330042003200000002010c00d041030a01000000010106000000010106000000030b250098039b8513b2000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200320000007fff04000000424f" ++- EventNum: 30 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a0a104cc409220ad2ce2a1b62059524ae3aff0fe" ++ - AlgorithmId: sha256 ++ Digest: "46939493ec49f3e48eb0343f41f7398d650b3c7f8a7786977fd0a0250bec3a34" ++ EventSize: 428 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 380 ++ UnicodeName: Boot000C ++ VariableData: "01000000de0055004500460049003a002000500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200330020002d002000390038003000330039004200380035003100330042003300000002010c00d041030a01000000010106000000010106000100030b250098039b8513b3000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200330000007fff04000000424f" ++- EventNum: 31 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "60fe0bf01ce026034c6b8118ebeea0c475a540f2" ++ - AlgorithmId: sha256 ++ Digest: "3931124f8b48fee5d7ecd2aad1bd1ef5b5f963b82533540fbe613093941feb6d" ++ EventSize: 428 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 380 ++ UnicodeName: Boot000D ++ VariableData: "01000000de0055004500460049003a002000500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100450020002d002000390038003000330039004200380034004200330041004500000002010c00d041030a07000000010106000000010106000000030b250098039b84b3ae000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100450000007fff04000000424f" ++- EventNum: 32 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "65c18f85c810ce0ad60ef430a52720afb5bab9ce" ++ - AlgorithmId: sha256 ++ Digest: "74c91d245d5eaf3f0f90632ddf130b761e2eb0e32f1f9e7ded3dea1077b62b45" ++ EventSize: 428 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 380 ++ UnicodeName: Boot000E ++ VariableData: "01000000de0055004500460049003a002000500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100460020002d002000390038003000330039004200380034004200330041004600000002010c00d041030a07000000010106000000010106000100030b250098039b84b3af000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100460000007fff04000000424f" ++- EventNum: 33 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f09ac7d0f63fabb71a6e07f42ccb8b33f6eda18c" ++ - AlgorithmId: sha256 ++ Digest: "13538ae1f5d103bf4cb869a03af4ea3f4e519c72d2ce03c746b69d70b01b01b7" ++ EventSize: 461 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 413 ++ UnicodeName: Boot000F ++ VariableData: "01000000ff0055004500460049003a002000500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200320020002d002000390038003000330039004200380035003100330042003200000002010c00d041030a01000000010106000000010106000000030b250098039b8513b2000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200320000007fff04000000424f" ++- EventNum: 34 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "193d033d6ab3c90a60a36aff76b9b7dfd907a35c" ++ - AlgorithmId: sha256 ++ Digest: "c446edae2ef61641940b7b7327727f46d6949976e01bce7d9be6f59a61c8e5c6" ++ EventSize: 461 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 413 ++ UnicodeName: Boot0010 ++ VariableData: "01000000ff0055004500460049003a002000500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200330020002d002000390038003000330039004200380035003100330042003300000002010c00d041030a01000000010106000000010106000100030b250098039b8513b3000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200330000007fff04000000424f" ++- EventNum: 35 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c0b3116068d56a56863a02bc9db22056473610b2" ++ - AlgorithmId: sha256 ++ Digest: "b647961910b82cd63606cafd5308b071d70470d215dd8df122323bda413a7549" ++ EventSize: 461 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 413 ++ UnicodeName: Boot0011 ++ VariableData: "01000000ff0055004500460049003a002000500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100450020002d002000390038003000330039004200380034004200330041004500000002010c00d041030a07000000010106000000010106000000030b250098039b84b3ae000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100450000007fff04000000424f" ++- EventNum: 36 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "03fc508b0686f5b664f10096d0e0a79c149ad04a" ++ - AlgorithmId: sha256 ++ Digest: "f0da5d94cd5a4bd61074301f7d97559ed9299a3d11abfdddb597d4c9116fc28b" ++ EventSize: 461 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 413 ++ UnicodeName: Boot0012 ++ VariableData: "01000000ff0055004500460049003a002000500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100460020002d002000390038003000330039004200380034004200330041004600000002010c00d041030a07000000010106000000010106000100030b250098039b84b3af000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100460000007fff04000000424f" ++- EventNum: 37 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8b5866854c0b829dd967a1d9f100a3920d412792" ++ - AlgorithmId: sha256 ++ Digest: "4d4a8e2c74133bbdc01a16eaf2dbb5d575afeb36f5d8dfcf609ae043909e2ee9" ++ EventSize: 1608 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 1572 ++ UnicodeName: db ++ VariableData: "bd9afa775903324dbd6028f4e78f784b30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358" ++- EventNum: 38 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d0e6f939f1304a83975f34ff678da573ae2b3ee5" ++ - AlgorithmId: sha256 ++ Digest: "007f4c95125713b112093e21663e2d23e3c1ae9ce4b5de0d58a297332336a2d8" ++ EventSize: 124 ++ Event: ++ ImageLocationInMemory: 0x6202f018 ++ ImageLengthInMemory: 1334816 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 92 ++ DevicePath: 'PciRoot(0x3)/Pci(0x0,0x0)/Pci(0x0,0x0)/MAC(0cc47aff601c,1)/IPv4(0.0.0.00.0.0.0,0,0)' ++- EventNum: 39 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "55bff7d9ff94e4b2bd103689efdc8ae260671a05" ++ - AlgorithmId: sha256 ++ Digest: "aa1bfb5a9f43668a5dcea2d1af0b7d9535c45c7cd63cc990d3148b76e5360e63" ++ EventSize: 41 ++ Event: ++ ImageLocationInMemory: 0x0 ++ ImageLengthInMemory: 0 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 0 ++ DevicePath: '' ++- EventNum: 40 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "185db6197a44b1f2e728982752efbd86ee6cb5df" ++ - AlgorithmId: sha256 ++ Digest: "70f0dca0fd93403e2ed2e7106781db1e002b1cbae77ff3a2e23cab46eb6349d2" ++ EventSize: 1126 ++ Event: ++ VariableName: 605dab50-e046-4300-abb6-3dd810dd8b23 ++ UnicodeNameLength: 4 ++ VariableDataLength: 1080 ++ UnicodeName: Shim ++ VariableData: "308204343082031ca003020102020900b94124a0182c9267300d06092a864886f70d01010b0500308184310b30090603550406130247423114301206035504080c0b49736c65206f66204d616e3110300e06035504070c07446f75676c617331173015060355040a0c0e43616e6f6e6963616c204c74642e3134303206035504030c2b43616e6f6e6963616c204c74642e204d617374657220436572746966696361746520417574686f72697479301e170d3132303431323131313235315a170d3432303431313131313235315a308184310b30090603550406130247423114301206035504080c0b49736c65206f66204d616e3110300e06035504070c07446f75676c617331173015060355040a0c0e43616e6f6e6963616c204c74642e3134303206035504030c2b43616e6f6e6963616c204c74642e204d617374657220436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bf5b3a1674ee215dae61ed9d56acbddede72f3dd7e2d4c620facc06d480811cf8d8bfb611f27cc116ed9553d3954eb403bb1bbe2853479caf77bbfba7ac8102d197dad59cfa6d4e94e0fdaae52ea4c9e90cec6990d4e6765785df9d1d5384a4a7a8f939c7f1aa385dbcefa8bf7c2a2212d9b5441351057138d6cbc2906504a7eea99a968a73bc7071b329ea019870e79bb68992d7e9352e5f6ebc99bf92bedb86849bcd99550405bc5b271aaeb5c57de71f9400add5bac1e842d501a52d6e1f36b6e90644f5bb4eb20e46110da5af0eae442d701c4fe211fd9b9c05495428152721f49647ac86c24f108700b4da5a032d1a01c57a84de3afa58e05053e1043a10203010001a381a63081a3301d0603551d0e04160414ad91990bc22ab1f517048c23b6655a268e345a63301f0603551d23041830168014ad91990bc22ab1f517048c23b6655a268e345a63300f0603551d130101ff040530030101ff300b0603551d0f04040302018630430603551d1f043c303a3038a036a0348632687474703a2f2f7777772e63616e6f6e6963616c2e636f6d2f7365637572652d626f6f742d6d61737465722d63612e63726c300d06092a864886f70d01010b050003820101003f7df676a5b383b42b7ad06d521a0383c412a7509c4792ccc0947782d2ae57b39904f5323ac6551d07db12a956fad8d47620ebe4c351db9a5c9c923f1873da946aa199388ca4886dc1fc3971d0747616033e562335d555475b1a1d41c2d3124cdcffae0a929c620a17019c73e05eb1fdbcd6b519117a7ecd3e037e66db5ba8c9394851ff53e19c3153911b3b10750317bae681028094704c46b794b03d15cd1f8e02e068028ffbf9471d7da201c60751c49accedddcfa35ded92bbbed1fde6ec1f33517304be3c72b07d08f801ff987dcb9ce069397725477188b18d27a52ea8f73f5f8069973ea9f49914dbce030e0b66c41c6dbdb82777c14294bdfc6a0abc" ++- EventNum: 41 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1bdd2d91eb90e0994dd7c665f0bf723dec5c157e" ++ - AlgorithmId: sha256 ++ Digest: "88f548359c31bb4694f1cc1adfab640b2029b6b0e36fb0f0dbd536f6a67d8303" ++ EventSize: 63 ++ Event: ++ String: "grub_cmd: [ -e (tftp,192.168.0.141)/grub/x86_64-efi/grub.cfg ]\0" ++- EventNum: 42 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "06e3f9ed5c9c31597b78acf87952c85e32b92140" ++ - AlgorithmId: sha256 ++ Digest: "6446c28b60e77f34a8179eb81c80f9f62e0f9715db2c5bcff0f17a6297d683e9" ++ EventSize: 52 ++ Event: ++ String: "grub_cmd: source (tftp,192.168.0.141)/grub/grub.cfg\0" ++- EventNum: 43 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "92611a41b323df54a007d06aad1364ff9f38ec38" ++ - AlgorithmId: sha256 ++ Digest: "4bdd31ce57984441a126b501f74994482d7ad8929b7e2ed6c0371aeeca81ccd7" ++ EventSize: 35 ++ Event: ++ String: "(tftp,192.168.0.141)/grub/grub.cfg\0" ++- EventNum: 44 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9a4012c67699622cf0e3ad17d2b8193bbef96da5" ++ - AlgorithmId: sha256 ++ Digest: "60415688e1c91b8b66b7453a895281506a1ff292093e4d3648fba6e7215d0e5b" ++ EventSize: 63 ++ Event: ++ String: "grub_cmd: configfile /boot/grub2/grub.cfg-01-0c:c4:7a:ff:60:1c\0" ++- EventNum: 45 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ab17c9d242ec3b97277d8ccff1d60040bd58c1ea" ++ - AlgorithmId: sha256 ++ Digest: "befbf1d7af3da4279cafb9f5104ff24cb3f029c7401cd03d50549f24241d0649" ++ EventSize: 42 ++ Event: ++ String: "/boot/grub2/grub.cfg-01-0c:c4:7a:ff:60:1c\0" ++- EventNum: 46 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "732c713a6f4c3a388ee1b46624b7c3fe34d59d50" ++ - AlgorithmId: sha256 ++ Digest: "71a5b3b21ac3862f40fabb745a9649c3a1d34249b9706524c90b2480c298beb0" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: set timeout=5\0" ++- EventNum: 47 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "067c1a87d082adda86e3e67c203723a43e4a6521" ++ - AlgorithmId: sha256 ++ Digest: "428ed11d62fff908eb26e85f2f36e59afa4234021664362aab1e5cd4e47081a7" ++ EventSize: 55 ++ Event: ++ String: "grub_cmd: set default=xCAT OS Deployment, ugly GA hack\0" ++- EventNum: 48 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f35488600a1319bb1ead72da6b55dceac2f8b5d5" ++ - AlgorithmId: sha256 ++ Digest: "aa151571c8d7ca866db234cfa68de48ea496d7222eadefdd261a15d7a9bdb861" ++ EventSize: 466 ++ Event: ++ String: "grub_cmd: menuentry xCAT OS Deployment, ugly GA hack {\n\ ++ \x20\x20\x20\x20echo \"Loading VEHV kernel ...\"\n\ ++ \x20\x20\x20\x20linux /xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/kernel imgurl=http://192.168.0.141//install/netboot/ubuntu18.04/x86_64/vgen/rootimg.tar.gz XCAT=192.168.0.141:3001 console=tty0 console=ttyS0,115200 biosdevname=0 net.ifnames=0 BOOTIF=01-$net_default_mac\n\ ++ \x20\x20\x20\x20echo \"Loading VEHV ramdisk ...\"\n\ ++ \x20\x20\x20\x20initrd /xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/initrd-stateless.gz\n\ ++ }\0" ++- EventNum: 49 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ac5dcc7ddd86999727f50debc576e3d946f49dec" ++ - AlgorithmId: sha256 ++ Digest: "78a5cbf6ecba75a2900414314c4e2f9e3fd584ea8adc3876bace146679a03e8e" ++ EventSize: 53 ++ Event: ++ String: "grub_cmd: setparams xCAT OS Deployment, ugly GA hack\0" ++- EventNum: 50 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "30e89627e89f64dd128b48ff07e6604b7ecb10f3" ++ - AlgorithmId: sha256 ++ Digest: "bde7442e3918d9117eae0ebeab987d68b157f67b6ab47241651fe2d52db6fa1d" ++ EventSize: 39 ++ Event: ++ String: "grub_cmd: echo Loading VEHV kernel ...\0" ++- EventNum: 51 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7db0ad939a4643bc2bd1ba334d13ad4ab8958af0" ++ - AlgorithmId: sha256 ++ Digest: "39b1815072ffc4dc737aa771781840f6534784a606de47026bbbb1e1283033e3" ++ EventSize: 267 ++ Event: ++ String: "grub_cmd: linux /xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/kernel imgurl=http://192.168.0.141//install/netboot/ubuntu18.04/x86_64/vgen/rootimg.tar.gz XCAT=192.168.0.141:3001 console=tty0 console=ttyS0,115200 biosdevname=0 net.ifnames=0 BOOTIF=01-0c:c4:7a:ff:60:1c\0" ++- EventNum: 52 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "52fa768d85240139c2d78d385b8cf19198f29ddf" ++ - AlgorithmId: sha256 ++ Digest: "5d8a44f7a785a2cb018cdfa2d29a6952e64739b2436e1ca33871d2af6a66e49e" ++ EventSize: 53 ++ Event: ++ String: "/xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/kernel\0" ++- EventNum: 53 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a4a911e25729725d9896fdf1bd3c21280f0b39fd" ++ - AlgorithmId: sha256 ++ Digest: "b0a2cdff7294f3831689383d895a90fc4ff6dacde3878e3c8bb28055ba0051ab" ++ EventSize: 41 ++ Event: ++ ImageLocationInMemory: 0x0 ++ ImageLengthInMemory: 0 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 0 ++ DevicePath: '' ++- EventNum: 54 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "185db6197a44b1f2e728982752efbd86ee6cb5df" ++ - AlgorithmId: sha256 ++ Digest: "70f0dca0fd93403e2ed2e7106781db1e002b1cbae77ff3a2e23cab46eb6349d2" ++ EventSize: 1126 ++ Event: ++ VariableName: 605dab50-e046-4300-abb6-3dd810dd8b23 ++ UnicodeNameLength: 4 ++ VariableDataLength: 1080 ++ UnicodeName: Shim ++ VariableData: "308204343082031ca003020102020900b94124a0182c9267300d06092a864886f70d01010b0500308184310b30090603550406130247423114301206035504080c0b49736c65206f66204d616e3110300e06035504070c07446f75676c617331173015060355040a0c0e43616e6f6e6963616c204c74642e3134303206035504030c2b43616e6f6e6963616c204c74642e204d617374657220436572746966696361746520417574686f72697479301e170d3132303431323131313235315a170d3432303431313131313235315a308184310b30090603550406130247423114301206035504080c0b49736c65206f66204d616e3110300e06035504070c07446f75676c617331173015060355040a0c0e43616e6f6e6963616c204c74642e3134303206035504030c2b43616e6f6e6963616c204c74642e204d617374657220436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bf5b3a1674ee215dae61ed9d56acbddede72f3dd7e2d4c620facc06d480811cf8d8bfb611f27cc116ed9553d3954eb403bb1bbe2853479caf77bbfba7ac8102d197dad59cfa6d4e94e0fdaae52ea4c9e90cec6990d4e6765785df9d1d5384a4a7a8f939c7f1aa385dbcefa8bf7c2a2212d9b5441351057138d6cbc2906504a7eea99a968a73bc7071b329ea019870e79bb68992d7e9352e5f6ebc99bf92bedb86849bcd99550405bc5b271aaeb5c57de71f9400add5bac1e842d501a52d6e1f36b6e90644f5bb4eb20e46110da5af0eae442d701c4fe211fd9b9c05495428152721f49647ac86c24f108700b4da5a032d1a01c57a84de3afa58e05053e1043a10203010001a381a63081a3301d0603551d0e04160414ad91990bc22ab1f517048c23b6655a268e345a63301f0603551d23041830168014ad91990bc22ab1f517048c23b6655a268e345a63300f0603551d130101ff040530030101ff300b0603551d0f04040302018630430603551d1f043c303a3038a036a0348632687474703a2f2f7777772e63616e6f6e6963616c2e636f6d2f7365637572652d626f6f742d6d61737465722d63612e63726c300d06092a864886f70d01010b050003820101003f7df676a5b383b42b7ad06d521a0383c412a7509c4792ccc0947782d2ae57b39904f5323ac6551d07db12a956fad8d47620ebe4c351db9a5c9c923f1873da946aa199388ca4886dc1fc3971d0747616033e562335d555475b1a1d41c2d3124cdcffae0a929c620a17019c73e05eb1fdbcd6b519117a7ecd3e037e66db5ba8c9394851ff53e19c3153911b3b10750317bae681028094704c46b794b03d15cd1f8e02e068028ffbf9471d7da201c60751c49accedddcfa35ded92bbbed1fde6ec1f33517304be3c72b07d08f801ff987dcb9ce069397725477188b18d27a52ea8f73f5f8069973ea9f49914dbce030e0b66c41c6dbdb82777c14294bdfc6a0abc" ++- EventNum: 55 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "b84ea12d849d71d1777287b791d0eaf5be331c5e" ++ - AlgorithmId: sha256 ++ Digest: "2a4dcb8a22ce5ce97d674fb86f7e94a3f8c71f264803edb6c871c8c675eb744b" ++ EventSize: 267 ++ Event: ++ String: "kernel_cmdline: /xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/kernel imgurl=http://192.168.0.141//install/netboot/ubuntu18.04/x86_64/vgen/rootimg.tar.gz XCAT=192.168.0.141:3001 console=tty0 console=ttyS0,115200 biosdevname=0 net.ifnames=0 BOOTIF=01-0c:c4:7a:ff:60:1c\0" ++- EventNum: 56 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1e3a4b1eba1da6d04ed5902a3abb2e6357859bec" ++ - AlgorithmId: sha256 ++ Digest: "bb67e049956aba1e2bdac24fe084d847cf6df4d0a83c04827cf7b0d7a6c41e3f" ++ EventSize: 40 ++ Event: ++ String: "grub_cmd: echo Loading VEHV ramdisk ...\0" ++- EventNum: 57 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d4fe7b7837332820493b3a17ba489170944b9c08" ++ - AlgorithmId: sha256 ++ Digest: "20171c421048f16cd0cf462605f3cfb4a7848ac7a17ff5e11edf2d36cc59bb5a" ++ EventSize: 83 ++ Event: ++ String: "grub_cmd: initrd /xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/initrd-stateless.gz\0" ++- EventNum: 58 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "12283aac809935035a801c143f752fbdd17453db" ++ - AlgorithmId: sha256 ++ Digest: "2c9d05e2b84937893f7a6ea92446d1ca0b1619ef28118d218649e1421872c9eb" ++ EventSize: 66 ++ Event: ++ String: "/xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/initrd-stateless.gz\0" ++pcrs: ++ sha1: ++ 0 : 0x60804a728ca0af13e14fea8e79effe33ea3eec7b ++ 1 : 0x5d5a7b88403fb38f1cbcf98e40cae566bbd0ba02 ++ 2 : 0x3710d4c00ed56d2193577ee94e988cd8657a77cf ++ 3 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 4 : 0x7c937577b58c20b73bf7449ba67963df26fd2644 ++ 5 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 6 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 7 : 0xe8145f6a55372158d87f55c33b17abe7c35987ef ++ 8 : 0x7874ccfdc068f8ef34efc127a963e71004fc8014 ++ 9 : 0xa6bb02edd825c9e2bcd807c197fcfb456a266080 ++ sha256: ++ 0 : 0xd60c30777ea9cad0ac8868eda11a00608a26f0a2f9b5d5fbdd4a84d7884ea946 ++ 1 : 0x65457318495b52f2d4100cafa00d7b57880eb20361e5e8e8d29166cc67c0890c ++ 2 : 0x15d60806b60f715cdd94e624f27854f608bbcd26000f39fa7f0ec0db7a8ba5c8 ++ 3 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 4 : 0x227d8b3b8294223f6d0065582b015ac31c5da2dd391000d87141e38ec03e77a8 ++ 5 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 6 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 7 : 0xcea0b7475867ab2ced4f6a278530c0a57e0f826cfefdf747c0e670ca09140ea5 ++ 8 : 0xd17f57b88d4f1ec2e52551c1be47bd2d9f3d83f6aa330e26218147b32054b237 ++ 9 : 0xfa774bed1acc7f2c6c4f0457bd33d8f584d018f9d8563463f308d2990453f492 +diff --git a/test/integration/fixtures/event-pretty/event-sd-boot-fedora37.bin.yaml b/test/integration/fixtures/event-pretty/event-sd-boot-fedora37.bin.yaml +new file mode 100644 +index 0000000..86daba7 +--- /dev/null ++++ b/test/integration/fixtures/event-pretty/event-sd-boot-fedora37.bin.yaml +@@ -0,0 +1,356 @@ ++--- ++version: 2 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 33 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 1 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7" ++ EventSize: 2 ++ Event: "0000" ++- EventNum: 2 ++ PCRIndex: 0 ++ EventType: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "a4bec904c70ae2e4b214fb4ecbe44a09e1054ca45dd4c084d6ba4c1f44b566a2" ++ EventSize: 16 ++ Event: ++ BlobBase: 0x820000 ++ BlobLength: 0xe0000 ++- EventNum: 3 ++ PCRIndex: 0 ++ EventType: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "c386b9c16c7996c14603618b59f9531fac5ccf756a74a52a37feea7ade2cf0b0" ++ EventSize: 16 ++ Event: ++ BlobBase: 0x900000 ++ BlobLength: 0xc00000 ++- EventNum: 4 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ce9ce386b52e099f3019e512a0d6062d6b560efe4ff3e5661c7525e2f9c263df" ++ EventSize: 52 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 0 ++ UnicodeName: SecureBoot ++ VariableData: ++ Enabled: 'No' ++- EventNum: 5 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "dea7b80ab53a3daaa24d5cc46c64e1fa9ffd03739f90aadbd8c0867c4a5b4890" ++ EventSize: 36 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 0 ++ UnicodeName: PK ++ VariableData: ++- EventNum: 6 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "e670e121fcebd473b8bc41bb801301fc1d9afa33904f06f7149b74f12c47a68f" ++ EventSize: 38 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 0 ++ UnicodeName: KEK ++ VariableData: ++- EventNum: 7 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "baf89a3ccace52750c5f0128351e0422a41597a1adfd50822aa363b9d124ea7c" ++ EventSize: 36 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 0 ++ UnicodeName: db ++ VariableData: ++- EventNum: 8 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "9f75b6823bff6af1024a4e2036719cdd548d3cbc2bf1de8e7ef4d0ed01f94bf9" ++ EventSize: 38 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 0 ++ UnicodeName: dbx ++ VariableData: ++- EventNum: 9 ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 10 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4aeac5098a0d2c1e5b6a2f798da8dac8475773fa1c82ae51a23273f5d4cc817d" ++ EventSize: 58 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 9 ++ VariableDataLength: 8 ++ UnicodeName: BootOrder ++ VariableData: ++ - Boot0001 ++ - Boot0002 ++ - Boot0000 ++ - Boot0003 ++- EventNum: 11 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "7e60091524677af24f9f43cf8b45dcd0e245a90de21d0c9c06318500eb366dd8" ++ EventSize: 208 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 160 ++ UnicodeName: Boot0001 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 116 ++ Description: "Linux Boot Manager" ++ DevicePath: 'HD(1,GPT,3cb9643c-6c08-4fe5-852d-17e1ae701158,0x800,0x100000)/File(\EFI\systemd\systemd-bootx64.efi)' ++- EventNum: 12 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "d470a39c5bb66a4e44cbdae7b992c6a26f48334d4a8d0914b8ca3babe8419e5c" ++ EventSize: 132 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 84 ++ UnicodeName: Boot0002 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 28 ++ Description: "UEFI Misc Device" ++ DevicePath: 'PciRoot(0x0)/Pci(0x2,0x3)/Pci(0x0,0x0)' ++- EventNum: 13 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "3197be1e300fa1600d1884c3a4bd4a90a15405bfb546cf2e6cf6095f8c362a93" ++ EventSize: 110 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 62 ++ UnicodeName: Boot0000 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 44 ++ Description: "UiApp" ++ DevicePath: 'FvVol(7cb8bdc9-f8eb-4f34-aaea-3ee4af6516a1)/FvFile(462caa21-7614-4503-836e-8ab6f4662331)' ++- EventNum: 14 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4d387b02d63b2f4cd7f667feb0a387fe47a10a3e26bf3533ddd001c605f3dec5" ++ EventSize: 136 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 88 ++ UnicodeName: Boot0003 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 44 ++ Description: "EFI Internal Shell" ++ DevicePath: 'FvVol(7cb8bdc9-f8eb-4f34-aaea-3ee4af6516a1)/FvFile(7c04a583-9e3e-4f1c-ad65-e05268d0b4d1)' ++- EventNum: 15 ++ PCRIndex: 4 ++ EventType: EV_EFI_ACTION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba" ++ EventSize: 40 ++ Event: |- ++ Calling EFI Application from Boot Option ++- EventNum: 16 ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 17 ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 18 ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 19 ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 20 ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 21 ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 22 ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 23 ++ PCRIndex: 12 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "62cc3c5f754ef8711f11140d0ed199e1b36b9bdac7df0c261498f2b07d0f91eb" ++ EventSize: 78 ++ Event: ++ String: "\x20\0c\0o\0n\0s\0o\0l\0e\0=\0t\0t\0y\0S\00\0 \0c\0o\0n\0s\0o\0l\0e\0=\0t\0t\0y\00\0 \0e\0f\0i\0=\0d\0e\0b\0u\0g\0 \0\0\0" ++- EventNum: 24 ++ PCRIndex: 12 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "62cc3c5f754ef8711f11140d0ed199e1b36b9bdac7df0c261498f2b07d0f91eb" ++ EventSize: 78 ++ Event: ++ String: "\x20\0c\0o\0n\0s\0o\0l\0e\0=\0t\0t\0y\0S\00\0 \0c\0o\0n\0s\0o\0l\0e\0=\0t\0t\0y\00\0 \0e\0f\0i\0=\0d\0e\0b\0u\0g\0 \0\0\0" ++- EventNum: 25 ++ PCRIndex: 9 ++ EventType: EV_EVENT_TAG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "643eefa7b731b03df94952db67a4f4774575692fe929c39815c2553f17c0609e" ++ EventSize: 21 ++ Event: "ec223b8f0d0000004c696e757820696e6974726400" ++- EventNum: 26 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "d8043d6b7b85ad358eb3b6ae6a873ab7ef23a26352c5dc4faa5aeedacf5eb41b" ++ EventSize: 29 ++ Event: |- ++ Exit Boot Services Invocation ++- EventNum: 27 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "b54f7542cbd872a81a9d9dea839b2b8d747c7ebd5ea6615c40f42f44a6dbeba0" ++ EventSize: 40 ++ Event: |- ++ Exit Boot Services Returned with Success ++pcrs: ++ sha256: ++ 0 : 0x464a812afa3f88d8a5f1fe7e71df41951435ebd05edb742db8c2c0d67d62c0d1 ++ 1 : 0xf2c3a5ab1fcdec7c70d0e6af47304e9d2a4aa939874a69fbb84f786ff4b2f63f ++ 2 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 3 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 4 : 0x7a94ffe8a7729a566d3d3c577fcb4b6b1e671f31540375f80eae6382ab785e35 ++ 5 : 0xa5ceb755d043f32431d63e39f5161464620a3437280494b5850dc1b47cc074e0 ++ 6 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 7 : 0xb5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 ++ 9 : 0x2913f6478fa2d1954ece3b40efc111c18f3feb29204e49f627aa0ca493801eeb ++ 12 : 0x73b2090e3e72430531e7bc7d63e88826891ef4e04d6c1e250dc5c52db24f2f48 +diff --git a/test/integration/fixtures/event-pretty/event-uefi-sha1-log.bin.yaml b/test/integration/fixtures/event-pretty/event-uefi-sha1-log.bin.yaml +new file mode 100644 +index 0000000..009f71f +--- /dev/null ++++ b/test/integration/fixtures/event-pretty/event-uefi-sha1-log.bin.yaml +@@ -0,0 +1,182 @@ ++--- ++version: 1 ++events: ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c42fedad268200cb1d15f97841c344e79dae3320" ++ EventSize: 16 ++ Event: "1efb6b540c1d5540a4ad4ef4bf17b83a" ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2f20112a3f55398b208e0c42681389b4cb5b1823" ++ EventSize: 52 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 0 ++ UnicodeName: SecureBoot ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9b1387306ebb7ff8e795e7be77563666bbf4516e" ++ EventSize: 36 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 0 ++ UnicodeName: PK ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "13f02fbc7383ed7c89017e0b32f60e38e282056c" ++ EventSize: 1598 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 1560 ++ UnicodeName: KEK ++ VariableData: "a159c0a5e494a74a87b5ab155c2bf0721806000000000000fc050000bd9afa775903324dbd6028f4e78f784b308205e8308203d0a003020102020a610ad188000000000003300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632343230343132395a170d3236303632343230353132395a308180310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312a3028060355040313214d6963726f736f667420436f72706f726174696f6e204b454b204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4e8b58abfad5726b026c3eae7fb577a44025d070dda4ae5742ae6b00fec6debec7fb9e35a63327c11174f0ee30ba73815938ec6f5e084b19a9b2ce7f5b791d609e1e2c004a8ac301cdf48f306509a64a7517fc8854f8f2086cefe2fe19fff82c0ede9cdcef4536a623a0b43b9e225fdfe05f9d4c414ab11e223898d70b7a41d4decaee59cfa16c2d7c1cbd4e8c42fe599ee248b03ec8df28beac34afb4311120b7eb547926cdce60489ebf53304eb10012a71e5f983133cff25092f687646ffba4fbedcad712a58aafb0ed2793de49b653bcc292a9ffc7259a2ebae92eff6351380c602ece45fcc9d76cdef6392c1af79408479877fe352a8e89d7b07698f150203010001a382014f3082014b301006092b06010401823715010403020100301d0603551d0e0416041462fc43cda03ea4cb6712d25bd955ac7bccb68a5f301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100d48488f514941802ca2a3cfb2a921c0cd7a0d1f1e85266a8eea2b5757a9000aa2da4765aea79b7b9376a517b1064f6e164f20267bef7a81b78bdbace8858640cd657c819a35f05d6dbc6d069ce484b32b7eb5dd230f5c0f5b8ba7807a32bfe9bdb345684ec82caae4125709c6be9fe900fd7961fe5e7941fb22a0c8d4bff2829107bf7d77ca5d176b905c879ed0f90929cc2fedf6f7e6c0f7bd4c145dd345196390fe55e56d8180596f407a642b3a077fd0819f27156cc9f8623a487cba6fd587ed4696715917e81f27f13e50d8b8a3c8784ebe3cebd43e5ad2d84938e6a2b5a7c44fa52aa81c82d1cbbe052df0011f89a3dc160b0e133b5a388d165190a1ae7ac7ca4c182874e38b12f0dc514876ffd8d2ebc39b6e7e6c3e0e4cd2784ef9442ef298b9046413b811b67d8f9435965cb0dbcfd00924ff4753ba7a924fc50414079e02d4f0a6a27766e52ed96697baf0ff78705d045c2ad5314811ffb3004aa373661da4a691b34d868edd602cf6c940cd3cf6c2279adb1f0bc03a24660a9c407c22182f1fdf2e8793260bfd8aca522144bcac1d84beb7d3f5735b2e64f75b4b060032253ae91791dd69b411f15865470b2de0d350f7cb03472ba97603bf079eba2b21c5da216b887c5e91bf6b597256f389fe391fa8a7998c3690eb7a31c200597f8ca14ae00d7c4f3c01410756b34a01bb59960f35cb0c5574e36d23284bf9e" ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a233adbc63e3fdc5f73693a3cc4a27041714383f" ++ EventSize: 3179 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 3143 ++ UnicodeName: db ++ VariableData: "a159c0a5e494a74a87b5ab155c2bf0720706000000000000eb050000bd9afa775903324dbd6028f4e78f784b308205d7308203bfa003020102020a61077656000000000008300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3131313031393138343134325a170d3236313031393138353134325a308184310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312e302c060355040313254d6963726f736f66742057696e646f77732050726f64756374696f6e20504341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100dd0cbba2e42e09e3e7c5f79669bc0021bd693333efad04cb5480ee0683bbc52084d9f7d28bf338b0aba4ad2d7c627905ffe34a3f04352070e3c4e76be09cc03675e98a31dd8d70e5dc37b5744696285b8760232cbfdc47a567f751279e72eb07a6c9b91e3b53357ce5d3ec27b9871cfeb9c923096fa84691c16e963c41d3cba33f5d026a4dec691f25285c36fffd43150a94e019b4cfdfc212e2c25b27ee2778308b5b2a096b22895360162cc0681d53baec49f39d618c85680973445d7da2542bdd79f715cf355d6c1c2b5ccebc9c238b6f6eb526d93613c34fd627aeb9323b41922ce1c7cd77e8aa544ef75c0b048765b44318a8b2e06d1977ec5a24fa48030203010001a38201433082013f301006092b06010401823715010403020100301d0603551d0e04160414a92902398e16c49778cd90f99e4f9ae17c55af53301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014d5f656cb8fe8a25c6268d13d94905bd7ce9a18c430560603551d1f044f304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f4365724175745f323031302d30362d32332e63726c305a06082b06010505070101044e304c304a06082b06010505073002863e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f4365724175745f323031302d30362d32332e637274300d06092a864886f70d01010b0500038202010014fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597ea159c0a5e494a74a87b5ab155c2bf072400600000000000024060000bd9afa775903324dbd6028f4e78f784b30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358" ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "67e48e759954349537ed4902ba1a8eef74dbd1b5" ++ EventSize: 3838 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 3800 ++ UnicodeName: dbx ++ VariableData: "2616c4c14c509240aca941f9369343284c0000000000000030000000000000000000000000000000000000006e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d2616c4c14c509240aca941f9369343288c0e00000000000030000000bd9afa775903324dbd6028f4e78f784b80b4d96931bf0d02fd91a61e19d14f1da452e66db2408ca8604d411f92659f0abd9afa775903324dbd6028f4e78f784bf52f83a3fa9cfbd6920f722824dbe4034534d25b8507246b3b957dac6e1bce7abd9afa775903324dbd6028f4e78f784bc5d9d8a186e2c82d09afaa2a6f7f2e73870d3e64f72c4e08ef67796a840f0fbdbd9afa775903324dbd6028f4e78f784b363384d14d1f2e0b7815626484c459ad57a318ef4396266048d058c5a19bbf76bd9afa775903324dbd6028f4e78f784b1aec84b84b6c65a51220a9be7181965230210d62d6d33c48999c6b295a2b0a06bd9afa775903324dbd6028f4e78f784be6ca68e94146629af03f69c2f86e6bef62f930b37c6fbcc878b78df98c0334e5bd9afa775903324dbd6028f4e78f784bc3a99a460da464a057c3586d83cef5f4ae08b7103979ed8932742df0ed530c66bd9afa775903324dbd6028f4e78f784b58fb941aef95a25943b3fb5f2510a0df3fe44c58c95e0ab80487297568ab9771bd9afa775903324dbd6028f4e78f784b5391c3a2fb112102a6aa1edc25ae77e19f5d6f09cd09eeb2509922bfcd5992eabd9afa775903324dbd6028f4e78f784bd626157e1d6a718bc124ab8da27cbb65072ca03a7b6b257dbdcbbd60f65ef3d1bd9afa775903324dbd6028f4e78f784bd063ec28f67eba53f1642dbf7dff33c6a32add869f6013fe162e2c32f1cbe56dbd9afa775903324dbd6028f4e78f784b29c6eb52b43c3aa18b2cd8ed6ea8607cef3cfae1bafe1165755cf2e614844a44bd9afa775903324dbd6028f4e78f784b90fbe70e69d633408d3e170c6832dbb2d209e0272527dfb63d49d29572a6f44cbd9afa775903324dbd6028f4e78f784b075eea060589548ba060b2feed10da3c20c7fe9b17cd026b94e8a683b8115238bd9afa775903324dbd6028f4e78f784b07e6c6a858646fb1efc67903fe28b116011f2367fe92e6be2b36999eff39d09ebd9afa775903324dbd6028f4e78f784b09df5f4e511208ec78b96d12d08125fdb603868de39f6f72927852599b659c26bd9afa775903324dbd6028f4e78f784b0bbb4392daac7ab89b30a4ac657531b97bfaab04f90b0dafe5f9b6eb90a06374bd9afa775903324dbd6028f4e78f784b0c189339762df336ab3dd006a463df715a39cfb0f492465c600e6c6bd7bd898cbd9afa775903324dbd6028f4e78f784b0d0dbeca6f29eca06f331a7d72e4884b12097fb348983a2a14a0d73f4f10140fbd9afa775903324dbd6028f4e78f784b0dc9f3fb99962148c3ca833632758d3ed4fc8d0b0007b95b31e6528f2acd5bfcbd9afa775903324dbd6028f4e78f784b106faceacfecfd4e303b74f480a08098e2d0802b936f8ec774ce21f31686689cbd9afa775903324dbd6028f4e78f784b174e3a0b5b43c6a607bbd3404f05341e3dcf396267ce94f8b50e2e23a9da920cbd9afa775903324dbd6028f4e78f784b18333429ff0562ed9f97033e1148dceee52dbe2e496d5410b5cfd6c864d2d10fbd9afa775903324dbd6028f4e78f784b2b99cf26422e92fe365fbf4bc30d27086c9ee14b7a6fff44fb2f6b9001699939bd9afa775903324dbd6028f4e78f784b2bbf2ca7b8f1d91f27ee52b6fb2a5dd049b85a2b9b529c5d6662068104b055f8bd9afa775903324dbd6028f4e78f784b2c73d93325ba6dcbe589d4a4c63c5b935559ef92fbf050ed50c4e2085206f17dbd9afa775903324dbd6028f4e78f784b2e70916786a6f773511fa7181fab0f1d70b557c6322ea923b2a8d3b92b51af7dbd9afa775903324dbd6028f4e78f784b306628fa5477305728ba4a467de7d0387a54f569d3769fce5e75ec89d28d1593bd9afa775903324dbd6028f4e78f784b3608edbaf5ad0f41a414a1777abf2faf5e670334675ec3995e6935829e0caad2bd9afa775903324dbd6028f4e78f784b3841d221368d1583d75c0a02e62160394d6c4e0a6760b6f607b90362bc855b02bd9afa775903324dbd6028f4e78f784b3fce9b9fdf3ef09d5452b0f95ee481c2b7f06d743a737971558e70136ace3e73bd9afa775903324dbd6028f4e78f784b4397daca839e7f63077cb50c92df43bc2d2fb2a8f59f26fc7a0e4bd4d9751692bd9afa775903324dbd6028f4e78f784b47cc086127e2069a86e03a6bef2cd410f8c55a6d6bdb362168c31b2ce32a5adfbd9afa775903324dbd6028f4e78f784b518831fe7382b514d03e15c621228b8ab65479bd0cbfa3c5c1d0f48d9c306135bd9afa775903324dbd6028f4e78f784b5ae949ea8855eb93e439dbc65bda2e42852c2fdf6789fa146736e3c3410f2b5cbd9afa775903324dbd6028f4e78f784b6b1d138078e4418aa68deb7bb35e066092cf479eeb8ce4cd12e7d072ccb42f66bd9afa775903324dbd6028f4e78f784b6c8854478dd559e29351b826c06cb8bfef2b94ad3538358772d193f82ed1ca11bd9afa775903324dbd6028f4e78f784b6f1428ff71c9db0ed5af1f2e7bbfcbab647cc265ddf5b293cdb626f50a3a785ebd9afa775903324dbd6028f4e78f784b71f2906fd222497e54a34662ab2497fcc81020770ff51368e9e3d9bfcbfd6375bd9afa775903324dbd6028f4e78f784b726b3eb654046a30f3f83d9b96ce03f670e9a806d1708a0371e62dc49d2c23c1bd9afa775903324dbd6028f4e78f784b72e0bd1867cf5d9d56ab158adf3bddbc82bf32a8d8aa1d8c5e2f6df29428d6d8bd9afa775903324dbd6028f4e78f784b7827af99362cfaf0717dade4b1bfe0438ad171c15addc248b75bf8caa44bb2c5bd9afa775903324dbd6028f4e78f784b81a8b965bb84d3876b9429a95481cc955318cfaa1412d808c8a33bfd33fff0e4bd9afa775903324dbd6028f4e78f784b82db3bceb4f60843ce9d97c3d187cd9b5941cd3de8100e586f2bda5637575f67bd9afa775903324dbd6028f4e78f784b895a9785f617ca1d7ed44fc1a1470b71f3f1223862d9ff9dcc3ae2df92163dafbd9afa775903324dbd6028f4e78f784b8ad64859f195b5f58dafaa940b6a6167acd67a886e8f469364177221c55945b9bd9afa775903324dbd6028f4e78f784b8bf434b49e00ccf71502a2cd900865cb01ec3b3da03c35be505fdf7bd563f521bd9afa775903324dbd6028f4e78f784b8d8ea289cfe70a1c07ab7365cb28ee51edd33cf2506de888fbadd60ebf80481cbd9afa775903324dbd6028f4e78f784b9998d363c491be16bd74ba10b94d9291001611736fdca643a36664bc0f315a42bd9afa775903324dbd6028f4e78f784b9e4a69173161682e55fde8fef560eb88ec1ffedcaf04001f66c0caf707b2b734bd9afa775903324dbd6028f4e78f784ba6b5151f3655d3a2af0d472759796be4a4200e5495a7d869754c4848857408a7bd9afa775903324dbd6028f4e78f784ba7f32f508d4eb0fead9a087ef94ed1ba0aec5de6f7ef6ff0a62b93bedf5d458dbd9afa775903324dbd6028f4e78f784bad6826e1946d26d3eaf3685c88d97d85de3b4dcb3d0ee2ae81c70560d13c5720bd9afa775903324dbd6028f4e78f784baeebae3151271273ed95aa2e671139ed31a98567303a332298f83709a9d55aa1bd9afa775903324dbd6028f4e78f784bafe2030afb7d2cda13f9fa333a02e34f6751afec11b010dbcd441fdf4c4002b3bd9afa775903324dbd6028f4e78f784bb54f1ee636631fad68058d3b0937031ac1b90ccb17062a391cca68afdbe40d55bd9afa775903324dbd6028f4e78f784bb8f078d983a24ac433216393883514cd932c33af18e7dd70884c8235f4275736bd9afa775903324dbd6028f4e78f784bb97a0889059c035ff1d54b6db53b11b9766668d9f955247c028b2837d7a04cd9bd9afa775903324dbd6028f4e78f784bbc87a668e81966489cb508ee805183c19e6acd24cf17799ca062d2e384da0ea7bd9afa775903324dbd6028f4e78f784bc409bdac4775add8db92aa22b5b718fb8c94a1462c1fe9a416b95d8a3388c2fcbd9afa775903324dbd6028f4e78f784bc617c1a8b1ee2a811c28b5a81b4c83d7c98b5b0c27281d610207ebe692c2967fbd9afa775903324dbd6028f4e78f784bc90f336617b8e7f983975413c997f10b73eb267fd8a10cb9e3bdbfc667abdb8bbd9afa775903324dbd6028f4e78f784bcb6b858b40d3a098765815b592c1514a49604fafd60819da88d7a76e9778fef7bd9afa775903324dbd6028f4e78f784bce3bfabe59d67ce8ac8dfd4a16f7c43ef9c224513fbc655957d735fa29f540cebd9afa775903324dbd6028f4e78f784bd8cbeb9735f5672b367e4f96cdc74969615d17074ae96c724d42ce0216f8f3fabd9afa775903324dbd6028f4e78f784be92c22eb3b5642d65c1ec2caf247d2594738eebb7fb3841a44956f59e2b0d1fabd9afa775903324dbd6028f4e78f784bfddd6e3d29ea84c7743dad4a1bdbc700b5fec1b391f932409086acc71dd6dbd8bd9afa775903324dbd6028f4e78f784bfe63a84f782cc9d3fcf2ccf9fc11fbd03760878758d26285ed12669bdc6e6d01bd9afa775903324dbd6028f4e78f784bfecfb232d12e994b6d485d2c7167728aa5525984ad5ca61e7516221f079a1436bd9afa775903324dbd6028f4e78f784bca171d614a8d7e121c93948cd0fe55d39981f9d11aa96e03450a415227c2c65bbd9afa775903324dbd6028f4e78f784b55b99b0de53dbcfe485aa9c737cf3fb616ef3d91fab599aa7cab19eda763b5babd9afa775903324dbd6028f4e78f784b77dd190fa30d88ff5e3b011a0ae61e6209780c130b535ecb87e6f0888a0b6b2fbd9afa775903324dbd6028f4e78f784bc83cb13922ad99f560744675dd37cc94dcad5a1fcba6472fee341171d939e884bd9afa775903324dbd6028f4e78f784b3b0287533e0cc3d0ec1aa823cbf0a941aad8721579d1c499802dd1c3a636b8a9bd9afa775903324dbd6028f4e78f784b939aeef4f5fa51e23340c3f2e49048ce8872526afdf752c3a7f3a3f2bc9f6049bd9afa775903324dbd6028f4e78f784b64575bd912789a2e14ad56f6341f52af6bf80cf94400785975e9f04e2d64d745bd9afa775903324dbd6028f4e78f784b45c7c8ae750acfbb48fc37527d6412dd644daed8913ccd8a24c94d856967df8e" ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 5 ++ EventType: EV_EFI_GPT_EVENT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f8830f40b14064e7cc4e800898afb946ad865edd" ++ EventSize: 356 ++ Event: "4546492050415254000001005c000000c0d1261e000000000100000000000000ff7f5a07000000002200000000000000de7f5a0700000000c7f0a9872aedfe47862ef307c41758410200000000000000800000008000000050d75786020000000000000028732ac11ff8d211ba4b00a0c93ec93b948fabe36694cc429b81ebb7969bb28a0008000000000000ff0710000000000000000000000000004500460049002000530079007300740065006d00200050006100720074006900740069006f006e000000000000000000000000000000000000000000000000000000000000000000af3dc60f838472478e793d69d8477de4426b1bcd7a6eb645b9cf431b6df6c1860008100000000000ff775a07000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d0e6f939f1304a83975f34ff678da573ae2b3ee5" ++ EventSize: 178 ++ Event: ++ ImageLocationInMemory: 0x9f64d018 ++ ImageLengthInMemory: 1334816 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 146 ++ DevicePath: 'PciRoot(0x0)/Pci(0x14,0x0)/USB(11,0)/PciRoot(0x0)/Pci(0x14,0x0)/USB(11,0)/HD(1,GPT,e3ab8f94-9466-42cc-9b81-ebb7969bb28a,0x800,0x100000)/File(\EFI\ubuntu\shimx64.efi)' ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5b135351ac81e93f17c43ec65ec0e4755ec29e45" ++ EventSize: 41 ++ Event: ++ ImageLocationInMemory: 0x0 ++ ImageLengthInMemory: 0 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 0 ++ DevicePath: '' ++pcrs: ++ sha1: ++ 0 : 0x3dcaea25dc86554d94b94aa5bc8f735a49212af8 ++ 1 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 2 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 3 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 4 : 0x59955b8e6e01b21ba7ccbbdecdeaa8ae6770caa1 ++ 5 : 0xd8949f1020f3344daf7aa87717ae58d6498731e4 ++ 6 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 7 : 0x9216fc0727c344b355a90a3f34f357e4362d51bb +diff --git a/test/integration/fixtures/event-pretty/event-uefiaction.bin.yaml b/test/integration/fixtures/event-pretty/event-uefiaction.bin.yaml +new file mode 100644 +index 0000000..d7a58f6 +--- /dev/null ++++ b/test/integration/fixtures/event-pretty/event-uefiaction.bin.yaml +@@ -0,0 +1,47 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 45 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 4 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ - Algorithm[2]: ++ algorithmId: sha384 ++ digestSize: 48 ++ - Algorithm[3]: ++ algorithmId: sha512 ++ digestSize: 64 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 4 ++ EventType: EV_EFI_ACTION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cd0fdb4531a6ec41be2753ba042637d6e5f7f256" ++ - AlgorithmId: sha256 ++ Digest: "3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba" ++ EventSize: 40 ++ Event: |- ++ Calling EFI Application from Boot Option ++pcrs: ++ sha1: ++ 4 : 0xee01a03529a6b38b5ded18ab6ae8d771aaac1925 ++ sha256: ++ 4 : 0x3f263b96ccbc33bb53d808771f9ab1e02d4dec8854f9530f749cde853a723273 +diff --git a/test/integration/fixtures/event-pretty/event-uefiservices.bin.yaml b/test/integration/fixtures/event-pretty/event-uefiservices.bin.yaml +new file mode 100644 +index 0000000..af44b8f +--- /dev/null ++++ b/test/integration/fixtures/event-pretty/event-uefiservices.bin.yaml +@@ -0,0 +1,45 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 37 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 2 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "855685b4dbd4b67d50e0594571055054cfe2b1e9" ++ - AlgorithmId: sha256 ++ Digest: "dd8576b4ff346c19c56c3e4f97ce55c5afa646f9c669be0a7cdd05057a0ecdf3" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x7dcf6018 ++ ImageLengthInMemory: 171464 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: 'PciRoot(0x0)/Pci(0x2,0x0)/Pci(0x0,0x0)/Offset(0x12600,0x3c3ff)' ++pcrs: ++ sha1: ++ 2 : 0x5b5f4d5c31664f01670a98a5796a36473671befc ++ sha256: ++ 2 : 0x35fcf9d737c52c971f7c74058d36937dbd7824177fa0f1de3eba3934fcb83b9d +diff --git a/test/integration/fixtures/event-pretty/event-uefivar.bin.yaml b/test/integration/fixtures/event-pretty/event-uefivar.bin.yaml +new file mode 100644 +index 0000000..cf84711 +--- /dev/null ++++ b/test/integration/fixtures/event-pretty/event-uefivar.bin.yaml +@@ -0,0 +1,51 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 45 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 4 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ - Algorithm[2]: ++ algorithmId: sha384 ++ digestSize: 48 ++ - Algorithm[3]: ++ algorithmId: sha512 ++ digestSize: 64 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d4fdd1f14d4041494deb8fc990c45343d2277d08" ++ - AlgorithmId: sha256 ++ Digest: "ccfc4bb32888a345bc8aeadaba552b627d99348c767681ab3141f5b01e40a40e" ++ EventSize: 53 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 1 ++ UnicodeName: SecureBoot ++ VariableData: "01" ++pcrs: ++ sha1: ++ 7 : 0x3a1ea200b8fafe60c290e903c5e6443cfef67f04 ++ sha256: ++ 7 : 0xe58ada1ba75f2e4722b539824598ad5e10c55f2e4aeab2033f3b0a8ee3f3eca6 +diff --git a/test/integration/fixtures/event-raw/event-arch-linux.bin.yaml b/test/integration/fixtures/event-raw/event-arch-linux.bin.yaml +new file mode 100644 +index 0000000..5e2b850 +--- /dev/null ++++ b/test/integration/fixtures/event-raw/event-arch-linux.bin.yaml +@@ -0,0 +1,686 @@ ++--- ++version: 2 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 37 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 2 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c42fedad268200cb1d15f97841c344e79dae3320" ++ - AlgorithmId: sha256 ++ Digest: "d4720b4009438213b803568017f903093f6bea8ab47d283db32b6eabedbbf155" ++ EventSize: 16 ++ Event: "1efb6b540c1d5540a4ad4ef4bf17b83a" ++- EventNum: 2 ++ PCRIndex: 0 ++ EventType: EV_POST_CODE ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6b4f7011c3028cec0195a595f466515b33a82498" ++ - AlgorithmId: sha256 ++ Digest: "cffddf06708f2ccb64b958cdd2a57bba0e2812937b9f7bbfc001780259919219" ++ EventSize: 16 ++ Event: ++ BlobBase: 0xffa90000 ++ BlobLength: 0x350000 ++- EventNum: 3 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2f20112a3f55398b208e0c42681389b4cb5b1823" ++ - AlgorithmId: sha256 ++ Digest: "ce9ce386b52e099f3019e512a0d6062d6b560efe4ff3e5661c7525e2f9c263df" ++ EventSize: 52 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 0 ++ UnicodeName: SecureBoot ++ VariableData: ++ Enabled: 'No' ++- EventNum: 4 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "07c78f14aa2b98367011b004da3184d6a9797bf0" ++ - AlgorithmId: sha256 ++ Digest: "5a8857c9b84ba16d96f738d82078d729ddcbbf8f37414988a334b7a6676618af" ++ EventSize: 864 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 828 ++ UnicodeName: PK ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 828 ++ SignatureHeaderSize: 0 ++ SignatureSize: 800 ++ Keys: ++ - SignatureOwner: 198bf991-38fd-4ebc-8e31-7bdbebbe0ca0 ++ SignatureData: 3082030c308201f4a003020102020900a77b8d32a15982a4300d06092a864886f70d01010b0500301a3118301606035504030c0f4a6f65205269636865792028504b293020170d3138303932333031333135365a180f32313138303833303031333135365a301a3118301606035504030c0f4a6f65205269636865792028504b2930820122300d06092a864886f70d01010105000382010f003082010a0282010100b9515f43871585b1542cf2e1e0accb725d27bbbbf32635a07effe0b4798c01d8e0903d7ee7fff05fdb8f2c8ff74453896c91292104a65d4fd613d50b09465c5891420960cdb0d17bab7278e02161a0091896ca42259d825e3167ae85cbfd2f2245cc42ebbcdb1b40b2e4a26327487d7f0f95a231d9a954ddcbdcce3b6d4fe54ee8ff5f19e0f200c430c236bc9a55d880d3f2e7fe6b0bf09518ec525058a1ecc70fb73f17daf37f082860b3d17fc9a77a087161e0e92015aea5b673d85a144d26289e26ce35fa7bc27f32f0a61030bce4c5d7afc42cdf58c151a54bb50db39b100946317d261391740c7743599f071d2fee75b82c63b723b27c22955fde1664230203010001a3533051301d0603551d0e04160414b8c3f94cf0f6d74d286bde70bcb6d6fc890b1020301f0603551d23041830168014b8c3f94cf0f6d74d286bde70bcb6d6fc890b1020300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010096cc2623f1f6ca83ecc1f97869d4df4277161efa1e2b3b2145907ba4d3ecc08b760be41ebcf122eabb4a49f194bf6b2ec2c282dad751ba3349b6ed852e6b81158721e84965dcc2fa641487008831e02c47388a3a6247b7b6995e4999322a6863eb78f6fd139e1bc6e04106bc179339788f4315cfbbc9f41aef30dd2a8c1b42aca715060bdf9c8af15800778a27ad3ec11ba010c9d355020c0b88fe5720edb8331b7b35c9c2118bf57caf9a83fdd21fcf95a5223149ac4adbc8ad26632361eb0bb72f720733d1fa87acf8515095ae61fa3830616991655fd5d21ec0f8b52f98eaffa83d7b4ea2dd4a2b451df3731e1ab34c09926144c267285422e789d1cb0d8a ++- EventNum: 5 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "52f38b592534395cfdccf805aafccc2cec035d29" ++ - AlgorithmId: sha256 ++ Digest: "301c7f60b96d59e0bf4d820032fbccc3fd21069bf45611541cc59be2e69353db" ++ EventSize: 2428 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 2390 ++ UnicodeName: KEK ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 830 ++ SignatureHeaderSize: 0 ++ SignatureSize: 802 ++ Keys: ++ - SignatureOwner: 198bf991-38fd-4ebc-8e31-7bdbebbe0ca0 ++ SignatureData: 3082030e308201f6a003020102020900be080ebd4704921d300d06092a864886f70d01010b0500301b3119301706035504030c104a6f652052696368657920284b454b293020170d3138303932333031333231395a180f32313138303833303031333231395a301b3119301706035504030c104a6f652052696368657920284b454b2930820122300d06092a864886f70d01010105000382010f003082010a0282010100ab3ca2875cf2d562a5a2516c087df6bd20d4b25bb95df92ad4ff657be317d86c022ce3d2af549cb5bc115bf93f15686be76223f5697dc1034c74bea8500665694d5a5211f10843b5038b61dcf36475cff1f105a9d9604917bccd84f1208aacde8f9dbc5b8a0a3a20127a1cf09b40d9eb9b79435f9142f167e9b505941da232f4dc1e9b3a2b7cfc445f93ef4aa5a544a71e75c34679b400ca8e31fd76a7392e3bceb79b84abe833d9258649ffcb48627754cf7c4e78a8e9fb48dcc57837c082efd89fc561f3befbd362aa774be1fa6e6279434f71ec3d084425d3f81fa4ccc20efdcb3ca7cc78ace20263c4c564450ca1a89a4b8b2deb97de646e3a8f82d0a9a90203010001a3533051301d0603551d0e04160414fb071ef998f896276b07bd4f20294422fc73fc0f301f0603551d23041830168014fb071ef998f896276b07bd4f20294422fc73fc0f300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100a4d561d9b654a77e0c572f2fcf20f88d9691c3d3342f8d4c5279aee4523838ec215166e938a9f1953609fb70b1b1918703d0c7216a46629052e9ed880359c705ffc16fa6d1aeff3dfcbdfd331979c083f5f97241d0c3cc97a8bad5af62c1d7523f2d6278891ea20afb016fd1b15ab80dbdba0153bcdc2d837c413e0dac7ba38dbb46fbf5d46635392522c2091c31c78feadab66fabb6224f39ce57f6a1d46d1f6d8d34348f7c90d6e94e0df45035aa46901b044cc56c50a44f35dbbceeedb10cc667eda23af36b3de5475659934a22ebbab58515510a2cb483a29dfdc8a1b2ee6440181691570f61dc4bd5ed9230b2b77aaf2eec5138a3387ecf3c0ee34244a1 ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1560 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1532 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 308205e8308203d0a003020102020a610ad188000000000003300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632343230343132395a170d3236303632343230353132395a308180310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312a3028060355040313214d6963726f736f667420436f72706f726174696f6e204b454b204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4e8b58abfad5726b026c3eae7fb577a44025d070dda4ae5742ae6b00fec6debec7fb9e35a63327c11174f0ee30ba73815938ec6f5e084b19a9b2ce7f5b791d609e1e2c004a8ac301cdf48f306509a64a7517fc8854f8f2086cefe2fe19fff82c0ede9cdcef4536a623a0b43b9e225fdfe05f9d4c414ab11e223898d70b7a41d4decaee59cfa16c2d7c1cbd4e8c42fe599ee248b03ec8df28beac34afb4311120b7eb547926cdce60489ebf53304eb10012a71e5f983133cff25092f687646ffba4fbedcad712a58aafb0ed2793de49b653bcc292a9ffc7259a2ebae92eff6351380c602ece45fcc9d76cdef6392c1af79408479877fe352a8e89d7b07698f150203010001a382014f3082014b301006092b06010401823715010403020100301d0603551d0e0416041462fc43cda03ea4cb6712d25bd955ac7bccb68a5f301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100d48488f514941802ca2a3cfb2a921c0cd7a0d1f1e85266a8eea2b5757a9000aa2da4765aea79b7b9376a517b1064f6e164f20267bef7a81b78bdbace8858640cd657c819a35f05d6dbc6d069ce484b32b7eb5dd230f5c0f5b8ba7807a32bfe9bdb345684ec82caae4125709c6be9fe900fd7961fe5e7941fb22a0c8d4bff2829107bf7d77ca5d176b905c879ed0f90929cc2fedf6f7e6c0f7bd4c145dd345196390fe55e56d8180596f407a642b3a077fd0819f27156cc9f8623a487cba6fd587ed4696715917e81f27f13e50d8b8a3c8784ebe3cebd43e5ad2d84938e6a2b5a7c44fa52aa81c82d1cbbe052df0011f89a3dc160b0e133b5a388d165190a1ae7ac7ca4c182874e38b12f0dc514876ffd8d2ebc39b6e7e6c3e0e4cd2784ef9442ef298b9046413b811b67d8f9435965cb0dbcfd00924ff4753ba7a924fc50414079e02d4f0a6a27766e52ed96697baf0ff78705d045c2ad5314811ffb3004aa373661da4a691b34d868edd602cf6c940cd3cf6c2279adb1f0bc03a24660a9c407c22182f1fdf2e8793260bfd8aca522144bcac1d84beb7d3f5735b2e64f75b4b060032253ae91791dd69b411f15865470b2de0d350f7cb03472ba97603bf079eba2b21c5da216b887c5e91bf6b597256f389fe391fa8a7998c3690eb7a31c200597f8ca14ae00d7c4f3c01410756b34a01bb59960f35cb0c5574e36d23284bf9e ++- EventNum: 6 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "e8025df1eca6637d24259be9cdc5c7b921c24dcc" ++ - AlgorithmId: sha256 ++ Digest: "db1db3e6f2ee6684e5b5169f52df55526a3f2dc7904edfd3bb3dc3aa94bfdda5" ++ EventSize: 4691 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 4655 ++ UnicodeName: db ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 828 ++ SignatureHeaderSize: 0 ++ SignatureSize: 800 ++ Keys: ++ - SignatureOwner: 198bf991-38fd-4ebc-8e31-7bdbebbe0ca0 ++ SignatureData: 3082030c308201f4a003020102020900d8bf861a9dc5a6ec300d06092a864886f70d01010b0500301a3118301606035504030c0f4a6f652052696368657920284442293020170d3138303932333031333233315a180f32313138303833303031333233315a301a3118301606035504030c0f4a6f6520526963686579202844422930820122300d06092a864886f70d01010105000382010f003082010a0282010100a04760d90981998b8aea54265d330b1d63b7672d37d27096f47d9666b38181114ca65fa968c0a4513aea62b6c5f03f76067c03f760ab519ab5dfd58d83701138f74aa7e2bfbd5c09a456661b353aa9fa8e0a4e0ece1d7fffeedd619a8c1befe8f853f360ab5e336b891b9f55cfbc831d7b49e889a7980fe55798bf81507c44728d84bba80e4a167340d73f49e3d946dcc58599ea7d3982b5e232c312827e781bcb8d948ec93524832d87a5593373a448a256febfeb76aafc094e27ecfd2e69dc9db2be80dee26d493dfd875ec565a05d591cb8d9f5a44f90144015ddc1b704a816b31346ca92210c49265ef8eb395322be860a9c4d50c0f7225b76b574680c2f0203010001a3533051301d0603551d0e04160414c51e8894342341ccfd3dd8211bf32330d24b5f8d301f0603551d23041830168014c51e8894342341ccfd3dd8211bf32330d24b5f8d300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101002cc1b478114337888466906e1e4553fd40b9ba9310b62fcf51a5113e7afc21cc1208da6e3d7792052d8527ac99b0b99766925f37e9353715e733fef003ce7cfd1520f26383e95349d0b8293a0c7715a88c8312208fa457d463dbee32838af951b5f9bc22bcfe7848ecd8229febe36592a5f74da20740fb110b2d96400ecf4c6c1d88fef59c3f5b2984ee0e18eb9ff0d687f7b08e1a18e3146b6272ab2b1315faa527a475e8a72807f372737749513df3e3b1046113d7d8366ae60494958ddce48ee5346ec193728d7e41fdf563af3fa9eabff9c7a2f3313c8e0653e1c9b097e39ef50f15e7257d22195dc1c30897b2d5914df32cd5e878e64a77122718ec36b1 ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1543 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1515 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 308205d7308203bfa003020102020a61077656000000000008300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3131313031393138343134325a170d3236313031393138353134325a308184310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312e302c060355040313254d6963726f736f66742057696e646f77732050726f64756374696f6e20504341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100dd0cbba2e42e09e3e7c5f79669bc0021bd693333efad04cb5480ee0683bbc52084d9f7d28bf338b0aba4ad2d7c627905ffe34a3f04352070e3c4e76be09cc03675e98a31dd8d70e5dc37b5744696285b8760232cbfdc47a567f751279e72eb07a6c9b91e3b53357ce5d3ec27b9871cfeb9c923096fa84691c16e963c41d3cba33f5d026a4dec691f25285c36fffd43150a94e019b4cfdfc212e2c25b27ee2778308b5b2a096b22895360162cc0681d53baec49f39d618c85680973445d7da2542bdd79f715cf355d6c1c2b5ccebc9c238b6f6eb526d93613c34fd627aeb9323b41922ce1c7cd77e8aa544ef75c0b048765b44318a8b2e06d1977ec5a24fa48030203010001a38201433082013f301006092b06010401823715010403020100301d0603551d0e04160414a92902398e16c49778cd90f99e4f9ae17c55af53301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014d5f656cb8fe8a25c6268d13d94905bd7ce9a18c430560603551d1f044f304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f4365724175745f323031302d30362d32332e63726c305a06082b06010505070101044e304c304a06082b06010505073002863e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f4365724175745f323031302d30362d32332e637274300d06092a864886f70d01010b0500038202010014fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1600 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1572 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 2551513ad36c0ab88c70acc158f8428545909f25ec737f9aec01e8c0d19ee52a ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 11a40d7e935a507450a6d61f51ee97987a49534a1c2d2db3e505e3d15b3faa21 ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 4fa56bb60171c9f50d8887bed590a5c19c2e7cccbeeb3eb80795ef11a19c5aec ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 83608b6648271f097c95612eb161a49359197fb4e4355cd3a1fad0c02065dd4d ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 0e9b0272ddd11c5f095a7ddcd0110d214639b9388af7417b26ea93029a84c33d ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 27ca924d7c397268299a8f17be5db52177731944bbdcc4c69b581ee4b5a131c6 ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: df7d74f21ae3f28369bf290833be7f0851dad0ee8cca987e8171de69ee4c642a ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 4879e82ab193737a212a4c531efdaad560a8a064e41de6d465c0b8c6254c8300 ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 26dc4851-195f-4ae1-9a19-fbf883bbb35e ++ SignatureData: 493e1b0abe3356c73608b45a0b1c71387fb6854a1fbe8312b8d23f28639893de ++- EventNum: 7 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9e04b683b1ade74270dc6083dd716acc63a33310" ++ - AlgorithmId: sha256 ++ Digest: "a044b4ce4a4dca9af312c897dc56ee1727c385eb88f7cfb9092b8265029d5b1e" ++ EventSize: 3762 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 3724 ++ UnicodeName: dbx ++ VariableData: ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 3724 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 80b4d96931bf0d02fd91a61e19d14f1da452e66db2408ca8604d411f92659f0a ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: f52f83a3fa9cfbd6920f722824dbe4034534d25b8507246b3b957dac6e1bce7a ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: c5d9d8a186e2c82d09afaa2a6f7f2e73870d3e64f72c4e08ef67796a840f0fbd ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 363384d14d1f2e0b7815626484c459ad57a318ef4396266048d058c5a19bbf76 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 1aec84b84b6c65a51220a9be7181965230210d62d6d33c48999c6b295a2b0a06 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: e6ca68e94146629af03f69c2f86e6bef62f930b37c6fbcc878b78df98c0334e5 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: c3a99a460da464a057c3586d83cef5f4ae08b7103979ed8932742df0ed530c66 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 58fb941aef95a25943b3fb5f2510a0df3fe44c58c95e0ab80487297568ab9771 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 5391c3a2fb112102a6aa1edc25ae77e19f5d6f09cd09eeb2509922bfcd5992ea ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: d626157e1d6a718bc124ab8da27cbb65072ca03a7b6b257dbdcbbd60f65ef3d1 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: d063ec28f67eba53f1642dbf7dff33c6a32add869f6013fe162e2c32f1cbe56d ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 29c6eb52b43c3aa18b2cd8ed6ea8607cef3cfae1bafe1165755cf2e614844a44 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 90fbe70e69d633408d3e170c6832dbb2d209e0272527dfb63d49d29572a6f44c ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 075eea060589548ba060b2feed10da3c20c7fe9b17cd026b94e8a683b8115238 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 07e6c6a858646fb1efc67903fe28b116011f2367fe92e6be2b36999eff39d09e ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 09df5f4e511208ec78b96d12d08125fdb603868de39f6f72927852599b659c26 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 0bbb4392daac7ab89b30a4ac657531b97bfaab04f90b0dafe5f9b6eb90a06374 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 0c189339762df336ab3dd006a463df715a39cfb0f492465c600e6c6bd7bd898c ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 0d0dbeca6f29eca06f331a7d72e4884b12097fb348983a2a14a0d73f4f10140f ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 0dc9f3fb99962148c3ca833632758d3ed4fc8d0b0007b95b31e6528f2acd5bfc ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 106faceacfecfd4e303b74f480a08098e2d0802b936f8ec774ce21f31686689c ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 174e3a0b5b43c6a607bbd3404f05341e3dcf396267ce94f8b50e2e23a9da920c ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 18333429ff0562ed9f97033e1148dceee52dbe2e496d5410b5cfd6c864d2d10f ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 2b99cf26422e92fe365fbf4bc30d27086c9ee14b7a6fff44fb2f6b9001699939 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 2bbf2ca7b8f1d91f27ee52b6fb2a5dd049b85a2b9b529c5d6662068104b055f8 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 2c73d93325ba6dcbe589d4a4c63c5b935559ef92fbf050ed50c4e2085206f17d ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 2e70916786a6f773511fa7181fab0f1d70b557c6322ea923b2a8d3b92b51af7d ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 306628fa5477305728ba4a467de7d0387a54f569d3769fce5e75ec89d28d1593 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 3608edbaf5ad0f41a414a1777abf2faf5e670334675ec3995e6935829e0caad2 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 3841d221368d1583d75c0a02e62160394d6c4e0a6760b6f607b90362bc855b02 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 3fce9b9fdf3ef09d5452b0f95ee481c2b7f06d743a737971558e70136ace3e73 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 4397daca839e7f63077cb50c92df43bc2d2fb2a8f59f26fc7a0e4bd4d9751692 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 47cc086127e2069a86e03a6bef2cd410f8c55a6d6bdb362168c31b2ce32a5adf ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 518831fe7382b514d03e15c621228b8ab65479bd0cbfa3c5c1d0f48d9c306135 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 5ae949ea8855eb93e439dbc65bda2e42852c2fdf6789fa146736e3c3410f2b5c ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 6b1d138078e4418aa68deb7bb35e066092cf479eeb8ce4cd12e7d072ccb42f66 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 6c8854478dd559e29351b826c06cb8bfef2b94ad3538358772d193f82ed1ca11 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 6f1428ff71c9db0ed5af1f2e7bbfcbab647cc265ddf5b293cdb626f50a3a785e ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 71f2906fd222497e54a34662ab2497fcc81020770ff51368e9e3d9bfcbfd6375 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 726b3eb654046a30f3f83d9b96ce03f670e9a806d1708a0371e62dc49d2c23c1 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 72e0bd1867cf5d9d56ab158adf3bddbc82bf32a8d8aa1d8c5e2f6df29428d6d8 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 7827af99362cfaf0717dade4b1bfe0438ad171c15addc248b75bf8caa44bb2c5 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 81a8b965bb84d3876b9429a95481cc955318cfaa1412d808c8a33bfd33fff0e4 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 82db3bceb4f60843ce9d97c3d187cd9b5941cd3de8100e586f2bda5637575f67 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 895a9785f617ca1d7ed44fc1a1470b71f3f1223862d9ff9dcc3ae2df92163daf ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 8ad64859f195b5f58dafaa940b6a6167acd67a886e8f469364177221c55945b9 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 8bf434b49e00ccf71502a2cd900865cb01ec3b3da03c35be505fdf7bd563f521 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 8d8ea289cfe70a1c07ab7365cb28ee51edd33cf2506de888fbadd60ebf80481c ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 9998d363c491be16bd74ba10b94d9291001611736fdca643a36664bc0f315a42 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 9e4a69173161682e55fde8fef560eb88ec1ffedcaf04001f66c0caf707b2b734 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: a6b5151f3655d3a2af0d472759796be4a4200e5495a7d869754c4848857408a7 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: a7f32f508d4eb0fead9a087ef94ed1ba0aec5de6f7ef6ff0a62b93bedf5d458d ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: ad6826e1946d26d3eaf3685c88d97d85de3b4dcb3d0ee2ae81c70560d13c5720 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: aeebae3151271273ed95aa2e671139ed31a98567303a332298f83709a9d55aa1 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: afe2030afb7d2cda13f9fa333a02e34f6751afec11b010dbcd441fdf4c4002b3 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: b54f1ee636631fad68058d3b0937031ac1b90ccb17062a391cca68afdbe40d55 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: b8f078d983a24ac433216393883514cd932c33af18e7dd70884c8235f4275736 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: b97a0889059c035ff1d54b6db53b11b9766668d9f955247c028b2837d7a04cd9 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: bc87a668e81966489cb508ee805183c19e6acd24cf17799ca062d2e384da0ea7 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: c409bdac4775add8db92aa22b5b718fb8c94a1462c1fe9a416b95d8a3388c2fc ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: c617c1a8b1ee2a811c28b5a81b4c83d7c98b5b0c27281d610207ebe692c2967f ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: c90f336617b8e7f983975413c997f10b73eb267fd8a10cb9e3bdbfc667abdb8b ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: cb6b858b40d3a098765815b592c1514a49604fafd60819da88d7a76e9778fef7 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: ce3bfabe59d67ce8ac8dfd4a16f7c43ef9c224513fbc655957d735fa29f540ce ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: d8cbeb9735f5672b367e4f96cdc74969615d17074ae96c724d42ce0216f8f3fa ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: e92c22eb3b5642d65c1ec2caf247d2594738eebb7fb3841a44956f59e2b0d1fa ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: fddd6e3d29ea84c7743dad4a1bdbc700b5fec1b391f932409086acc71dd6dbd8 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: fe63a84f782cc9d3fcf2ccf9fc11fbd03760878758d26285ed12669bdc6e6d01 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: fecfb232d12e994b6d485d2c7167728aa5525984ad5ca61e7516221f079a1436 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: ca171d614a8d7e121c93948cd0fe55d39981f9d11aa96e03450a415227c2c65b ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 55b99b0de53dbcfe485aa9c737cf3fb616ef3d91fab599aa7cab19eda763b5ba ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 77dd190fa30d88ff5e3b011a0ae61e6209780c130b535ecb87e6f0888a0b6b2f ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: c83cb13922ad99f560744675dd37cc94dcad5a1fcba6472fee341171d939e884 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 3b0287533e0cc3d0ec1aa823cbf0a941aad8721579d1c499802dd1c3a636b8a9 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 939aeef4f5fa51e23340c3f2e49048ce8872526afdf752c3a7f3a3f2bc9f6049 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 64575bd912789a2e14ad56f6341f52af6bf80cf94400785975e9f04e2d64d745 ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 45c7c8ae750acfbb48fc37527d6412dd644daed8913ccd8a24c94d856967df8e ++- EventNum: 8 ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 9 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5e58cd33cbf6f6058139e716508bbf5d03f2c94f" ++ - AlgorithmId: sha256 ++ Digest: "2de50158a70fa60bcb0eff4f8ad5d5a8d6e4a808bfbe5446b74464163191a8bf" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0xb6bf9018 ++ ImageLengthInMemory: 133728 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: '02010c00d041030a00000000010106000001010106000000040818000000000050f2000000000000ff010200000000007fff0400' ++- EventNum: 10 ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 11 ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 12 ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 13 ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 14 ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 15 ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 16 ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 17 ++ PCRIndex: 5 ++ EventType: EV_EFI_GPT_EVENT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a30700c4eccddd14eb6c80b8c16474c4519e2a70" ++ - AlgorithmId: sha256 ++ Digest: "dcc6b7eaf2b013c6a37c720fe1d5098b5daf56ac9922f222125df7a1126b9596" ++ EventSize: 484 ++ Event: ++ Header: ++ Signature: "EFI PART" ++ Revision: 0x10000 ++ HeaderSize: 92 ++ HeaderCRC32: 0x986df596 ++ MyLBA: 0x1 ++ AlternateLBA: 0x1dcf32af ++ FirstUsableLBA: 0x22 ++ LastUsableLBA: 0x1dcf328e ++ DiskGUID: f9f4bb69-5418-46bb-9501-2d615a3edc79 ++ PartitionEntryLBA: 0x2 ++ NumberOfPartitionEntry: 128 ++ SizeOfPartitionEntry: 128 ++ PartitionEntryArrayCRC32: 0xe4012e1b ++ NumberOfPartitions: 3 ++ Partitions: ++ - PartitionTypeGUID: c12a7328-f81f-11d2-ba4b-00a0c93ec93b ++ UniquePartitionGUID: 1a504613-19b5-4b44-a83d-d926d40daa1c ++ StartingLBA: 0x800 ++ EndingLBA: 0x807ff ++ Attributes: 0x0 ++ PartitionName: "EFI System" ++ - PartitionTypeGUID: a19d880f-05fc-4d3b-a006-743f0f84911e ++ UniquePartitionGUID: c3fe0624-3db7-44f4-941e-49e6823d5a30 ++ StartingLBA: 0x80800 ++ EndingLBA: 0x1d24594e ++ Attributes: 0x0 ++ PartitionName: "Linux RAID" ++ - PartitionTypeGUID: 0fc63daf-8483-4772-8e79-3d69d8477de4 ++ UniquePartitionGUID: 07ca55d3-efba-43a7-aea7-334c379e6b70 ++ StartingLBA: 0x1d246000 ++ EndingLBA: 0x1dcf328e ++ Attributes: 0x0 ++ PartitionName: "Linux filesystem" ++- EventNum: 18 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "359b9b1edab9f2841d8fd4312d8528079a3777b4" ++ - AlgorithmId: sha256 ++ Digest: "66c174f6bcd22cea3a37bb47d9669da541f0488b9be9abca33323ac31838d68e" ++ EventSize: 56 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 9 ++ VariableDataLength: 6 ++ UnicodeName: BootOrder ++ VariableData: ++ - Boot0000 ++ - Boot0003 ++ - Boot0002 ++- EventNum: 19 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "0113948871b7c34c97695e6351b1acf39f8e8291" ++ - AlgorithmId: sha256 ++ Digest: "6fff79a21c2c8f94652fb0fc53c37da0aa4ea839ebd945566b804f8c6c4f0162" ++ EventSize: 208 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 160 ++ UnicodeName: Boot0000 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 116 ++ Description: "Linux Boot Manager" ++ DevicePath: '04012a0001000000000800000000000000000800000000001346501ab519444ba83dd926d40daa1c0202040446005c004500460049005c00530059005300540045004d0044005c00530059005300540045004d0044002d0042004f004f0054005800360034002e0045004600490000007fff0400' ++- EventNum: 20 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "39d79e549dc8ce20c55b44733dd7c73d21bd159a" ++ - AlgorithmId: sha256 ++ Digest: "d865a2d13db7529aaae8105153650c4557a33f471650e4099b5178d21f6516bf" ++ EventSize: 168 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 120 ++ UnicodeName: Boot0003 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 94 ++ Description: "UEFI OS" ++ DevicePath: '04012a0001000000000800000000000000000800000000001346501ab519444ba83dd926d40daa1c0202040430005c004500460049005c0042004f004f0054005c0042004f004f0054005800360034002e0045004600490000007fff04000000424f' ++- EventNum: 21 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "72411782e0c50340e583ff814e236de1364bd2af" ++ - AlgorithmId: sha256 ++ Digest: "a5428f6cb55f36175733db8f1ead37be44cca8cfe027268d0cb893d862078ca0" ++ EventSize: 232 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 184 ++ UnicodeName: Boot0002 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 140 ++ Description: "Linux Boot Manager" ++ DevicePath: '01041400e775e299a075374ba2e6c5385e6c00cb7fff040004012a00010000000008000000000000003011000000000047856cc0b612db43af4c413316e029360202040446005c004500460049005c00530059005300540045004d0044005c00530059005300540045004d0044002d0042004f004f0054005800360034002e0045004600490000007fff0400' ++- EventNum: 22 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c429e591c3d5542d366037d5dee18bc178e58535" ++ - AlgorithmId: sha256 ++ Digest: "d51e9d20c0e180d8fdded3e7d5e05b4ab8e87b2f30e6995632a14e399332103b" ++ EventSize: 176 ++ Event: ++ ImageLocationInMemory: 0xb616b018 ++ ImageLengthInMemory: 96725 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 144 ++ DevicePath: '02010c00d041030a0000000001010600001703120a000100ffff000004012a0001000000000800000000000000000800000000001346501ab519444ba83dd926d40daa1c0202040446005c004500460049005c00530059005300540045004d0044005c00530059005300540045004d0044002d0042004f004f0054005800360034002e0045004600490000007fff0400' ++- EventNum: 23 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8fce1cd38d7b7dd55d6e841dab1629aee55cd212" ++ - AlgorithmId: sha256 ++ Digest: "6c1b73563471cd9082ea3d149fa4668cd8f1a0c315531d4bf513bc5ede8939a5" ++ EventSize: 148 ++ Event: ++ ImageLocationInMemory: 0xb5763018 ++ ImageLengthInMemory: 9180448 ++ ImageLinkTimeAddress: 0x1000000 ++ LengthOfDevicePath: 116 ++ DevicePath: '02010c00d041030a0000000001010600001703120a000100ffff000004012a0001000000000800000000000000000800000000001346501ab519444ba83dd926d40daa1c020204042a005c0076006d006c0069006e0075007a002d006c0069006e00750078002d006c007400730000007fff0400' ++- EventNum: 24 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7fd3abec2afe8e68028be79cfc143a56c9918e69" ++ - AlgorithmId: sha256 ++ Digest: "362d5603871294a44287df0c3c63c120972e5b3897704315b99cf8406ac413b6" ++ EventSize: 365 ++ Event: ++ String: "i\0n\0i\0t\0r\0d\0=\0\\\0i\0n\0t\0e\0l\0-\0u\0c\0o\0d\0e\0.\0i\0m\0g\0 \0i\0n\0i\0t\0r\0d\0=\0\\\0i\0n\0i\0t\0r\0a\0m\0f\0s\0-\0l\0i\0n\0u\0x\0-\0l\0t\0s\0.\0i\0m\0g\0 \0c\0r\0y\0p\0t\0d\0e\0v\0i\0c\0e\0=\0U\0U\0I\0D\0=\05\04\06\05\03\06\09\0a\0-\09\09\06\0d\0-\04\02\0c\0a\0-\09\0a\0d\04\0-\09\01\0d\00\00\08\02\0e\00\0b\03\04\0:\0c\0r\0y\0p\0t\0r\0o\0o\0t\0 \0r\0o\0o\0t\0=\0/\0d\0e\0v\0/\0m\0a\0p\0p\0e\0r\0/\0c\0r\0y\0p\0t\0r\0o\0o\0t\0 \0r\0w\0 \0i\0n\0t\0e\0l\0_\0i\0o\0m\0m\0u\0=\0o\0n\0 \0i\0o\0m\0m\0u\0=\0p\0t\0 \0l\01\0t\0f\0=\0o\0f\0f\0\0" ++pcrs: ++ sha1: ++ 0 : 0xa0487b0d95387d4a30560edf5f041307bf4a1dcc ++ 1 : 0x56b71c334a5b67d3b7b3343e3241dff5a1ad87bf ++ 2 : 0x01098a68e44e4fbd0af3b9a836b1b79e78c4f6f5 ++ 3 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 4 : 0x2845117447a59571c424c1d0824c25112b902eb7 ++ 5 : 0x0dfa5ca60508ac5214515b20ed3e66289514fcb6 ++ 6 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 7 : 0x029c700c2fa2bc83cbf3ce4ee501ad4d984ec5ae ++ 8 : 0xaa99fc93faa0777f42da6e1ae77a0653b5005619 ++ sha256: ++ 0 : 0x758b773d94feabf52ef5a4c00a7ad2c80d8d6e6d9d58756150be9bc973da9087 ++ 1 : 0xbfda688a5d320123fddb3fc70b746bc17647e2e7f2f96e130d429542bf4622d5 ++ 2 : 0x65dee4a48cde677aa89fa83c5c35e883fda658f743853e3ebad504ca6702f7c5 ++ 3 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 4 : 0x7672cbacaf6568fd1767a29cce541602ad91360dbd753a16b0d64021e619d65d ++ 5 : 0x202522f005ef625588bb7c9e21335ba96a63c5086306138885b3bb2c381730ca ++ 6 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 7 : 0x3b4a4db44b7a872524055364e62e897ae678e0d47ab0809f65c3a4ed77f66ab9 ++ 8 : 0x47591b43af431963eaeb5238a5c42eda1eb0014c27f7de7ae483066a2d2a2e61 +diff --git a/test/integration/fixtures/event-raw/event-bootorder.bin.yaml b/test/integration/fixtures/event-raw/event-bootorder.bin.yaml +new file mode 100644 +index 0000000..ff0568a +--- /dev/null ++++ b/test/integration/fixtures/event-raw/event-bootorder.bin.yaml +@@ -0,0 +1,1392 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 37 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 2 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1489f923c4dca729178b3e3233458550d8dddf29" ++ - AlgorithmId: sha256 ++ Digest: "96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7" ++ EventSize: 2 ++ Event: "0000" ++- EventNum: 2 ++ PCRIndex: 0 ++ EventType: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6488855f69f459ef2e2038344ec566ca4bcad690" ++ - AlgorithmId: sha256 ++ Digest: "163240b109aa840ad3c3409a19b5c3488994b831d3e5ab0bca99aef11d95281f" ++ EventSize: 16 ++ Event: ++ BlobBase: 0x820000 ++ BlobLength: 0xe0000 ++- EventNum: 3 ++ PCRIndex: 0 ++ EventType: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "fad74ec73e2093b46d934e57bb15eb07dab2daa4" ++ - AlgorithmId: sha256 ++ Digest: "0893258878179ebb61ea991f3e058a3b9352512086e683eb0458d31e45e474f7" ++ EventSize: 16 ++ Event: ++ BlobBase: 0x900000 ++ BlobLength: 0xb00000 ++- EventNum: 4 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "57cd4dc19442475aa82743484f3b1caa88e142b8" ++ - AlgorithmId: sha256 ++ Digest: "115aa827dbccfb44d216ad9ecfda56bdea620b860a94bed5b7a27bba1c4d02d8" ++ EventSize: 53 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 1 ++ UnicodeName: SecureBoot ++ VariableData: "00" ++- EventNum: 5 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9b1387306ebb7ff8e795e7be77563666bbf4516e" ++ - AlgorithmId: sha256 ++ Digest: "dea7b80ab53a3daaa24d5cc46c64e1fa9ffd03739f90aadbd8c0867c4a5b4890" ++ EventSize: 36 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 0 ++ UnicodeName: PK ++- EventNum: 6 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9afa86c507419b8570c62167cb9486d9fc809758" ++ - AlgorithmId: sha256 ++ Digest: "e670e121fcebd473b8bc41bb801301fc1d9afa33904f06f7149b74f12c47a68f" ++ EventSize: 38 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 0 ++ UnicodeName: KEK ++- EventNum: 7 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5bf8faa078d40ffbd03317c93398b01229a0e1e0" ++ - AlgorithmId: sha256 ++ Digest: "baf89a3ccace52750c5f0128351e0422a41597a1adfd50822aa363b9d124ea7c" ++ EventSize: 36 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 0 ++ UnicodeName: db ++- EventNum: 8 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "734424c9fe8fc71716c42096f4b74c88733b175e" ++ - AlgorithmId: sha256 ++ Digest: "9f75b6823bff6af1024a4e2036719cdd548d3cbc2bf1de8e7ef4d0ed01f94bf9" ++ EventSize: 38 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 0 ++ UnicodeName: dbx ++- EventNum: 9 ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 10 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "94f73ca3598b5b7fff3b295b5788cbbfcd27a10c" ++ - AlgorithmId: sha256 ++ Digest: "2b37dc2f75e2db4099e0dd546e6bbb05d1be905f8cd449baafc86353bda5dd54" ++ EventSize: 78 ++ Event: ++ ImageLocationInMemory: 0xbeeed018 ++ ImageLengthInMemory: 205768 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 46 ++ DevicePath: '02010c00d041030a000000000101060000030408180000000000005c010000000000ff7f0400000000007fff0400' ++- EventNum: 11 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "94f73ca3598b5b7fff3b295b5788cbbfcd27a10c" ++ - AlgorithmId: sha256 ++ Digest: "2b37dc2f75e2db4099e0dd546e6bbb05d1be905f8cd449baafc86353bda5dd54" ++ EventSize: 78 ++ Event: ++ ImageLocationInMemory: 0xbeeed018 ++ ImageLengthInMemory: 205768 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 46 ++ DevicePath: '02010c00d041030a000000000101060000040408180000000000005c010000000000ff7f0400000000007fff0400' ++- EventNum: 12 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ea3f530d2b261b5a945812c15858c09de04abe9c" ++ - AlgorithmId: sha256 ++ Digest: "263d99957c7b574c63a265b32da7fff8b8ad831828946bfbff650d7074dd9198" ++ EventSize: 56 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 9 ++ VariableDataLength: 6 ++ UnicodeName: BootOrder ++ VariableData: "010000000200" ++- EventNum: 13 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2a9a2be325bb21a601ecc332059d1326bda65629" ++ - AlgorithmId: sha256 ++ Digest: "d381b8aa422440ccf1edfd12e58e8ad0074e4b9735fad17d27783f24ec33ff26" ++ EventSize: 126 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 78 ++ UnicodeName: Boot0001 ++ VariableData: "010000001600550045004600490020004d006900730063002000440065007600690063006500000002010c00d041030a000000000101060000067fff04004eac0881119f594d850ee21a522c59b2" ++- EventNum: 14 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "22a4f6ee9af6dba01d3528deb64b74b582fc182b" ++ - AlgorithmId: sha256 ++ Digest: "3197be1e300fa1600d1884c3a4bd4a90a15405bfb546cf2e6cf6095f8c362a93" ++ EventSize: 110 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 62 ++ UnicodeName: Boot0000 ++ VariableData: "090100002c0055006900410070007000000004071400c9bdb87cebf8344faaea3ee4af6516a10406140021aa2c4614760345836e8ab6f46623317fff0400" ++- EventNum: 15 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "df5d6605cb8f4366d745a8464cfb26c1efdc305c" ++ - AlgorithmId: sha256 ++ Digest: "4d387b02d63b2f4cd7f667feb0a387fe47a10a3e26bf3533ddd001c605f3dec5" ++ EventSize: 136 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 88 ++ UnicodeName: Boot0002 ++ VariableData: "010000002c00450046004900200049006e007400650072006e0061006c0020005300680065006c006c00000004071400c9bdb87cebf8344faaea3ee4af6516a10406140083a5047c3e9e1c4fad65e05268d0b4d17fff0400" ++- EventNum: 16 ++ PCRIndex: 4 ++ EventType: EV_EFI_ACTION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cd0fdb4531a6ec41be2753ba042637d6e5f7f256" ++ - AlgorithmId: sha256 ++ Digest: "3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba" ++ EventSize: 40 ++ Event: |- ++ Calling EFI Application from Boot Option ++- EventNum: 17 ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 18 ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 19 ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 20 ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 21 ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 22 ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 23 ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 24 ++ PCRIndex: 5 ++ EventType: EV_EFI_GPT_EVENT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d35cb7d68eaa9de91261f18f3077b7ba9dd32974" ++ - AlgorithmId: sha256 ++ Digest: "2b406513198abc7ffebdec8a744c1a8b828fe07489e000dbde27bf237aca3de2" ++ EventSize: 484 ++ Event: "4546492050415254000001005c000000d8b2b15d000000000100000000000000ff5f6604000000002200000000000000de5f660400000000a21b0807c97c63468ecf4692ccb7e3ec02000000000000008000000080000000160e4f720300000000000000af3dc60f838472478e793d69d8477de47010a9784677964382b8ffc7ba90d8890078030000000000de5f66040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004861682149646f6e744e656564454649daf9d10afb18ac429f39fbba46240cbd0008000000000000ff27000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028732ac11ff8d211ba4b00a0c93ec93b98e759c36a59b642b6f6eca290429d990028000000000000ff770300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ++- EventNum: 25 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d0e6f939f1304a83975f34ff678da573ae2b3ee5" ++ - AlgorithmId: sha256 ++ Digest: "007f4c95125713b112093e21663e2d23e3c1ae9ce4b5de0d58a297332336a2d8" ++ EventSize: 144 ++ Event: ++ ImageLocationInMemory: 0xbec2b018 ++ ImageLengthInMemory: 1334816 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 112 ++ DevicePath: '02010c00d041030a0000000001010600000604012a000f0000000028000000000000005003000000000098e759c36a59b642b6f6eca290429d990202040430005c004500460049005c0042004f004f0054005c0042004f004f0054005800360034002e0045004600490000007fff0400' ++- EventNum: 26 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "26040ba214343fb89f2f82599675474f092d506d" ++ - AlgorithmId: sha256 ++ Digest: "70fd78ce1d6de8d0cc7d5ca74e2e69e03cb92762d8a19d63a61b50070d41593f" ++ EventSize: 41 ++ Event: ++ ImageLocationInMemory: 0x0 ++ ImageLengthInMemory: 0 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 0 ++ DevicePath: '0090150000a01500af' ++- EventNum: 27 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5bb3e7b9b843fa3bf11e7a85877c095031f6242f" ++ - AlgorithmId: sha256 ++ Digest: "b2166ffbf190a9bb3809a5a1dcb44bb5f3de6b44c2c27f1e4220a83f92d0c06a" ++ EventSize: 69 ++ Event: ++ String: "grub_cmd: [ -z (hd0,gpt15)/boot/grub -o ! -e (hd0,gpt15)/boot/grub ]\0" ++- EventNum: 28 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "74bebd5904e1e03e1b33c6b282f02c1495a6399a" ++ - AlgorithmId: sha256 ++ Digest: "204e96107885ed140d3e8dbef893e1c64e4a3d9924db6c2ab247a36daadef64a" ++ EventSize: 59 ++ Event: ++ String: "grub_cmd: [ -e (hd0,gpt15)/boot/grub/x86_64-efi/grub.cfg ]\0" ++- EventNum: 29 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d213ef93b23586b61de14638c1777ec837604074" ++ - AlgorithmId: sha256 ++ Digest: "172b207a85a5f584b99ce06ae8fd97eec2df94b1c8ad305cf144d9bff797bccf" ++ EventSize: 48 ++ Event: ++ String: "grub_cmd: [ -e (hd0,gpt15)/boot/grub/grub.cfg ]\0" ++- EventNum: 30 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "89390cd4a7a4db44da0828e0b25850e74ae1b5a2" ++ - AlgorithmId: sha256 ++ Digest: "d2d0bcff3471ed8513c735eae972e18b64697980124f3634ba71ccd304f73b22" ++ EventSize: 48 ++ Event: ++ String: "grub_cmd: source (hd0,gpt15)/boot/grub/grub.cfg\0" ++- EventNum: 31 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "e7dfe5cc66a86749c2035e148e5d05e7208d7bd7" ++ - AlgorithmId: sha256 ++ Digest: "3193758bf575102eeea79b1f7a7bef60772effcb7e9ca8b5fd42e33c9e8953bf" ++ EventSize: 31 ++ Event: ++ String: "(hd0,gpt15)/boot/grub/grub.cfg\0" ++- EventNum: 32 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "dc67bcc9abc2411af92a6b61683d09b888ab9b6c" ++ - AlgorithmId: sha256 ++ Digest: "154a0f30f044fc2e043ad9330b5cf5f3970422281ad8fe902dd1d0b42aa07b54" ++ EventSize: 76 ++ Event: ++ String: "grub_cmd: search.fs_uuid d64f335d-4d71-46c8-9379-3375973830f3 root hd0,gpt1\0" ++- EventNum: 33 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c90fdbd8bc3928f93d41ef4176a3415df2d584eb" ++ - AlgorithmId: sha256 ++ Digest: "679845b798116003dcee938a7e87a07c7b7dd42b5349e54632bbfa82a740541b" ++ EventSize: 42 ++ Event: ++ String: "grub_cmd: set prefix=(hd0,gpt1)/boot/grub\0" ++- EventNum: 34 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7f7e85909fb37d150f57822c0ad3b636e7853aff" ++ - AlgorithmId: sha256 ++ Digest: "5137257cdcec140bce7e0c83c1000df3f7ecf18de11bde46b8d32f49ba657791" ++ EventSize: 44 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/command.lst\0" ++- EventNum: 35 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f091655c7ac7314eb0df21931415de47628d621f" ++ - AlgorithmId: sha256 ++ Digest: "32fc7f5de8c0a5dc0b1e7eb609ca31a77eb3475539e1d97a4543dca1b9b26c57" ++ EventSize: 39 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/fs.lst\0" ++- EventNum: 36 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ff00d28114398cf1a052329494d63aceeb8ff29a" ++ - AlgorithmId: sha256 ++ Digest: "1b766f38a94927fe9b7bc1e809f0363e778e14c601e800faea271a2e75d3fc43" ++ EventSize: 43 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/crypto.lst\0" ++- EventNum: 37 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "66b726c6d64bc109d3948a9528f502ea94938ef4" ++ - AlgorithmId: sha256 ++ Digest: "46f888c52f36baf9b62d60bc8d06426a314aad5a0ff86a4362a91c2512a1df9c" ++ EventSize: 45 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/terminal.lst\0" ++- EventNum: 38 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1284bee568af2e320e6a03dce30144182be7d51e" ++ - AlgorithmId: sha256 ++ Digest: "874d063ee6d5776d8474fcbaed76cdd44f32572d8454338fef7138347e866d7d" ++ EventSize: 51 ++ Event: ++ String: "grub_cmd: configfile (hd0,gpt1)/boot/grub/grub.cfg\0" ++- EventNum: 39 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6629b50b4251a5dad59be69a1dfa3b9cd77371f5" ++ - AlgorithmId: sha256 ++ Digest: "457040ecfb2efcb062b4b833ed45d8f9c5773f09697eb71d7d64705677fddcae" ++ EventSize: 30 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/grub.cfg\0" ++- EventNum: 40 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3e5cd7ea0fdc2e2b2f956d41f9090ee3732fb833" ++ - AlgorithmId: sha256 ++ Digest: "7e2b3493baa3f9e4c6a836282d1e66b5855692169dee44d46fe20d11dbc17381" ++ EventSize: 46 ++ Event: ++ String: "grub_cmd: [ -s (hd0,gpt1)/boot/grub/grubenv ]\0" ++- EventNum: 41 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d824837898575ca2fcae32fed643e00b84d62611" ++ - AlgorithmId: sha256 ++ Digest: "42439fda5143449c668430706de270c764912b08766180e594bcd75d961da46c" ++ EventSize: 29 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/grubenv\0" ++- EventNum: 42 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3c4e9b1198ecc160aff6022c0f96b5b22fab1469" ++ - AlgorithmId: sha256 ++ Digest: "0e3a17e0c48e42d79f4d1576e7f787c911239510586505c326143b9b268bdd65" ++ EventSize: 32 ++ Event: ++ String: "grub_cmd: set have_grubenv=true\0" ++- EventNum: 43 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "453dee6ce82bd80ea89bd8085724ae9784ff0f1b" ++ - AlgorithmId: sha256 ++ Digest: "f8b99f77983990e8804864cade91f361b5b6600cc2832febaef878ac8b44d27e" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: load_env\0" ++- EventNum: 44 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d824837898575ca2fcae32fed643e00b84d62611" ++ - AlgorithmId: sha256 ++ Digest: "42439fda5143449c668430706de270c764912b08766180e594bcd75d961da46c" ++ EventSize: 29 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/grubenv\0" ++- EventNum: 45 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "69ac3a89588aa0a95d8ff937642868a0ccfe2c09" ++ - AlgorithmId: sha256 ++ Digest: "492fe6f726b0b3b92fce889eaba1aab7be7c5a373c7438557b3ea49ba98d4940" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ 1 = 2 ]\0" ++- EventNum: 46 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "aa0c1b41d0046552dea2a47b1f8e592716137f4a" ++ - AlgorithmId: sha256 ++ Digest: "5935716bf513717f6b6931f3f8e40962606850cfc43d25ff2ca4754dcc13dceb" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ 1 = 1 ]\0" ++- EventNum: 47 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d8f3601c7085b0e7d08c2b5925720404d9b799d1" ++ - AlgorithmId: sha256 ++ Digest: "6b59ff87625a202766cd5d6172f00dd63378823bf413a551a628f874bbb642cf" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: set next_entry=\0" ++- EventNum: 48 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "aa78b63e975d20ee4af7e4bfa0c8314ca2e72862" ++ - AlgorithmId: sha256 ++ Digest: "4a6e5876f2d88fa867f1099e143631ad94a37484e682790d9e1848b92a07abee" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: set prev_entry=\0" ++- EventNum: 49 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "69634430fcd587c877479d7390cd3eacfc2f27cc" ++ - AlgorithmId: sha256 ++ Digest: "fdcca48e2c9aab6cbe435b5cda9b395d67aa165516b62e7e5ce3a50ac039ac32" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: save_env prev_entry\0" ++- EventNum: 50 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "710cbf237c9abd071ca91c4104324800bec7b0fb" ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 51 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "710cbf237c9abd071ca91c4104324800bec7b0fb" ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 52 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "75409120452bbbee30abe289af973ecdd7e0ef6b" ++ - AlgorithmId: sha256 ++ Digest: "3a118940bf2675007df3368cb6d45cf2756f328d3e75daf69a971dd21bd1bc58" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: set default=0\0" ++- EventNum: 53 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 54 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "bd5209e50c09650ffcf5c2d12a8be8277e438023" ++ - AlgorithmId: sha256 ++ Digest: "09f17d4dfb4b97f16246632c21b1ac2125c95c148899eee5069fbb1b34365513" ++ EventSize: 35 ++ Event: ++ String: "grub_cmd: menuentry_id_option=--id\0" ++- EventNum: 55 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6248599bae0d78ccbda185ed2fce0182ed41e297" ++ - AlgorithmId: sha256 ++ Digest: "4af0bb370c9e3b7982027d02e04c935e32d52b528007476bfc50d36d1b86815e" ++ EventSize: 37 ++ Event: ++ String: "grub_cmd: export menuentry_id_option\0" ++- EventNum: 56 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "710cbf237c9abd071ca91c4104324800bec7b0fb" ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 57 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7dc272da02b00e0ee2958961bb99a2e3196ec24a" ++ - AlgorithmId: sha256 ++ Digest: "df24f1cae6b428fdd09bc14b06df255f93060ff05d56c3127724168596f73d5f" ++ EventSize: 33 ++ Event: ++ String: "grub_cmd: terminal_input console\0" ++- EventNum: 58 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "155e201c47f534b1201190d61e9d178a525540e6" ++ - AlgorithmId: sha256 ++ Digest: "fed7c930939012174a23271f9fa177a39891cd1baf6ccd22bccce96acd0514d1" ++ EventSize: 34 ++ Event: ++ String: "grub_cmd: terminal_output console\0" ++- EventNum: 59 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "aa0c1b41d0046552dea2a47b1f8e592716137f4a" ++ - AlgorithmId: sha256 ++ Digest: "5935716bf513717f6b6931f3f8e40962606850cfc43d25ff2ca4754dcc13dceb" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ 1 = 1 ]\0" ++- EventNum: 60 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "4f44a4a7a7523e637715ea96d38b3614bb6c22d8" ++ - AlgorithmId: sha256 ++ Digest: "d3a793f471b6bfe8d783f5e629314cad4763d48986a8cd4df25475334b40f49b" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: set timeout=0\0" ++- EventNum: 61 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "0d570854895a5a9ce25dc6c25026278c2d1a6367" ++ - AlgorithmId: sha256 ++ Digest: "207cda95fd859189d016c7c2cc03b9c05672984589e4809e1dcee665d629cf7d" ++ EventSize: 44 ++ Event: ++ String: "grub_cmd: set menu_color_normal=white/black\0" ++- EventNum: 62 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d4a516aec1bccafec65420d98fcb243aa465d837" ++ - AlgorithmId: sha256 ++ Digest: "6f18799fe0ecb5c4bb4c0695a3094dc9841c940c3b463e14c25e444246348a2a" ++ EventSize: 52 ++ Event: ++ String: "grub_cmd: set menu_color_highlight=black/light-gray\0" ++- EventNum: 63 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ecdcad74115ad02c9d8440f27b4e0689d76774e7" ++ - AlgorithmId: sha256 ++ Digest: "6cf48a4c26fa07a4c8ae470218b37d52b0ff3095c23c35a3bb8872b87c883ebe" ++ EventSize: 60 ++ Event: ++ String: "grub_cmd: set partuuid=78a91070-7746-4396-82b8-ffc7ba90d889\0" ++- EventNum: 64 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ffc5ff69933dd9a11ca68638ce3658ef0d2269ca" ++ - AlgorithmId: sha256 ++ Digest: "947920653060a5560f1c4a13befe97d2c3d13c1f36effb24c29f57d1e53edbb5" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: [ 1 != 1 ]\0" ++- EventNum: 65 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "b22f5db5791853fce95f8623ab479d81483b71dc" ++ - AlgorithmId: sha256 ++ Digest: "5618ae564712085435199ecf654a3ab87e1c1fd87a1823c780d7f0f677dd7b5d" ++ EventSize: 34 ++ Event: ++ String: "grub_cmd: set linux_gfx_mode=text\0" ++- EventNum: 66 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9deef0fa444e59d7a08e615f25628826e7feddf9" ++ - AlgorithmId: sha256 ++ Digest: "22e041251eb54eeb3270245759aa3e8bd3b77a647db988b681b1eafc6960aa45" ++ EventSize: 32 ++ Event: ++ String: "grub_cmd: export linux_gfx_mode\0" ++- EventNum: 67 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ca904a776c820180356d1f6d200588daa7fa64b7" ++ - AlgorithmId: sha256 ++ Digest: "461ab8369f3a3d8b10c911724a3f4e0f242ec9155565ba6116a2290c8f321b84" ++ EventSize: 1023 ++ Event: ++ String: "grub_cmd: menuentry Ubuntu --class ubuntu --class gnu-linux --class gnu --class os --id gnulinux-simple-d64f335d-4d71-46c8-9379-3375973830f3 {\n\ ++ \trecordfail\n\ ++ \tload_video\n\ ++ \tgfxmode $linux_gfx_mode\n\ ++ \tinsmod gzio\n\ ++ \tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \tinsmod part_gpt\n\ ++ \tinsmod ext2\n\ ++ \tset root='hd0,gpt1'\n\ ++ \tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 d64f335d-4d71-46c8-9379-3375973830f3\n\ ++ \telse\n\ ++ \t\x20\x20search --no-floppy --fs-uuid --set=root d64f335d-4d71-46c8-9379-3375973830f3\n\ ++ \tfi\n\ ++ \tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\x20\x20linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0\n\ ++ \t\x20\x20initrd /boot/initrd.img-5.4.0-45-generic\n\ ++ \telse\n\ ++ \t\x20\x20linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0 panic=-1\n\ ++ \tfi\n\ ++ \tinitrdfail\n\ ++ }\0" ++- EventNum: 68 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "e0a4b6ed5d77ec6442f5fe4248e10fafbbf558f6" ++ - AlgorithmId: sha256 ++ Digest: "180e24f477566b850732c77bf45ee0460552451c391d111a31b31ae5d7be9d14" ++ EventSize: 2484 ++ Event: ++ String: "grub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-d64f335d-4d71-46c8-9379-3375973830f3 {\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.4.0-45-generic' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-45-generic-advanced-d64f335d-4d71-46c8-9379-3375973830f3' {\n\ ++ \t\trecordfail\n\ ++ \t\tload_video\n\ ++ \t\tgfxmode $linux_gfx_mode\n\ ++ \t\tinsmod gzio\n\ ++ \t\tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 d64f335d-4d71-46c8-9379-3375973830f3\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root d64f335d-4d71-46c8-9379-3375973830f3\n\ ++ \t\tfi\n\ ++ \t\techo 'Loading Linux 5.4.0-45-generic ...'\n\ ++ \t\tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0\n\ ++ \t\t\x20\x20echo 'Loading initial ramdisk ...'\n\ ++ \t\t\x20\x20initrd /boot/initrd.img-5.4.0-45-generic\n\ ++ \t\telse\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0 panic=-1\n\ ++ \t\tfi\n\ ++ \t\tinitrdfail\n\ ++ \t}\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.4.0-45-generic (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-45-generic-recovery-d64f335d-4d71-46c8-9379-3375973830f3' {\n\ ++ \t\trecordfail\n\ ++ \t\tload_video\n\ ++ \t\tinsmod gzio\n\ ++ \t\tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 d64f335d-4d71-46c8-9379-3375973830f3\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root d64f335d-4d71-46c8-9379-3375973830f3\n\ ++ \t\tfi\n\ ++ \t\techo 'Loading Linux 5.4.0-45-generic ...'\n\ ++ \t\tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro recovery nomodeset dis_ucode_ldr biosdevname=0 net.ifnames=0\n\ ++ \t\t\x20\x20echo 'Loading initial ramdisk ...'\n\ ++ \t\t\x20\x20initrd /boot/initrd.img-5.4.0-45-generic\n\ ++ \t\telse\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro recovery nomodeset dis_ucode_ldr biosdevname=0 net.ifnames=0 panic=-1\n\ ++ \t\tfi\n\ ++ \t\tinitrdfail\n\ ++ \t}\n\ ++ }\0" ++- EventNum: 69 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "273f5c80c12e935c1d37c2cfe3e161bc42d79d8e" ++ - AlgorithmId: sha256 ++ Digest: "1ea37430950c837021ebcc02f98c12018c31e593e366429436e1353584c7ec72" ++ EventSize: 49 ++ Event: ++ String: "grub_cmd: [ -f (hd0,gpt1)/boot/grub/custom.cfg ]\0" ++- EventNum: 70 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a3326df3194201575e51c3b9a1c8d5d17aeff2d0" ++ - AlgorithmId: sha256 ++ Digest: "d5478d9057580531bf6ff37383b01bb78e1279c20a23721aa3a67ad0d1ca35db" ++ EventSize: 76 ++ Event: ++ String: "grub_cmd: [ -z (hd0,gpt1)/boot/grub -a -f (hd0,gpt1)/boot/grub/custom.cfg ]\0" ++- EventNum: 71 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "17c76a65ebda6aa310da041aabbcd6483bf00df4" ++ - AlgorithmId: sha256 ++ Digest: "bf5d10a466c0f77818990a9d0fdcc8fa2c4561ba92912d5fbc9d4ac1e31a00fb" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: setparams Ubuntu\0" ++- EventNum: 72 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "98d066f8ffd046bacb38b106188cbe7fe9ada729" ++ - AlgorithmId: sha256 ++ Digest: "a57e067e286efc4eea89659d40f13a38cc1792e4277bed820ded674c94bf2ead" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: recordfail\0" ++- EventNum: 73 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "bac17085fef5043662a50cef18bf366844c074ff" ++ - AlgorithmId: sha256 ++ Digest: "64bda8f65b1585d7868248a292c449660cc8f75075c10d87ae59a4db401ce119" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: set recordfail=1\0" ++- EventNum: 74 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "55cfd6463ef334abb6b48080b33ec063a9c051eb" ++ - AlgorithmId: sha256 ++ Digest: "cfa4676ffe751d1547e77a8d66a033b59b3eed3400d9b3a305d2601891ab0e59" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ -n true ]\0" ++- EventNum: 75 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d31e5f156b716d7835b261891644bb5f7f65e285" ++ - AlgorithmId: sha256 ++ Digest: "4e7a22f96bae467df0f26975e0bf7614d6b92993301c65bae6a85c6530e460bf" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ -z ]\0" ++- EventNum: 76 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "925ee69b7c8ac4937cbe47d5c85351d869b4e8d7" ++ - AlgorithmId: sha256 ++ Digest: "ce2cc20777ba8d3bc75b662163c3abe370344d4bae17d75fb5bd408d1fb6badf" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: save_env recordfail\0" ++- EventNum: 77 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8fe59e66d6ec198420477f24f791e929f153e144" ++ - AlgorithmId: sha256 ++ Digest: "7626abd8be7442c2e575364a3e95cb3a3b533c58afbba402d2bdabdff85d29c7" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: load_video\0" ++- EventNum: 78 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 79 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "59ced343b060b7df54fa7ba251ef877940601ee4" ++ - AlgorithmId: sha256 ++ Digest: "d71353f5368eb2c1280590928128979bd96ea8db1e8c81493f7878383b76ab3b" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: insmod all_video\0" ++- EventNum: 80 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9e12ea97e4dadf46b29402cc55eacd227ee3f364" ++ - AlgorithmId: sha256 ++ Digest: "6efe5245f640eb0b7e601bc996652d06902a4bbd1b34b902903fc217a826f30e" ++ EventSize: 23 ++ Event: ++ String: "grub_cmd: gfxmode text\0" ++- EventNum: 81 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "75538862ec020d327e306ea27c200bddae3406eb" ++ - AlgorithmId: sha256 ++ Digest: "c89c80d69cfeedad50036743cb6964f8ed5ef494dff379a57c46345a327ebb64" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: set gfxpayload=text\0" ++- EventNum: 82 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2058b2755fa0eb1e9c76399a4fa797b0675da67e" ++ - AlgorithmId: sha256 ++ Digest: "ce014fbd540f5a1796d7b9def2294a75114f28ccd23c556c9e7ba1b4a38a0557" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: [ text = keep ]\0" ++- EventNum: 83 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6568ee5d89e912eb995ad4c82d000ab8d0b4548e" ++ - AlgorithmId: sha256 ++ Digest: "09e725869682d71dba50ef98b2f78022466e9c0173f5f4bcc4f0f863067e65f8" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: set vt_handoff=\0" ++- EventNum: 84 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ba509ca38210f0683c477c9dc40e4c4f653e1dfb" ++ - AlgorithmId: sha256 ++ Digest: "6c4674d4c652ee67b98a6206d7541ccbf2d5dc0a18dae31ad66e82c794c49784" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: insmod gzio\0" ++- EventNum: 85 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2de845dce8a51c8fddbaa04686760093325b7569" ++ - AlgorithmId: sha256 ++ Digest: "18865468f2e4bd9f0cc4ffdda1335f405d06df8d6ff183b373f50e08e81f924d" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: [ xefi = xxen ]\0" ++- EventNum: 86 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a4e1c6f50579b47c964111d1ea2170e6f923c941" ++ - AlgorithmId: sha256 ++ Digest: "62cd76d31ca3d10d742e46c6ff171046ce19dd90f361a827fec6571e59c24794" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: insmod part_gpt\0" ++- EventNum: 87 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "af3f07abac9e5c56b82f09ab98328905aabbf6ef" ++ - AlgorithmId: sha256 ++ Digest: "b838a4d2860c81058105fbb1907a1fb7f60b65591b099b3b000d9b31d8d2fb20" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: insmod ext2\0" ++- EventNum: 88 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cbf1bcb38df72c190b4db0d27ee96eca3c7a9e44" ++ - AlgorithmId: sha256 ++ Digest: "20df4eb78bbf966925af51ad614806aa3ad6f146a9a0c85ac2582a3eaa9a30ca" ++ EventSize: 28 ++ Event: ++ String: "grub_cmd: set root=hd0,gpt1\0" ++- EventNum: 89 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 90 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9beaa2097e4493a4bb31f11a3f6d8f958b3429b2" ++ - AlgorithmId: sha256 ++ Digest: "1781ff193c82654750367a4fc175c77e971e4c53517470ddb02afa23a40290f4" ++ EventSize: 156 ++ Event: ++ String: "grub_cmd: search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 d64f335d-4d71-46c8-9379-3375973830f3\0" ++- EventNum: 91 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "aa0c1b41d0046552dea2a47b1f8e592716137f4a" ++ - AlgorithmId: sha256 ++ Digest: "5935716bf513717f6b6931f3f8e40962606850cfc43d25ff2ca4754dcc13dceb" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ 1 = 1 ]\0" ++- EventNum: 92 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "b6f8fec26a7eb65f3927aa43af6e8ec1846ee688" ++ - AlgorithmId: sha256 ++ Digest: "d78fa3dd0776f200df573cff8c4fd68f5091ed7ad3a6437db8b0db3325c6b0ed" ++ EventSize: 156 ++ Event: ++ String: "grub_cmd: linux /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0\0" ++- EventNum: 93 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8a0b7b8226ad59b5ac4381ca4afd38709d8448eb" ++ - AlgorithmId: sha256 ++ Digest: "6f6461546ce9fbee0b33dcad75f6f5534ecf907a397f29b5c8c0d93093b6e4e2" ++ EventSize: 31 ++ Event: ++ String: "/boot/vmlinuz-5.4.0-45-generic\0" ++- EventNum: 94 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3130fdda238d47b4164505d920baca259ce81219" ++ - AlgorithmId: sha256 ++ Digest: "5f8193381b94ebb69a821609308177d3fa8d1fb6fbd817266a61e4ff77d154ef" ++ EventSize: 156 ++ Event: ++ String: "kernel_cmdline: /boot/vmlinuz-5.4.0-45-generic root=PARTUUID=78a91070-7746-4396-82b8-ffc7ba90d889 ro biosdevname=0 net.ifnames=0 console=tty1 console=ttyS0\0" ++- EventNum: 95 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c92cb595ef1e034296cdba12b58df0c15e4fbb3b" ++ - AlgorithmId: sha256 ++ Digest: "4bdfca86598a2eca99da0d5d8d7eb437a4009db929616f243a41936c4460d446" ++ EventSize: 51 ++ Event: ++ String: "grub_cmd: initrd /boot/initrd.img-5.4.0-45-generic\0" ++- EventNum: 96 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "186473f3819194651227f49e5f389db7b7cae751" ++ - AlgorithmId: sha256 ++ Digest: "46109c40d06946c299a8efc66c93fe882df02ce8f7ae0546571d6eaa02457552" ++ EventSize: 34 ++ Event: ++ String: "/boot/initrd.img-5.4.0-45-generic\0" ++- EventNum: 97 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8c6944c5ed9f1516843fd5f5bc32941b1306e7db" ++ - AlgorithmId: sha256 ++ Digest: "76bc6c6d70ce34a24bda263584ed03d0fd5d94f90ca206dd5e500b0fe98b3df2" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: initrdfail\0" ++- EventNum: 98 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "55cfd6463ef334abb6b48080b33ec063a9c051eb" ++ - AlgorithmId: sha256 ++ Digest: "cfa4676ffe751d1547e77a8d66a033b59b3eed3400d9b3a305d2601891ab0e59" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ -n true ]\0" ++- EventNum: 99 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "86365ebcde91a88bd1c97b4864e7058e66d97e7a" ++ - AlgorithmId: sha256 ++ Digest: "3602091ace7833250a353f8e3d7b79f1efcabb25ac761f5764f6a4403eec4974" ++ EventSize: 54 ++ Event: ++ String: "grub_cmd: [ -n 78a91070-7746-4396-82b8-ffc7ba90d889 ]\0" ++- EventNum: 100 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a3a5563acacd3a3545f38b1efec4328b19e1db6d" ++ - AlgorithmId: sha256 ++ Digest: "50be723e27218e2db23928b27f224484c593978e2073b88ff455eb0caa481260" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: [ -z 1 ]\0" ++- EventNum: 101 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9f1950c2967bc0668269446aa91b2f1e2b088862" ++ - AlgorithmId: sha256 ++ Digest: "a05839fd9bfebe3bde7739df6a1983a0008d37e25a47ffa6a164b4a22050c80f" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: save_env initrdfail\0" ++- EventNum: 102 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "443a6b7b82b7af564f2e393cd9d5a388b7fa4a98" ++ - AlgorithmId: sha256 ++ Digest: "d8043d6b7b85ad358eb3b6ae6a873ab7ef23a26352c5dc4faa5aeedacf5eb41b" ++ EventSize: 29 ++ Event: |- ++ Exit Boot Services Invocation ++- EventNum: 103 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "475545ddc978d7bfd036facc7e2e987f48189f0d" ++ - AlgorithmId: sha256 ++ Digest: "b54f7542cbd872a81a9d9dea839b2b8d747c7ebd5ea6615c40f42f44a6dbeba0" ++ EventSize: 40 ++ Event: |- ++ Exit Boot Services Returned with Success ++pcrs: ++ sha1: ++ 0 : 0x74c8f4bec7f58dea3941ce46e688440cce91cf5c ++ 1 : 0x293a334523288b61943f3101008ad5ca1f56e127 ++ 2 : 0x64bdfedc3a257a7dbc5bf9e94692ec6033f1dc76 ++ 3 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 4 : 0x13f0dcc5114f14c3df03cf437d7181f256e07a01 ++ 5 : 0x461d7b57e3c62d7a2cda4e4acdec3908c866432e ++ 6 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 7 : 0x518bd167271fbb64589c61e43d8c0165861431d8 ++ 8 : 0x43aaff1eb3b4ec57d1a5c1427f6ae4748fe40cd8 ++ 9 : 0xf1ec9df00222a772a04fa20afbd7e707ac3ad677 ++ sha256: ++ 0 : 0x804c3cb76b471627372c8e5ebd068d1f8f8af088af43dc9de620af652f11116f ++ 1 : 0x61137129a04703282cd3a002a6cd3694e09c68115cbe1e11f4efa892685648d9 ++ 2 : 0x6bb89e2dc338e478b9b58d7c987c67fd2b09435be88195decc1e6ecf6e719d8e ++ 3 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 4 : 0xa01755784426c92d1d22a4305319644855ba0204dcc46ed920d74473defffe42 ++ 5 : 0x8017b57031d6bb5a8e830949ca3c04bcaafe196d6de802697c9fb0acb38f2dac ++ 6 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 7 : 0x65caf8dd1e0ea7a6347b635d2b379c93b9a1351edc2afc3ecda700e534eb3068 ++ 8 : 0xf5ce9866af7ad692ed3afe642b65992d6f5d93389ddb119b49eef3a9fe54a1c1 ++ 9 : 0xd734aa05ed0dfe770bcf88e0ff26113bb3aab42e2e8b8f287aa84aee86acefa1 +diff --git a/test/integration/fixtures/event-raw/event-gce-ubuntu-2104-log.bin.yaml b/test/integration/fixtures/event-raw/event-gce-ubuntu-2104-log.bin.yaml +new file mode 100644 +index 0000000..5832a40 +--- /dev/null ++++ b/test/integration/fixtures/event-raw/event-gce-ubuntu-2104-log.bin.yaml +@@ -0,0 +1,1919 @@ ++--- ++version: 2 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 41 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 3 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ - Algorithm[2]: ++ algorithmId: sha384 ++ digestSize: 48 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3f708bdbaff2006655b540360e16474c100c1310" ++ - AlgorithmId: sha256 ++ Digest: "d0fcf11a32a8fbf5a4e1a58cd74dd2357d07e7503b5b6afd5a7989a98e17be7f" ++ - AlgorithmId: sha384 ++ Digest: "6d01b1822e08428dcf9234f6a78ac5cb49f49bc1c4393f3717319d8161218bb614df8af7a68c14cea682616589bf0963" ++ EventSize: 48 ++ Event: "47004300450020005600690072007400750061006c0020004600690072006d0077006100720065002000760031000000" ++- EventNum: 2 ++ PCRIndex: 0 ++ EventType: EV_NONHOST_INFO ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9e8af742718df04092551f27c117723769acfe7e" ++ - AlgorithmId: sha256 ++ Digest: "7b74dea34ce9b49755ab1babe8bac9ad528d3d5addec4e2fa298e3ae68fd276f" ++ - AlgorithmId: sha384 ++ Digest: "a74de6271fa4ad2b7b1846f1d40c28eb103f5ee055abc9883f2ca7d9bedf8ec8c848fce5aa0ad22f1750ce78f5bbf15e" ++ EventSize: 32 ++ Event: "474345204e6f6e486f7374496e666f0000000000000000000000000000000000" ++- EventNum: 3 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "57cd4dc19442475aa82743484f3b1caa88e142b8" ++ - AlgorithmId: sha256 ++ Digest: "115aa827dbccfb44d216ad9ecfda56bdea620b860a94bed5b7a27bba1c4d02d8" ++ - AlgorithmId: sha384 ++ Digest: "cfa4e2c606f572627bf06d5669cc2ab1128358d27b45bc63ee9ea56ec109cfafb7194006f847a6a74b5eaed6b73332ec" ++ EventSize: 53 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 1 ++ UnicodeName: SecureBoot ++ VariableData: ++ Enabled: 'No' ++- EventNum: 4 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5abd9412abf33e34a79b3d1a93d350e742d8ecd8" ++ - AlgorithmId: sha256 ++ Digest: "0bdbbbe39766588565c5cc98a2aeb6e44a9178c9f1935bd241f38372448418bb" ++ - AlgorithmId: sha384 ++ Digest: "a763553c9606770cd3a5e607f8e0c1ef01cdf2555af753fa3a1f6afe43eb7b2a0af4a6f80fd8e4dd10459668f3b011e0" ++ EventSize: 842 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 806 ++ UnicodeName: PK ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 806 ++ SignatureHeaderSize: 0 ++ SignatureSize: 778 ++ Keys: ++ - SignatureOwner: d281fad2-8d88-47a4-9792-5baa47bb1b89 ++ SignatureData: 308202f6308201dea003020102020900d54a14e867835dea300d06092a864886f70d01010b05003010310e300c06035504030c056e6577706b301e170d3138303832313231353131355a170d3138303932303231353131355a3010310e300c06035504030c056e6577706b30820122300d06092a864886f70d01010105000382010f003082010a0282010100ccb9d5087cf86d6b63ea1702c962f40b93c9fe90e39d7c2c45ce85015252487cfb4326bf0da589b0f2dd13c736e87f6995aa8c6fd0a2236f34c24fb19e6bc6fa151bb894c19c8e70879142ce69210f937dda759fbf31172050c1ef8023fbbe3b56e30ad747ea9d30afd45da9036389a2fc39e196a187c33d0326b2d3a26cecc897d7ceda18eab2953cb3040707ce028acfda3a5110883f25b04b3eccddf9dadb51d591169a1da107bd88e2f112b4f1b30092b7e367e6ad8c6adc273f1ddcd44e6cc116bdefde562ada1359600979d3a97c578dfd519061379d7f7de4b76e95f0529b439edc483c1dcdbc399f12a3e8470d46b836dc92b395a8ce4ae34623584b0203010001a3533051301d0603551d0e041604149850840342f32fdb97822728977431465e60cbc5301f0603551d230418301680149850840342f32fdb97822728977431465e60cbc5300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101008aa11e52113f17aae7bdb024ab8bad32b049fd7b34cb3b8076603d8edcca6b69c25b94e8b8139c8c2cd7bcac7d8259c3b511c42ea26c16a5ec981df003312336f8cb3083673a3a1f2b622117602cbaf52ef9286eca6670582886678f69846c002758259c501405e970b8606e54854aaf086d8f451ba65b34fc264d1c3c81e1bb242e79e013d1c8ac7cd97f3847114381196b335057e3739ea67f87ddc3e24afc737b4b070987c78309365aea698740840c2c94802f3dae3dcb70c40335c2b93e7108b2a3c6add8243f7d60ab186fa0ee7a1b9acf759fe84cabcd5187685833b2d901bc04021038252a984b1d45fb67339b259c3fac1ba44344cccdd3c80b6ee1 ++- EventNum: 5 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f0501c79b607cc42e9142ee85a74d9c27669c0e2" ++ - AlgorithmId: sha256 ++ Digest: "622647d8138f5b8a64087d2d2e6682c162097b6c1315a6b7225a6657c256b582" ++ - AlgorithmId: sha384 ++ Digest: "c000a71b17a6054093ed791ece8b1556973ddef6da91bf0aeb5792b3c842423742b52943a58bdf2328a434937e327888" ++ EventSize: 1598 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 1560 ++ UnicodeName: KEK ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1560 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1532 ++ Keys: ++ - SignatureOwner: d281fad2-8d88-47a4-9792-5baa47bb1b89 ++ SignatureData: 308205e8308203d0a003020102020a610ad188000000000003300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632343230343132395a170d3236303632343230353132395a308180310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312a3028060355040313214d6963726f736f667420436f72706f726174696f6e204b454b204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4e8b58abfad5726b026c3eae7fb577a44025d070dda4ae5742ae6b00fec6debec7fb9e35a63327c11174f0ee30ba73815938ec6f5e084b19a9b2ce7f5b791d609e1e2c004a8ac301cdf48f306509a64a7517fc8854f8f2086cefe2fe19fff82c0ede9cdcef4536a623a0b43b9e225fdfe05f9d4c414ab11e223898d70b7a41d4decaee59cfa16c2d7c1cbd4e8c42fe599ee248b03ec8df28beac34afb4311120b7eb547926cdce60489ebf53304eb10012a71e5f983133cff25092f687646ffba4fbedcad712a58aafb0ed2793de49b653bcc292a9ffc7259a2ebae92eff6351380c602ece45fcc9d76cdef6392c1af79408479877fe352a8e89d7b07698f150203010001a382014f3082014b301006092b06010401823715010403020100301d0603551d0e0416041462fc43cda03ea4cb6712d25bd955ac7bccb68a5f301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100d48488f514941802ca2a3cfb2a921c0cd7a0d1f1e85266a8eea2b5757a9000aa2da4765aea79b7b9376a517b1064f6e164f20267bef7a81b78bdbace8858640cd657c819a35f05d6dbc6d069ce484b32b7eb5dd230f5c0f5b8ba7807a32bfe9bdb345684ec82caae4125709c6be9fe900fd7961fe5e7941fb22a0c8d4bff2829107bf7d77ca5d176b905c879ed0f90929cc2fedf6f7e6c0f7bd4c145dd345196390fe55e56d8180596f407a642b3a077fd0819f27156cc9f8623a487cba6fd587ed4696715917e81f27f13e50d8b8a3c8784ebe3cebd43e5ad2d84938e6a2b5a7c44fa52aa81c82d1cbbe052df0011f89a3dc160b0e133b5a388d165190a1ae7ac7ca4c182874e38b12f0dc514876ffd8d2ebc39b6e7e6c3e0e4cd2784ef9442ef298b9046413b811b67d8f9435965cb0dbcfd00924ff4753ba7a924fc50414079e02d4f0a6a27766e52ed96697baf0ff78705d045c2ad5314811ffb3004aa373661da4a691b34d868edd602cf6c940cd3cf6c2279adb1f0bc03a24660a9c407c22182f1fdf2e8793260bfd8aca522144bcac1d84beb7d3f5735b2e64f75b4b060032253ae91791dd69b411f15865470b2de0d350f7cb03472ba97603bf079eba2b21c5da216b887c5e91bf6b597256f389fe391fa8a7998c3690eb7a31c200597f8ca14ae00d7c4f3c01410756b34a01bb59960f35cb0c5574e36d23284bf9e ++- EventNum: 6 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "0915a210049c2781fba26180600fb32217c7c972" ++ - AlgorithmId: sha256 ++ Digest: "62ba0f38c3848a9462f98774c586e9d954e72921b3a5254124b63632ccaf8f5a" ++ - AlgorithmId: sha384 ++ Digest: "3509cd62ba8fbef6fae05bee7c3c1ae528f328120879d37f778c3611f9bbf1eaf362423ad89bc8a69283ad2821c5fc37" ++ EventSize: 3179 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 3143 ++ UnicodeName: db ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1600 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1572 ++ Keys: ++ - SignatureOwner: d281fad2-8d88-47a4-9792-5baa47bb1b89 ++ SignatureData: 30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1543 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1515 ++ Keys: ++ - SignatureOwner: d281fad2-8d88-47a4-9792-5baa47bb1b89 ++ SignatureData: 308205d7308203bfa003020102020a61077656000000000008300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3131313031393138343134325a170d3236313031393138353134325a308184310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312e302c060355040313254d6963726f736f66742057696e646f77732050726f64756374696f6e20504341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100dd0cbba2e42e09e3e7c5f79669bc0021bd693333efad04cb5480ee0683bbc52084d9f7d28bf338b0aba4ad2d7c627905ffe34a3f04352070e3c4e76be09cc03675e98a31dd8d70e5dc37b5744696285b8760232cbfdc47a567f751279e72eb07a6c9b91e3b53357ce5d3ec27b9871cfeb9c923096fa84691c16e963c41d3cba33f5d026a4dec691f25285c36fffd43150a94e019b4cfdfc212e2c25b27ee2778308b5b2a096b22895360162cc0681d53baec49f39d618c85680973445d7da2542bdd79f715cf355d6c1c2b5ccebc9c238b6f6eb526d93613c34fd627aeb9323b41922ce1c7cd77e8aa544ef75c0b048765b44318a8b2e06d1977ec5a24fa48030203010001a38201433082013f301006092b06010401823715010403020100301d0603551d0e04160414a92902398e16c49778cd90f99e4f9ae17c55af53301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014d5f656cb8fe8a25c6268d13d94905bd7ce9a18c430560603551d1f044f304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f4365724175745f323031302d30362d32332e63726c305a06082b06010505070101044e304c304a06082b06010505073002863e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f4365724175745f323031302d30362d32332e637274300d06092a864886f70d01010b0500038202010014fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e ++- EventNum: 7 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "734424c9fe8fc71716c42096f4b74c88733b175e" ++ - AlgorithmId: sha256 ++ Digest: "9f75b6823bff6af1024a4e2036719cdd548d3cbc2bf1de8e7ef4d0ed01f94bf9" ++ - AlgorithmId: sha384 ++ Digest: "18cc6e01f0c6ea99aa23f8a280423e94ad81d96d0aeb5180504fc0f7a40cb3619dd39bd6a95ec1680a86ed6ab0f9828d" ++ EventSize: 38 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 0 ++ UnicodeName: dbx ++ VariableData: ++- EventNum: 8 ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 9 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "b6a0ebef70ae24d9fe913dd0c6d2b4e0d80dc049" ++ - AlgorithmId: sha256 ++ Digest: "415093c7a014e1aba1f54f87ae7747228f31cbf4ed40a68476d48a4651551be3" ++ - AlgorithmId: sha384 ++ Digest: "17ac1475128af46c9ea8f807632543c44415306dd06cca9efc8ecf3913146c3095f47ba61d93bcf0618de8759fc13989" ++ EventSize: 58 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 9 ++ VariableDataLength: 8 ++ UnicodeName: BootOrder ++ VariableData: ++ - Boot0003 ++ - Boot0000 ++ - Boot0001 ++ - Boot0002 ++- EventNum: 10 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "dde878cdae43d75a4799189ae872ba915cea8905" ++ - AlgorithmId: sha256 ++ Digest: "81b4afa14fa6dd52a1d528671d197fbdd24ebd7d9c8cf9af83c1341710953b2d" ++ - AlgorithmId: sha384 ++ Digest: "53de75d2a6230b37a0f7dd1cdb8c0b08b4c138c3a53eaa1a547cde643c1fda1e0a0224e444c74e2d62e6c06131c2ee55" ++ EventSize: 166 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 118 ++ UnicodeName: Boot0003 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 98 ++ Description: "ubuntu" ++ DevicePath: '04012a000f0000000028000000000000005003000000000040f7a66eef256942838d1a6f21ebf27f0202040434005c004500460049005c007500620075006e00740075005c007300680069006d007800360034002e0065006600690000007fff0400' ++- EventNum: 11 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "22a4f6ee9af6dba01d3528deb64b74b582fc182b" ++ - AlgorithmId: sha256 ++ Digest: "3197be1e300fa1600d1884c3a4bd4a90a15405bfb546cf2e6cf6095f8c362a93" ++ - AlgorithmId: sha384 ++ Digest: "23ada07f5261f12f34a0bd8e46760962d6b4d576a416f1fea1c64bc656b1d28eacf7047ae6e967c58fd2a98bfa74c298" ++ EventSize: 110 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 62 ++ UnicodeName: Boot0000 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 44 ++ Description: "UiApp" ++ DevicePath: '04071400c9bdb87cebf8344faaea3ee4af6516a10406140021aa2c4614760345836e8ab6f46623317fff0400' ++- EventNum: 12 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1deddbe8c4412b10f998870099d4067be3da37f4" ++ - AlgorithmId: sha256 ++ Digest: "a8b06578022cffbeffdd688cf545207c1a039630ab6665d72aa98d257cf2db36" ++ - AlgorithmId: sha384 ++ Digest: "9ca06fa06fbd36593f57c008963ad83985714d9674964e447247285bc60b43286e1ce06da50a1dab88f507bb132f4b9e" ++ EventSize: 156 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 108 ++ UnicodeName: Boot0001 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 30 ++ Description: "UEFI Google PersistentDisk " ++ DevicePath: '02010c00d041030a0000000001010600000303020800010000007fff04004eac0881119f594d850ee21a522c59b2' ++- EventNum: 13 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3197898dc01b3d5e97a774aeca14ec921b1af49f" ++ - AlgorithmId: sha256 ++ Digest: "a13a898b836634a61c2c011e61e7ced4ea1c5aefbdae5a9ada39acaf8497acba" ++ - AlgorithmId: sha384 ++ Digest: "8018a1de7cd3d787648f7a2c781745ca78b47dd9f6a33351ae0e27e06373111a445b67f3d944f3ac5da6344bcbf86907" ++ EventSize: 131 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 83 ++ UnicodeName: Boot0002 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 33 ++ Description: "VirtScsi(0,3,0) Disk" ++ DevicePath: '05011d0002000000566972745363736928302c332c3029204469736b007fff04001100' ++- EventNum: 14 ++ PCRIndex: 4 ++ EventType: EV_EFI_ACTION ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cd0fdb4531a6ec41be2753ba042637d6e5f7f256" ++ - AlgorithmId: sha256 ++ Digest: "3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba" ++ - AlgorithmId: sha384 ++ Digest: "77a0dab2312b4e1e57a84d865a21e5b2ee8d677a21012ada819d0a98988078d3d740f6346bfe0abaa938ca20439a8d71" ++ EventSize: 40 ++ Event: |- ++ Calling EFI Application from Boot Option ++- EventNum: 15 ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 16 ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 17 ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 18 ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 19 ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 20 ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 21 ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ - AlgorithmId: sha384 ++ Digest: "394341b7182cd227c5c6b07ef8000cdfd86136c4292b8e576573ad7ed9ae41019f5818b4b971c9effc60e1ad9f1289f0" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 22 ++ PCRIndex: 5 ++ EventType: EV_EFI_GPT_EVENT ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "50eecfcec250c8b1d356a9217e0dd79c0f2a6e1a" ++ - AlgorithmId: sha256 ++ Digest: "2d1e69a4adbf5f58c957fdb6aedc86ea037a0f5016003c7513ada83525852362" ++ - AlgorithmId: sha384 ++ Digest: "72d16133b50db63de38da942d1ae8de3e68339b22ef23a6c15d0209627d18f26c94c9dd2aa2a5f210231742ca9f1ae2d" ++ EventSize: 484 ++ Event: ++ Header: ++ Signature: "EFI PART" ++ Revision: 0x10000 ++ HeaderSize: 92 ++ HeaderCRC32: 0x7e4c86d1 ++ MyLBA: 0x1 ++ AlternateLBA: 0x13fffff ++ FirstUsableLBA: 0x22 ++ LastUsableLBA: 0x13fffde ++ DiskGUID: cb2b7180-7317-44b2-b13d-ea395dabb1a7 ++ PartitionEntryLBA: 0x2 ++ NumberOfPartitionEntry: 128 ++ SizeOfPartitionEntry: 128 ++ PartitionEntryArrayCRC32: 0x4f717292 ++ NumberOfPartitions: 3 ++ Partitions: ++ - PartitionTypeGUID: 0fc63daf-8483-4772-8e79-3d69d8477de4 ++ UniquePartitionGUID: bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ++ StartingLBA: 0x37800 ++ EndingLBA: 0x13fffde ++ Attributes: 0x0 ++ PartitionName: "" ++ - PartitionTypeGUID: 21686148-6449-6e6f-744e-656564454649 ++ UniquePartitionGUID: 9faed655-11db-4854-bb3c-87170ce39bd6 ++ StartingLBA: 0x800 ++ EndingLBA: 0x27ff ++ Attributes: 0x0 ++ PartitionName: "" ++ - PartitionTypeGUID: c12a7328-f81f-11d2-ba4b-00a0c93ec93b ++ UniquePartitionGUID: 6ea6f740-25ef-4269-838d-1a6f21ebf27f ++ StartingLBA: 0x2800 ++ EndingLBA: 0x377ff ++ Attributes: 0x0 ++ PartitionName: "" ++- EventNum: 23 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "92e6ec17937f600b9ec7f23adf4ea5553b4e2364" ++ - AlgorithmId: sha256 ++ Digest: "d99c93fcb042dbe52707bbde371c75fcf081dd5b0c88a195d44cc57536f6f521" ++ - AlgorithmId: sha384 ++ Digest: "d8811e9c08119168b156255c6d695614d1593422bc5044186d29c1aaaa86fff0a633f324ac1ac1122e547479ce50a75a" ++ EventSize: 156 ++ Event: ++ ImageLocationInMemory: 0xbdde4018 ++ ImageLengthInMemory: 955072 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 124 ++ DevicePath: '02010c00d041030a00000000010106000003030208000100000004012a000f0000000028000000000000005003000000000040f7a66eef256942838d1a6f21ebf27f0202040434005c004500460049005c007500620075006e00740075005c007300680069006d007800360034002e0065006600690000007fff0400' ++- EventNum: 24 ++ PCRIndex: 14 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "68bcec6001e5c3f2fbdd9aa9aa91da92fc893f29" ++ - AlgorithmId: sha256 ++ Digest: "2f196b05a0564764cca674175ecd97898e74ed3891c7c63ce6f17dc82603164a" ++ - AlgorithmId: sha384 ++ Digest: "053357ea65185f010b8caa1fc265cfd5e80c7cc781254fa3f1e5ea9d345a87003cf761472a2f0423f15297f55cfe248f" ++ EventSize: 8 ++ Event: ++ String: "MokList\0" ++- EventNum: 25 ++ PCRIndex: 14 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "e284bf593c56945bcb057c6b6470a2fe577ac1be" ++ - AlgorithmId: sha256 ++ Digest: "6c29c7fb3c9e800e1d16bed2fa9ca691feacbc308959cdefaef04a5a4ae213c4" ++ - AlgorithmId: sha384 ++ Digest: "5978bf6aa483f562bf18f46e1e865e35f3b6f4284733c7444a060602c0e9910397f4d6dfcaf7082894ce849077f128c1" ++ EventSize: 9 ++ Event: ++ String: "MokListX\0" ++- EventNum: 26 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "15875d39b8872f8aff3a92fc9f9e40ac75268e04" ++ - AlgorithmId: sha256 ++ Digest: "922e939a5565798a5ef12fe09d8b49bf951a8e7f89a0cca7a51636693d41a34d" ++ - AlgorithmId: sha384 ++ Digest: "f143e2948d63fcd3442e841bb36a7e180871f0a8946541961fe9d12e70d0727874600956264dba531e2edd8729c5eb38" ++ EventSize: 68 ++ Event: ++ VariableName: 605dab50-e046-4300-abb6-3dd810dd8b23 ++ UnicodeNameLength: 9 ++ VariableDataLength: 18 ++ UnicodeName: SbatLevel ++ VariableData: ++ String: "sbat,1,2021030218\n" ++- EventNum: 27 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "4f9604e61091095594c206c8a404afe187a92586" ++ - AlgorithmId: sha256 ++ Digest: "b0a836fec2faf4a9bea0e1a5f1945bc86ddc03ac98ce0ae172ed9b1e536d7595" ++ - AlgorithmId: sha384 ++ Digest: "bbcdda8a6d872385b10802434eb8de1ac7b92dbaddf18bc1d7ea24fcc71b45291db5cc7b930a29c93405d6aecdb70683" ++ EventSize: 88 ++ Event: ++ ImageLocationInMemory: 0xbd23a018 ++ ImageLengthInMemory: 1718144 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 56 ++ DevicePath: '040434005c004500460049005c007500620075006e00740075005c0067007200750062007800360034002e0065006600690000007fff0400' ++- EventNum: 28 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "af62033e4dacde359d80f7b1720e3dbcdb5f35f7" ++ - AlgorithmId: sha256 ++ Digest: "f604450f3c810e0dd17b5136aced8c612ce8ec6d8cefa7fcf705cce8e69908df" ++ - AlgorithmId: sha384 ++ Digest: "1ef3cc75a524bfb7ea72a5d7c139b75a3e8da87c724a2b54aff9122a9c4706ff0fc812af1bc2ea930fd238104d798325" ++ EventSize: 32 ++ Event: ++ String: "(hd0,gpt15)/EFI/ubuntu/grub.cfg\0" ++- EventNum: 29 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "4e2b524b079af00b681bf224f75c3570ef603e6a" ++ - AlgorithmId: sha256 ++ Digest: "211e321017e1e3b8976b64602f33c267ebe925d7d27f0eacc7102596b545a0a4" ++ - AlgorithmId: sha384 ++ Digest: "ec7c3b4aae280d870cf4b970b521e3351f57b2cd69b5e6696cc3a6014b258692d330c6fec08298ab66adb3d386624803" ++ EventSize: 67 ++ Event: ++ String: "grub_cmd: search.fs_uuid c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a root\0" ++- EventNum: 30 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c90fdbd8bc3928f93d41ef4176a3415df2d584eb" ++ - AlgorithmId: sha256 ++ Digest: "679845b798116003dcee938a7e87a07c7b7dd42b5349e54632bbfa82a740541b" ++ - AlgorithmId: sha384 ++ Digest: "c72923093dd8b083105397c639763c931800fe96d4e379d980d043c7f8aba3c8f60dada07d9b2a8cebd9762638211365" ++ EventSize: 42 ++ Event: ++ String: "grub_cmd: set prefix=(hd0,gpt1)/boot/grub\0" ++- EventNum: 31 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7f7e85909fb37d150f57822c0ad3b636e7853aff" ++ - AlgorithmId: sha256 ++ Digest: "5137257cdcec140bce7e0c83c1000df3f7ecf18de11bde46b8d32f49ba657791" ++ - AlgorithmId: sha384 ++ Digest: "0ab1f13106b96ec5605b11e504cb8d3a597747f51fe0332a74408c7f9065cb6b654ef2a8c90afa6b8755bcfc5a1f1182" ++ EventSize: 44 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/command.lst\0" ++- EventNum: 32 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f091655c7ac7314eb0df21931415de47628d621f" ++ - AlgorithmId: sha256 ++ Digest: "32fc7f5de8c0a5dc0b1e7eb609ca31a77eb3475539e1d97a4543dca1b9b26c57" ++ - AlgorithmId: sha384 ++ Digest: "73e17c3ea36dea576f107728630b937f74006954f2be9143eb124b76706173d7d9a68c32e7c90f74b0ff5ced89603914" ++ EventSize: 39 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/fs.lst\0" ++- EventNum: 33 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ff00d28114398cf1a052329494d63aceeb8ff29a" ++ - AlgorithmId: sha256 ++ Digest: "1b766f38a94927fe9b7bc1e809f0363e778e14c601e800faea271a2e75d3fc43" ++ - AlgorithmId: sha384 ++ Digest: "c7d01ae51404411a65b0d26a601a01d63b914e7477825d5ecd87840a36434c6bd956725441b82a66b6581c36bd38fad4" ++ EventSize: 43 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/crypto.lst\0" ++- EventNum: 34 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "66b726c6d64bc109d3948a9528f502ea94938ef4" ++ - AlgorithmId: sha256 ++ Digest: "46f888c52f36baf9b62d60bc8d06426a314aad5a0ff86a4362a91c2512a1df9c" ++ - AlgorithmId: sha384 ++ Digest: "800824fd124df10eeafd6bba36c596c33afbb527e3006b58c19fadced47b03c8ae92f89ef3caef2346b3bd545cfdd8de" ++ EventSize: 45 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/x86_64-efi/terminal.lst\0" ++- EventNum: 35 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1284bee568af2e320e6a03dce30144182be7d51e" ++ - AlgorithmId: sha256 ++ Digest: "874d063ee6d5776d8474fcbaed76cdd44f32572d8454338fef7138347e866d7d" ++ - AlgorithmId: sha384 ++ Digest: "ab8c53accc47ffef55c4b607725b4bdac7eb63e4ed7ec2d56550eb0b974ae546b5dfb6b119b9c6569f4737ad9ad79dbb" ++ EventSize: 51 ++ Event: ++ String: "grub_cmd: configfile (hd0,gpt1)/boot/grub/grub.cfg\0" ++- EventNum: 36 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "35a61aeb146c7d0f13fab9d135f969926e515610" ++ - AlgorithmId: sha256 ++ Digest: "60b17900690b284a561dfd1b23c4ea861dc78517a04be80f0419ce3e2da41692" ++ - AlgorithmId: sha384 ++ Digest: "b6530120db1db3760f49810e897b016f067d3452a74e6b83d3c059034884949fe1bcd3e8b99e25c5cda3a5d36909d9a1" ++ EventSize: 30 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/grub.cfg\0" ++- EventNum: 37 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3e5cd7ea0fdc2e2b2f956d41f9090ee3732fb833" ++ - AlgorithmId: sha256 ++ Digest: "7e2b3493baa3f9e4c6a836282d1e66b5855692169dee44d46fe20d11dbc17381" ++ - AlgorithmId: sha384 ++ Digest: "56bbcd8647a6e5bfe7c8716f3610cefff4aca1b4c31def4ad9f47f7a6cee68bb831fe474026630bed7d053e12aa9751e" ++ EventSize: 46 ++ Event: ++ String: "grub_cmd: [ -s (hd0,gpt1)/boot/grub/grubenv ]\0" ++- EventNum: 38 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cff2c89594431f0c3c508fd97f8bb4d2eca36937" ++ - AlgorithmId: sha256 ++ Digest: "2d963f969fbd116484ad1f6aa6b6b3eae710aa4c5e759f7d7ce58eb0565e9db6" ++ - AlgorithmId: sha384 ++ Digest: "6c6e9ced736b9b1f2d98f0e00af20032817aa9f0eb92cc19ca6d8de7d76a2d612fcdd02e21cd9bd86a1c031be6378884" ++ EventSize: 29 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/grubenv\0" ++- EventNum: 39 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3c4e9b1198ecc160aff6022c0f96b5b22fab1469" ++ - AlgorithmId: sha256 ++ Digest: "0e3a17e0c48e42d79f4d1576e7f787c911239510586505c326143b9b268bdd65" ++ - AlgorithmId: sha384 ++ Digest: "541c82f4046719d9bda2729278af735f44e40d779dc860b69b6fc9e4ddc3d1233830fb101dc487f9524ccf5aa152f5f5" ++ EventSize: 32 ++ Event: ++ String: "grub_cmd: set have_grubenv=true\0" ++- EventNum: 40 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "453dee6ce82bd80ea89bd8085724ae9784ff0f1b" ++ - AlgorithmId: sha256 ++ Digest: "f8b99f77983990e8804864cade91f361b5b6600cc2832febaef878ac8b44d27e" ++ - AlgorithmId: sha384 ++ Digest: "b0f5c156e035813aeb78d5ec47d4a6c2d0651c884384987907340fd18b45384cdab8cb460b5475427c848868b132887b" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: load_env\0" ++- EventNum: 41 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cff2c89594431f0c3c508fd97f8bb4d2eca36937" ++ - AlgorithmId: sha256 ++ Digest: "2d963f969fbd116484ad1f6aa6b6b3eae710aa4c5e759f7d7ce58eb0565e9db6" ++ - AlgorithmId: sha384 ++ Digest: "6c6e9ced736b9b1f2d98f0e00af20032817aa9f0eb92cc19ca6d8de7d76a2d612fcdd02e21cd9bd86a1c031be6378884" ++ EventSize: 29 ++ Event: ++ String: "(hd0,gpt1)/boot/grub/grubenv\0" ++- EventNum: 42 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "b4e99b40d2dddcdf68e8aa439e18dd5ebacbffc9" ++ - AlgorithmId: sha256 ++ Digest: "d2b92983e66aff99982fe5af55e0f9277dc0f8879934e17b00147e1f4156179e" ++ - AlgorithmId: sha384 ++ Digest: "1b2d9a89f98d0d60ee47648b016de86c2c7840b26bd31248be74c3146a07e0c83e889887fe212a121943ddbdab5d3246" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: [ = 2 ]\0" ++- EventNum: 43 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "05ba452bf00b7f880528b35d02e9077f89c08538" ++ - AlgorithmId: sha256 ++ Digest: "82a4a14e43a4f76118ae63285d0af05af139f260fae57b2c20737a1c1df3382b" ++ - AlgorithmId: sha384 ++ Digest: "ae1061c45b3c25c89cea3f7ddee4640f8e776086f7d62fb4b9c1d56148a1be04bf11de6a395344567b538c6df06d079e" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: [ = 1 ]\0" ++- EventNum: 44 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "710cbf237c9abd071ca91c4104324800bec7b0fb" ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ - AlgorithmId: sha384 ++ Digest: "222e2570e52f72bb99f3ef97cb751dd4de0f3a545583ea4d66015680673f74bb27031bd0ca5cb3b58a25ec78ce8f4851" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 45 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "75409120452bbbee30abe289af973ecdd7e0ef6b" ++ - AlgorithmId: sha256 ++ Digest: "3a118940bf2675007df3368cb6d45cf2756f328d3e75daf69a971dd21bd1bc58" ++ - AlgorithmId: sha384 ++ Digest: "6bf6242f8eb0ca7217c6e3a5d4c6a62e5858440264e84696cd67306ef2db8cf625952d5fd9061daadefd181039479740" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: set default=0\0" ++- EventNum: 46 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ - AlgorithmId: sha384 ++ Digest: "10b1f8d036aefd32ce770311ea00426e147b3daee378dd0679aeda81963b2c5389178787962ce9ea08e5571701cce94a" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 47 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "bd5209e50c09650ffcf5c2d12a8be8277e438023" ++ - AlgorithmId: sha256 ++ Digest: "09f17d4dfb4b97f16246632c21b1ac2125c95c148899eee5069fbb1b34365513" ++ - AlgorithmId: sha384 ++ Digest: "8661953f518c898cb9407c831fa60654fdaf9804d25d99cbc31fd15255b532bad044c390b7a63b2961eed1e9beac6603" ++ EventSize: 35 ++ Event: ++ String: "grub_cmd: menuentry_id_option=--id\0" ++- EventNum: 48 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6248599bae0d78ccbda185ed2fce0182ed41e297" ++ - AlgorithmId: sha256 ++ Digest: "4af0bb370c9e3b7982027d02e04c935e32d52b528007476bfc50d36d1b86815e" ++ - AlgorithmId: sha384 ++ Digest: "952dce390ea9e283ee7b3defb664fc8d7f942a9598bd8b6d20a9843b28786ec7c27f6bafa28c0c16013cfb88dbb7b568" ++ EventSize: 37 ++ Event: ++ String: "grub_cmd: export menuentry_id_option\0" ++- EventNum: 49 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "710cbf237c9abd071ca91c4104324800bec7b0fb" ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ - AlgorithmId: sha384 ++ Digest: "222e2570e52f72bb99f3ef97cb751dd4de0f3a545583ea4d66015680673f74bb27031bd0ca5cb3b58a25ec78ce8f4851" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 50 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7dc272da02b00e0ee2958961bb99a2e3196ec24a" ++ - AlgorithmId: sha256 ++ Digest: "df24f1cae6b428fdd09bc14b06df255f93060ff05d56c3127724168596f73d5f" ++ - AlgorithmId: sha384 ++ Digest: "5cd34cee9ce24ca6e401a80ecb4654031bfbcfe5c5b21c19f2d990676f8453e89a69ecf4a153c2b025ff7ba4b03a2e2a" ++ EventSize: 33 ++ Event: ++ String: "grub_cmd: terminal_input console\0" ++- EventNum: 51 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "155e201c47f534b1201190d61e9d178a525540e6" ++ - AlgorithmId: sha256 ++ Digest: "fed7c930939012174a23271f9fa177a39891cd1baf6ccd22bccce96acd0514d1" ++ - AlgorithmId: sha384 ++ Digest: "a47d5422ef1405120a2246a55bc4e6f60de6f4aa0410dc205d5e80ba9dce7ab480ac93a026d1751202b2e68ba3a0694c" ++ EventSize: 34 ++ Event: ++ String: "grub_cmd: terminal_output console\0" ++- EventNum: 52 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "05ba452bf00b7f880528b35d02e9077f89c08538" ++ - AlgorithmId: sha256 ++ Digest: "82a4a14e43a4f76118ae63285d0af05af139f260fae57b2c20737a1c1df3382b" ++ - AlgorithmId: sha384 ++ Digest: "ae1061c45b3c25c89cea3f7ddee4640f8e776086f7d62fb4b9c1d56148a1be04bf11de6a395344567b538c6df06d079e" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: [ = 1 ]\0" ++- EventNum: 53 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ - AlgorithmId: sha384 ++ Digest: "10b1f8d036aefd32ce770311ea00426e147b3daee378dd0679aeda81963b2c5389178787962ce9ea08e5571701cce94a" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 54 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "58795e8592d9ff3b6b39add68ddba958eff547a2" ++ - AlgorithmId: sha256 ++ Digest: "61caa54fc24ba8b3e79be63f375a08f374244e4ede8e0d6080060aa3fa5f7fbb" ++ - AlgorithmId: sha384 ++ Digest: "9f76cda76fd82e4b45a00f258357a71046172ea7dee437017ad0d94b489f7d8b021f121044e7886542f5dc8a1cf15617" ++ EventSize: 35 ++ Event: ++ String: "grub_cmd: set timeout_style=hidden\0" ++- EventNum: 55 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9d31b8e60e42fe9361ef5990996db527824f9022" ++ - AlgorithmId: sha256 ++ Digest: "cdf593a612aaaaeb957243bb1e8e27d96f4c726ec523cd38290382bdf1faf54d" ++ - AlgorithmId: sha384 ++ Digest: "9c452ba5b9a6104c8ed813cc0692b7e69c76c0ff1ce99fc0f38940f540b465b86b1e8f556885eb5acce9f10e6cef1b0d" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: set timeout=0.1\0" ++- EventNum: 56 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "55cfd6463ef334abb6b48080b33ec063a9c051eb" ++ - AlgorithmId: sha256 ++ Digest: "cfa4676ffe751d1547e77a8d66a033b59b3eed3400d9b3a305d2601891ab0e59" ++ - AlgorithmId: sha384 ++ Digest: "934aafc99cb0a7cb1ef83c5a1eb01c31d60927f08b2ff72d2c05e0b4660ed1dd1e139738b3c5630502e629e8f593d7af" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ -n true ]\0" ++- EventNum: 57 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7a86009dc1f23867d8951bb95471618bde2d1918" ++ - AlgorithmId: sha256 ++ Digest: "2436afe3cb181454ab807d6ca526ed3132dc1759787f9ed3f2f148e86948e978" ++ - AlgorithmId: sha384 ++ Digest: "4cf726ecd422b56df71dca2f377cb2a4ee6d9ca1f5b44096f8fc6607b73b56d0effc393100c506a93327511a72cbf707" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ -n ]\0" ++- EventNum: 58 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5e1cea54b6044a1b5341cccdf101a5f9fbfc101b" ++ - AlgorithmId: sha256 ++ Digest: "681e45c7ba76e7c4bec5a79dead78461eb175b67656e03f4809aa012d275c823" ++ - AlgorithmId: sha384 ++ Digest: "21140b393213229d532701ca514452dbb33a28d37d1a62f424aadf68d3b87817cebd7f6cd183ebc2191ff427a5cc11ef" ++ EventSize: 51 ++ Event: ++ String: "grub_cmd: set initrdless_boot_fallback_triggered=0\0" ++- EventNum: 59 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "eb11507f1980d7ea78190040b49c79cf3a6c6b93" ++ - AlgorithmId: sha256 ++ Digest: "01ffa4a5eae6be98974c1b75e839f442eed9d9f5c1d65c03d355e04fc81d2873" ++ - AlgorithmId: sha384 ++ Digest: "8e0666266caf626cedc801ac78249b0e70cca2936ae65826a8b0baaca9c6aa9bc84e1156b02b7749ac1e7ad797c6fe6a" ++ EventSize: 54 ++ Event: ++ String: "grub_cmd: save_env initrdless_boot_fallback_triggered\0" ++- EventNum: 60 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "0d570854895a5a9ce25dc6c25026278c2d1a6367" ++ - AlgorithmId: sha256 ++ Digest: "207cda95fd859189d016c7c2cc03b9c05672984589e4809e1dcee665d629cf7d" ++ - AlgorithmId: sha384 ++ Digest: "697c60cddf7d386b91a21c6bd5005181777d52d625ae27fd61036ef4424c57d4b2b97552b484177d628761a396148dac" ++ EventSize: 44 ++ Event: ++ String: "grub_cmd: set menu_color_normal=white/black\0" ++- EventNum: 61 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d4a516aec1bccafec65420d98fcb243aa465d837" ++ - AlgorithmId: sha256 ++ Digest: "6f18799fe0ecb5c4bb4c0695a3094dc9841c940c3b463e14c25e444246348a2a" ++ - AlgorithmId: sha384 ++ Digest: "4eeef8dcc4a61638868d1dca696cad45913d3922b90ea7f264ba78f02e1f80095c9b668229ecff972c4cc586b14d9870" ++ EventSize: 52 ++ Event: ++ String: "grub_cmd: set menu_color_highlight=black/light-gray\0" ++- EventNum: 62 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f0ea058e7e94c1de682ed36c367c8e02c8a1fbd9" ++ - AlgorithmId: sha256 ++ Digest: "d892fc45719b7363b8121ef243a8abb7577db336676532876620fcc24c1d45a2" ++ - AlgorithmId: sha384 ++ Digest: "d280f592667201a4b811f185cfab0e290407db1982f30ff5036aa124ca64e5710bd457864b3f40924afd53452ee37daf" ++ EventSize: 60 ++ Event: ++ String: "grub_cmd: set partuuid=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f\0" ++- EventNum: 63 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "423287a40b914bb51497db32f9086697d1fb9e12" ++ - AlgorithmId: sha256 ++ Digest: "f0b4b3c23103828ea2fa05044a2cfce5efc9d15e99ffb9c61d7349c1303741af" ++ - AlgorithmId: sha384 ++ Digest: "7a5ac0796fa82f4efa88b6213985b213d878e64988066a9958760166cf85c5f4778a00a3cf84952c18a6cad3f38553cb" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ != 1 ]\0" ++- EventNum: 64 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "292cce90d28e1736a8e914e8540d9bf0e3cb3691" ++ - AlgorithmId: sha256 ++ Digest: "5d884e52d0e191d8821b77c7a853a89a2d05844743c8e98187b474d800f1c7e6" ++ - AlgorithmId: sha384 ++ Digest: "a5e07cfc9671766b7f9bb83873c6ff4bed7dfbb927d5b0273d2aebb930dba4630c372075a092dbd7c5495fafa7453ed0" ++ EventSize: 55 ++ Event: ++ String: "grub_cmd: [ -e (hd0,gpt1)/boot/grub/gfxblacklist.txt ]\0" ++- EventNum: 65 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3c478e70547a82a4000a6941b85af79242734271" ++ - AlgorithmId: sha256 ++ Digest: "c08a8b76f5bc9ce36f6af0d203c7c1d54be9cee4c74c7e4d52bf7821edcca28f" ++ - AlgorithmId: sha384 ++ Digest: "1754fc7f385a671597fbf1a2ad0c93c6748d29da5eaee6f40f7b7c5a2611c990da2d88620ecd1a866d03f89ec82a556b" ++ EventSize: 58 ++ Event: ++ String: "grub_cmd: hwmatch (hd0,gpt1)/boot/grub/gfxblacklist.txt 3\0" ++- EventNum: 66 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6bcfa9ba9fe5adc995142ad3074b66402dc0a7a6" ++ - AlgorithmId: sha256 ++ Digest: "a36de0798eb0ac94d6edf367749c0ced605c5b92d74b83312f94132434f549e5" ++ - AlgorithmId: sha384 ++ Digest: "5270439d089d97e0a03b28b358a87c3929665c1b6c93daf7a8b71d8cd5a52952ba821a0c2d440038628cda61712de01d" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ = 0 ]\0" ++- EventNum: 67 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "68977a27d93c5e2836f7c54d624dd48feec0f67d" ++ - AlgorithmId: sha256 ++ Digest: "f249e761a7e37510f8acf59142c117444c3aa1bc5a719ae7eab60d3b7109180a" ++ - AlgorithmId: sha384 ++ Digest: "e16fb8446b3d8cdc0e33185504b69e3d00d9646d5c71c42311c1dbaa996451a9f1910b70f8fa1d97e6a4ec3abe6bf48d" ++ EventSize: 34 ++ Event: ++ String: "grub_cmd: set linux_gfx_mode=keep\0" ++- EventNum: 68 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9deef0fa444e59d7a08e615f25628826e7feddf9" ++ - AlgorithmId: sha256 ++ Digest: "22e041251eb54eeb3270245759aa3e8bd3b77a647db988b681b1eafc6960aa45" ++ - AlgorithmId: sha384 ++ Digest: "f5e5365d6e97649411362c83e2e8808f7c19efa11d4f16d4ac66093214510beed55448882cbbdda8f0164688465905b0" ++ EventSize: 32 ++ Event: ++ String: "grub_cmd: export linux_gfx_mode\0" ++- EventNum: 69 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cf64c383ab75ebe55cb542af42efa01a47b86280" ++ - AlgorithmId: sha256 ++ Digest: "577db70e3460e11bdb32e3dc5374bb89736cf9397477dcc1e4d4fad162015900" ++ - AlgorithmId: sha384 ++ Digest: "ba3e98910b1f1d534da9d112008728603800e461c7410065a7ff6107e22e9ef8ffdc16950932febd36922d6d1a1df8ed" ++ EventSize: 1160 ++ Event: ++ String: "grub_cmd: menuentry Ubuntu --class ubuntu --class gnu-linux --class gnu --class os --id gnulinux-simple-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a {\n\ ++ \trecordfail\n\ ++ \tload_video\n\ ++ \tgfxmode $linux_gfx_mode\n\ ++ \tinsmod gzio\n\ ++ \tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \tinsmod part_gpt\n\ ++ \tinsmod ext2\n\ ++ \tset root='hd0,gpt1'\n\ ++ \tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \telse\n\ ++ \t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \tfi\n\ ++ \tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\x20\x20echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.'\n\ ++ \t\x20\x20linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0\n\ ++ \t\x20\x20initrd /boot/initrd.img-5.11.0-1008-gcp\n\ ++ \telse\n\ ++ \t\x20\x20echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.'\n\ ++ \t\x20\x20linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\n\ ++ \tfi\n\ ++ \tinitrdfail\n\ ++ }\0" ++- EventNum: 70 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "af6d6420510c54acb9bae20c45fc4fdd9eaa4ff6" ++ - AlgorithmId: sha256 ++ Digest: "5356e324ba760d7f33f96426fec805aa856c4960b540ad2fd53700403063e642" ++ - AlgorithmId: sha384 ++ Digest: "84dbd33027441f7e35b2aa4559eca8b55d59b4cbb8619c5e691dcb1b379784b1c7955823ea20cc61406b359f9f5db4ab" ++ EventSize: 5454 ++ Event: ++ String: "grub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a {\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.11.0-1008-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1008-gcp-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\trecordfail\n\ ++ \t\tload_video\n\ ++ \t\tgfxmode $linux_gfx_mode\n\ ++ \t\tinsmod gzio\n\ ++ \t\tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\techo 'Loading Linux 5.11.0-1008-gcp ...'\n\ ++ \t\tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0\n\ ++ \t\t\x20\x20echo 'Loading initial ramdisk ...'\n\ ++ \t\t\x20\x20initrd /boot/initrd.img-5.11.0-1008-gcp\n\ ++ \t\telse\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\n\ ++ \t\tfi\n\ ++ \t\tinitrdfail\n\ ++ \t}\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.11.0-1008-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1008-gcp-recovery-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\trecordfail\n\ ++ \t\tload_video\n\ ++ \t\tinsmod gzio\n\ ++ \t\tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\techo 'Loading Linux 5.11.0-1008-gcp ...'\n\ ++ \t\tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256\n\ ++ \t\t\x20\x20echo 'Loading initial ramdisk ...'\n\ ++ \t\t\x20\x20initrd /boot/initrd.img-5.11.0-1008-gcp\n\ ++ \t\telse\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1\n\ ++ \t\tfi\n\ ++ \t\tinitrdfail\n\ ++ \t}\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.11.0-1007-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1007-gcp-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\trecordfail\n\ ++ \t\tload_video\n\ ++ \t\tgfxmode $linux_gfx_mode\n\ ++ \t\tinsmod gzio\n\ ++ \t\tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\techo 'Loading Linux 5.11.0-1007-gcp ...'\n\ ++ \t\tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0\n\ ++ \t\t\x20\x20echo 'Loading initial ramdisk ...'\n\ ++ \t\t\x20\x20initrd /boot/initrd.img-5.11.0-1007-gcp\n\ ++ \t\telse\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\n\ ++ \t\tfi\n\ ++ \t\tinitrdfail\n\ ++ \t}\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.11.0-1007-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1007-gcp-recovery-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\trecordfail\n\ ++ \t\tload_video\n\ ++ \t\tinsmod gzio\n\ ++ \t\tif [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\techo 'Loading Linux 5.11.0-1007-gcp ...'\n\ ++ \t\tif [ \"${initrdfail}\" = 1 ]; then\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256\n\ ++ \t\t\x20\x20echo 'Loading initial ramdisk ...'\n\ ++ \t\t\x20\x20initrd /boot/initrd.img-5.11.0-1007-gcp\n\ ++ \t\telse\n\ ++ \t\t\x20\x20echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.'\n\ ++ \t\t\x20\x20linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1\n\ ++ \t\tfi\n\ ++ \t\tinitrdfail\n\ ++ \t}\n\ ++ }\0" ++- EventNum: 71 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5d7f65b8d5132e408111dda7d05a00c80bee5bb1" ++ - AlgorithmId: sha256 ++ Digest: "5edb07405e8f25edc31321321014a3cdb3dc264835dd2b76ea94848416392cab" ++ - AlgorithmId: sha384 ++ Digest: "08749dcd94ec0ed4f8558679a5ee41179ecf47a44ea00b49415d1f1ca584bc1bc1001ffecf8660303009ccb88278598b" ++ EventSize: 717 ++ Event: ++ String: "grub_cmd: menuentry Ubuntu 21.04 (21.04) (on /dev/sda1) --class ubuntu --class gnu-linux --class gnu --class os --id osprober-gnulinux-simple-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a {\n\ ++ \tinsmod part_gpt\n\ ++ \tinsmod ext2\n\ ++ \tset root='hd0,gpt1'\n\ ++ \tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \telse\n\ ++ \t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \tfi\n\ ++ \tlinux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\n\ ++ \tinitrd /boot/initrd.img-5.11.0-1007-gcp\n\ ++ }\0" ++- EventNum: 72 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f6f8b410d3af65f7509e9fc09356db34359500ff" ++ - AlgorithmId: sha256 ++ Digest: "83f4f5f542b92465b12675543fe698418fc5fd5846abc6f94761be41514fb980" ++ - AlgorithmId: sha384 ++ Digest: "4e2a4f1fd7f20ac2af06039252e8e2bdaa16b5129b0af865ae560e18bba9a28852efa6655423b6d6099c245384096047" ++ EventSize: 2574 ++ Event: ++ String: "grub_cmd: submenu Advanced options for Ubuntu 21.04 (21.04) (on /dev/sda1) --id osprober-gnulinux-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a {\n\ ++ \tmenuentry 'Ubuntu (on /dev/sda1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-5.11.0-1007-gcp--c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\tlinux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\n\ ++ \t\tinitrd /boot/initrd.img-5.11.0-1007-gcp\n\ ++ \t}\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.11.0-1007-gcp (on /dev/sda1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-5.11.0-1007-gcp--c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\tlinux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\n\ ++ \t\tinitrd /boot/initrd.img-5.11.0-1007-gcp\n\ ++ \t}\n\ ++ \tmenuentry 'Ubuntu, with Linux 5.11.0-1007-gcp (recovery mode) (on /dev/sda1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-5.11.0-1007-gcp-root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' {\n\ ++ \t\tinsmod part_gpt\n\ ++ \t\tinsmod ext2\n\ ++ \t\tset root='hd0,gpt1'\n\ ++ \t\tif [ x$feature_platform_search_hint = xy ]; then\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\telse\n\ ++ \t\t\x20\x20search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\n\ ++ \t\tfi\n\ ++ \t\tlinux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1\n\ ++ \t\tinitrd /boot/initrd.img-5.11.0-1007-gcp\n\ ++ \t}\n\ ++ }\0" ++- EventNum: 73 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c512092b0481234caa416ef7c196ab4e92b8e002" ++ - AlgorithmId: sha256 ++ Digest: "1c568398cf2e4a9df58875bbd79dffe058ec45be0b74512fa919a2fe7db4a609" ++ - AlgorithmId: sha384 ++ Digest: "25c0d8bcdfb40c73ce2820b8589c44b0b81b2501f7b7f9fd54585616b1b03adef28b6eb043e0ca69146a729ea029e626" ++ EventSize: 33 ++ Event: ++ String: "grub_cmd: set timeout_style=menu\0" ++- EventNum: 74 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "e8b3744ad947f0758b4486546f78fd6e5a5fad54" ++ - AlgorithmId: sha256 ++ Digest: "228f734cf81b603abcdb75f8ce4631e4c1d8f377778a442bccf2ede0bb68ee01" ++ - AlgorithmId: sha384 ++ Digest: "f303694e244f1e2193c193b22f5d252aadf600802004d75a1e9920922a4927f6649e83cf34e4d4bb1916d7223ba59b3a" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ 0.1 = 0 ]\0" ++- EventNum: 75 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3db846d3d718840d4dac10b86396a422ccd4d31f" ++ - AlgorithmId: sha256 ++ Digest: "716ce335760b546fad1e7f980a68b9ab64b9e0a050f2c2da4ebddb7d3ebea559" ++ - AlgorithmId: sha384 ++ Digest: "c30a0e3a9357f2867ae466fcf0d5023c62a237d41b125316aac3bf39d5f5229792d7da9b42602e4770453834fcc28bea" ++ EventSize: 75 ++ Event: ++ String: "grub_cmd: menuentry UEFI Firmware Settings --id uefi-firmware {\n\ ++ \tfwsetup\n\ ++ }\0" ++- EventNum: 76 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "273f5c80c12e935c1d37c2cfe3e161bc42d79d8e" ++ - AlgorithmId: sha256 ++ Digest: "1ea37430950c837021ebcc02f98c12018c31e593e366429436e1353584c7ec72" ++ - AlgorithmId: sha384 ++ Digest: "aed896a21fb16121568dd93ed2334c6a8415660b3495cd1ec9e8962e1f87639fd8cf41c94e8a48841be19a2bc103e100" ++ EventSize: 49 ++ Event: ++ String: "grub_cmd: [ -f (hd0,gpt1)/boot/grub/custom.cfg ]\0" ++- EventNum: 77 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a3326df3194201575e51c3b9a1c8d5d17aeff2d0" ++ - AlgorithmId: sha256 ++ Digest: "d5478d9057580531bf6ff37383b01bb78e1279c20a23721aa3a67ad0d1ca35db" ++ - AlgorithmId: sha384 ++ Digest: "fbb38645486103b1baa77a61576d342c27c0d02597649825cee44c16f658af2b0ad8aa4996e16b9b6c32b1e38f3bb41a" ++ EventSize: 76 ++ Event: ++ String: "grub_cmd: [ -z (hd0,gpt1)/boot/grub -a -f (hd0,gpt1)/boot/grub/custom.cfg ]\0" ++- EventNum: 78 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "17c76a65ebda6aa310da041aabbcd6483bf00df4" ++ - AlgorithmId: sha256 ++ Digest: "bf5d10a466c0f77818990a9d0fdcc8fa2c4561ba92912d5fbc9d4ac1e31a00fb" ++ - AlgorithmId: sha384 ++ Digest: "a30a7be4fb9beb8b2282ff1414d0a47eb11b36471a2628d4284bd9ae8e8a74a8e15f0a1e84b413636db7692a4a60cc1a" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: setparams Ubuntu\0" ++- EventNum: 79 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "98d066f8ffd046bacb38b106188cbe7fe9ada729" ++ - AlgorithmId: sha256 ++ Digest: "a57e067e286efc4eea89659d40f13a38cc1792e4277bed820ded674c94bf2ead" ++ - AlgorithmId: sha384 ++ Digest: "b0bb85ff789f25dd63e341736b94f4bf3acd1cff1c1df60bd3ffca5789eb737d2817a39af66de46640134bfbbb20dad7" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: recordfail\0" ++- EventNum: 80 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "bac17085fef5043662a50cef18bf366844c074ff" ++ - AlgorithmId: sha256 ++ Digest: "64bda8f65b1585d7868248a292c449660cc8f75075c10d87ae59a4db401ce119" ++ - AlgorithmId: sha384 ++ Digest: "b353cf9833059be9abadf180d83abeb5eeeec00843b3f22476bb5db0ba2f4361a0260af3460aecb3c124eda90b6ca7a2" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: set recordfail=1\0" ++- EventNum: 81 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "55cfd6463ef334abb6b48080b33ec063a9c051eb" ++ - AlgorithmId: sha256 ++ Digest: "cfa4676ffe751d1547e77a8d66a033b59b3eed3400d9b3a305d2601891ab0e59" ++ - AlgorithmId: sha384 ++ Digest: "934aafc99cb0a7cb1ef83c5a1eb01c31d60927f08b2ff72d2c05e0b4660ed1dd1e139738b3c5630502e629e8f593d7af" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ -n true ]\0" ++- EventNum: 82 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d31e5f156b716d7835b261891644bb5f7f65e285" ++ - AlgorithmId: sha256 ++ Digest: "4e7a22f96bae467df0f26975e0bf7614d6b92993301c65bae6a85c6530e460bf" ++ - AlgorithmId: sha384 ++ Digest: "fef379383e771fed457fecfc7148e008c90234d0526b282690c57c93802cc9623c25923689de1c2fcb62669f10e3e1e1" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ -z ]\0" ++- EventNum: 83 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "925ee69b7c8ac4937cbe47d5c85351d869b4e8d7" ++ - AlgorithmId: sha256 ++ Digest: "ce2cc20777ba8d3bc75b662163c3abe370344d4bae17d75fb5bd408d1fb6badf" ++ - AlgorithmId: sha384 ++ Digest: "022e47c5e49bf3c934f488fcc07318489550a64db62aa07ca044c9dd9c2a0ff90637641b7c87bd77e3383e70039ea0fa" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: save_env recordfail\0" ++- EventNum: 84 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8fe59e66d6ec198420477f24f791e929f153e144" ++ - AlgorithmId: sha256 ++ Digest: "7626abd8be7442c2e575364a3e95cb3a3b533c58afbba402d2bdabdff85d29c7" ++ - AlgorithmId: sha384 ++ Digest: "cbb709d13faf7d16f191751ae275f22a003503389e2e490a60cff78beb3cd546222d591904d51987487f03cdbd41e479" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: load_video\0" ++- EventNum: 85 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ - AlgorithmId: sha384 ++ Digest: "10b1f8d036aefd32ce770311ea00426e147b3daee378dd0679aeda81963b2c5389178787962ce9ea08e5571701cce94a" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 86 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "59ced343b060b7df54fa7ba251ef877940601ee4" ++ - AlgorithmId: sha256 ++ Digest: "d71353f5368eb2c1280590928128979bd96ea8db1e8c81493f7878383b76ab3b" ++ - AlgorithmId: sha384 ++ Digest: "147bbdcd0704d1942b2171a097e7b08384f106cac76f7d5737e5fee2bc2e38dedb821b91e09ac184b46bb4dc86b4a8af" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: insmod all_video\0" ++- EventNum: 87 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "13ad1a8ddf647c8148f1739b6081d7838816b59f" ++ - AlgorithmId: sha256 ++ Digest: "2fa8065d9ee309384d35f8d530186b776d26e1bb5632f89a46d56e93b140282b" ++ - AlgorithmId: sha384 ++ Digest: "f27a8ddb553135ee8002572775ae390b1bc7443ebbe11b863cd79ae66b2065cd02e98cfb170b897112986a88cd071ef8" ++ EventSize: 23 ++ Event: ++ String: "grub_cmd: gfxmode keep\0" ++- EventNum: 88 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2e1c676ddd9b16f0d720cd5c66d85732de7b77b6" ++ - AlgorithmId: sha256 ++ Digest: "15a5018b0177cf9c49c0b97911df67e7f2c193d3613e3fc4c9eb98a2b5d06fcc" ++ - AlgorithmId: sha384 ++ Digest: "7c5ea1b10ba69215090e2490e10f9d2db5f6a5b0eb6e08d366cceb8acb4478857242221cf56323a493d1b3a958fa137c" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: set gfxpayload=keep\0" ++- EventNum: 89 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5241b5dfa58679895d95f79ffa0a5f42ba4b55ea" ++ - AlgorithmId: sha256 ++ Digest: "b55d84bbb0a00f175ebbc6ca167f18dd6a9cb49b141535bfcc6c4ef9c53b1866" ++ - AlgorithmId: sha384 ++ Digest: "f7c74459bb0d16f8ae24911858879c7fcab3b8af909d811d945e09f7b16977bd65a819128d0b5c88ff29cb76f381bdd6" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: [ keep = keep ]\0" ++- EventNum: 90 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "886e1d072aa199f4f6d21499067e0a148ae8046b" ++ - AlgorithmId: sha256 ++ Digest: "141dcfd03b1736e86f617122e7f31cffe89f7cf0faa773f1bced28f7f0c1fa13" ++ - AlgorithmId: sha384 ++ Digest: "8bc8e8c561f27f5988be9e69da2a00f626c7d3c735f599abcf27f83c02530ca76847dc5e15007f490e2f417a24b2f457" ++ EventSize: 38 ++ Event: ++ String: "grub_cmd: set vt_handoff=vt.handoff=7\0" ++- EventNum: 91 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ba509ca38210f0683c477c9dc40e4c4f653e1dfb" ++ - AlgorithmId: sha256 ++ Digest: "6c4674d4c652ee67b98a6206d7541ccbf2d5dc0a18dae31ad66e82c794c49784" ++ - AlgorithmId: sha384 ++ Digest: "862ae797615324fd5c153dfbfcb226391262855ed2db2969f98456f0da17b6aa1c8aa2e2fe90bc1567295786a83c5371" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: insmod gzio\0" ++- EventNum: 92 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2de845dce8a51c8fddbaa04686760093325b7569" ++ - AlgorithmId: sha256 ++ Digest: "18865468f2e4bd9f0cc4ffdda1335f405d06df8d6ff183b373f50e08e81f924d" ++ - AlgorithmId: sha384 ++ Digest: "995dbf6286dc9d47f0eee049a465847bb1e4cb1fa91deffb00dde832d2e00b109049c0f2edd6ad66525227758138a601" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: [ xefi = xxen ]\0" ++- EventNum: 93 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a4e1c6f50579b47c964111d1ea2170e6f923c941" ++ - AlgorithmId: sha256 ++ Digest: "62cd76d31ca3d10d742e46c6ff171046ce19dd90f361a827fec6571e59c24794" ++ - AlgorithmId: sha384 ++ Digest: "cac0f0b93ee7eaa45e36cda3faf3d0a5f5fc92ec4d24c3af4ad9584669598f34b603c211b220e56be52bdbc3a2f74ffb" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: insmod part_gpt\0" ++- EventNum: 94 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "af3f07abac9e5c56b82f09ab98328905aabbf6ef" ++ - AlgorithmId: sha256 ++ Digest: "b838a4d2860c81058105fbb1907a1fb7f60b65591b099b3b000d9b31d8d2fb20" ++ - AlgorithmId: sha384 ++ Digest: "e142a594d988fda5a65b1424a4a48c2cf4b036dd779d4ae299af45b7d33b0bfe07a4a969d3c0da72c2ba53f9eeeaf7a6" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: insmod ext2\0" ++- EventNum: 95 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cbf1bcb38df72c190b4db0d27ee96eca3c7a9e44" ++ - AlgorithmId: sha256 ++ Digest: "20df4eb78bbf966925af51ad614806aa3ad6f146a9a0c85ac2582a3eaa9a30ca" ++ - AlgorithmId: sha384 ++ Digest: "fbcdbcd1cc73f5ff594f1c8b21ecd6f5d62a0fd2f217da2fb7bcc75887c14c1232d162c53c05c914a84152d52d9ff68e" ++ EventSize: 28 ++ Event: ++ String: "grub_cmd: set root=hd0,gpt1\0" ++- EventNum: 96 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f5b067e59c163f67b19b836fbee9e8a487a19cdd" ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ - AlgorithmId: sha384 ++ Digest: "10b1f8d036aefd32ce770311ea00426e147b3daee378dd0679aeda81963b2c5389178787962ce9ea08e5571701cce94a" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 97 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d9d9de0269fb4f896105cac2f61eafa5f07a3715" ++ - AlgorithmId: sha256 ++ Digest: "4c6e3f3d149a959a42df7ae14e07665fc07faf0c18c54179fa9d460d54379266" ++ - AlgorithmId: sha384 ++ Digest: "44d9ad511c25d0f9cc6d5afd966a01ab022e2dc4999c56f110f26cdf5abcd369681618024ab313c886662e9db6915d96" ++ EventSize: 156 ++ Event: ++ String: "grub_cmd: search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a\0" ++- EventNum: 98 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "05ba452bf00b7f880528b35d02e9077f89c08538" ++ - AlgorithmId: sha256 ++ Digest: "82a4a14e43a4f76118ae63285d0af05af139f260fae57b2c20737a1c1df3382b" ++ - AlgorithmId: sha384 ++ Digest: "ae1061c45b3c25c89cea3f7ddee4640f8e776086f7d62fb4b9c1d56148a1be04bf11de6a395344567b538c6df06d079e" ++ EventSize: 19 ++ Event: ++ String: "grub_cmd: [ = 1 ]\0" ++- EventNum: 99 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "01542096822d860040cf654f637eba149752e9e2" ++ - AlgorithmId: sha256 ++ Digest: "d1bbd7d573d636850a1a9efbcfac9e589f1bcd34f617b16bc7872275ea036c3d" ++ - AlgorithmId: sha384 ++ Digest: "2164d946e27c14eed101898c7ed88f7699292963b92d40d8ea3085b43284a57b3f3dfb83ac0945eb28ae70dd5ffd5184" ++ EventSize: 68 ++ Event: ++ String: "grub_cmd: echo GRUB_FORCE_PARTUUID set, attempting initrdless boot.\0" ++- EventNum: 100 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a72252f8c4a8332df162e7cd38feee3e4f17f311" ++ - AlgorithmId: sha256 ++ Digest: "7b35f08bff2e48a1b53a65d899a1c435a432488bc28e37639966477af0ae2ab2" ++ - AlgorithmId: sha384 ++ Digest: "c35c072afd08eabbe3acf4deed5f758d64f0c63657340d2b11991d001c8c93ce675cc3e758f41505c8ab075ca4d4dff3" ++ EventSize: 161 ++ Event: ++ String: "grub_cmd: linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\0" ++- EventNum: 101 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f6558a5d3c7c55b82f279124a3725991f8563c7f" ++ - AlgorithmId: sha256 ++ Digest: "38c6396eb70b84aef13f06384a37b7e7bfa77a14e3bde632a76c90acb65c1d97" ++ - AlgorithmId: sha384 ++ Digest: "1a09841f50d46e01e34db7db403824d2e5792411949f2ada78681c4c9b2666ec4729c4c019e69840bad921df227ba143" ++ EventSize: 30 ++ Event: ++ String: "/boot/vmlinuz-5.11.0-1008-gcp\0" ++- EventNum: 102 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c18eca5aee83e674879191584fb45b970b9f0b56" ++ - AlgorithmId: sha256 ++ Digest: "8e08c2b0645412c96b630c8273f78520ebe30be31ce7e9c92bf0e405596d134c" ++ - AlgorithmId: sha384 ++ Digest: "1f192c54174eb7d21824179a6803e1cd0a0dacafe1cb8b6d885c2440141d5e3f39099c669e6c526dffc4a1d945988c4c" ++ EventSize: 161 ++ Event: ++ String: "kernel_cmdline: /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1\0" ++- EventNum: 103 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8c6944c5ed9f1516843fd5f5bc32941b1306e7db" ++ - AlgorithmId: sha256 ++ Digest: "76bc6c6d70ce34a24bda263584ed03d0fd5d94f90ca206dd5e500b0fe98b3df2" ++ - AlgorithmId: sha384 ++ Digest: "73d5fcf7750e63d42ab36b31da800a479873e4383ec2d8428ed572fa08429eccfbd63ebf7d342ba19a7ee828ed33d395" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: initrdfail\0" ++- EventNum: 104 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "55cfd6463ef334abb6b48080b33ec063a9c051eb" ++ - AlgorithmId: sha256 ++ Digest: "cfa4676ffe751d1547e77a8d66a033b59b3eed3400d9b3a305d2601891ab0e59" ++ - AlgorithmId: sha384 ++ Digest: "934aafc99cb0a7cb1ef83c5a1eb01c31d60927f08b2ff72d2c05e0b4660ed1dd1e139738b3c5630502e629e8f593d7af" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ -n true ]\0" ++- EventNum: 105 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d25eda264090bec15a2bfee2a9942a2cf6404e61" ++ - AlgorithmId: sha256 ++ Digest: "e997fcfc7bf155f28498714bece340531b221ca2598d7444d8dbc1aac6717deb" ++ - AlgorithmId: sha384 ++ Digest: "fa49d94c3497a24eeb1184b00c8aa69659132993997da06d35f349a246245a846436f4b1df9f1e9cdee9a02f40070dc8" ++ EventSize: 54 ++ Event: ++ String: "grub_cmd: [ -n bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ]\0" ++- EventNum: 106 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d31e5f156b716d7835b261891644bb5f7f65e285" ++ - AlgorithmId: sha256 ++ Digest: "4e7a22f96bae467df0f26975e0bf7614d6b92993301c65bae6a85c6530e460bf" ++ - AlgorithmId: sha384 ++ Digest: "fef379383e771fed457fecfc7148e008c90234d0526b282690c57c93802cc9623c25923689de1c2fcb62669f10e3e1e1" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ -z ]\0" ++- EventNum: 107 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "701f26890cfca800349839dcb7913dc84bd57bd1" ++ - AlgorithmId: sha256 ++ Digest: "6b2c97f60740ba1ed873c8a1344792aefe3ba93ed8f20db8e89193526cff5fbb" ++ - AlgorithmId: sha384 ++ Digest: "c9320c7d11fa8ba02fbf8fe0e952e2bf0b98478bb278e78b32e8af5f2fcade0ef682e200818ff2e84f279bab4e22b207" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: set initrdfail=1\0" ++- EventNum: 108 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7a86009dc1f23867d8951bb95471618bde2d1918" ++ - AlgorithmId: sha256 ++ Digest: "2436afe3cb181454ab807d6ca526ed3132dc1759787f9ed3f2f148e86948e978" ++ - AlgorithmId: sha384 ++ Digest: "4cf726ecd422b56df71dca2f377cb2a4ee6d9ca1f5b44096f8fc6607b73b56d0effc393100c506a93327511a72cbf707" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ -n ]\0" ++- EventNum: 109 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9f1950c2967bc0668269446aa91b2f1e2b088862" ++ - AlgorithmId: sha256 ++ Digest: "a05839fd9bfebe3bde7739df6a1983a0008d37e25a47ffa6a164b4a22050c80f" ++ - AlgorithmId: sha384 ++ Digest: "902625d0fdf460a02c0c993eb960c9b8ad2acd3099ea2304eb3fea5816b3263dd98955f34aa8948e0234e864b7470cad" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: save_env initrdfail\0" ++- EventNum: 110 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "443a6b7b82b7af564f2e393cd9d5a388b7fa4a98" ++ - AlgorithmId: sha256 ++ Digest: "d8043d6b7b85ad358eb3b6ae6a873ab7ef23a26352c5dc4faa5aeedacf5eb41b" ++ - AlgorithmId: sha384 ++ Digest: "214b0bef1379756011344877743fdc2a5382bac6e70362d624ccf3f654407c1b4badf7d8f9295dd3dabdef65b27677e0" ++ EventSize: 29 ++ Event: |- ++ Exit Boot Services Invocation ++- EventNum: 111 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 3 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "475545ddc978d7bfd036facc7e2e987f48189f0d" ++ - AlgorithmId: sha256 ++ Digest: "b54f7542cbd872a81a9d9dea839b2b8d747c7ebd5ea6615c40f42f44a6dbeba0" ++ - AlgorithmId: sha384 ++ Digest: "0a2e01c85deae718a530ad8c6d20a84009babe6c8989269e950d8cf440c6e997695e64d455c4174a652cd080f6230b74" ++ EventSize: 40 ++ Event: |- ++ Exit Boot Services Returned with Success ++pcrs: ++ sha1: ++ 0 : 0x0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea ++ 1 : 0x36c6b7436c37243c5f6744b73ced4df1287cd16a ++ 2 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 3 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 4 : 0x8d9868b66afcf4039eaf8ef5228556d9f313659f ++ 5 : 0xb0eaa45a496e0d933f63e97fd2362192dd48e369 ++ 6 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 7 : 0x777795cbdeca679f7749d8d09fc12941dcc9912a ++ 8 : 0x5dfae5320ea06ddd1c62d296844a9b4b32b49972 ++ 9 : 0xf53869ab9015b5ad736e5f00e44fdfee2fdfde27 ++ 14 : 0xcd3734d2bdfcfba9e443ac02c03c812ffcceb255 ++ sha256: ++ 0 : 0x24af52a4f429b71a3184a6d64cddad17e54ea030e2aa6576bf3a5a3d8bd3328f ++ 1 : 0xf7dab5fda6b082e0ec1a12c43dd996ee409111422cda752a784620313039db19 ++ 2 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 3 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 4 : 0x295aeaeacad1d507930bab18418f905eeda633ea67b2ab94c5e5fd3a4d47ac58 ++ 5 : 0xe4f1359accfe48b19af7d38e98a3f373116b55b7f7a6f58f826f409a91d9fd28 ++ 6 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 7 : 0xca37324eeffabd318d30a20f15bf27ce25dc33e2c9856279ff6c2ced58b02efa ++ 8 : 0x2f2559cae74bb441d75afea5edb78d9a645db9f4bf8dea84bab0861ce6032e18 ++ 9 : 0x9f27883322aaaf043662c27542d9685790c687ea554e4e2ae30f0e099a2e4889 ++ 14 : 0x8351c65483c5419079e8c96758dd2130bee075d71fea226f68ec4eb5bfc71983 ++ sha384: ++ 0 : 0x8be2d39fecef6e883d467379c57847437cfa03a6f7f7f78dcb2a05a479db4b4749ececedd105b760bc8313abccf1dfb6 ++ 1 : 0x382f8b0c004009344620c720690011386c383af66e38437f6f44854426a8a7a1d8eb8c9ffcc5c61b9b39729446c34042 ++ 2 : 0x518923b0f955d08da077c96aaba522b9decede61c599cea6c41889cfbea4ae4d50529d96fe4d1afdafb65e7f95bf23c4 ++ 3 : 0x518923b0f955d08da077c96aaba522b9decede61c599cea6c41889cfbea4ae4d50529d96fe4d1afdafb65e7f95bf23c4 ++ 4 : 0x6bb9f97fa6a24844a6976c6196dcf766574c2062923d2ccbb9e04a365f36a986c798342cb9720d919b0f6a72a1aaab3e ++ 5 : 0x6c1b5fbc7598002e1c48171baf44ffc24c001ba16d25356fb2c06fe8bc3aa73ca78bb658fc4eb5952d5862ee7097ea86 ++ 6 : 0x518923b0f955d08da077c96aaba522b9decede61c599cea6c41889cfbea4ae4d50529d96fe4d1afdafb65e7f95bf23c4 ++ 7 : 0x79ca6795f9f8cb4f8653f64370dcdcc845e2d7be213424c1295bb4626ec436436bcca9decd0bd989b7218ea24af40313 ++ 8 : 0xedf46c2b7278fb9a7e9f0f9ef4bfdcafe156ff687ce039069b9cb9c11cae76d72ad881212ef748cf868138516d22edae ++ 9 : 0xb22f00a43ff104a75b333718cb822311654d33d42154b70c57a90a42c9674fff79e8ca016c2656aa7c92be41ebc57a64 ++ 14 : 0xb8b567350264af771620c027a7b166896385885029f5e5b2feb9a0c62b7ffdfc276b702373b26b3aa589ab675ee8654d +diff --git a/test/integration/fixtures/event-raw/event-moklisttrusted.bin.yaml b/test/integration/fixtures/event-raw/event-moklisttrusted.bin.yaml +new file mode 100644 +index 0000000..d506cb1 +--- /dev/null ++++ b/test/integration/fixtures/event-raw/event-moklisttrusted.bin.yaml +@@ -0,0 +1,1164 @@ ++--- ++version: 2 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 33 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 1 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7" ++ EventSize: 2 ++ Event: "0000" ++- EventNum: 2 ++ PCRIndex: 0 ++ EventType: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df32b6fc4e8a153713feba580b9ca6da6efa8cb23dd907f0e543d1f4c5be3c14" ++ EventSize: 16 ++ Event: ++ BlobBase: 0x820000 ++ BlobLength: 0xe0000 ++- EventNum: 3 ++ PCRIndex: 0 ++ EventType: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "da36c15e1184901ad53ec231d441224d2fff5ff168d8972fe71efca4e150b502" ++ EventSize: 16 ++ Event: ++ BlobBase: 0x900000 ++ BlobLength: 0xc00000 ++- EventNum: 4 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ccfc4bb32888a345bc8aeadaba552b627d99348c767681ab3141f5b01e40a40e" ++ EventSize: 53 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 1 ++ UnicodeName: SecureBoot ++ VariableData: ++ Enabled: 'Yes' ++- EventNum: 5 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "36a1f8ab7581531938784aa5bf73aac6973e3ba6a60cd89f24020fcb7961fc3e" ++ EventSize: 1012 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 976 ++ UnicodeName: PK ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 976 ++ SignatureHeaderSize: 0 ++ SignatureSize: 948 ++ Keys: ++ - SignatureOwner: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ SignatureData: 308203a030820288a003020102020900fef588e8f396c0f1300d06092a864886f70d01010b05003051312b302906035504031322526564204861742053656375726520426f6f742028504b2f4b454b206b65792031293122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d301e170d3134313033313131313533375a170d3337313032353131313533375a3051312b302906035504031322526564204861742053656375726520426f6f742028504b2f4b454b206b65792031293122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100901f847b8dbceb9726826d88ab8ac98c6870f9df4b07b237830b02c86768309ee3f0f0994ab85957c641f6388bfe664c49e93737922e98011e5b1450e6a88d250df586e6ab30cb4016ea8d8b1686704337f2cec091df71148e990e89b64c6d241e8ce42f4f25d0ba06f8c6e8191876731d816da8d805cf3ac87b28c836a3160d298c999a68dcabc04d8dbf5abb2ba9394b04971cf936bbc53a8604aeafd4827be0abde490568fcf6ae681a6c904d57193c646603f6c7529bf794cf936aa168c9aacf996bbcaa5e08e7391cf7f80fba067ef1cbe876ddfe22daad3a5e5b34eab3c9e04d04297eb860b905efb5d91758561660b93032f0364ac3f2798d124070f30203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604143ce960e3ff19a10a7ba342f48d422eb4d59c72ec301f0603551d230418301680143ce960e3ff19a10a7ba342f48d422eb4d59c72ec300d06092a864886f70d01010b050003820101005c4d9288b4825f1dad8b11ecdf06a67aa52b9f37550c8d6e0500adb70c418969cfd665069b5178d2adc7bf9cdc05737fe71e3913b4eab6307d4075ab9c430bdfb0c21bbf30e0f4fec0db622198f6c5afde3b4f490ae61ef986b03f0dd6d44637db54745eff11c260c67058c51c6fecb2d86e6fc3bc338738a4f344649c343b28942678279f1617e83b690a25a973367e9e375cece83fdb91f912b33dcee7dd15c3ae8c0520619b95de9baffab15c1ce597e7c3341185f58a2726a47036ec0cf6833d90f736f3f9f315d49062be53b4afd349afeff473e87b76e4442a37ba81a4990c3a312471a0e4e4b71acb47e4aa22cfef756180e343b7485773113d789b69 ++- EventNum: 6 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "1c1acab9b9e89496e453e6d5a9d3ef0c3632cd99496016fcc0c1e435c62bf421" ++ EventSize: 2574 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 2536 ++ UnicodeName: KEK ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 976 ++ SignatureHeaderSize: 0 ++ SignatureSize: 948 ++ Keys: ++ - SignatureOwner: a0baa8a3-041d-48a8-bc87-c36d121b5e3d ++ SignatureData: 308203a030820288a003020102020900fef588e8f396c0f1300d06092a864886f70d01010b05003051312b302906035504031322526564204861742053656375726520426f6f742028504b2f4b454b206b65792031293122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d301e170d3134313033313131313533375a170d3337313032353131313533375a3051312b302906035504031322526564204861742053656375726520426f6f742028504b2f4b454b206b65792031293122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100901f847b8dbceb9726826d88ab8ac98c6870f9df4b07b237830b02c86768309ee3f0f0994ab85957c641f6388bfe664c49e93737922e98011e5b1450e6a88d250df586e6ab30cb4016ea8d8b1686704337f2cec091df71148e990e89b64c6d241e8ce42f4f25d0ba06f8c6e8191876731d816da8d805cf3ac87b28c836a3160d298c999a68dcabc04d8dbf5abb2ba9394b04971cf936bbc53a8604aeafd4827be0abde490568fcf6ae681a6c904d57193c646603f6c7529bf794cf936aa168c9aacf996bbcaa5e08e7391cf7f80fba067ef1cbe876ddfe22daad3a5e5b34eab3c9e04d04297eb860b905efb5d91758561660b93032f0364ac3f2798d124070f30203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604143ce960e3ff19a10a7ba342f48d422eb4d59c72ec301f0603551d230418301680143ce960e3ff19a10a7ba342f48d422eb4d59c72ec300d06092a864886f70d01010b050003820101005c4d9288b4825f1dad8b11ecdf06a67aa52b9f37550c8d6e0500adb70c418969cfd665069b5178d2adc7bf9cdc05737fe71e3913b4eab6307d4075ab9c430bdfb0c21bbf30e0f4fec0db622198f6c5afde3b4f490ae61ef986b03f0dd6d44637db54745eff11c260c67058c51c6fecb2d86e6fc3bc338738a4f344649c343b28942678279f1617e83b690a25a973367e9e375cece83fdb91f912b33dcee7dd15c3ae8c0520619b95de9baffab15c1ce597e7c3341185f58a2726a47036ec0cf6833d90f736f3f9f315d49062be53b4afd349afeff473e87b76e4442a37ba81a4990c3a312471a0e4e4b71acb47e4aa22cfef756180e343b7485773113d789b69 ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1560 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1532 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 308205e8308203d0a003020102020a610ad188000000000003300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632343230343132395a170d3236303632343230353132395a308180310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312a3028060355040313214d6963726f736f667420436f72706f726174696f6e204b454b204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4e8b58abfad5726b026c3eae7fb577a44025d070dda4ae5742ae6b00fec6debec7fb9e35a63327c11174f0ee30ba73815938ec6f5e084b19a9b2ce7f5b791d609e1e2c004a8ac301cdf48f306509a64a7517fc8854f8f2086cefe2fe19fff82c0ede9cdcef4536a623a0b43b9e225fdfe05f9d4c414ab11e223898d70b7a41d4decaee59cfa16c2d7c1cbd4e8c42fe599ee248b03ec8df28beac34afb4311120b7eb547926cdce60489ebf53304eb10012a71e5f983133cff25092f687646ffba4fbedcad712a58aafb0ed2793de49b653bcc292a9ffc7259a2ebae92eff6351380c602ece45fcc9d76cdef6392c1af79408479877fe352a8e89d7b07698f150203010001a382014f3082014b301006092b06010401823715010403020100301d0603551d0e0416041462fc43cda03ea4cb6712d25bd955ac7bccb68a5f301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100d48488f514941802ca2a3cfb2a921c0cd7a0d1f1e85266a8eea2b5757a9000aa2da4765aea79b7b9376a517b1064f6e164f20267bef7a81b78bdbace8858640cd657c819a35f05d6dbc6d069ce484b32b7eb5dd230f5c0f5b8ba7807a32bfe9bdb345684ec82caae4125709c6be9fe900fd7961fe5e7941fb22a0c8d4bff2829107bf7d77ca5d176b905c879ed0f90929cc2fedf6f7e6c0f7bd4c145dd345196390fe55e56d8180596f407a642b3a077fd0819f27156cc9f8623a487cba6fd587ed4696715917e81f27f13e50d8b8a3c8784ebe3cebd43e5ad2d84938e6a2b5a7c44fa52aa81c82d1cbbe052df0011f89a3dc160b0e133b5a388d165190a1ae7ac7ca4c182874e38b12f0dc514876ffd8d2ebc39b6e7e6c3e0e4cd2784ef9442ef298b9046413b811b67d8f9435965cb0dbcfd00924ff4753ba7a924fc50414079e02d4f0a6a27766e52ed96697baf0ff78705d045c2ad5314811ffb3004aa373661da4a691b34d868edd602cf6c940cd3cf6c2279adb1f0bc03a24660a9c407c22182f1fdf2e8793260bfd8aca522144bcac1d84beb7d3f5735b2e64f75b4b060032253ae91791dd69b411f15865470b2de0d350f7cb03472ba97603bf079eba2b21c5da216b887c5e91bf6b597256f389fe391fa8a7998c3690eb7a31c200597f8ca14ae00d7c4f3c01410756b34a01bb59960f35cb0c5574e36d23284bf9e ++- EventNum: 7 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "644aacf6f4015125233c459bc9e40f3fc82ccd14abb047dc50b7913c8095d1d7" ++ EventSize: 3179 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 3143 ++ UnicodeName: db ++ VariableData: ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1543 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1515 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 308205d7308203bfa003020102020a61077656000000000008300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3131313031393138343134325a170d3236313031393138353134325a308184310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312e302c060355040313254d6963726f736f66742057696e646f77732050726f64756374696f6e20504341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100dd0cbba2e42e09e3e7c5f79669bc0021bd693333efad04cb5480ee0683bbc52084d9f7d28bf338b0aba4ad2d7c627905ffe34a3f04352070e3c4e76be09cc03675e98a31dd8d70e5dc37b5744696285b8760232cbfdc47a567f751279e72eb07a6c9b91e3b53357ce5d3ec27b9871cfeb9c923096fa84691c16e963c41d3cba33f5d026a4dec691f25285c36fffd43150a94e019b4cfdfc212e2c25b27ee2778308b5b2a096b22895360162cc0681d53baec49f39d618c85680973445d7da2542bdd79f715cf355d6c1c2b5ccebc9c238b6f6eb526d93613c34fd627aeb9323b41922ce1c7cd77e8aa544ef75c0b048765b44318a8b2e06d1977ec5a24fa48030203010001a38201433082013f301006092b06010401823715010403020100301d0603551d0e04160414a92902398e16c49778cd90f99e4f9ae17c55af53301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014d5f656cb8fe8a25c6268d13d94905bd7ce9a18c430560603551d1f044f304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f4365724175745f323031302d30362d32332e63726c305a06082b06010505070101044e304c304a06082b06010505073002863e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f4365724175745f323031302d30362d32332e637274300d06092a864886f70d01010b0500038202010014fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e ++ - SignatureType: a5c059a1-94e4-4aa7-87b5-ab155c2bf072 ++ SignatureListSize: 1600 ++ SignatureHeaderSize: 0 ++ SignatureSize: 1572 ++ Keys: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 ++- EventNum: 8 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "1963d580fcc0cede165e23837b55335eebe18750c0b795883386026ea071e3c6" ++ EventSize: 114 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 76 ++ UnicodeName: dbx ++ VariableData: ++ - SignatureType: c1c41626-504c-4092-aca9-41f936934328 ++ SignatureListSize: 76 ++ SignatureHeaderSize: 0 ++ SignatureSize: 48 ++ Keys: ++ - SignatureOwner: a0baa8a3-041d-48a8-bc87-c36d121b5e3d ++ SignatureData: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ++- EventNum: 9 ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 10 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "05131aaccf79e17ce81e239ca3fd2f7706889c207abba05a7f6cbe37723b7507" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x7d750018 ++ ImageLengthInMemory: 169280 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: '02010c00d041030a0000000001010600000101010600000004081800000000000022010000000000ffa70200000000007fff0400' ++- EventNum: 11 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "8c765cd796a40f961d239dc8d469917b278e18316fe8ee9bbe2a5737e294204d" ++ EventSize: 56 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 9 ++ VariableDataLength: 6 ++ UnicodeName: BootOrder ++ VariableData: ++ - Boot0002 ++ - Boot0001 ++ - Boot0000 ++- EventNum: 12 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "9192f6ceff32199e626ee22ab37b88cd5b2b74acc65134443da18e81c8ec09ff" ++ EventSize: 202 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 154 ++ UnicodeName: Boot0002 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 98 ++ Description: "Red Hat Enterprise Linux" ++ DevicePath: '04012a0001000000000800000000000000c0120000000000efebe332780a8740b320948b8e06b02f0202040434005c004500460049005c007200650064006800610074005c007300680069006d007800360034002e0065006600690000007fff0400' ++- EventNum: 13 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "37d0b6681d44cc3f1e28d695fe6aacbf49048712b946b9810f73b583437843ac" ++ EventSize: 132 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 84 ++ UnicodeName: Boot0001 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 28 ++ Description: "UEFI Misc Device" ++ DevicePath: '02010c00d041030a000000000101060003010101060000007fff04004eac0881119f594d850ee21a522c59b2' ++- EventNum: 14 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "3197be1e300fa1600d1884c3a4bd4a90a15405bfb546cf2e6cf6095f8c362a93" ++ EventSize: 110 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 62 ++ UnicodeName: Boot0000 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 44 ++ Description: "UiApp" ++ DevicePath: '04071400c9bdb87cebf8344faaea3ee4af6516a10406140021aa2c4614760345836e8ab6f46623317fff0400' ++- EventNum: 15 ++ PCRIndex: 4 ++ EventType: EV_EFI_ACTION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba" ++ EventSize: 40 ++ Event: |- ++ Calling EFI Application from Boot Option ++- EventNum: 16 ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 17 ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 18 ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 19 ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 20 ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 21 ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 22 ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 23 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4d4a8e2c74133bbdc01a16eaf2dbb5d575afeb36f5d8dfcf609ae043909e2ee9" ++ EventSize: 1608 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 1572 ++ UnicodeName: db ++ VariableData: ++ - SignatureOwner: 77fa9abd-0359-4d32-bd60-28f4e78f784b ++ SignatureData: 30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358 ++- EventNum: 24 ++ PCRIndex: 5 ++ EventType: EV_EFI_GPT_EVENT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "b401858d924d7c9d39e32bc3a539bb79c83bfac9f4c4c8b45cc59d427e9afc19" ++ EventSize: 612 ++ Event: ++ Header: ++ Signature: "EFI PART" ++ Revision: 0x10000 ++ HeaderSize: 92 ++ HeaderCRC32: 0xf9b92cdd ++ MyLBA: 0x1 ++ AlternateLBA: 0x27fffff ++ FirstUsableLBA: 0x22 ++ LastUsableLBA: 0x27fffde ++ DiskGUID: 7bb73385-40b7-462f-a5fd-4e4b67e399a3 ++ PartitionEntryLBA: 0x2 ++ NumberOfPartitionEntry: 128 ++ SizeOfPartitionEntry: 128 ++ PartitionEntryArrayCRC32: 0xe28b5e55 ++ NumberOfPartitions: 4 ++ Partitions: ++ - PartitionTypeGUID: c12a7328-f81f-11d2-ba4b-00a0c93ec93b ++ UniquePartitionGUID: 32e3ebef-0a78-4087-b320-948b8e06b02f ++ StartingLBA: 0x800 ++ EndingLBA: 0x12c7ff ++ Attributes: 0x0 ++ PartitionName: "EFI System Partition" ++ - PartitionTypeGUID: 0fc63daf-8483-4772-8e79-3d69d8477de4 ++ UniquePartitionGUID: 15080006-a862-4040-9e5f-850b0c5293ff ++ StartingLBA: 0x12c800 ++ EndingLBA: 0x32c7ff ++ Attributes: 0x0 ++ PartitionName: "" ++ - PartitionTypeGUID: 0657fd6d-a4ab-43c4-84e5-0933c84b4f4f ++ UniquePartitionGUID: 9ab18f82-2647-4462-94ba-4a29ea3bb00e ++ StartingLBA: 0x32c800 ++ EndingLBA: 0x72c7ff ++ Attributes: 0x0 ++ PartitionName: "" ++ - PartitionTypeGUID: 0fc63daf-8483-4772-8e79-3d69d8477de4 ++ UniquePartitionGUID: 81c10479-c5d6-4f99-9f68-5bbee604106f ++ StartingLBA: 0x72c800 ++ EndingLBA: 0x27ff7ff ++ Attributes: 0x0 ++ PartitionName: "" ++- EventNum: 25 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "5af24fa7419a5bb4cebe934221c3155cb3918773c5b7033d59cddda344f3ebf5" ++ EventSize: 154 ++ Event: ++ ImageLocationInMemory: 0x7d0ca018 ++ ImageLengthInMemory: 946736 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 122 ++ DevicePath: '02010c00d041030a0000000001010600030101010600000004012a0001000000000800000000000000c0120000000000efebe332780a8740b320948b8e06b02f0202040434005c004500460049005c007200650064006800610074005c007300680069006d007800360034002e0065006600690000007fff0400' ++- EventNum: 26 ++ PCRIndex: 14 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "69bbddbe5a4480b7ab2e5632638b978bba978e66d04b677b3fd4ad2e5c7e1c5b" ++ EventSize: 8 ++ Event: ++ String: "MokList\0" ++- EventNum: 27 ++ PCRIndex: 14 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "8d8a3aae50d5d25838c95c034aadce7b548c9a952eb7925e366eda537c59c3b0" ++ EventSize: 9 ++ Event: ++ String: "MokListX\0" ++- EventNum: 28 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "922e939a5565798a5ef12fe09d8b49bf951a8e7f89a0cca7a51636693d41a34d" ++ EventSize: 68 ++ Event: ++ VariableName: 605dab50-e046-4300-abb6-3dd810dd8b23 ++ UnicodeNameLength: 9 ++ VariableDataLength: 18 ++ UnicodeName: SbatLevel ++ VariableData: ++ String: "sbat,1,2021030218\n" ++- EventNum: 29 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "5f62a2107fa11ce0485fd252d2e6c603cb8ed075861f9513bfed0a26bf6ed62b" ++ EventSize: 61 ++ Event: ++ VariableName: 605dab50-e046-4300-abb6-3dd810dd8b23 ++ UnicodeNameLength: 14 ++ VariableDataLength: 1 ++ UnicodeName: MokListTrusted ++ VariableData: ++ Enabled: 'Yes' ++- EventNum: 30 ++ PCRIndex: 14 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a" ++ EventSize: 15 ++ Event: ++ String: "MokListTrusted\0" ++- EventNum: 31 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "92291e21a601f9a142e256dfc85b516a43b1e929212eafda55458f6f9be7f0a1" ++ EventSize: 960 ++ Event: ++ VariableName: 605dab50-e046-4300-abb6-3dd810dd8b23 ++ UnicodeNameLength: 4 ++ VariableDataLength: 920 ++ UnicodeName: Shim ++ VariableData: ++ - SignatureOwner: 94038230-8230-7c02-a003-020102020900 ++ SignatureData: 83730d2b7280d15a300d06092a864886f70d01010b0500305f31163014060355040a0c0d526564204861742c20496e632e3121301f06035504030c18526564204861742053656375726520426f6f7420434120353122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d301e170d3230303630393038313533365a170d3338303131383038313533365a305f31163014060355040a0c0d526564204861742c20496e632e3121301f06035504030c18526564204861742053656375726520426f6f7420434120353122302006092a864886f70d0109011613736563616c657274407265646861742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cebaea41171c81a18809bfa1d4a9fa532e9d9ebcfc3b289c3052a00bf4000f36c88341f6a9c915496564d5b2769e58c12e1eeacf93386b47d6ba92c5f800e777a55769df41b1c4905b2d20c174aa038680b6a459efa988445e5240d47715a104859ceff3c69ff30f0fd68446e466dc266ad6d88a6e474acae34c431574997a06328ce033bfe5f846673dea0e943bbf3ddd8bf67f308c45540ba4de23355a997305d880e765141a07302c7386b02da3a636a64d815d91a767bbea3b5b828a9ccf83da31d1543416bc1907172a944ef0cecf0dbaf4fbe4d44889238b8cdc8e4513d77aa8d5e5840313520206c2d590763ab5d7b89d7ab0c9d09869fb8e0d01f5850203010001a3533051301d0603551d0e04160414cc6fa5e72868ba494e939bbd680b9144769a9f8f301f0603551d23041830168014cc6fa5e72868ba494e939bbd680b9144769a9f8f300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101001de75e426a66cc723e9b5cc9afa3ca542eed64abc0b917be27a91e58b1593c4d1174d1971a520584058ad9f085c8f5ec8f9ce9e7086dbb3acbfa6f3c33e6784d75bddfc095729f0350d2752a7cb481e08762945cefcf6bda3ae3bf6e18743455500c22518eaa5830bebd3e304db697b5131b6daf6c183b714a09a18917a7e718f56d51b1d310c80ed6e43219024b1ab2d2dc29a326951d0106e452697806d3304444b07577cc54ade46e2222ff5dff93060cf9983a9c39b70c81d0f3f807a7098b6f9c8ae1adfc419850a65f0bbaa57f1cfc838d06592e9e6ebff43ec31a746625948a5dbf21b6139b9f67f87edc421f4c0edd88737d8c95d03f77c190b864f1 ++- EventNum: 32 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "a4858d1a47abce57039f498475d96b1e29c9c0489458ea45fc1c3ef2599eea16" ++ EventSize: 88 ++ Event: ++ ImageLocationInMemory: 0x7cd71018 ++ ImageLengthInMemory: 2524792 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 56 ++ DevicePath: '040434005c004500460049005c007200650064006800610074005c0067007200750062007800360034002e0065006600690000007fff0400' ++- EventNum: 33 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "1e9dc05f52ce1ee96bfbe2c8e4a5a650a8ca7564f5ec05258e8ac7a490e5c0d6" ++ EventSize: 31 ++ Event: ++ String: "(hd0,gpt1)/EFI/redhat/grub.cfg\0" ++- EventNum: 34 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "1e9dc05f52ce1ee96bfbe2c8e4a5a650a8ca7564f5ec05258e8ac7a490e5c0d6" ++ EventSize: 31 ++ Event: ++ String: "(hd0,gpt1)/EFI/redhat/grub.cfg\0" ++- EventNum: 35 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "a449b867e6234d067b572dd6d119d7a58e9792992a5f4c65fccfd9699a6128ac" ++ EventSize: 86 ++ Event: ++ String: "grub_cmd: search --no-floppy --fs-uuid --set=dev ed5e9398-1a8f-4ae2-a8b8-c4cd677a759f\0" ++- EventNum: 36 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "8848d9559c4b88724d1ca23ace56550cf497428733fdc13462e1092e04f819b2" ++ EventSize: 38 ++ Event: ++ String: "grub_cmd: set prefix=(hd0,gpt2)/grub2\0" ++- EventNum: 37 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ff53bb1b64407630089072060dadd651c37b29fab7eafdb6c22212104101d616" ++ EventSize: 34 ++ Event: ++ String: "grub_cmd: export (hd0,gpt2)/grub2\0" ++- EventNum: 38 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "6c37371ba140d53352f0a269edd9f4748964ffe8204f47d0155c082a0f214815" ++ EventSize: 47 ++ Event: ++ String: "grub_cmd: configfile (hd0,gpt2)/grub2/grub.cfg\0" ++- EventNum: 39 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "e406f33b6c2268c4b370a0f2445a61c40cff8f9496057056f2fe28d8bfb2a7e3" ++ EventSize: 26 ++ Event: ++ String: "(hd0,gpt2)/grub2/grub.cfg\0" ++- EventNum: 40 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "fc1ac040fc293ed95e4594b67c4378a832d67c8951a3a5e7032e919eb99c5f88" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: set pager=1\0" ++- EventNum: 41 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "b3fa538baf79d1c124c21e7c4b7816563ad00e726d72bdf775d7d8c1171ebff2" ++ EventSize: 42 ++ Event: ++ String: "grub_cmd: [ -f (hd0,gpt2)/grub2/grubenv ]\0" ++- EventNum: 42 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "06c0ff22313606eef3c6082214f8c0a2b813fb987dfd4c98033080276eb08745" ++ EventSize: 47 ++ Event: ++ String: "grub_cmd: load_env -f (hd0,gpt2)/grub2/grubenv\0" ++- EventNum: 43 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "b1ae111cb224346a7342648d107b5394ce808c7892c117a063a3a9a31c6ccd23" ++ EventSize: 25 ++ Event: ++ String: "(hd0,gpt2)/grub2/grubenv\0" ++- EventNum: 44 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 45 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "9cda6c923e6ecc7a57f10f30168810e381695d20ef53f59c04d004aaa4e46237" ++ EventSize: 77 ++ Event: ++ String: "grub_cmd: set default=54e4e23536524c529b66e491dfc77274-5.14.0-130.el9.x86_64\0" ++- EventNum: 46 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 47 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "09f17d4dfb4b97f16246632c21b1ac2125c95c148899eee5069fbb1b34365513" ++ EventSize: 35 ++ Event: ++ String: "grub_cmd: menuentry_id_option=--id\0" ++- EventNum: 48 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4af0bb370c9e3b7982027d02e04c935e32d52b528007476bfc50d36d1b86815e" ++ EventSize: 37 ++ Event: ++ String: "grub_cmd: export menuentry_id_option\0" ++- EventNum: 49 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 50 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "1022afd472d62cf10a33afe3e9a3769af2334ada5f5ebd238b428f0d90a497aa" ++ EventSize: 32 ++ Event: ++ String: "grub_cmd: serial --speed=115200\0" ++- EventNum: 51 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "092ef58da5a532249d7ee58b0d6f0772b3cb39fb24b653ccafe3ddf50d9c49a8" ++ EventSize: 40 ++ Event: ++ String: "grub_cmd: terminal_input serial console\0" ++- EventNum: 52 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "c81593b0a6c83009cd0c757a681399d7dc491453e042b7b368b530074e5c39b9" ++ EventSize: 41 ++ Event: ++ String: "grub_cmd: terminal_output serial console\0" ++- EventNum: 53 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 54 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "1c568398cf2e4a9df58875bbd79dffe058ec45be0b74512fa919a2fe7db4a609" ++ EventSize: 33 ++ Event: ++ String: "grub_cmd: set timeout_style=menu\0" ++- EventNum: 55 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "71a5b3b21ac3862f40fabb745a9649c3a1d34249b9706524c90b2480c298beb0" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: set timeout=5\0" ++- EventNum: 56 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "e3b86ac73bb68db33745fd1cac2ca1d6bbbefb39ac1cca848bc9bc800114e7e5" ++ EventSize: 43 ++ Event: ++ String: "grub_cmd: [ -f (hd0,gpt2)/grub2/user.cfg ]\0" ++- EventNum: 57 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "29b7ae3acc4da64c4380feaea03c4a761c88bfbb74b3a79ac68a4e2822bbff2f" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: insmod increment\0" ++- EventNum: 58 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "55cf6566869a451dbd91b65abbbd92b35b62e8009e9136e8df11846a287b93ae" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: [ -n -a 0 = 0 ]\0" ++- EventNum: 59 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "62cd76d31ca3d10d742e46c6ff171046ce19dd90f361a827fec6571e59c24794" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: insmod part_gpt\0" ++- EventNum: 60 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "39c36226c5af91f9ee4969786436cc8ad87252b22b55c006bb8ef98a0eaef85d" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: insmod xfs\0" ++- EventNum: 61 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "96d10df2fba642d434781baf243b25e910759c649db2c81fce017759a2e733f3" ++ EventSize: 87 ++ Event: ++ String: "grub_cmd: search --no-floppy --fs-uuid --set=root ed5e9398-1a8f-4ae2-a8b8-c4cd677a759f\0" ++- EventNum: 62 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "62cd76d31ca3d10d742e46c6ff171046ce19dd90f361a827fec6571e59c24794" ++ EventSize: 26 ++ Event: ++ String: "grub_cmd: insmod part_gpt\0" ++- EventNum: 63 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "c8fabb4ae6637fa9a9037444c80a55b1a2d2da2c2b9b8842b7810379877955f6" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: insmod fat\0" ++- EventNum: 64 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "839290aa76a4b0d6bfe0a8d3908116f4991e2e81c9f1ff0c395b907692944ffe" ++ EventSize: 60 ++ Event: ++ String: "grub_cmd: search --no-floppy --fs-uuid --set=boot EE2C-46E8\0" ++- EventNum: 65 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4e7a22f96bae467df0f26975e0bf7614d6b92993301c65bae6a85c6530e460bf" ++ EventSize: 18 ++ Event: ++ String: "grub_cmd: [ -z ]\0" ++- EventNum: 66 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "799852ff506d6ce018c30e57166e6e04f450a16f9df958737e1e1473046fb8e0" ++ EventSize: 146 ++ Event: ++ String: "grub_cmd: set kernelopts=root=UUID=10d7f09f-7852-4b75-a2b6-2355d99b4376 ro resume=UUID=c39a47a6-aaad-45f9-87f1-26be66fe2a24 console=ttyS0,115200 \0" ++- EventNum: 67 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "822e637a86c14c686c7beda98067089103cfb97984033b6d607d9feb82f0d234" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: insmod blscfg\0" ++- EventNum: 68 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "05a5577cb6b242b7b5aff400fd90224598d1e354937fadc90f954cab3dc78519" ++ EventSize: 17 ++ Event: ++ String: "grub_cmd: blscfg\0" ++- EventNum: 69 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ad40d8033aa535ebbb889e4cfc0b9330cb91333662df4faad83afb5a4679ff4b" ++ EventSize: 87 ++ Event: ++ String: "(hd0,gpt2)/loader/entries//54e4e23536524c529b66e491dfc77274-5.14.0-130.el9.x86_64.conf\0" ++- EventNum: 70 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "0f091ad303dc1b251381cce9debaf422871c8f57aae37f4604fe11f1a7d043c8" ++ EventSize: 74 ++ Event: ++ String: "(hd0,gpt2)/loader/entries//54e4e23536524c529b66e491dfc77274-0-rescue.conf\0" ++- EventNum: 71 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "eb866bcea8420a022810dd2c940e9647b149c7c4702755aa08dea821b5a67756" ++ EventSize: 29 ++ Event: ++ String: "grub_cmd: [ 0 = 1 -o 0 = 1 ]\0" ++- EventNum: 72 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "bc7b76a012f77212c24c2db187fb8474dbb2f6567186a64c3550b30f4ffc4363" ++ EventSize: 29 ++ Event: ++ String: "grub_cmd: set menu_hide_ok=0\0" ++- EventNum: 73 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "73685e16907fb87cb70065627b206b7142631e929ac4285418fb56399b607079" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ 0 = 1 ]\0" ++- EventNum: 74 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "73685e16907fb87cb70065627b206b7142631e929ac4285418fb56399b607079" ++ EventSize: 20 ++ Event: ++ String: "grub_cmd: [ 0 = 1 ]\0" ++- EventNum: 75 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "d4468e9ea1b6827517d1f626f8c34b364007a3611c2a17fbf51bc7e7eaa49138" ++ EventSize: 29 ++ Event: ++ String: "grub_cmd: set boot_success=0\0" ++- EventNum: 76 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "11ad30ffc650e4c3b13a3e434111a5bc12fb00699138c06e80d132124b61a86b" ++ EventSize: 51 ++ Event: ++ String: "grub_cmd: save_env boot_success boot_indeterminate\0" ++- EventNum: 77 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 78 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ce8124bc1b0fbc0cb5cd47338ca0c7d5f5446d79936e443a201d96b192a7bd65" ++ EventSize: 15 ++ Event: ++ String: "grub_cmd: [ ]\0" ++- EventNum: 79 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "5d487e285706b36d48eff03e56383e4692de24b867b38fcb3c5896fd222a5957" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: [ efi = efi ]\0" ++- EventNum: 80 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "fb84aff84de5bcc528ede92bec117fa8cea46362c5d2ea946e44299a968ffac7" ++ EventSize: 77 ++ Event: ++ String: "grub_cmd: menuentry UEFI Firmware Settings --id uefi-firmware {\n\ ++ \t\tfwsetup\n\ ++ \t}\0" ++- EventNum: 81 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "2772cd3a066fe5a53ee59546d123304f52ede2f0225dfbe9e14d7d1b33f732a5" ++ EventSize: 45 ++ Event: ++ String: "grub_cmd: [ -f (hd0,gpt2)/grub2/custom.cfg ]\0" ++- EventNum: 82 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "8b9a38d95384b44889dbcbcdb5fa13679511d4b0f69078d554e7a95ba78dcd5c" ++ EventSize: 68 ++ Event: ++ String: "grub_cmd: [ -z (hd0,gpt2)/grub2 -a -f (hd0,gpt2)/grub2/custom.cfg ]\0" ++- EventNum: 83 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "7626abd8be7442c2e575364a3e95cb3a3b533c58afbba402d2bdabdff85d29c7" ++ EventSize: 21 ++ Event: ++ String: "grub_cmd: load_video\0" ++- EventNum: 84 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4568361fb7581b31a42d645ab534302fb9f742adaa37b7fde152215d69e259fb" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: [ xy = xy ]\0" ++- EventNum: 85 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "d71353f5368eb2c1280590928128979bd96ea8db1e8c81493f7878383b76ab3b" ++ EventSize: 27 ++ Event: ++ String: "grub_cmd: insmod all_video\0" ++- EventNum: 86 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "15a5018b0177cf9c49c0b97911df67e7f2c193d3613e3fc4c9eb98a2b5d06fcc" ++ EventSize: 30 ++ Event: ++ String: "grub_cmd: set gfxpayload=keep\0" ++- EventNum: 87 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "6c4674d4c652ee67b98a6206d7541ccbf2d5dc0a18dae31ad66e82c794c49784" ++ EventSize: 22 ++ Event: ++ String: "grub_cmd: insmod gzio\0" ++- EventNum: 88 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "753adbf2c98996166c82e7834c1f7af48987739bec81e3948b2017955c50705c" ++ EventSize: 247 ++ Event: ++ String: "grub_cmd: linux (hd0,gpt2)/vmlinuz-5.14.0-130.el9.x86_64 root=UUID=10d7f09f-7852-4b75-a2b6-2355d99b4376 ro resume=UUID=c39a47a6-aaad-45f9-87f1-26be66fe2a24 console=ttyS0,115200 ima_appraise=fix ima_canonical_fmt ima_policy=tcb ima_template=ima-ng\0" ++- EventNum: 89 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "0114cf38d49a529321c6dc4cef08424418efe3384494ff0a8fde04eee9a608bd" ++ EventSize: 41 ++ Event: ++ String: "(hd0,gpt2)/vmlinuz-5.14.0-130.el9.x86_64\0" ++- EventNum: 90 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "55ca5219d41971e1dcdb75b3624e63f96f8bafd4edf57007f60343b9dec3a4da" ++ EventSize: 32 ++ Event: ++ ImageLocationInMemory: 0x7a07b640 ++ ImageLengthInMemory: 11302456 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 0 ++ DevicePath: '' ++- EventNum: 91 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "55ca5219d41971e1dcdb75b3624e63f96f8bafd4edf57007f60343b9dec3a4da" ++ EventSize: 32 ++ Event: ++ ImageLocationInMemory: 0x78b19580 ++ ImageLengthInMemory: 11302456 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 0 ++ DevicePath: '' ++- EventNum: 92 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "6fed7c51f16551db907d6ac192194735c33cd2aad9e80b7124dbae6c49e92fe3" ++ EventSize: 247 ++ Event: ++ String: "kernel_cmdline: (hd0,gpt2)/vmlinuz-5.14.0-130.el9.x86_64 root=UUID=10d7f09f-7852-4b75-a2b6-2355d99b4376 ro resume=UUID=c39a47a6-aaad-45f9-87f1-26be66fe2a24 console=ttyS0,115200 ima_appraise=fix ima_canonical_fmt ima_policy=tcb ima_template=ima-ng\0" ++- EventNum: 93 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4284fb7e9806b80b5ffd8ac0db1b55806ad915e08830c08423f1dc79857ad230" ++ EventSize: 64 ++ Event: ++ String: "grub_cmd: initrd (hd0,gpt2)/initramfs-5.14.0-130.el9.x86_64.img\0" ++- EventNum: 94 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "3b88d84f382249264ef0e9c6baeed69484b163b913db7a127dd7775be146225d" ++ EventSize: 47 ++ Event: ++ String: "(hd0,gpt2)/initramfs-5.14.0-130.el9.x86_64.img\0" ++- EventNum: 95 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "d8043d6b7b85ad358eb3b6ae6a873ab7ef23a26352c5dc4faa5aeedacf5eb41b" ++ EventSize: 29 ++ Event: |- ++ Exit Boot Services Invocation ++- EventNum: 96 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "b54f7542cbd872a81a9d9dea839b2b8d747c7ebd5ea6615c40f42f44a6dbeba0" ++ EventSize: 40 ++ Event: |- ++ Exit Boot Services Returned with Success ++pcrs: ++ sha256: ++ 0 : 0xfcb620568efe4ac4e15f6dcbc6431cad79bc85c7f2f592e08dde0bf37da6df39 ++ 1 : 0xb2eb2c29be62e89089cf14b827e4feaaf08b48d19ba69981eb2fc43c50a332b1 ++ 2 : 0xf12eecdb5c80b81e5b0ee1d55794a6a6ddb58b8223039b7930134a8515690a17 ++ 3 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 4 : 0x83210a75db8818d9c65d688ce2b8aa9b3ff6dd7b23dd8fbee0c26dd0a7744c6a ++ 5 : 0x7631b54abc865ab7872445ec9cab5993504a5fc88e837eabed390048741e468d ++ 6 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 7 : 0x56c7ba6010e0a8a20c92e3d08baebcf2a7e6544fed33c3ea9523eaa6cd74537a ++ 8 : 0xf2e988cbd9116a83812fa6c1ce4ac70d286ea256c5d71ea15de404fa7b5ff5f1 ++ 9 : 0x82a2887b01c5d730c7059e677ff18d5496c646ea18ace9eb86347bb5f6eb79b9 ++ 14 : 0xa4dad77fb3b6cacbd20f556986c5d917f5e322c123af82d12c5e5b7ef7ae9938 +diff --git a/test/integration/fixtures/event-raw/event-postcode.bin.yaml b/test/integration/fixtures/event-raw/event-postcode.bin.yaml +new file mode 100644 +index 0000000..1cca3cd +--- /dev/null ++++ b/test/integration/fixtures/event-raw/event-postcode.bin.yaml +@@ -0,0 +1,868 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 37 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 2 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c42fedad268200cb1d15f97841c344e79dae3320" ++ - AlgorithmId: sha256 ++ Digest: "d4720b4009438213b803568017f903093f6bea8ab47d283db32b6eabedbbf155" ++ EventSize: 16 ++ Event: "1efb6b540c1d5540a4ad4ef4bf17b83a" ++- EventNum: 2 ++ PCRIndex: 0 ++ EventType: EV_POST_CODE ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2ae338407a3d9304e82360e9891ac12b89e838a6" ++ - AlgorithmId: sha256 ++ Digest: "533a706b2c32ac3b42342959d4ff906135ebe9de52ecb4b0e0804c153aedcbe4" ++ EventSize: 16 ++ Event: ++ BlobBase: 0xff130000 ++ BlobLength: 0xa7f000 ++- EventNum: 3 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d4fdd1f14d4041494deb8fc990c45343d2277d08" ++ - AlgorithmId: sha256 ++ Digest: "ccfc4bb32888a345bc8aeadaba552b627d99348c767681ab3141f5b01e40a40e" ++ EventSize: 53 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 1 ++ UnicodeName: SecureBoot ++ VariableData: "01" ++- EventNum: 4 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "74695203091adbb40c8420f1b499a6ac1a723962" ++ - AlgorithmId: sha256 ++ Digest: "b161e0347f5f040997f97ff52642d43b3a87b986dae8d776d6af27e6468675e6" ++ EventSize: 1011 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 975 ++ UnicodeName: PK ++ VariableData: "a159c0a5e494a74a87b5ab155c2bf072cf03000000000000b30300005148dc265f19e14a9a19fbf883bbb35e3082039f30820287a00302010202103b98c74f9010d1a94c4383363dced485300d06092a864886f70d01010b05003072310c300a06035504061303555341310b300906035504080c0243413111300f06035504070c0853616e204a6f736531223020060355040a0c195375706572204d6963726f20436f6d707574657220496e632e311e301c06035504030c1553555045524d4943524f20504b2043412032303138301e170d3138313232303031343630345a170d3333313232303031353630335a3072310c300a06035504061303555341310b300906035504080c0243413111300f06035504070c0853616e204a6f736531223020060355040a0c195375706572204d6963726f20436f6d707574657220496e632e311e301c06035504030c1553555045524d4943524f20504b204341203230313830820122300d06092a864886f70d01010105000382010f003082010a0282010100b398bfed1fc069518e4daa9129ce319e1b628e022a15e4271bdace95eae234b9f35d5f41aef62b1d04655206371b2b10ad6a750efaee87d6785755c579986e3936a4eb1769eee7335bc2f0f9e596fbc7ee21db41f5a48a621983a3cb16ab74142c0b586272d0f9e2c95b3176ea0659ba37e43bca8f58b115f9a6cb718cb92269483f735763d5ca54e9ae894b3c4bb7b81ad666d88eee177cd96826d2b4721ccdcb3abd2e14a1941a0be7543b17eb944be4a23490939e50aa5e4dfb1f3491d4506f13a0a5104980cd9b8e452b7ec1b49285c768b2652f58287ccb95090810370a8cb5b5c41840a7ad87b2efa5c29404858802e7fa2be41707b5557e312a65fbad0203010001a331302f300e0603551d0f0101ff040403020186301d0603551d0e041604142f7f6b38d83ab463442ae8edd4f1ceba35688388300d06092a864886f70d01010b050003820101002ae10c936dc7137242fa482ffaef28320b39dd00e43e962a31fa33561b615bf80c7df84d18dbfacca8726595a214cb906028dc0a5b723a9d0e9c6583482224498930b40bf39eafbd5b938db74dec4ab46fe5a435e1f57841181d600b7dfc79de431bf9e916de1e22cd627781759bc07de67c1fab878cf7b978678697c47e2c32f2a273d650cbc446a93a18aa3a1e61086034c58cebb61ccf2081ab7bfcb0d8a582dda9139765e08e62004caa252afd665dedda4e47c29dd5fc69f1aaa6b32d66e0e70b98621e3f0c8f2c665355a987fbbf5f1c0e474c8af8d13d1e87c0ffc64ef39a03995e519fbd84f0760e1ae0973b8cf010386b4bca17fc1105b3b8b2c305" ++- EventNum: 5 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "13f02fbc7383ed7c89017e0b32f60e38e282056c" ++ - AlgorithmId: sha256 ++ Digest: "63c0ee78eb49b91ac213b03768a827ebf9b12370f65851b19a883bf32eaf2a14" ++ EventSize: 1598 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 1560 ++ UnicodeName: KEK ++ VariableData: "a159c0a5e494a74a87b5ab155c2bf0721806000000000000fc050000bd9afa775903324dbd6028f4e78f784b308205e8308203d0a003020102020a610ad188000000000003300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632343230343132395a170d3236303632343230353132395a308180310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312a3028060355040313214d6963726f736f667420436f72706f726174696f6e204b454b204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4e8b58abfad5726b026c3eae7fb577a44025d070dda4ae5742ae6b00fec6debec7fb9e35a63327c11174f0ee30ba73815938ec6f5e084b19a9b2ce7f5b791d609e1e2c004a8ac301cdf48f306509a64a7517fc8854f8f2086cefe2fe19fff82c0ede9cdcef4536a623a0b43b9e225fdfe05f9d4c414ab11e223898d70b7a41d4decaee59cfa16c2d7c1cbd4e8c42fe599ee248b03ec8df28beac34afb4311120b7eb547926cdce60489ebf53304eb10012a71e5f983133cff25092f687646ffba4fbedcad712a58aafb0ed2793de49b653bcc292a9ffc7259a2ebae92eff6351380c602ece45fcc9d76cdef6392c1af79408479877fe352a8e89d7b07698f150203010001a382014f3082014b301006092b06010401823715010403020100301d0603551d0e0416041462fc43cda03ea4cb6712d25bd955ac7bccb68a5f301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100d48488f514941802ca2a3cfb2a921c0cd7a0d1f1e85266a8eea2b5757a9000aa2da4765aea79b7b9376a517b1064f6e164f20267bef7a81b78bdbace8858640cd657c819a35f05d6dbc6d069ce484b32b7eb5dd230f5c0f5b8ba7807a32bfe9bdb345684ec82caae4125709c6be9fe900fd7961fe5e7941fb22a0c8d4bff2829107bf7d77ca5d176b905c879ed0f90929cc2fedf6f7e6c0f7bd4c145dd345196390fe55e56d8180596f407a642b3a077fd0819f27156cc9f8623a487cba6fd587ed4696715917e81f27f13e50d8b8a3c8784ebe3cebd43e5ad2d84938e6a2b5a7c44fa52aa81c82d1cbbe052df0011f89a3dc160b0e133b5a388d165190a1ae7ac7ca4c182874e38b12f0dc514876ffd8d2ebc39b6e7e6c3e0e4cd2784ef9442ef298b9046413b811b67d8f9435965cb0dbcfd00924ff4753ba7a924fc50414079e02d4f0a6a27766e52ed96697baf0ff78705d045c2ad5314811ffb3004aa373661da4a691b34d868edd602cf6c940cd3cf6c2279adb1f0bc03a24660a9c407c22182f1fdf2e8793260bfd8aca522144bcac1d84beb7d3f5735b2e64f75b4b060032253ae91791dd69b411f15865470b2de0d350f7cb03472ba97603bf079eba2b21c5da216b887c5e91bf6b597256f389fe391fa8a7998c3690eb7a31c200597f8ca14ae00d7c4f3c01410756b34a01bb59960f35cb0c5574e36d23284bf9e" ++- EventNum: 6 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "b0a330783903281d43a79ddc6b6bf7aceb3b10fa" ++ - AlgorithmId: sha256 ++ Digest: "a70c57a09bd713fa74a267c2fe5e5553c6c832d330fffaa12c3323c60b016048" ++ EventSize: 5223 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 5187 ++ UnicodeName: db ++ VariableData: "a159c0a5e494a74a87b5ab155c2bf072400600000000000024060000bd9afa775903324dbd6028f4e78f784b30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358a159c0a5e494a74a87b5ab155c2bf0720706000000000000eb050000bd9afa775903324dbd6028f4e78f784b308205d7308203bfa003020102020a61077656000000000008300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3131313031393138343134325a170d3236313031393138353134325a308184310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312e302c060355040313254d6963726f736f66742057696e646f77732050726f64756374696f6e20504341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100dd0cbba2e42e09e3e7c5f79669bc0021bd693333efad04cb5480ee0683bbc52084d9f7d28bf338b0aba4ad2d7c627905ffe34a3f04352070e3c4e76be09cc03675e98a31dd8d70e5dc37b5744696285b8760232cbfdc47a567f751279e72eb07a6c9b91e3b53357ce5d3ec27b9871cfeb9c923096fa84691c16e963c41d3cba33f5d026a4dec691f25285c36fffd43150a94e019b4cfdfc212e2c25b27ee2778308b5b2a096b22895360162cc0681d53baec49f39d618c85680973445d7da2542bdd79f715cf355d6c1c2b5ccebc9c238b6f6eb526d93613c34fd627aeb9323b41922ce1c7cd77e8aa544ef75c0b048765b44318a8b2e06d1977ec5a24fa48030203010001a38201433082013f301006092b06010401823715010403020100301d0603551d0e04160414a92902398e16c49778cd90f99e4f9ae17c55af53301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014d5f656cb8fe8a25c6268d13d94905bd7ce9a18c430560603551d1f044f304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f4365724175745f323031302d30362d32332e63726c305a06082b06010505070101044e304c304a06082b06010505073002863e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f4365724175745f323031302d30362d32332e637274300d06092a864886f70d01010b0500038202010014fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597ea159c0a5e494a74a87b5ab155c2bf07296030000000000007a0300005148dc265f19e14a9a19fbf883bbb35e308203663082024ea003020102020100300d06092a864886f70d01010b05003072310c300a06035504061303555341310b300906035504080c0243413111300f06035504070c0853616e204a6f736531223020060355040a0c195375706572204d6963726f20436f6d707574657220496e632e311e301c06035504030c1553555045524d4943524f20504b2043412032303138301e170d3138313231393030303030305a170d3333313231393030303030305a3077310c300a06035504061303555341310b300906035504080c0243413111300f06035504070c0853616e204a6f736531223020060355040a0c195375706572204d6963726f20436f6d707574657220496e632e3123302106035504030c1a53555045524d4943524f2050726f64756374204341203230313830820122300d06092a864886f70d01010105000382010f003082010a0282010100f1ca4d346a9b816d3f5852e7e7dae114ca309ea8c44f0d6ae069084d3d3539e4592d43d9289d0adc7033a28722aee91892d0dbe605a59f16af74a39b33eea1d2839a958c0b45f6b51c4af9182fc950ec9dec100be8e56e6fb89df08ab2ee123b9cc79046fbb257f1479e2657eaed1ee805397540096043ddec5bd238967d9069e7d3ad39ecebf45507976221a529bfbedf62ec1b1a00065b6c8541ab3f5055024ade1ee1d0a78b94cdb335c6e7de860c813f73296730ce16017b2e958fc69de3930f0c8018f71694aa60791df6094b9e1bf1d33fcc427256d2980629c1fefa5e0f38a557a663f30e6814a57f1cd9f5f553edfed1f6865320013e21a27c6f80070203010001a3023000300d06092a864886f70d01010b05000382010100365dc9c0f57f682738cbc02e279b0851975849d81cfa211fac7bc2c0bffad57bb9c8ca546507292146fc487dfaf3845b647d8671964e16bb8ea59ccb654462ecccba42b68bd8a4db98269ae408a70cdac93b80d363901e64a104127cc21a8de9def4f2d74067e5bad76d6e08c2355f1fdbab5d8ee0a17fd225aaa91a6f31c3a5c0e8f2a3b3475a6958383aa7bb64cc692710a2c40e7295e17e54e95be90cdd71adffb4b0b4280b485c0229942a589a2fb7623e3e1738361441483027642756a121da62b3efc0cbbe8d0267dcc866f2af1c4c4349052389c7628fc66aaf159a8cead746733b30b2a9fcb0737fd33b7cc7791a872b9dcc9498ac300a04259fe31aa159c0a5e494a74a87b5ab155c2bf07266040000000000004a0400005148dc265f19e14a9a19fbf883bbb35e308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604" ++- EventNum: 7 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9e04b683b1ade74270dc6083dd716acc63a33310" ++ - AlgorithmId: sha256 ++ Digest: "a044b4ce4a4dca9af312c897dc56ee1727c385eb88f7cfb9092b8265029d5b1e" ++ EventSize: 3762 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 3724 ++ UnicodeName: dbx ++ VariableData: "2616c4c14c509240aca941f9369343288c0e00000000000030000000bd9afa775903324dbd6028f4e78f784b80b4d96931bf0d02fd91a61e19d14f1da452e66db2408ca8604d411f92659f0abd9afa775903324dbd6028f4e78f784bf52f83a3fa9cfbd6920f722824dbe4034534d25b8507246b3b957dac6e1bce7abd9afa775903324dbd6028f4e78f784bc5d9d8a186e2c82d09afaa2a6f7f2e73870d3e64f72c4e08ef67796a840f0fbdbd9afa775903324dbd6028f4e78f784b363384d14d1f2e0b7815626484c459ad57a318ef4396266048d058c5a19bbf76bd9afa775903324dbd6028f4e78f784b1aec84b84b6c65a51220a9be7181965230210d62d6d33c48999c6b295a2b0a06bd9afa775903324dbd6028f4e78f784be6ca68e94146629af03f69c2f86e6bef62f930b37c6fbcc878b78df98c0334e5bd9afa775903324dbd6028f4e78f784bc3a99a460da464a057c3586d83cef5f4ae08b7103979ed8932742df0ed530c66bd9afa775903324dbd6028f4e78f784b58fb941aef95a25943b3fb5f2510a0df3fe44c58c95e0ab80487297568ab9771bd9afa775903324dbd6028f4e78f784b5391c3a2fb112102a6aa1edc25ae77e19f5d6f09cd09eeb2509922bfcd5992eabd9afa775903324dbd6028f4e78f784bd626157e1d6a718bc124ab8da27cbb65072ca03a7b6b257dbdcbbd60f65ef3d1bd9afa775903324dbd6028f4e78f784bd063ec28f67eba53f1642dbf7dff33c6a32add869f6013fe162e2c32f1cbe56dbd9afa775903324dbd6028f4e78f784b29c6eb52b43c3aa18b2cd8ed6ea8607cef3cfae1bafe1165755cf2e614844a44bd9afa775903324dbd6028f4e78f784b90fbe70e69d633408d3e170c6832dbb2d209e0272527dfb63d49d29572a6f44cbd9afa775903324dbd6028f4e78f784b075eea060589548ba060b2feed10da3c20c7fe9b17cd026b94e8a683b8115238bd9afa775903324dbd6028f4e78f784b07e6c6a858646fb1efc67903fe28b116011f2367fe92e6be2b36999eff39d09ebd9afa775903324dbd6028f4e78f784b09df5f4e511208ec78b96d12d08125fdb603868de39f6f72927852599b659c26bd9afa775903324dbd6028f4e78f784b0bbb4392daac7ab89b30a4ac657531b97bfaab04f90b0dafe5f9b6eb90a06374bd9afa775903324dbd6028f4e78f784b0c189339762df336ab3dd006a463df715a39cfb0f492465c600e6c6bd7bd898cbd9afa775903324dbd6028f4e78f784b0d0dbeca6f29eca06f331a7d72e4884b12097fb348983a2a14a0d73f4f10140fbd9afa775903324dbd6028f4e78f784b0dc9f3fb99962148c3ca833632758d3ed4fc8d0b0007b95b31e6528f2acd5bfcbd9afa775903324dbd6028f4e78f784b106faceacfecfd4e303b74f480a08098e2d0802b936f8ec774ce21f31686689cbd9afa775903324dbd6028f4e78f784b174e3a0b5b43c6a607bbd3404f05341e3dcf396267ce94f8b50e2e23a9da920cbd9afa775903324dbd6028f4e78f784b18333429ff0562ed9f97033e1148dceee52dbe2e496d5410b5cfd6c864d2d10fbd9afa775903324dbd6028f4e78f784b2b99cf26422e92fe365fbf4bc30d27086c9ee14b7a6fff44fb2f6b9001699939bd9afa775903324dbd6028f4e78f784b2bbf2ca7b8f1d91f27ee52b6fb2a5dd049b85a2b9b529c5d6662068104b055f8bd9afa775903324dbd6028f4e78f784b2c73d93325ba6dcbe589d4a4c63c5b935559ef92fbf050ed50c4e2085206f17dbd9afa775903324dbd6028f4e78f784b2e70916786a6f773511fa7181fab0f1d70b557c6322ea923b2a8d3b92b51af7dbd9afa775903324dbd6028f4e78f784b306628fa5477305728ba4a467de7d0387a54f569d3769fce5e75ec89d28d1593bd9afa775903324dbd6028f4e78f784b3608edbaf5ad0f41a414a1777abf2faf5e670334675ec3995e6935829e0caad2bd9afa775903324dbd6028f4e78f784b3841d221368d1583d75c0a02e62160394d6c4e0a6760b6f607b90362bc855b02bd9afa775903324dbd6028f4e78f784b3fce9b9fdf3ef09d5452b0f95ee481c2b7f06d743a737971558e70136ace3e73bd9afa775903324dbd6028f4e78f784b4397daca839e7f63077cb50c92df43bc2d2fb2a8f59f26fc7a0e4bd4d9751692bd9afa775903324dbd6028f4e78f784b47cc086127e2069a86e03a6bef2cd410f8c55a6d6bdb362168c31b2ce32a5adfbd9afa775903324dbd6028f4e78f784b518831fe7382b514d03e15c621228b8ab65479bd0cbfa3c5c1d0f48d9c306135bd9afa775903324dbd6028f4e78f784b5ae949ea8855eb93e439dbc65bda2e42852c2fdf6789fa146736e3c3410f2b5cbd9afa775903324dbd6028f4e78f784b6b1d138078e4418aa68deb7bb35e066092cf479eeb8ce4cd12e7d072ccb42f66bd9afa775903324dbd6028f4e78f784b6c8854478dd559e29351b826c06cb8bfef2b94ad3538358772d193f82ed1ca11bd9afa775903324dbd6028f4e78f784b6f1428ff71c9db0ed5af1f2e7bbfcbab647cc265ddf5b293cdb626f50a3a785ebd9afa775903324dbd6028f4e78f784b71f2906fd222497e54a34662ab2497fcc81020770ff51368e9e3d9bfcbfd6375bd9afa775903324dbd6028f4e78f784b726b3eb654046a30f3f83d9b96ce03f670e9a806d1708a0371e62dc49d2c23c1bd9afa775903324dbd6028f4e78f784b72e0bd1867cf5d9d56ab158adf3bddbc82bf32a8d8aa1d8c5e2f6df29428d6d8bd9afa775903324dbd6028f4e78f784b7827af99362cfaf0717dade4b1bfe0438ad171c15addc248b75bf8caa44bb2c5bd9afa775903324dbd6028f4e78f784b81a8b965bb84d3876b9429a95481cc955318cfaa1412d808c8a33bfd33fff0e4bd9afa775903324dbd6028f4e78f784b82db3bceb4f60843ce9d97c3d187cd9b5941cd3de8100e586f2bda5637575f67bd9afa775903324dbd6028f4e78f784b895a9785f617ca1d7ed44fc1a1470b71f3f1223862d9ff9dcc3ae2df92163dafbd9afa775903324dbd6028f4e78f784b8ad64859f195b5f58dafaa940b6a6167acd67a886e8f469364177221c55945b9bd9afa775903324dbd6028f4e78f784b8bf434b49e00ccf71502a2cd900865cb01ec3b3da03c35be505fdf7bd563f521bd9afa775903324dbd6028f4e78f784b8d8ea289cfe70a1c07ab7365cb28ee51edd33cf2506de888fbadd60ebf80481cbd9afa775903324dbd6028f4e78f784b9998d363c491be16bd74ba10b94d9291001611736fdca643a36664bc0f315a42bd9afa775903324dbd6028f4e78f784b9e4a69173161682e55fde8fef560eb88ec1ffedcaf04001f66c0caf707b2b734bd9afa775903324dbd6028f4e78f784ba6b5151f3655d3a2af0d472759796be4a4200e5495a7d869754c4848857408a7bd9afa775903324dbd6028f4e78f784ba7f32f508d4eb0fead9a087ef94ed1ba0aec5de6f7ef6ff0a62b93bedf5d458dbd9afa775903324dbd6028f4e78f784bad6826e1946d26d3eaf3685c88d97d85de3b4dcb3d0ee2ae81c70560d13c5720bd9afa775903324dbd6028f4e78f784baeebae3151271273ed95aa2e671139ed31a98567303a332298f83709a9d55aa1bd9afa775903324dbd6028f4e78f784bafe2030afb7d2cda13f9fa333a02e34f6751afec11b010dbcd441fdf4c4002b3bd9afa775903324dbd6028f4e78f784bb54f1ee636631fad68058d3b0937031ac1b90ccb17062a391cca68afdbe40d55bd9afa775903324dbd6028f4e78f784bb8f078d983a24ac433216393883514cd932c33af18e7dd70884c8235f4275736bd9afa775903324dbd6028f4e78f784bb97a0889059c035ff1d54b6db53b11b9766668d9f955247c028b2837d7a04cd9bd9afa775903324dbd6028f4e78f784bbc87a668e81966489cb508ee805183c19e6acd24cf17799ca062d2e384da0ea7bd9afa775903324dbd6028f4e78f784bc409bdac4775add8db92aa22b5b718fb8c94a1462c1fe9a416b95d8a3388c2fcbd9afa775903324dbd6028f4e78f784bc617c1a8b1ee2a811c28b5a81b4c83d7c98b5b0c27281d610207ebe692c2967fbd9afa775903324dbd6028f4e78f784bc90f336617b8e7f983975413c997f10b73eb267fd8a10cb9e3bdbfc667abdb8bbd9afa775903324dbd6028f4e78f784bcb6b858b40d3a098765815b592c1514a49604fafd60819da88d7a76e9778fef7bd9afa775903324dbd6028f4e78f784bce3bfabe59d67ce8ac8dfd4a16f7c43ef9c224513fbc655957d735fa29f540cebd9afa775903324dbd6028f4e78f784bd8cbeb9735f5672b367e4f96cdc74969615d17074ae96c724d42ce0216f8f3fabd9afa775903324dbd6028f4e78f784be92c22eb3b5642d65c1ec2caf247d2594738eebb7fb3841a44956f59e2b0d1fabd9afa775903324dbd6028f4e78f784bfddd6e3d29ea84c7743dad4a1bdbc700b5fec1b391f932409086acc71dd6dbd8bd9afa775903324dbd6028f4e78f784bfe63a84f782cc9d3fcf2ccf9fc11fbd03760878758d26285ed12669bdc6e6d01bd9afa775903324dbd6028f4e78f784bfecfb232d12e994b6d485d2c7167728aa5525984ad5ca61e7516221f079a1436bd9afa775903324dbd6028f4e78f784bca171d614a8d7e121c93948cd0fe55d39981f9d11aa96e03450a415227c2c65bbd9afa775903324dbd6028f4e78f784b55b99b0de53dbcfe485aa9c737cf3fb616ef3d91fab599aa7cab19eda763b5babd9afa775903324dbd6028f4e78f784b77dd190fa30d88ff5e3b011a0ae61e6209780c130b535ecb87e6f0888a0b6b2fbd9afa775903324dbd6028f4e78f784bc83cb13922ad99f560744675dd37cc94dcad5a1fcba6472fee341171d939e884bd9afa775903324dbd6028f4e78f784b3b0287533e0cc3d0ec1aa823cbf0a941aad8721579d1c499802dd1c3a636b8a9bd9afa775903324dbd6028f4e78f784b939aeef4f5fa51e23340c3f2e49048ce8872526afdf752c3a7f3a3f2bc9f6049bd9afa775903324dbd6028f4e78f784b64575bd912789a2e14ad56f6341f52af6bf80cf94400785975e9f04e2d64d745bd9afa775903324dbd6028f4e78f784b45c7c8ae750acfbb48fc37527d6412dd644daed8913ccd8a24c94d856967df8e" ++- EventNum: 8 ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 9 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1ed5faf8fa9dad50d625e1a6074768bf9a84310a" ++ - AlgorithmId: sha256 ++ Digest: "5e289969ac801159131e1f597da9e097abf0539692cb1b1b6199f4609ca81cac" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x64024018 ++ ImageLengthInMemory: 824656 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: '02010c00d041030a0100000001010600000001010600000004081800000000003846020000000000ff450600000000007fff0400' ++- EventNum: 10 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1ed5faf8fa9dad50d625e1a6074768bf9a84310a" ++ - AlgorithmId: sha256 ++ Digest: "5e289969ac801159131e1f597da9e097abf0539692cb1b1b6199f4609ca81cac" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x63f5a018 ++ ImageLengthInMemory: 824656 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: '02010c00d041030a0100000001010600000001010600010004081800000000003846020000000000ff450600000000007fff0400' ++- EventNum: 11 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1ed5faf8fa9dad50d625e1a6074768bf9a84310a" ++ - AlgorithmId: sha256 ++ Digest: "5e289969ac801159131e1f597da9e097abf0539692cb1b1b6199f4609ca81cac" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x63e8f018 ++ ImageLengthInMemory: 824656 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: '02010c00d041030a0700000001010600000001010600000004081800000000003846020000000000ff450600000000007fff0400' ++- EventNum: 12 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1ed5faf8fa9dad50d625e1a6074768bf9a84310a" ++ - AlgorithmId: sha256 ++ Digest: "5e289969ac801159131e1f597da9e097abf0539692cb1b1b6199f4609ca81cac" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x63dc4018 ++ ImageLengthInMemory: 824656 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: '02010c00d041030a0700000001010600000001010600010004081800000000003846020000000000ff450600000000007fff0400' ++- EventNum: 13 ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 14 ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 15 ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 16 ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 17 ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 18 ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 19 ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 20 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "3fbcdfed545f8a229ff7ab955838c216bc73226e" ++ - AlgorithmId: sha256 ++ Digest: "81c2bf2cd2e222b0c5f8a78c860f1a94a4ae9683fc8bf1cc4ccd1ac95c3ec1f1" ++ EventSize: 82 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 9 ++ VariableDataLength: 32 ++ UnicodeName: BootOrder ++ VariableData: "03000400050006000700080009000a000b000c000d000e000f00100011001200" ++- EventNum: 21 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ab8f235cfec34cb945db379107964afb766d63a0" ++ - AlgorithmId: sha256 ++ Digest: "fea5577091d37bed72a87bb407cb56033c6e01d326fd6abc5e0e34e6f18ef669" ++ EventSize: 412 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 364 ++ UnicodeName: Boot0003 ++ VariableData: "01000000d60055004500460049003a0020005000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004300000002010c00d041030a03000000010106000000010106000000030b25000cc47aff601c000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 22 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a283f8148c1a2274d20ae232774e0d49d86352bb" ++ - AlgorithmId: sha256 ++ Digest: "bd7135d4382ec425c4bcd2883b4c3158e614b2fe6c34772b827908d645608e54" ++ EventSize: 412 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 364 ++ UnicodeName: Boot0004 ++ VariableData: "01000000d60055004500460049003a0020005000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004400000002010c00d041030a03000000010106000000010106000100030b25000cc47aff601d000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 23 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "6079de507c12a31a519f0d6b2d8523a009939479" ++ - AlgorithmId: sha256 ++ Digest: "9e6f529175c70959d5fb6cd20e581c50a073b2706a84f8f6e0047e268c859a1f" ++ EventSize: 412 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 364 ++ UnicodeName: Boot0005 ++ VariableData: "01000000d60055004500460049003a0020005000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004500000002010c00d041030a03000000010106000000010106000200030b25000cc47aff601e000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 24 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "491c47728c2a764a713ca293dd86a3bcc6574acd" ++ - AlgorithmId: sha256 ++ Digest: "e1164ad4c9a72c7461b52147d07a919239f6cd3060371030147ea22d2f295e8b" ++ EventSize: 412 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 364 ++ UnicodeName: Boot0006 ++ VariableData: "01000000d60055004500460049003a0020005000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004600000002010c00d041030a03000000010106000000010106000300030b25000cc47aff601f000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003400200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 25 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cccd72d0384c263c30083350e922cd88455ae4af" ++ - AlgorithmId: sha256 ++ Digest: "d9166803ad7ec9bf31c784603e67d1871a8e78fdb731aa307a6a784f7247e210" ++ EventSize: 445 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 397 ++ UnicodeName: Boot0007 ++ VariableData: "01000000f70055004500460049003a0020005000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004300000002010c00d041030a03000000010106000000010106000000030b25000cc47aff601c000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 26 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "40799f11371d4622bdc9dc56df37275232198cdd" ++ - AlgorithmId: sha256 ++ Digest: "1a596869d57e235fc7ec6d1f6acd1bd1cbd2f9ec3440d6b3487bd324aaa19201" ++ EventSize: 445 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 397 ++ UnicodeName: Boot0008 ++ VariableData: "01000000f70055004500460049003a0020005000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004400000002010c00d041030a03000000010106000000010106000100030b25000cc47aff601d000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 27 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "27c7946f5b4dfed6d0eed64012ee65c2cad395c1" ++ - AlgorithmId: sha256 ++ Digest: "619b3c339875dd903a0421c4074391eca096aa640d73fc6c54a3dc37634d176d" ++ EventSize: 445 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 397 ++ UnicodeName: Boot0009 ++ VariableData: "01000000f70055004500460049003a0020005000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004500000002010c00d041030a03000000010106000000010106000200030b25000cc47aff601e000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 28 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9f65926fbb5e7aa9178e7184a0fa8213225ad8e0" ++ - AlgorithmId: sha256 ++ Digest: "6e11a6a0b05f717762254ffefa804f3891935e2718171cb808083ffb4d420910" ++ EventSize: 445 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 397 ++ UnicodeName: Boot000A ++ VariableData: "01000000f70055004500460049003a0020005000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0020002d002000300043004300340037004100460046003600300031004600000002010c00d041030a03000000010106000000010106000300030b25000cc47aff601f000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047600ef47642dc93ba041ac194d51d01b4ce65000580045002000490050003600200049006e00740065006c00280052002900200049003300350030002000470069006700610062006900740020004e006500740077006f0072006b00200043006f006e006e0065006300740069006f006e0000007fff04000000424f" ++- EventNum: 29 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "43b8993cc724aef0ff74266de7f418afe4869af1" ++ - AlgorithmId: sha256 ++ Digest: "1a111c5eefbe71a0b88d3b4e3faea54e244b436efc17cee609c23f933cfdb928" ++ EventSize: 428 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 380 ++ UnicodeName: Boot000B ++ VariableData: "01000000de0055004500460049003a002000500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200320020002d002000390038003000330039004200380035003100330042003200000002010c00d041030a01000000010106000000010106000000030b250098039b8513b2000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200320000007fff04000000424f" ++- EventNum: 30 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a0a104cc409220ad2ce2a1b62059524ae3aff0fe" ++ - AlgorithmId: sha256 ++ Digest: "46939493ec49f3e48eb0343f41f7398d650b3c7f8a7786977fd0a0250bec3a34" ++ EventSize: 428 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 380 ++ UnicodeName: Boot000C ++ VariableData: "01000000de0055004500460049003a002000500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200330020002d002000390038003000330039004200380035003100330042003300000002010c00d041030a01000000010106000000010106000100030b250098039b8513b3000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200330000007fff04000000424f" ++- EventNum: 31 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "60fe0bf01ce026034c6b8118ebeea0c475a540f2" ++ - AlgorithmId: sha256 ++ Digest: "3931124f8b48fee5d7ecd2aad1bd1ef5b5f963b82533540fbe613093941feb6d" ++ EventSize: 428 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 380 ++ UnicodeName: Boot000D ++ VariableData: "01000000de0055004500460049003a002000500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100450020002d002000390038003000330039004200380034004200330041004500000002010c00d041030a07000000010106000000010106000000030b250098039b84b3ae000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100450000007fff04000000424f" ++- EventNum: 32 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "65c18f85c810ce0ad60ef430a52720afb5bab9ce" ++ - AlgorithmId: sha256 ++ Digest: "74c91d245d5eaf3f0f90632ddf130b761e2eb0e32f1f9e7ded3dea1077b62b45" ++ EventSize: 428 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 380 ++ UnicodeName: Boot000E ++ VariableData: "01000000de0055004500460049003a002000500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100460020002d002000390038003000330039004200380034004200330041004600000002010c00d041030a07000000010106000000010106000100030b250098039b84b3af000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000340020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100460000007fff04000000424f" ++- EventNum: 33 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f09ac7d0f63fabb71a6e07f42ccb8b33f6eda18c" ++ - AlgorithmId: sha256 ++ Digest: "13538ae1f5d103bf4cb869a03af4ea3f4e519c72d2ce03c746b69d70b01b01b7" ++ EventSize: 461 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 413 ++ UnicodeName: Boot000F ++ VariableData: "01000000ff0055004500460049003a002000500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200320020002d002000390038003000330039004200380035003100330042003200000002010c00d041030a01000000010106000000010106000000030b250098039b8513b2000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200320000007fff04000000424f" ++- EventNum: 34 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "193d033d6ab3c90a60a36aff76b9b7dfd907a35c" ++ - AlgorithmId: sha256 ++ Digest: "c446edae2ef61641940b7b7327727f46d6949976e01bce7d9be6f59a61c8e5c6" ++ EventSize: 461 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 413 ++ UnicodeName: Boot0010 ++ VariableData: "01000000ff0055004500460049003a002000500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200330020002d002000390038003000330039004200380035003100330042003300000002010c00d041030a01000000010106000000010106000100030b250098039b8513b3000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380035003a00310033003a004200330000007fff04000000424f" ++- EventNum: 35 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c0b3116068d56a56863a02bc9db22056473610b2" ++ - AlgorithmId: sha256 ++ Digest: "b647961910b82cd63606cafd5308b071d70470d215dd8df122323bda413a7549" ++ EventSize: 461 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 413 ++ UnicodeName: Boot0011 ++ VariableData: "01000000ff0055004500460049003a002000500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100450020002d002000390038003000330039004200380034004200330041004500000002010c00d041030a07000000010106000000010106000000030b250098039b84b3ae000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100450000007fff04000000424f" ++- EventNum: 36 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "03fc508b0686f5b664f10096d0e0a79c149ad04a" ++ - AlgorithmId: sha256 ++ Digest: "f0da5d94cd5a4bd61074301f7d97559ed9299a3d11abfdddb597d4c9116fc28b" ++ EventSize: 461 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 413 ++ UnicodeName: Boot0012 ++ VariableData: "01000000ff0055004500460049003a002000500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100460020002d002000390038003000330039004200380034004200330041004600000002010c00d041030a07000000010106000000010106000100030b250098039b84b3af000000000000000000000000000000000000000000000000000001030d3c0000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000007fff040001047e00ef47642dc93ba041ac194d51d01b4ce6500058004500200049005000360020004d0065006c006c0061006e006f00780020004e006500740077006f0072006b002000410064006100700074006500720020002d002000390038003a00300033003a00390042003a00380034003a00420033003a004100460000007fff04000000424f" ++- EventNum: 37 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "8b5866854c0b829dd967a1d9f100a3920d412792" ++ - AlgorithmId: sha256 ++ Digest: "4d4a8e2c74133bbdc01a16eaf2dbb5d575afeb36f5d8dfcf609ae043909e2ee9" ++ EventSize: 1608 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 1572 ++ UnicodeName: db ++ VariableData: "bd9afa775903324dbd6028f4e78f784b30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358" ++- EventNum: 38 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d0e6f939f1304a83975f34ff678da573ae2b3ee5" ++ - AlgorithmId: sha256 ++ Digest: "007f4c95125713b112093e21663e2d23e3c1ae9ce4b5de0d58a297332336a2d8" ++ EventSize: 124 ++ Event: ++ ImageLocationInMemory: 0x6202f018 ++ ImageLengthInMemory: 1334816 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 92 ++ DevicePath: '02010c00d041030a03000000010106000000010106000000030b25000cc47aff601c000000000000000000000000000000000000000000000000000001030c1b0000000000000000000000000000000000000000000000007fff0400' ++- EventNum: 39 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "55bff7d9ff94e4b2bd103689efdc8ae260671a05" ++ - AlgorithmId: sha256 ++ Digest: "aa1bfb5a9f43668a5dcea2d1af0b7d9535c45c7cd63cc990d3148b76e5360e63" ++ EventSize: 41 ++ Event: ++ ImageLocationInMemory: 0x0 ++ ImageLengthInMemory: 0 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 0 ++ DevicePath: '00b0150000c01500af' ++- EventNum: 40 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "185db6197a44b1f2e728982752efbd86ee6cb5df" ++ - AlgorithmId: sha256 ++ Digest: "70f0dca0fd93403e2ed2e7106781db1e002b1cbae77ff3a2e23cab46eb6349d2" ++ EventSize: 1126 ++ Event: ++ VariableName: 605dab50-e046-4300-abb6-3dd810dd8b23 ++ UnicodeNameLength: 4 ++ VariableDataLength: 1080 ++ UnicodeName: Shim ++ VariableData: "308204343082031ca003020102020900b94124a0182c9267300d06092a864886f70d01010b0500308184310b30090603550406130247423114301206035504080c0b49736c65206f66204d616e3110300e06035504070c07446f75676c617331173015060355040a0c0e43616e6f6e6963616c204c74642e3134303206035504030c2b43616e6f6e6963616c204c74642e204d617374657220436572746966696361746520417574686f72697479301e170d3132303431323131313235315a170d3432303431313131313235315a308184310b30090603550406130247423114301206035504080c0b49736c65206f66204d616e3110300e06035504070c07446f75676c617331173015060355040a0c0e43616e6f6e6963616c204c74642e3134303206035504030c2b43616e6f6e6963616c204c74642e204d617374657220436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bf5b3a1674ee215dae61ed9d56acbddede72f3dd7e2d4c620facc06d480811cf8d8bfb611f27cc116ed9553d3954eb403bb1bbe2853479caf77bbfba7ac8102d197dad59cfa6d4e94e0fdaae52ea4c9e90cec6990d4e6765785df9d1d5384a4a7a8f939c7f1aa385dbcefa8bf7c2a2212d9b5441351057138d6cbc2906504a7eea99a968a73bc7071b329ea019870e79bb68992d7e9352e5f6ebc99bf92bedb86849bcd99550405bc5b271aaeb5c57de71f9400add5bac1e842d501a52d6e1f36b6e90644f5bb4eb20e46110da5af0eae442d701c4fe211fd9b9c05495428152721f49647ac86c24f108700b4da5a032d1a01c57a84de3afa58e05053e1043a10203010001a381a63081a3301d0603551d0e04160414ad91990bc22ab1f517048c23b6655a268e345a63301f0603551d23041830168014ad91990bc22ab1f517048c23b6655a268e345a63300f0603551d130101ff040530030101ff300b0603551d0f04040302018630430603551d1f043c303a3038a036a0348632687474703a2f2f7777772e63616e6f6e6963616c2e636f6d2f7365637572652d626f6f742d6d61737465722d63612e63726c300d06092a864886f70d01010b050003820101003f7df676a5b383b42b7ad06d521a0383c412a7509c4792ccc0947782d2ae57b39904f5323ac6551d07db12a956fad8d47620ebe4c351db9a5c9c923f1873da946aa199388ca4886dc1fc3971d0747616033e562335d555475b1a1d41c2d3124cdcffae0a929c620a17019c73e05eb1fdbcd6b519117a7ecd3e037e66db5ba8c9394851ff53e19c3153911b3b10750317bae681028094704c46b794b03d15cd1f8e02e068028ffbf9471d7da201c60751c49accedddcfa35ded92bbbed1fde6ec1f33517304be3c72b07d08f801ff987dcb9ce069397725477188b18d27a52ea8f73f5f8069973ea9f49914dbce030e0b66c41c6dbdb82777c14294bdfc6a0abc" ++- EventNum: 41 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1bdd2d91eb90e0994dd7c665f0bf723dec5c157e" ++ - AlgorithmId: sha256 ++ Digest: "88f548359c31bb4694f1cc1adfab640b2029b6b0e36fb0f0dbd536f6a67d8303" ++ EventSize: 63 ++ Event: ++ String: "grub_cmd: [ -e (tftp,192.168.0.141)/grub/x86_64-efi/grub.cfg ]\0" ++- EventNum: 42 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "06e3f9ed5c9c31597b78acf87952c85e32b92140" ++ - AlgorithmId: sha256 ++ Digest: "6446c28b60e77f34a8179eb81c80f9f62e0f9715db2c5bcff0f17a6297d683e9" ++ EventSize: 52 ++ Event: ++ String: "grub_cmd: source (tftp,192.168.0.141)/grub/grub.cfg\0" ++- EventNum: 43 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "92611a41b323df54a007d06aad1364ff9f38ec38" ++ - AlgorithmId: sha256 ++ Digest: "4bdd31ce57984441a126b501f74994482d7ad8929b7e2ed6c0371aeeca81ccd7" ++ EventSize: 35 ++ Event: ++ String: "(tftp,192.168.0.141)/grub/grub.cfg\0" ++- EventNum: 44 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9a4012c67699622cf0e3ad17d2b8193bbef96da5" ++ - AlgorithmId: sha256 ++ Digest: "60415688e1c91b8b66b7453a895281506a1ff292093e4d3648fba6e7215d0e5b" ++ EventSize: 63 ++ Event: ++ String: "grub_cmd: configfile /boot/grub2/grub.cfg-01-0c:c4:7a:ff:60:1c\0" ++- EventNum: 45 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ab17c9d242ec3b97277d8ccff1d60040bd58c1ea" ++ - AlgorithmId: sha256 ++ Digest: "befbf1d7af3da4279cafb9f5104ff24cb3f029c7401cd03d50549f24241d0649" ++ EventSize: 42 ++ Event: ++ String: "/boot/grub2/grub.cfg-01-0c:c4:7a:ff:60:1c\0" ++- EventNum: 46 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "732c713a6f4c3a388ee1b46624b7c3fe34d59d50" ++ - AlgorithmId: sha256 ++ Digest: "71a5b3b21ac3862f40fabb745a9649c3a1d34249b9706524c90b2480c298beb0" ++ EventSize: 24 ++ Event: ++ String: "grub_cmd: set timeout=5\0" ++- EventNum: 47 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "067c1a87d082adda86e3e67c203723a43e4a6521" ++ - AlgorithmId: sha256 ++ Digest: "428ed11d62fff908eb26e85f2f36e59afa4234021664362aab1e5cd4e47081a7" ++ EventSize: 55 ++ Event: ++ String: "grub_cmd: set default=xCAT OS Deployment, ugly GA hack\0" ++- EventNum: 48 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f35488600a1319bb1ead72da6b55dceac2f8b5d5" ++ - AlgorithmId: sha256 ++ Digest: "aa151571c8d7ca866db234cfa68de48ea496d7222eadefdd261a15d7a9bdb861" ++ EventSize: 466 ++ Event: ++ String: "grub_cmd: menuentry xCAT OS Deployment, ugly GA hack {\n\ ++ \x20\x20\x20\x20echo \"Loading VEHV kernel ...\"\n\ ++ \x20\x20\x20\x20linux /xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/kernel imgurl=http://192.168.0.141//install/netboot/ubuntu18.04/x86_64/vgen/rootimg.tar.gz XCAT=192.168.0.141:3001 console=tty0 console=ttyS0,115200 biosdevname=0 net.ifnames=0 BOOTIF=01-$net_default_mac\n\ ++ \x20\x20\x20\x20echo \"Loading VEHV ramdisk ...\"\n\ ++ \x20\x20\x20\x20initrd /xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/initrd-stateless.gz\n\ ++ }\0" ++- EventNum: 49 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "ac5dcc7ddd86999727f50debc576e3d946f49dec" ++ - AlgorithmId: sha256 ++ Digest: "78a5cbf6ecba75a2900414314c4e2f9e3fd584ea8adc3876bace146679a03e8e" ++ EventSize: 53 ++ Event: ++ String: "grub_cmd: setparams xCAT OS Deployment, ugly GA hack\0" ++- EventNum: 50 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "30e89627e89f64dd128b48ff07e6604b7ecb10f3" ++ - AlgorithmId: sha256 ++ Digest: "bde7442e3918d9117eae0ebeab987d68b157f67b6ab47241651fe2d52db6fa1d" ++ EventSize: 39 ++ Event: ++ String: "grub_cmd: echo Loading VEHV kernel ...\0" ++- EventNum: 51 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "7db0ad939a4643bc2bd1ba334d13ad4ab8958af0" ++ - AlgorithmId: sha256 ++ Digest: "39b1815072ffc4dc737aa771781840f6534784a606de47026bbbb1e1283033e3" ++ EventSize: 267 ++ Event: ++ String: "grub_cmd: linux /xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/kernel imgurl=http://192.168.0.141//install/netboot/ubuntu18.04/x86_64/vgen/rootimg.tar.gz XCAT=192.168.0.141:3001 console=tty0 console=ttyS0,115200 biosdevname=0 net.ifnames=0 BOOTIF=01-0c:c4:7a:ff:60:1c\0" ++- EventNum: 52 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "52fa768d85240139c2d78d385b8cf19198f29ddf" ++ - AlgorithmId: sha256 ++ Digest: "5d8a44f7a785a2cb018cdfa2d29a6952e64739b2436e1ca33871d2af6a66e49e" ++ EventSize: 53 ++ Event: ++ String: "/xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/kernel\0" ++- EventNum: 53 ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a4a911e25729725d9896fdf1bd3c21280f0b39fd" ++ - AlgorithmId: sha256 ++ Digest: "b0a2cdff7294f3831689383d895a90fc4ff6dacde3878e3c8bb28055ba0051ab" ++ EventSize: 41 ++ Event: ++ ImageLocationInMemory: 0x0 ++ ImageLengthInMemory: 0 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 0 ++ DevicePath: '80e9ad0080ebad00af' ++- EventNum: 54 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_AUTHORITY ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "185db6197a44b1f2e728982752efbd86ee6cb5df" ++ - AlgorithmId: sha256 ++ Digest: "70f0dca0fd93403e2ed2e7106781db1e002b1cbae77ff3a2e23cab46eb6349d2" ++ EventSize: 1126 ++ Event: ++ VariableName: 605dab50-e046-4300-abb6-3dd810dd8b23 ++ UnicodeNameLength: 4 ++ VariableDataLength: 1080 ++ UnicodeName: Shim ++ VariableData: "308204343082031ca003020102020900b94124a0182c9267300d06092a864886f70d01010b0500308184310b30090603550406130247423114301206035504080c0b49736c65206f66204d616e3110300e06035504070c07446f75676c617331173015060355040a0c0e43616e6f6e6963616c204c74642e3134303206035504030c2b43616e6f6e6963616c204c74642e204d617374657220436572746966696361746520417574686f72697479301e170d3132303431323131313235315a170d3432303431313131313235315a308184310b30090603550406130247423114301206035504080c0b49736c65206f66204d616e3110300e06035504070c07446f75676c617331173015060355040a0c0e43616e6f6e6963616c204c74642e3134303206035504030c2b43616e6f6e6963616c204c74642e204d617374657220436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bf5b3a1674ee215dae61ed9d56acbddede72f3dd7e2d4c620facc06d480811cf8d8bfb611f27cc116ed9553d3954eb403bb1bbe2853479caf77bbfba7ac8102d197dad59cfa6d4e94e0fdaae52ea4c9e90cec6990d4e6765785df9d1d5384a4a7a8f939c7f1aa385dbcefa8bf7c2a2212d9b5441351057138d6cbc2906504a7eea99a968a73bc7071b329ea019870e79bb68992d7e9352e5f6ebc99bf92bedb86849bcd99550405bc5b271aaeb5c57de71f9400add5bac1e842d501a52d6e1f36b6e90644f5bb4eb20e46110da5af0eae442d701c4fe211fd9b9c05495428152721f49647ac86c24f108700b4da5a032d1a01c57a84de3afa58e05053e1043a10203010001a381a63081a3301d0603551d0e04160414ad91990bc22ab1f517048c23b6655a268e345a63301f0603551d23041830168014ad91990bc22ab1f517048c23b6655a268e345a63300f0603551d130101ff040530030101ff300b0603551d0f04040302018630430603551d1f043c303a3038a036a0348632687474703a2f2f7777772e63616e6f6e6963616c2e636f6d2f7365637572652d626f6f742d6d61737465722d63612e63726c300d06092a864886f70d01010b050003820101003f7df676a5b383b42b7ad06d521a0383c412a7509c4792ccc0947782d2ae57b39904f5323ac6551d07db12a956fad8d47620ebe4c351db9a5c9c923f1873da946aa199388ca4886dc1fc3971d0747616033e562335d555475b1a1d41c2d3124cdcffae0a929c620a17019c73e05eb1fdbcd6b519117a7ecd3e037e66db5ba8c9394851ff53e19c3153911b3b10750317bae681028094704c46b794b03d15cd1f8e02e068028ffbf9471d7da201c60751c49accedddcfa35ded92bbbed1fde6ec1f33517304be3c72b07d08f801ff987dcb9ce069397725477188b18d27a52ea8f73f5f8069973ea9f49914dbce030e0b66c41c6dbdb82777c14294bdfc6a0abc" ++- EventNum: 55 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "b84ea12d849d71d1777287b791d0eaf5be331c5e" ++ - AlgorithmId: sha256 ++ Digest: "2a4dcb8a22ce5ce97d674fb86f7e94a3f8c71f264803edb6c871c8c675eb744b" ++ EventSize: 267 ++ Event: ++ String: "kernel_cmdline: /xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/kernel imgurl=http://192.168.0.141//install/netboot/ubuntu18.04/x86_64/vgen/rootimg.tar.gz XCAT=192.168.0.141:3001 console=tty0 console=ttyS0,115200 biosdevname=0 net.ifnames=0 BOOTIF=01-0c:c4:7a:ff:60:1c\0" ++- EventNum: 56 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "1e3a4b1eba1da6d04ed5902a3abb2e6357859bec" ++ - AlgorithmId: sha256 ++ Digest: "bb67e049956aba1e2bdac24fe084d847cf6df4d0a83c04827cf7b0d7a6c41e3f" ++ EventSize: 40 ++ Event: ++ String: "grub_cmd: echo Loading VEHV ramdisk ...\0" ++- EventNum: 57 ++ PCRIndex: 8 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d4fe7b7837332820493b3a17ba489170944b9c08" ++ - AlgorithmId: sha256 ++ Digest: "20171c421048f16cd0cf462605f3cfb4a7848ac7a17ff5e11edf2d36cc59bb5a" ++ EventSize: 83 ++ Event: ++ String: "grub_cmd: initrd /xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/initrd-stateless.gz\0" ++- EventNum: 58 ++ PCRIndex: 9 ++ EventType: EV_IPL ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "12283aac809935035a801c143f752fbdd17453db" ++ - AlgorithmId: sha256 ++ Digest: "2c9d05e2b84937893f7a6ea92446d1ca0b1619ef28118d218649e1421872c9eb" ++ EventSize: 66 ++ Event: ++ String: "/xcat/osimage/ubuntu18.04-x86_64-netboot-vgen/initrd-stateless.gz\0" ++pcrs: ++ sha1: ++ 0 : 0x60804a728ca0af13e14fea8e79effe33ea3eec7b ++ 1 : 0x5d5a7b88403fb38f1cbcf98e40cae566bbd0ba02 ++ 2 : 0x3710d4c00ed56d2193577ee94e988cd8657a77cf ++ 3 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 4 : 0x7c937577b58c20b73bf7449ba67963df26fd2644 ++ 5 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 6 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 7 : 0xe8145f6a55372158d87f55c33b17abe7c35987ef ++ 8 : 0x7874ccfdc068f8ef34efc127a963e71004fc8014 ++ 9 : 0xa6bb02edd825c9e2bcd807c197fcfb456a266080 ++ sha256: ++ 0 : 0xd60c30777ea9cad0ac8868eda11a00608a26f0a2f9b5d5fbdd4a84d7884ea946 ++ 1 : 0x65457318495b52f2d4100cafa00d7b57880eb20361e5e8e8d29166cc67c0890c ++ 2 : 0x15d60806b60f715cdd94e624f27854f608bbcd26000f39fa7f0ec0db7a8ba5c8 ++ 3 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 4 : 0x227d8b3b8294223f6d0065582b015ac31c5da2dd391000d87141e38ec03e77a8 ++ 5 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 6 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 7 : 0xcea0b7475867ab2ced4f6a278530c0a57e0f826cfefdf747c0e670ca09140ea5 ++ 8 : 0xd17f57b88d4f1ec2e52551c1be47bd2d9f3d83f6aa330e26218147b32054b237 ++ 9 : 0xfa774bed1acc7f2c6c4f0457bd33d8f584d018f9d8563463f308d2990453f492 +diff --git a/test/integration/fixtures/event-raw/event-sd-boot-fedora37.bin.yaml b/test/integration/fixtures/event-raw/event-sd-boot-fedora37.bin.yaml +new file mode 100644 +index 0000000..cd9c551 +--- /dev/null ++++ b/test/integration/fixtures/event-raw/event-sd-boot-fedora37.bin.yaml +@@ -0,0 +1,356 @@ ++--- ++version: 2 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 33 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 1 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7" ++ EventSize: 2 ++ Event: "0000" ++- EventNum: 2 ++ PCRIndex: 0 ++ EventType: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "a4bec904c70ae2e4b214fb4ecbe44a09e1054ca45dd4c084d6ba4c1f44b566a2" ++ EventSize: 16 ++ Event: ++ BlobBase: 0x820000 ++ BlobLength: 0xe0000 ++- EventNum: 3 ++ PCRIndex: 0 ++ EventType: EV_EFI_PLATFORM_FIRMWARE_BLOB ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "c386b9c16c7996c14603618b59f9531fac5ccf756a74a52a37feea7ade2cf0b0" ++ EventSize: 16 ++ Event: ++ BlobBase: 0x900000 ++ BlobLength: 0xc00000 ++- EventNum: 4 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "ce9ce386b52e099f3019e512a0d6062d6b560efe4ff3e5661c7525e2f9c263df" ++ EventSize: 52 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 0 ++ UnicodeName: SecureBoot ++ VariableData: ++ Enabled: 'No' ++- EventNum: 5 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "dea7b80ab53a3daaa24d5cc46c64e1fa9ffd03739f90aadbd8c0867c4a5b4890" ++ EventSize: 36 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 0 ++ UnicodeName: PK ++ VariableData: ++- EventNum: 6 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "e670e121fcebd473b8bc41bb801301fc1d9afa33904f06f7149b74f12c47a68f" ++ EventSize: 38 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 0 ++ UnicodeName: KEK ++ VariableData: ++- EventNum: 7 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "baf89a3ccace52750c5f0128351e0422a41597a1adfd50822aa363b9d124ea7c" ++ EventSize: 36 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 0 ++ UnicodeName: db ++ VariableData: ++- EventNum: 8 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "9f75b6823bff6af1024a4e2036719cdd548d3cbc2bf1de8e7ef4d0ed01f94bf9" ++ EventSize: 38 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 0 ++ UnicodeName: dbx ++ VariableData: ++- EventNum: 9 ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 10 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4aeac5098a0d2c1e5b6a2f798da8dac8475773fa1c82ae51a23273f5d4cc817d" ++ EventSize: 58 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 9 ++ VariableDataLength: 8 ++ UnicodeName: BootOrder ++ VariableData: ++ - Boot0001 ++ - Boot0002 ++ - Boot0000 ++ - Boot0003 ++- EventNum: 11 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "7e60091524677af24f9f43cf8b45dcd0e245a90de21d0c9c06318500eb366dd8" ++ EventSize: 208 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 160 ++ UnicodeName: Boot0001 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 116 ++ Description: "Linux Boot Manager" ++ DevicePath: '04012a0001000000000800000000000000001000000000003c64b93c086ce54f852d17e1ae7011580202040446005c004500460049005c00730079007300740065006d0064005c00730079007300740065006d0064002d0062006f006f0074007800360034002e0065006600690000007fff0400' ++- EventNum: 12 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "d470a39c5bb66a4e44cbdae7b992c6a26f48334d4a8d0914b8ca3babe8419e5c" ++ EventSize: 132 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 84 ++ UnicodeName: Boot0002 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 28 ++ Description: "UEFI Misc Device" ++ DevicePath: '02010c00d041030a000000000101060003020101060000007fff04004eac0881119f594d850ee21a522c59b2' ++- EventNum: 13 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "3197be1e300fa1600d1884c3a4bd4a90a15405bfb546cf2e6cf6095f8c362a93" ++ EventSize: 110 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 62 ++ UnicodeName: Boot0000 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 44 ++ Description: "UiApp" ++ DevicePath: '04071400c9bdb87cebf8344faaea3ee4af6516a10406140021aa2c4614760345836e8ab6f46623317fff0400' ++- EventNum: 14 ++ PCRIndex: 1 ++ EventType: EV_EFI_VARIABLE_BOOT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "4d387b02d63b2f4cd7f667feb0a387fe47a10a3e26bf3533ddd001c605f3dec5" ++ EventSize: 136 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 8 ++ VariableDataLength: 88 ++ UnicodeName: Boot0003 ++ VariableData: ++ Enabled: 'Yes' ++ FilePathListLength: 44 ++ Description: "EFI Internal Shell" ++ DevicePath: '04071400c9bdb87cebf8344faaea3ee4af6516a10406140083a5047c3e9e1c4fad65e05268d0b4d17fff0400' ++- EventNum: 15 ++ PCRIndex: 4 ++ EventType: EV_EFI_ACTION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba" ++ EventSize: 40 ++ Event: |- ++ Calling EFI Application from Boot Option ++- EventNum: 16 ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 17 ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 18 ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 19 ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 20 ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 21 ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 22 ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119" ++ EventSize: 4 ++ Event: "00000000" ++- EventNum: 23 ++ PCRIndex: 12 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "62cc3c5f754ef8711f11140d0ed199e1b36b9bdac7df0c261498f2b07d0f91eb" ++ EventSize: 78 ++ Event: ++ String: "\x20\0c\0o\0n\0s\0o\0l\0e\0=\0t\0t\0y\0S\00\0 \0c\0o\0n\0s\0o\0l\0e\0=\0t\0t\0y\00\0 \0e\0f\0i\0=\0d\0e\0b\0u\0g\0 \0\0\0" ++- EventNum: 24 ++ PCRIndex: 12 ++ EventType: EV_IPL ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "62cc3c5f754ef8711f11140d0ed199e1b36b9bdac7df0c261498f2b07d0f91eb" ++ EventSize: 78 ++ Event: ++ String: "\x20\0c\0o\0n\0s\0o\0l\0e\0=\0t\0t\0y\0S\00\0 \0c\0o\0n\0s\0o\0l\0e\0=\0t\0t\0y\00\0 \0e\0f\0i\0=\0d\0e\0b\0u\0g\0 \0\0\0" ++- EventNum: 25 ++ PCRIndex: 9 ++ EventType: EV_EVENT_TAG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "643eefa7b731b03df94952db67a4f4774575692fe929c39815c2553f17c0609e" ++ EventSize: 21 ++ Event: "ec223b8f0d0000004c696e757820696e6974726400" ++- EventNum: 26 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "d8043d6b7b85ad358eb3b6ae6a873ab7ef23a26352c5dc4faa5aeedacf5eb41b" ++ EventSize: 29 ++ Event: |- ++ Exit Boot Services Invocation ++- EventNum: 27 ++ PCRIndex: 5 ++ EventType: EV_EFI_ACTION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha256 ++ Digest: "b54f7542cbd872a81a9d9dea839b2b8d747c7ebd5ea6615c40f42f44a6dbeba0" ++ EventSize: 40 ++ Event: |- ++ Exit Boot Services Returned with Success ++pcrs: ++ sha256: ++ 0 : 0x464a812afa3f88d8a5f1fe7e71df41951435ebd05edb742db8c2c0d67d62c0d1 ++ 1 : 0xf2c3a5ab1fcdec7c70d0e6af47304e9d2a4aa939874a69fbb84f786ff4b2f63f ++ 2 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 3 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 4 : 0x7a94ffe8a7729a566d3d3c577fcb4b6b1e671f31540375f80eae6382ab785e35 ++ 5 : 0xa5ceb755d043f32431d63e39f5161464620a3437280494b5850dc1b47cc074e0 ++ 6 : 0x3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 ++ 7 : 0xb5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 ++ 9 : 0x2913f6478fa2d1954ece3b40efc111c18f3feb29204e49f627aa0ca493801eeb ++ 12 : 0x73b2090e3e72430531e7bc7d63e88826891ef4e04d6c1e250dc5c52db24f2f48 +diff --git a/test/integration/fixtures/event-raw/event-uefi-sha1-log.bin.yaml b/test/integration/fixtures/event-raw/event-uefi-sha1-log.bin.yaml +new file mode 100644 +index 0000000..a7ddf6a +--- /dev/null ++++ b/test/integration/fixtures/event-raw/event-uefi-sha1-log.bin.yaml +@@ -0,0 +1,182 @@ ++--- ++version: 1 ++events: ++ PCRIndex: 0 ++ EventType: EV_S_CRTM_VERSION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "c42fedad268200cb1d15f97841c344e79dae3320" ++ EventSize: 16 ++ Event: "1efb6b540c1d5540a4ad4ef4bf17b83a" ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "2f20112a3f55398b208e0c42681389b4cb5b1823" ++ EventSize: 52 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 0 ++ UnicodeName: SecureBoot ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9b1387306ebb7ff8e795e7be77563666bbf4516e" ++ EventSize: 36 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 2 ++ VariableDataLength: 0 ++ UnicodeName: PK ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "13f02fbc7383ed7c89017e0b32f60e38e282056c" ++ EventSize: 1598 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 3 ++ VariableDataLength: 1560 ++ UnicodeName: KEK ++ VariableData: "a159c0a5e494a74a87b5ab155c2bf0721806000000000000fc050000bd9afa775903324dbd6028f4e78f784b308205e8308203d0a003020102020a610ad188000000000003300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632343230343132395a170d3236303632343230353132395a308180310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312a3028060355040313214d6963726f736f667420436f72706f726174696f6e204b454b204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100c4e8b58abfad5726b026c3eae7fb577a44025d070dda4ae5742ae6b00fec6debec7fb9e35a63327c11174f0ee30ba73815938ec6f5e084b19a9b2ce7f5b791d609e1e2c004a8ac301cdf48f306509a64a7517fc8854f8f2086cefe2fe19fff82c0ede9cdcef4536a623a0b43b9e225fdfe05f9d4c414ab11e223898d70b7a41d4decaee59cfa16c2d7c1cbd4e8c42fe599ee248b03ec8df28beac34afb4311120b7eb547926cdce60489ebf53304eb10012a71e5f983133cff25092f687646ffba4fbedcad712a58aafb0ed2793de49b653bcc292a9ffc7259a2ebae92eff6351380c602ece45fcc9d76cdef6392c1af79408479877fe352a8e89d7b07698f150203010001a382014f3082014b301006092b06010401823715010403020100301d0603551d0e0416041462fc43cda03ea4cb6712d25bd955ac7bccb68a5f301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100d48488f514941802ca2a3cfb2a921c0cd7a0d1f1e85266a8eea2b5757a9000aa2da4765aea79b7b9376a517b1064f6e164f20267bef7a81b78bdbace8858640cd657c819a35f05d6dbc6d069ce484b32b7eb5dd230f5c0f5b8ba7807a32bfe9bdb345684ec82caae4125709c6be9fe900fd7961fe5e7941fb22a0c8d4bff2829107bf7d77ca5d176b905c879ed0f90929cc2fedf6f7e6c0f7bd4c145dd345196390fe55e56d8180596f407a642b3a077fd0819f27156cc9f8623a487cba6fd587ed4696715917e81f27f13e50d8b8a3c8784ebe3cebd43e5ad2d84938e6a2b5a7c44fa52aa81c82d1cbbe052df0011f89a3dc160b0e133b5a388d165190a1ae7ac7ca4c182874e38b12f0dc514876ffd8d2ebc39b6e7e6c3e0e4cd2784ef9442ef298b9046413b811b67d8f9435965cb0dbcfd00924ff4753ba7a924fc50414079e02d4f0a6a27766e52ed96697baf0ff78705d045c2ad5314811ffb3004aa373661da4a691b34d868edd602cf6c940cd3cf6c2279adb1f0bc03a24660a9c407c22182f1fdf2e8793260bfd8aca522144bcac1d84beb7d3f5735b2e64f75b4b060032253ae91791dd69b411f15865470b2de0d350f7cb03472ba97603bf079eba2b21c5da216b887c5e91bf6b597256f389fe391fa8a7998c3690eb7a31c200597f8ca14ae00d7c4f3c01410756b34a01bb59960f35cb0c5574e36d23284bf9e" ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "a233adbc63e3fdc5f73693a3cc4a27041714383f" ++ EventSize: 3179 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 2 ++ VariableDataLength: 3143 ++ UnicodeName: db ++ VariableData: "a159c0a5e494a74a87b5ab155c2bf0720706000000000000eb050000bd9afa775903324dbd6028f4e78f784b308205d7308203bfa003020102020a61077656000000000008300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3131313031393138343134325a170d3236313031393138353134325a308184310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312e302c060355040313254d6963726f736f66742057696e646f77732050726f64756374696f6e20504341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100dd0cbba2e42e09e3e7c5f79669bc0021bd693333efad04cb5480ee0683bbc52084d9f7d28bf338b0aba4ad2d7c627905ffe34a3f04352070e3c4e76be09cc03675e98a31dd8d70e5dc37b5744696285b8760232cbfdc47a567f751279e72eb07a6c9b91e3b53357ce5d3ec27b9871cfeb9c923096fa84691c16e963c41d3cba33f5d026a4dec691f25285c36fffd43150a94e019b4cfdfc212e2c25b27ee2778308b5b2a096b22895360162cc0681d53baec49f39d618c85680973445d7da2542bdd79f715cf355d6c1c2b5ccebc9c238b6f6eb526d93613c34fd627aeb9323b41922ce1c7cd77e8aa544ef75c0b048765b44318a8b2e06d1977ec5a24fa48030203010001a38201433082013f301006092b06010401823715010403020100301d0603551d0e04160414a92902398e16c49778cd90f99e4f9ae17c55af53301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014d5f656cb8fe8a25c6268d13d94905bd7ce9a18c430560603551d1f044f304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f4365724175745f323031302d30362d32332e63726c305a06082b06010505070101044e304c304a06082b06010505073002863e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f4365724175745f323031302d30362d32332e637274300d06092a864886f70d01010b0500038202010014fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597ea159c0a5e494a74a87b5ab155c2bf072400600000000000024060000bd9afa775903324dbd6028f4e78f784b30820610308203f8a003020102020a6108d3c4000000000004300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313b3039060355040313324d6963726f736f667420436f72706f726174696f6e205468697264205061727479204d61726b6574706c61636520526f6f74301e170d3131303632373231323234355a170d3236303632373231333234355a308181310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312b3029060355040313224d6963726f736f667420436f72706f726174696f6e2055454649204341203230313130820122300d06092a864886f70d01010105000382010f003082010a0282010100a5086c4cc745096a4b0ca4c0877f06750c43015464e0167f07ed927d0bb273bf0c0ac64a4561a0c5162d96d3f52ba0fb4d499b4180903cb954fde6bcd19dc4a4188a7f418a5c59836832bb8c47c9ee71bc214f9a8a7cff443f8d8f32b22648ae75b5eec94c1e4a197ee4829a1d78774d0cb0bdf60fd316d3bcfa2ba551385df5fbbadb7802dbffec0a1b96d583b81913e9b6c07b407be11f2827c9faef565e1ce67e947ec0f044b27939e5dab2628b4dbf3870e2682414c933a40837d558695ed37cedc1045308e74eb02a876308616f631559eab22b79d70c61678a5bfd5ead877fba86674f71581222042222ce8bef547100ce503558769508ee6ab1a201d50203010001a382017630820172301206092b060104018237150104050203010001302306092b060104018237150204160414f8c16bb77f77534af325371d4ea1267b0f207080301d0603551d0e0416041413adbf4309bd82709c8cd54f316ed522988a1bd4301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d2304183016801445665243e17e5811bfd64e9e2355083b3a226aa8305c0603551d1f045530533051a04fa04d864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f725468695061724d6172526f6f5f323031302d31302d30352e637274300d06092a864886f70d01010b05000382020100350842ff30cccef7760cad1068583529463276277cef124127421b4aaa6d813848591355f3e95834a6160b82aa5dad82da808341068fb41df203b9f31a5d1bf15090f9b3558442281c20bdb2ae5114c5c0ac9795211c90db0ffc779e95739188cabdbd52b905500ddf579ea061ed0de56d25d9400f1740c8cea34ac24daf9a121d08548fbdc7bcb92b3d492b1f32fc6a21694f9bc87e4234fc3606178b8f2040c0b39a257527cdc903a3f65dd1e736547ab950b5d312d107bfbb74dfdc1e8f80d5ed18f42f14166b2fde668cb023e5c784d8edeac13382ad564b182df1689507cdcff072f0aebbdd8685982c214c332bf00f4af06887b592553275a16a826a3ca32511a4edadd704aecbd84059a084d1954c6291221a741d8c3d470e44a6e4b09b3435b1fab653a82c81eca40571c89db8bae81b4466e447540e8e567fb39f1698b286d0683e9023b52f5e8f50858dc68d825f41a1f42e0de099d26c75e4b669b52186fa07d1f6e24dd1daad2c77531e253237c76c52729586b0f135616a19f5b23b815056a6322dfea289f94286271855a182ca5a9bf830985414a64796252fc826e441941a5c023fe596e3855b3c3e3fbb47167255e22522b1d97be703062aa3f71e9046c3000dd61989e30e352762037115a6efd027a0a0593760f83894b8e07870f8ba4c868794f6e0ae0245ee65c2b6a37e69167507929bf5a6bc598358" ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "67e48e759954349537ed4902ba1a8eef74dbd1b5" ++ EventSize: 3838 ++ Event: ++ VariableName: d719b2cb-3d3a-4596-a3bc-dad00e67656f ++ UnicodeNameLength: 3 ++ VariableDataLength: 3800 ++ UnicodeName: dbx ++ VariableData: "2616c4c14c509240aca941f9369343284c0000000000000030000000000000000000000000000000000000006e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d2616c4c14c509240aca941f9369343288c0e00000000000030000000bd9afa775903324dbd6028f4e78f784b80b4d96931bf0d02fd91a61e19d14f1da452e66db2408ca8604d411f92659f0abd9afa775903324dbd6028f4e78f784bf52f83a3fa9cfbd6920f722824dbe4034534d25b8507246b3b957dac6e1bce7abd9afa775903324dbd6028f4e78f784bc5d9d8a186e2c82d09afaa2a6f7f2e73870d3e64f72c4e08ef67796a840f0fbdbd9afa775903324dbd6028f4e78f784b363384d14d1f2e0b7815626484c459ad57a318ef4396266048d058c5a19bbf76bd9afa775903324dbd6028f4e78f784b1aec84b84b6c65a51220a9be7181965230210d62d6d33c48999c6b295a2b0a06bd9afa775903324dbd6028f4e78f784be6ca68e94146629af03f69c2f86e6bef62f930b37c6fbcc878b78df98c0334e5bd9afa775903324dbd6028f4e78f784bc3a99a460da464a057c3586d83cef5f4ae08b7103979ed8932742df0ed530c66bd9afa775903324dbd6028f4e78f784b58fb941aef95a25943b3fb5f2510a0df3fe44c58c95e0ab80487297568ab9771bd9afa775903324dbd6028f4e78f784b5391c3a2fb112102a6aa1edc25ae77e19f5d6f09cd09eeb2509922bfcd5992eabd9afa775903324dbd6028f4e78f784bd626157e1d6a718bc124ab8da27cbb65072ca03a7b6b257dbdcbbd60f65ef3d1bd9afa775903324dbd6028f4e78f784bd063ec28f67eba53f1642dbf7dff33c6a32add869f6013fe162e2c32f1cbe56dbd9afa775903324dbd6028f4e78f784b29c6eb52b43c3aa18b2cd8ed6ea8607cef3cfae1bafe1165755cf2e614844a44bd9afa775903324dbd6028f4e78f784b90fbe70e69d633408d3e170c6832dbb2d209e0272527dfb63d49d29572a6f44cbd9afa775903324dbd6028f4e78f784b075eea060589548ba060b2feed10da3c20c7fe9b17cd026b94e8a683b8115238bd9afa775903324dbd6028f4e78f784b07e6c6a858646fb1efc67903fe28b116011f2367fe92e6be2b36999eff39d09ebd9afa775903324dbd6028f4e78f784b09df5f4e511208ec78b96d12d08125fdb603868de39f6f72927852599b659c26bd9afa775903324dbd6028f4e78f784b0bbb4392daac7ab89b30a4ac657531b97bfaab04f90b0dafe5f9b6eb90a06374bd9afa775903324dbd6028f4e78f784b0c189339762df336ab3dd006a463df715a39cfb0f492465c600e6c6bd7bd898cbd9afa775903324dbd6028f4e78f784b0d0dbeca6f29eca06f331a7d72e4884b12097fb348983a2a14a0d73f4f10140fbd9afa775903324dbd6028f4e78f784b0dc9f3fb99962148c3ca833632758d3ed4fc8d0b0007b95b31e6528f2acd5bfcbd9afa775903324dbd6028f4e78f784b106faceacfecfd4e303b74f480a08098e2d0802b936f8ec774ce21f31686689cbd9afa775903324dbd6028f4e78f784b174e3a0b5b43c6a607bbd3404f05341e3dcf396267ce94f8b50e2e23a9da920cbd9afa775903324dbd6028f4e78f784b18333429ff0562ed9f97033e1148dceee52dbe2e496d5410b5cfd6c864d2d10fbd9afa775903324dbd6028f4e78f784b2b99cf26422e92fe365fbf4bc30d27086c9ee14b7a6fff44fb2f6b9001699939bd9afa775903324dbd6028f4e78f784b2bbf2ca7b8f1d91f27ee52b6fb2a5dd049b85a2b9b529c5d6662068104b055f8bd9afa775903324dbd6028f4e78f784b2c73d93325ba6dcbe589d4a4c63c5b935559ef92fbf050ed50c4e2085206f17dbd9afa775903324dbd6028f4e78f784b2e70916786a6f773511fa7181fab0f1d70b557c6322ea923b2a8d3b92b51af7dbd9afa775903324dbd6028f4e78f784b306628fa5477305728ba4a467de7d0387a54f569d3769fce5e75ec89d28d1593bd9afa775903324dbd6028f4e78f784b3608edbaf5ad0f41a414a1777abf2faf5e670334675ec3995e6935829e0caad2bd9afa775903324dbd6028f4e78f784b3841d221368d1583d75c0a02e62160394d6c4e0a6760b6f607b90362bc855b02bd9afa775903324dbd6028f4e78f784b3fce9b9fdf3ef09d5452b0f95ee481c2b7f06d743a737971558e70136ace3e73bd9afa775903324dbd6028f4e78f784b4397daca839e7f63077cb50c92df43bc2d2fb2a8f59f26fc7a0e4bd4d9751692bd9afa775903324dbd6028f4e78f784b47cc086127e2069a86e03a6bef2cd410f8c55a6d6bdb362168c31b2ce32a5adfbd9afa775903324dbd6028f4e78f784b518831fe7382b514d03e15c621228b8ab65479bd0cbfa3c5c1d0f48d9c306135bd9afa775903324dbd6028f4e78f784b5ae949ea8855eb93e439dbc65bda2e42852c2fdf6789fa146736e3c3410f2b5cbd9afa775903324dbd6028f4e78f784b6b1d138078e4418aa68deb7bb35e066092cf479eeb8ce4cd12e7d072ccb42f66bd9afa775903324dbd6028f4e78f784b6c8854478dd559e29351b826c06cb8bfef2b94ad3538358772d193f82ed1ca11bd9afa775903324dbd6028f4e78f784b6f1428ff71c9db0ed5af1f2e7bbfcbab647cc265ddf5b293cdb626f50a3a785ebd9afa775903324dbd6028f4e78f784b71f2906fd222497e54a34662ab2497fcc81020770ff51368e9e3d9bfcbfd6375bd9afa775903324dbd6028f4e78f784b726b3eb654046a30f3f83d9b96ce03f670e9a806d1708a0371e62dc49d2c23c1bd9afa775903324dbd6028f4e78f784b72e0bd1867cf5d9d56ab158adf3bddbc82bf32a8d8aa1d8c5e2f6df29428d6d8bd9afa775903324dbd6028f4e78f784b7827af99362cfaf0717dade4b1bfe0438ad171c15addc248b75bf8caa44bb2c5bd9afa775903324dbd6028f4e78f784b81a8b965bb84d3876b9429a95481cc955318cfaa1412d808c8a33bfd33fff0e4bd9afa775903324dbd6028f4e78f784b82db3bceb4f60843ce9d97c3d187cd9b5941cd3de8100e586f2bda5637575f67bd9afa775903324dbd6028f4e78f784b895a9785f617ca1d7ed44fc1a1470b71f3f1223862d9ff9dcc3ae2df92163dafbd9afa775903324dbd6028f4e78f784b8ad64859f195b5f58dafaa940b6a6167acd67a886e8f469364177221c55945b9bd9afa775903324dbd6028f4e78f784b8bf434b49e00ccf71502a2cd900865cb01ec3b3da03c35be505fdf7bd563f521bd9afa775903324dbd6028f4e78f784b8d8ea289cfe70a1c07ab7365cb28ee51edd33cf2506de888fbadd60ebf80481cbd9afa775903324dbd6028f4e78f784b9998d363c491be16bd74ba10b94d9291001611736fdca643a36664bc0f315a42bd9afa775903324dbd6028f4e78f784b9e4a69173161682e55fde8fef560eb88ec1ffedcaf04001f66c0caf707b2b734bd9afa775903324dbd6028f4e78f784ba6b5151f3655d3a2af0d472759796be4a4200e5495a7d869754c4848857408a7bd9afa775903324dbd6028f4e78f784ba7f32f508d4eb0fead9a087ef94ed1ba0aec5de6f7ef6ff0a62b93bedf5d458dbd9afa775903324dbd6028f4e78f784bad6826e1946d26d3eaf3685c88d97d85de3b4dcb3d0ee2ae81c70560d13c5720bd9afa775903324dbd6028f4e78f784baeebae3151271273ed95aa2e671139ed31a98567303a332298f83709a9d55aa1bd9afa775903324dbd6028f4e78f784bafe2030afb7d2cda13f9fa333a02e34f6751afec11b010dbcd441fdf4c4002b3bd9afa775903324dbd6028f4e78f784bb54f1ee636631fad68058d3b0937031ac1b90ccb17062a391cca68afdbe40d55bd9afa775903324dbd6028f4e78f784bb8f078d983a24ac433216393883514cd932c33af18e7dd70884c8235f4275736bd9afa775903324dbd6028f4e78f784bb97a0889059c035ff1d54b6db53b11b9766668d9f955247c028b2837d7a04cd9bd9afa775903324dbd6028f4e78f784bbc87a668e81966489cb508ee805183c19e6acd24cf17799ca062d2e384da0ea7bd9afa775903324dbd6028f4e78f784bc409bdac4775add8db92aa22b5b718fb8c94a1462c1fe9a416b95d8a3388c2fcbd9afa775903324dbd6028f4e78f784bc617c1a8b1ee2a811c28b5a81b4c83d7c98b5b0c27281d610207ebe692c2967fbd9afa775903324dbd6028f4e78f784bc90f336617b8e7f983975413c997f10b73eb267fd8a10cb9e3bdbfc667abdb8bbd9afa775903324dbd6028f4e78f784bcb6b858b40d3a098765815b592c1514a49604fafd60819da88d7a76e9778fef7bd9afa775903324dbd6028f4e78f784bce3bfabe59d67ce8ac8dfd4a16f7c43ef9c224513fbc655957d735fa29f540cebd9afa775903324dbd6028f4e78f784bd8cbeb9735f5672b367e4f96cdc74969615d17074ae96c724d42ce0216f8f3fabd9afa775903324dbd6028f4e78f784be92c22eb3b5642d65c1ec2caf247d2594738eebb7fb3841a44956f59e2b0d1fabd9afa775903324dbd6028f4e78f784bfddd6e3d29ea84c7743dad4a1bdbc700b5fec1b391f932409086acc71dd6dbd8bd9afa775903324dbd6028f4e78f784bfe63a84f782cc9d3fcf2ccf9fc11fbd03760878758d26285ed12669bdc6e6d01bd9afa775903324dbd6028f4e78f784bfecfb232d12e994b6d485d2c7167728aa5525984ad5ca61e7516221f079a1436bd9afa775903324dbd6028f4e78f784bca171d614a8d7e121c93948cd0fe55d39981f9d11aa96e03450a415227c2c65bbd9afa775903324dbd6028f4e78f784b55b99b0de53dbcfe485aa9c737cf3fb616ef3d91fab599aa7cab19eda763b5babd9afa775903324dbd6028f4e78f784b77dd190fa30d88ff5e3b011a0ae61e6209780c130b535ecb87e6f0888a0b6b2fbd9afa775903324dbd6028f4e78f784bc83cb13922ad99f560744675dd37cc94dcad5a1fcba6472fee341171d939e884bd9afa775903324dbd6028f4e78f784b3b0287533e0cc3d0ec1aa823cbf0a941aad8721579d1c499802dd1c3a636b8a9bd9afa775903324dbd6028f4e78f784b939aeef4f5fa51e23340c3f2e49048ce8872526afdf752c3a7f3a3f2bc9f6049bd9afa775903324dbd6028f4e78f784b64575bd912789a2e14ad56f6341f52af6bf80cf94400785975e9f04e2d64d745bd9afa775903324dbd6028f4e78f784b45c7c8ae750acfbb48fc37527d6412dd644daed8913ccd8a24c94d856967df8e" ++ PCRIndex: 0 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 1 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 2 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 3 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 4 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 5 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 6 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 7 ++ EventType: EV_SEPARATOR ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "9069ca78e7450a285173431b3e52c5c25299e473" ++ EventSize: 4 ++ Event: "00000000" ++ PCRIndex: 5 ++ EventType: EV_EFI_GPT_EVENT ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "f8830f40b14064e7cc4e800898afb946ad865edd" ++ EventSize: 356 ++ Event: "4546492050415254000001005c000000c0d1261e000000000100000000000000ff7f5a07000000002200000000000000de7f5a0700000000c7f0a9872aedfe47862ef307c41758410200000000000000800000008000000050d75786020000000000000028732ac11ff8d211ba4b00a0c93ec93b948fabe36694cc429b81ebb7969bb28a0008000000000000ff0710000000000000000000000000004500460049002000530079007300740065006d00200050006100720074006900740069006f006e000000000000000000000000000000000000000000000000000000000000000000af3dc60f838472478e793d69d8477de4426b1bcd7a6eb645b9cf431b6df6c1860008100000000000ff775a07000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d0e6f939f1304a83975f34ff678da573ae2b3ee5" ++ EventSize: 178 ++ Event: ++ ImageLocationInMemory: 0x9f64d018 ++ ImageLengthInMemory: 1334816 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 146 ++ DevicePath: '02010c00d041030a00000000010106000014030506000b0002010c00d041030a00000000010106000014030506000b0004012a000100000000080000000000000000100000000000948fabe36694cc429b81ebb7969bb28a0202040434005c004500460049005c007500620075006e00740075005c007300680069006d007800360034002e0065006600690000007fff0400' ++ PCRIndex: 4 ++ EventType: EV_EFI_BOOT_SERVICES_APPLICATION ++ DigestCount: 1 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "5b135351ac81e93f17c43ec65ec0e4755ec29e45" ++ EventSize: 41 ++ Event: ++ ImageLocationInMemory: 0x0 ++ ImageLengthInMemory: 0 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 0 ++ DevicePath: '00081100000c1100cc' ++pcrs: ++ sha1: ++ 0 : 0x3dcaea25dc86554d94b94aa5bc8f735a49212af8 ++ 1 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 2 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 3 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 4 : 0x59955b8e6e01b21ba7ccbbdecdeaa8ae6770caa1 ++ 5 : 0xd8949f1020f3344daf7aa87717ae58d6498731e4 ++ 6 : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 ++ 7 : 0x9216fc0727c344b355a90a3f34f357e4362d51bb +diff --git a/test/integration/fixtures/event-raw/event-uefiaction.bin.yaml b/test/integration/fixtures/event-raw/event-uefiaction.bin.yaml +new file mode 100644 +index 0000000..d7a58f6 +--- /dev/null ++++ b/test/integration/fixtures/event-raw/event-uefiaction.bin.yaml +@@ -0,0 +1,47 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 45 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 4 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ - Algorithm[2]: ++ algorithmId: sha384 ++ digestSize: 48 ++ - Algorithm[3]: ++ algorithmId: sha512 ++ digestSize: 64 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 4 ++ EventType: EV_EFI_ACTION ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "cd0fdb4531a6ec41be2753ba042637d6e5f7f256" ++ - AlgorithmId: sha256 ++ Digest: "3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba" ++ EventSize: 40 ++ Event: |- ++ Calling EFI Application from Boot Option ++pcrs: ++ sha1: ++ 4 : 0xee01a03529a6b38b5ded18ab6ae8d771aaac1925 ++ sha256: ++ 4 : 0x3f263b96ccbc33bb53d808771f9ab1e02d4dec8854f9530f749cde853a723273 +diff --git a/test/integration/fixtures/event-raw/event-uefiservices.bin.yaml b/test/integration/fixtures/event-raw/event-uefiservices.bin.yaml +new file mode 100644 +index 0000000..0a1f553 +--- /dev/null ++++ b/test/integration/fixtures/event-raw/event-uefiservices.bin.yaml +@@ -0,0 +1,45 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 37 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 2 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 2 ++ EventType: EV_EFI_BOOT_SERVICES_DRIVER ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "855685b4dbd4b67d50e0594571055054cfe2b1e9" ++ - AlgorithmId: sha256 ++ Digest: "dd8576b4ff346c19c56c3e4f97ce55c5afa646f9c669be0a7cdd05057a0ecdf3" ++ EventSize: 84 ++ Event: ++ ImageLocationInMemory: 0x7dcf6018 ++ ImageLengthInMemory: 171464 ++ ImageLinkTimeAddress: 0x0 ++ LengthOfDevicePath: 52 ++ DevicePath: '02010c00d041030a0000000001010600000201010600000004081800000000000026010000000000ffc30300000000007fff0400' ++pcrs: ++ sha1: ++ 2 : 0x5b5f4d5c31664f01670a98a5796a36473671befc ++ sha256: ++ 2 : 0x35fcf9d737c52c971f7c74058d36937dbd7824177fa0f1de3eba3934fcb83b9d +diff --git a/test/integration/fixtures/event-raw/event-uefivar.bin.yaml b/test/integration/fixtures/event-raw/event-uefivar.bin.yaml +new file mode 100644 +index 0000000..cf84711 +--- /dev/null ++++ b/test/integration/fixtures/event-raw/event-uefivar.bin.yaml +@@ -0,0 +1,51 @@ ++--- ++version: 1 ++events: ++- EventNum: 0 ++ PCRIndex: 0 ++ EventType: EV_NO_ACTION ++ Digest: "0000000000000000000000000000000000000000" ++ EventSize: 45 ++ SpecID: ++ - Signature: Spec ID Event03 ++ platformClass: 0 ++ specVersionMinor: 0 ++ specVersionMajor: 2 ++ specErrata: 0 ++ uintnSize: 2 ++ numberOfAlgorithms: 4 ++ Algorithms: ++ - Algorithm[0]: ++ algorithmId: sha1 ++ digestSize: 20 ++ - Algorithm[1]: ++ algorithmId: sha256 ++ digestSize: 32 ++ - Algorithm[2]: ++ algorithmId: sha384 ++ digestSize: 48 ++ - Algorithm[3]: ++ algorithmId: sha512 ++ digestSize: 64 ++ vendorInfoSize: 0 ++- EventNum: 1 ++ PCRIndex: 7 ++ EventType: EV_EFI_VARIABLE_DRIVER_CONFIG ++ DigestCount: 2 ++ Digests: ++ - AlgorithmId: sha1 ++ Digest: "d4fdd1f14d4041494deb8fc990c45343d2277d08" ++ - AlgorithmId: sha256 ++ Digest: "ccfc4bb32888a345bc8aeadaba552b627d99348c767681ab3141f5b01e40a40e" ++ EventSize: 53 ++ Event: ++ VariableName: 8be4df61-93ca-11d2-aa0d-00e098032b8c ++ UnicodeNameLength: 10 ++ VariableDataLength: 1 ++ UnicodeName: SecureBoot ++ VariableData: "01" ++pcrs: ++ sha1: ++ 7 : 0x3a1ea200b8fafe60c290e903c5e6443cfef67f04 ++ sha256: ++ 7 : 0xe58ada1ba75f2e4722b539824598ad5e10c55f2e4aeab2033f3b0a8ee3f3eca6 +diff --git a/test/integration/helpers.sh b/test/integration/helpers.sh +index b986662..7e4ec92 100644 +--- a/test/integration/helpers.sh ++++ b/test/integration/helpers.sh +@@ -5,7 +5,7 @@ shopt -s expand_aliases + + # We get what python interpreter to run from configure, so alias python here + # to make subordiante scripts work. +-alias python=${PYTHON:-python} ++alias python=${PYTHON:-python3} + + # Return 0 if run by a TPM simulator, return 1 otherwise + is_simulator() { +@@ -236,7 +236,7 @@ function recreate_info() { + echo "#!/usr/bin/env bash" + echo -e "$a" + local script="$tpm2_test_original_cwd""/""$0" +- echo $(realpath "$script") ++ echo "dbus-run-session $(realpath "$script")" + echo "--- EOF ---" + echo + } +diff --git a/test/integration/tests/abrmd_extended-sessions.sh b/test/integration/tests/abrmd_extended-sessions.sh +index e743661..e58a9b3 100644 +--- a/test/integration/tests/abrmd_extended-sessions.sh ++++ b/test/integration/tests/abrmd_extended-sessions.sh +@@ -125,6 +125,14 @@ tpm2 startauthsession -S session.ctx --hmac-session \ + tpm2 sessionconfig session.ctx --enable-encrypt --enable-decrypt + tpm2 getrandom 8 -S session.ctx + tpm2 flushcontext session.ctx ++## Test with bounded only session (with file attribute) ++tpm2 startauthsession -S session.ctx --hmac-session \ ++--bind-context prim.ctx --bind-auth file:-<&1) ++ result=$? ++ ++ if [ $result != 0 ] && echo $output | grep "ErrorCode.*0126" > /dev/null ++ then ++ echo "This test failed due to a TPM bug regarding signed comparison as described" ++ echo "in TCG's Errata for TCG Trusted Platform Module Library Revision 1.59 Version 1.4," ++ echo "Section 2.5 TPM_EO – two’s complement" ++ tpm2 flushcontext session.ctx ++ skip_test ++ else ++ if [ $result != 0 ]; then ++ tpm2 flushcontext session.ctx ++ exit 1 ++ fi ++ fi ++ trap onerror ERR ++} ++ + trap cleanup EXIT + + start_up +@@ -19,8 +40,7 @@ cleanup "no-shut-down" + + ## Check cpHash output for TPM2_PolicyCounterTimer + tpm2 startauthsession -S session.ctx +-tpm2 policycountertimer -S session.ctx -L policy.countertimer.minute --ult \ +- 60000 --cphash cp.hash ++call_policy_countertimer -S session.ctx -L policy.countertimer.minute --ult 60000 --cphash cp.hash + TPM2_CC_PolicyCounterTimer="0000016d" + operandB="0008000000000000ea60" + offset="0000" +@@ -30,6 +50,8 @@ policySession=$(tpm2 sessionconfig session.ctx | grep Session-Handle | \ + + echo -ne $TPM2_CC_PolicyCounterTimer$policySession$operandB$offset$operation \ + | xxd -r -p | openssl dgst -sha256 -binary -out test.bin ++xxd cp.hash ++xxd test.bin + cmp cp.hash test.bin 2 + tpm2 flushcontext session.ctx + +@@ -41,8 +63,7 @@ tpm2 clear + # + tpm2 startauthsession -S session.ctx + +-tpm2 policycountertimer -S session.ctx -L policy.countertimer.minute --ult \ +-60000 ++call_policy_countertimer -S session.ctx -L policy.countertimer.minute --ult 60000 + + tpm2 flushcontext session.ctx + +@@ -58,8 +79,7 @@ tpm2 create -Q -u key.pub -r key.priv -i- -C prim.ctx \ + # + tpm2 startauthsession -S session.ctx --policy-session + +-tpm2 policycountertimer -S session.ctx -L policy.countertimer.minute --ult \ +-60000 ++call_policy_countertimer -S session.ctx -L policy.countertimer.minute --ult 60000 + + tpm2 unseal -c key.ctx -p session:session.ctx + +@@ -70,7 +90,7 @@ tpm2 flushcontext session.ctx + # + tpm2 clear + tpm2 startauthsession -S session.ctx --policy-session +-tpm2 policycountertimer -S session.ctx --ult clock=60000 ++call_policy_countertimer -S session.ctx --ult clock=60000 + tpm2 flushcontext session.ctx + + # +@@ -79,7 +99,7 @@ tpm2 flushcontext session.ctx + # + tpm2 clear + tpm2 startauthsession -S session.ctx --policy-session +-tpm2 policycountertimer -S session.ctx safe ++call_policy_countertimer -S session.ctx safe + tpm2 flushcontext session.ctx + + # +@@ -88,7 +108,7 @@ tpm2 flushcontext session.ctx + # + tpm2 clear + tpm2 startauthsession -S session.ctx --policy-session +-tpm2 policycountertimer -S session.ctx resets=0 ++call_policy_countertimer -S session.ctx resets=0 + tpm2 flushcontext session.ctx + + # +@@ -97,7 +117,7 @@ tpm2 flushcontext session.ctx + # + tpm2 clear + tpm2 startauthsession -S session.ctx --policy-session +-tpm2 policycountertimer -S session.ctx restarts=0 ++call_policy_countertimer -S session.ctx restarts=0 + tpm2 flushcontext session.ctx + + exit 0 +diff --git a/test/integration/tests/abrmd_policynv.sh b/test/integration/tests/abrmd_policynv.sh +index b75cabb..ec4bed7 100644 +--- a/test/integration/tests/abrmd_policynv.sh ++++ b/test/integration/tests/abrmd_policynv.sh +@@ -36,10 +36,34 @@ evaluate_failing_test_case() { + } + + evaluate_passing_test_case() { +- tpm2 startauthsession -S session.ctx --policy-session +- echo $operandB | xxd -r -p | \ +- tpm2 policynv -S session.ctx -i- -P nvpass $nv_test_index $1 +- tpm2 flushcontext session.ctx ++ tpm2 startauthsession -S session.ctx --policy-session ++ if [[ ${1:0:1} == "s" ]]; then ++ echo "Test sign: $1 $operandA $operandB" ++ # check whether sign compare fails with 0x126 ++ trap - ERR ++ output=$(echo $operandB | xxd -r -p | \ ++ tpm2 policynv -S session.ctx -i- -P nvpass $nv_test_index $1 2>&1) ++ result=$? ++ if [ $result != 0 ] && echo $output | grep "ErrorCode.*0126" > /dev/null ++ then ++ echo "This test failed due to a TPM bug regarding signed comparison as described" ++ echo "in TCG's Errata for TCG Trusted Platform Module Library Revision 1.59 Version 1.4," ++ echo "Section 2.5 TPM_EO – two’s complement" ++ tpm2 flushcontext session.ctx ++ skip_test ++ else ++ if [ $result != 0 ]; then ++ tpm2 flushcontext session.ctx ++ exit 1 ++ fi ++ fi ++ tpm2 flushcontext session.ctx ++ trap onerror ERR ++ else ++ echo $operandB | xxd -r -p | \ ++ tpm2 policynv -S session.ctx -i- -P nvpass $nv_test_index $1 ++ tpm2 flushcontext session.ctx ++ fi + } + + trap cleanup EXIT +@@ -54,7 +78,7 @@ tpm2 clear + evaluate_failing_test_case + + # Define an NV index +-tpm2 nvdefine -C o -p nvpass $nv_test_index -a "authread|authwrite" -s 2 ++tpm2 nvdefine -C o -p nvpass $nv_test_index -a "authread|authwrite" -s 1 + + # Perform any comparison operation on an unwritten NV index --> Should fail + evaluate_failing_test_case +@@ -70,40 +94,20 @@ evaluate_passing_test_case eq + operandB=0x80 + evaluate_passing_test_case neq + +-# Perform comparison operation "sgt" +-operandB=0x82 +-evaluate_passing_test_case sgt +- + # Perform comparison operation "ugt" + operandB=0x80 + evaluate_passing_test_case ugt + +-# Perform comparison operation "slt" +-operandB=0x80 +-evaluate_passing_test_case slt +- + # Perform comparison operation "ult" + operandB=0x82 + evaluate_passing_test_case ult + +-# Perform comparison operation "sge" +-operandB=0x82 +-evaluate_passing_test_case sge +-operandB=0x81 +-evaluate_passing_test_case sge +- + # Perform comparison operation "uge" + operandB=0x80 + evaluate_passing_test_case uge + operandB=0x81 + evaluate_passing_test_case uge + +-# Perform comparison operation "sle" +-operandB=0x80 +-evaluate_passing_test_case sle +-operandB=0x81 +-evaluate_passing_test_case sle +- + # Perform comparison operation "ule" + operandB=0x82 + evaluate_passing_test_case ule +@@ -118,4 +122,27 @@ evaluate_passing_test_case bs + operandB=0x7E + evaluate_passing_test_case bc + ++operandA=0xfe # -1 ++echo $operandA | xxd -r -p | tpm2 nvwrite -P nvpass -i- $nv_test_index ++ ++# Perform comparison operation "sgt" ++operandB=0xfd # -2 ++evaluate_passing_test_case sgt ++ ++# Perform comparison operation "slt" ++operandB=0xff # 0 ++evaluate_passing_test_case slt ++ ++# Perform comparison operation "sle" ++operandB=0xff #0 ++evaluate_passing_test_case sle ++operandB=0xfe # -1 ++evaluate_passing_test_case sle ++ ++# Perform comparison operation "sge" ++operandB=0xfd # -2 ++evaluate_passing_test_case sge ++operandB=0xfe # -1 ++evaluate_passing_test_case sge ++ + exit 0 +diff --git a/test/integration/tests/certify.sh b/test/integration/tests/certify.sh +index e3f47bc..352c182 100644 +--- a/test/integration/tests/certify.sh ++++ b/test/integration/tests/certify.sh +@@ -41,6 +41,8 @@ tpm2 certify \ + + verify_signature_with_ssl + ++tpm2 print -t TPMS_ATTEST attest.out ++ + # Test with full options + + tpm2 certify \ +diff --git a/test/integration/tests/certifycreation.sh b/test/integration/tests/certifycreation.sh +index a56cfc4..277226b 100644 +--- a/test/integration/tests/certifycreation.sh ++++ b/test/integration/tests/certifycreation.sh +@@ -30,6 +30,8 @@ tpm2 certifycreation -C signing_key.ctx -c primary.ctx -d creation.digest \ + -t creation.ticket -g sha256 -o signature.bin --attestation attestation.bin \ + -f plain -s rsassa + ++tpm2 print -t TPMS_ATTEST attestation.bin ++ + openssl dgst -verify sslpub.pem -keyform pem -sha256 -signature signature.bin \ + attestation.bin + +diff --git a/test/integration/tests/checkquote.sh b/test/integration/tests/checkquote.sh +index e18b0d3..5857b71 100644 +--- a/test/integration/tests/checkquote.sh ++++ b/test/integration/tests/checkquote.sh +@@ -88,6 +88,16 @@ tpm2 checkquote -u ecc.ak.tpmt -m quote.bin -s quote.sig -f quote.pcr -g sha256 + tpm2 pcrread sha256:15,16,22 -o pcr.bin + + tpm2 checkquote -u ecc.ak.tpmt -m quote.bin -s quote.sig -g sha256 -q nonce.bin \ +--f pcr.bin -l sha256:15,16,22 ++ -f pcr.bin -l sha256:15,16,22 ++ ++# Verify quote with ++ ++tpm2 createprimary -Q -C e -G rsa2048:rsapss-sha256:null -c ek.ctx -o ek.pub -a 'fixedtpm|fixedparent|sensitivedataorigin|userwithauth|sign|restricted' ++ ++# Provide scheme explicitly ++tpm2 quote -Q -c ek.ctx -g sha256 -l sha1:0,1,2,3 -o quote.pcrs -m quote.msg -s quote.sig --scheme=rsapss ++ ++# Signature verification ++tpm2 checkquote -u ek.pub -m quote.msg -s quote.sig -f quote.pcrs + + exit 0 +diff --git a/test/integration/tests/commandaudit.sh b/test/integration/tests/commandaudit.sh +index 2a2beca..52d952d 100644 +--- a/test/integration/tests/commandaudit.sh ++++ b/test/integration/tests/commandaudit.sh +@@ -65,6 +65,7 @@ diff -B \ + xxd -r -p | openssl dgst -sha256 -binary ) \ + <( tail -c 32 att.data ) + ++tpm2 print -t TPMS_ATTEST att.data + # + # Check TPM2_CC_GetRandom is removed from the audit list + # +diff --git a/test/integration/tests/ecc.sh b/test/integration/tests/ecc.sh +index aeb073a..acced8b 100644 +--- a/test/integration/tests/ecc.sh ++++ b/test/integration/tests/ecc.sh +@@ -136,4 +136,20 @@ openssl dgst -sha256 -binary -out test.bin + + cmp cp.hash test.bin 2 + ++# Test ecdhzgen with public keys instead of public points ++tpm2 createprimary -C o -c prim.ctx -Q ++ ++# Create ECDH keypair A ++tpm2 create -C prim.ctx -c keyA.ctx -u ecdhA.pub -G ecc256:ecdh ++ ++# Create ECDH keypair B ++tpm2 create -C prim.ctx -c keyB.ctx -u ecdhB.pub -G ecc256:ecdh ++ ++# Derive ECDH secret 1 using private key A and public key B ++tpm2 ecdhzgen -c keyA.ctx -k ecdhB.pub -o secret1.dat ++ ++# Derive ECDH secret 2 using private key B and public key A ++tpm2 ecdhzgen -c keyB.ctx -k ecdhA.pub -o secret2.dat ++diff secret1.dat secret2.dat ++ + exit 0 +diff --git a/test/integration/tests/encryptdecrypt.sh b/test/integration/tests/encryptdecrypt.sh +index 04a5fd1..6f736fe 100644 +--- a/test/integration/tests/encryptdecrypt.sh ++++ b/test/integration/tests/encryptdecrypt.sh +@@ -100,7 +100,7 @@ cmp secret2.dat decrypt.out + dd if=/dev/zero bs=1 count=2048 status=none of=secret2.dat + cat secret2.dat | tpm2 encryptdecrypt -Q -c decrypt.ctx -o encrypt.out -e + tpm2 encryptdecrypt -Q -c decrypt.ctx -d -o decrypt.out encrypt.out +-## Last block is short 14 or hex 0E trailing bytes ++## Last block is short 16 or hex 10 trailing bytes + echo 10101010101010101010101010101010 | xxd -r -p >> secret2.dat + cmp secret2.dat decrypt.out + +@@ -110,12 +110,32 @@ cat secret2.dat | tpm2 encryptdecrypt -Q -c decrypt.ctx -o encrypt.out -e + tpm2 encryptdecrypt -Q -c decrypt.ctx -d -o decrypt.out -e encrypt.out + cmp secret2.dat decrypt.out + ++# Test pkcs7 padding is stripped after few blocks within the buffer. ++dd if=/dev/zero bs=1 count=2114 status=none of=secret2.dat ++cat secret2.dat | tpm2 encryptdecrypt -Q -c decrypt.ctx -o encrypt.out -e ++tpm2 encryptdecrypt -Q -c decrypt.ctx -d -o decrypt.out -e encrypt.out ++cmp secret2.dat decrypt.out ++ + # Test that pkcs7 pad is stripped off last block for block length aligned inputs + dd if=/dev/zero bs=1 count=2048 status=none of=secret2.dat + cat secret2.dat | tpm2 encryptdecrypt -Q -c decrypt.ctx -o encrypt.out -e + tpm2 encryptdecrypt -Q -c decrypt.ctx -d -o decrypt.out -e encrypt.out + cmp secret2.dat decrypt.out + ++# Test pkcs7 padding larger than block size is ignored ++dd if=/dev/zero bs=1 count=48 status=none of=secret2.dat ++echo ffffffffffffffffffffffffffffffff | xxd -r -p >> secret2.dat ++cat secret2.dat | tpm2 encryptdecrypt -Q -c decrypt.ctx -o encrypt.out ++tpm2 encryptdecrypt -Q -c decrypt.ctx -d -o decrypt.out -e encrypt.out ++cmp secret2.dat decrypt.out ++ ++# Test inconsistent pkcs7 padding is ignored ++dd if=/dev/zero bs=1 count=48 status=none of=secret2.dat ++echo 0102030405060708090a0b0c0d0e0f10 | xxd -r -p >> secret2.dat ++cat secret2.dat | tpm2 encryptdecrypt -Q -c decrypt.ctx -o encrypt.out ++tpm2 encryptdecrypt -Q -c decrypt.ctx -d -o decrypt.out -e encrypt.out ++cmp secret2.dat decrypt.out ++ + # Negative that bad mode fails + trap - ERR + +diff --git a/test/integration/tests/eventlog.sh b/test/integration/tests/eventlog.sh +index 01f06d0..e7c1370 100644 +--- a/test/integration/tests/eventlog.sh ++++ b/test/integration/tests/eventlog.sh +@@ -3,10 +3,17 @@ + set -E + shopt -s expand_aliases + +-alias python=${PYTHON-python} ++alias python=${PYTHON-python3} + + yaml_validate() { +- python -c 'import yaml,sys; yaml.safe_load(sys.stdin)' ++ cmd=$1 ++ ++ if test -z "$cmd" ++ then ++ python -c "import yaml,sys; yaml.safe_load(sys.stdin)" ++ else ++ python -c "import yaml,sys; y=yaml.safe_load(sys.stdin); $cmd" ++ fi + } + + expect_fail() { +@@ -32,10 +39,9 @@ expect_pass() { + ret=1 + fi + +- diff $evlog.yaml $base.out ++ diff -u $evlog.yaml $base.out + if [ $? -ne 0 ]; then +- echo "YAML output changed" +- ++ echo "YAML output matching $evlog.yaml changed, set TEST_REGENERATE_OUTPUT=1 to re-create" + if test "$TEST_REGENERATE_OUTPUT" = "1" + then + cp $base.out $evlog.yaml +@@ -48,7 +54,7 @@ expect_pass() { + then + diff $evlog.warn $base.err + if [ $? -ne 0 ]; then +- echo "WARNING output changed" ++ echo "WARNING output matching $evlog.warn changed, set TEST_REGENERATE_OUTPUT=1 to re-create" + + if test "$TEST_REGENERATE_OUTPUT" = "1" + then +@@ -61,7 +67,7 @@ expect_pass() { + if test -s $base.err + then + cat $base.err +- echo "WARNING output unexpected" ++ echo "WARNING output for $evlog.warn unexpected, set TEST_REGENERATE_OUTPUT=1 to re-create" + + if test "$TEST_REGENERATE_OUTPUT" = "1" + then +@@ -99,4 +105,49 @@ expect_pass ${srcdir}/test/integration/fixtures/event-gce-ubuntu-2104-log.bin -- + expect_pass ${srcdir}/test/integration/fixtures/event-sd-boot-fedora37.bin --eventlog-version=2 + expect_pass ${srcdir}/test/integration/fixtures/event-moklisttrusted.bin --eventlog-version=2 + ++# Pick an event with leading whitespace and validate we have ++# preserved it correctly after parsing the YAML ++event=$(yaml_validate "print(y['events'][80]['Event']['String'])" < ${srcdir}/test/integration/fixtures/event-moklisttrusted.bin.yaml | tr -d '\0') ++expect=$(echo -e "grub_cmd: menuentry UEFI Firmware Settings --id uefi-firmware {\n\t\tfwsetup\n\t}") ++if test "$event" != "$expect" ++then ++ echo "Got $event" ++ echo "Want $expect" ++ exit 1 ++fi ++ ++# Compare strings generated by tpm2_eventlog with binary data of the corresponding ++# events. ++hex_file="${srcdir}/test/integration/fixtures/event-moklisttrusted-hex.yaml" ++tool_file="${srcdir}/test/integration/fixtures/event-moklisttrusted.bin.yaml" ++ ++python << pyscript ++import binascii ++import sys ++import yaml ++import binascii ++ ++with open("$hex_file", 'r') as file: ++ eventlog_hex = yaml.safe_load(file) ++ ++with open("$tool_file", 'r') as file: ++ eventlog_tools = yaml.safe_load(file) ++ ++try: ++ for i in range(len(eventlog_hex)): ++ event_hex = eventlog_hex[i]['content']['event_data'] ++ event_bin = binascii.unhexlify(event_hex) ++ event_tools = eventlog_tools['events'][i] ++ if 'Event' in event_tools and 'String' in event_tools['Event']: ++ event_string = event_bin.decode('ascii') ++ event_tools = event_tools['Event']['String'] ++ if event_string != event_tools: ++ print("Events are not equal:") ++ print(str(event_tools)) ++ print(str(event_string)) ++ raise(Exception("Events are not equal")) ++except Exception: ++ sys.exit(1) ++pyscript ++ + exit $? +diff --git a/test/integration/tests/forward-seal.sh b/test/integration/tests/forward-seal.sh +new file mode 100644 +index 0000000..167f781 +--- /dev/null ++++ b/test/integration/tests/forward-seal.sh +@@ -0,0 +1,176 @@ ++# SPDX-License-Identifier: BSD-3-Clause ++ ++source helpers.sh ++ ++alg_primary_obj=sha256 ++alg_primary_key=ecc ++alg_create_obj=sha256 ++pcr_specification=sha256:1,2,3,16+sha1:1,2,3,16 ++pcr_fwd_specification=sha256:1,2,3,16=bba91ca85dc914b2ec3efb9e16e7267bf9193b14350d20fba8a8b406730ae30a+sha1:1,2,3,16=6fd13bfa9ec8bc42e39d262810bbb912373ca5f9 ++pcr_sha1_specification=sha1:1,2,3,16 ++pcr_sha1_fwd_specification=sha1:1,2,3,16=6fd13bfa9ec8bc42e39d262810bbb912373ca5f9 ++pcr_sha256_specification=sha256:1,2,3,16 ++pcr_sha256_fwd_specification=sha256:1,2,3,16=bba91ca85dc914b2ec3efb9e16e7267bf9193b14350d20fba8a8b406730ae30a ++file_pcr_value=pcr.bin ++file_input_data=secret.data ++file_policy=policy.data ++file_primary_key_ctx=context.p_"$alg_primary_obj"_"$alg_primary_key" ++file_unseal_key_pub=opu_"$alg_create_obj" ++file_unseal_key_priv=opr_"$alg_create_obj" ++file_unseal_key_ctx=ctx_load_out_"$alg_primary_obj"_"$alg_primary_key"-\ ++"$alg_create_obj" ++file_unseal_key_name=name.load_"$alg_primary_obj"_"$alg_primary_key"-\ ++"$alg_create_obj" ++file_unseal_output_data=usl_"$file_unseal_key_ctx" ++file_auth_session=auth-session.data ++ ++secret="12345678" ++ ++cleanup() { ++ rm -f $file_input_data $file_primary_key_ctx $file_unseal_key_pub \ ++ $file_unseal_key_priv $file_unseal_key_ctx $file_unseal_key_name \ ++ $file_unseal_output_data $file_pcr_value $file_policy ++ ++ if [ "$1" != "no-shut-down" ]; then ++ shut_down ++ fi ++} ++trap cleanup EXIT ++ ++start_up ++ ++cleanup "no-shut-down" ++ ++echo $secret > $file_input_data ++ ++tpm2 clear ++ ++tpm2 createprimary -Q -C e -g $alg_primary_obj -G $alg_primary_key \ ++-c $file_primary_key_ctx ++ ++# Test sha1+sha256 ++ ++resetPCR16 ++ ++tpm2 startauthsession -Q -S "$file_auth_session" ++ ++tpm2 policypcr -Q --session "$file_auth_session" -L "$file_policy" --pcr-list "$pcr_fwd_specification" ++ ++tpm2 flushcontext -Q "$file_auth_session" ++ ++tpm2 create -g $alg_create_obj -u $file_unseal_key_pub \ ++-r $file_unseal_key_priv -i- -C $file_primary_key_ctx -L $file_policy \ ++-a 'fixedtpm|fixedparent' <<< $secret ++ ++tpm2 load -C $file_primary_key_ctx -u $file_unseal_key_pub \ ++-r $file_unseal_key_priv -n $file_unseal_key_name -c $file_unseal_key_ctx ++ ++# Test that unseal fails if a PCR policy isn't provided ++ ++trap - ERR ++ ++# Test that unseal fails if PCR state isn't the same as the defined PCR policy ++tpm2 unseal -c $file_unseal_key_ctx -p pcr:$pcr_specification 2> /dev/null ++if [ $? != 1 ]; then ++ echo "tpm2 unseal didn't fail with a PCR state different than the policy!" ++ exit 1 ++fi ++ ++trap onerror ERR ++ ++tpm2 pcrextend 16:sha1=6c10289a8da7f774cf67bd2fc8502cd4b585346a ++tpm2 pcrextend 16:sha256=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff ++ ++# Test that the object can be unsealed from forward sealing. ++ ++unsealed=`tpm2 unseal -V --object-context $file_unseal_key_ctx \ ++-p pcr:$pcr_specification` ++ ++test "$unsealed" == "$secret" ++ ++rm $file_unseal_key_pub $file_unseal_key_priv $file_unseal_key_name \ ++$file_unseal_key_ctx ++ ++#Test with sha256 bank ++resetPCR16 ++ ++tpm2 startauthsession -Q -S "$file_auth_session" ++ ++tpm2 policypcr -Q --session "$file_auth_session" -L "$file_policy" --pcr-list "$pcr_sha256_fwd_specification" ++ ++tpm2 flushcontext -Q "$file_auth_session" ++ ++tpm2 create -g $alg_create_obj -u $file_unseal_key_pub \ ++-r $file_unseal_key_priv -i- -C $file_primary_key_ctx -L $file_policy \ ++-a 'fixedtpm|fixedparent' <<< $secret ++ ++tpm2 load -C $file_primary_key_ctx -u $file_unseal_key_pub \ ++-r $file_unseal_key_priv -n $file_unseal_key_name -c $file_unseal_key_ctx ++ ++# Test that unseal fails if a PCR policy isn't provided ++ ++trap - ERR ++ ++# Test that unseal fails if PCR state isn't the same as the defined PCR policy ++tpm2 unseal -c $file_unseal_key_ctx -p pcr:$pcr_sha256_specification 2> /dev/null ++if [ $? != 1 ]; then ++ echo "tpm2 unseal didn't fail with a PCR state different than the policy!" ++ exit 1 ++fi ++ ++trap onerror ERR ++ ++tpm2 pcrextend 16:sha256=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff ++ ++# Test that the object can be unsealed from forward sealing. ++ ++unsealed=`tpm2 unseal -V --object-context $file_unseal_key_ctx \ ++-p pcr:$pcr_sha256_specification` ++ ++test "$unsealed" == "$secret" ++ ++rm $file_unseal_key_pub $file_unseal_key_priv $file_unseal_key_name \ ++$file_unseal_key_ctx ++ ++#Test with sha1 bank ++resetPCR16 ++ ++tpm2 startauthsession -Q -S "$file_auth_session" ++ ++tpm2 policypcr -Q --session "$file_auth_session" -L "$file_policy" --pcr-list "$pcr_sha1_fwd_specification" ++ ++tpm2 flushcontext -Q "$file_auth_session" ++ ++tpm2 create -g $alg_create_obj -u $file_unseal_key_pub \ ++-r $file_unseal_key_priv -i- -C $file_primary_key_ctx -L $file_policy \ ++-a 'fixedtpm|fixedparent' <<< $secret ++ ++tpm2 load -C $file_primary_key_ctx -u $file_unseal_key_pub \ ++-r $file_unseal_key_priv -n $file_unseal_key_name -c $file_unseal_key_ctx ++ ++# Test that unseal fails if a PCR policy isn't provided ++ ++trap - ERR ++ ++# Test that unseal fails if PCR state isn't the same as the defined PCR policy ++tpm2 unseal -c $file_unseal_key_ctx -p pcr:$pcr_sha1_specification 2> /dev/null ++if [ $? != 1 ]; then ++ echo "tpm2 unseal didn't fail with a PCR state different than the policy!" ++ exit 1 ++fi ++ ++trap onerror ERR ++ ++tpm2 pcrextend 16:sha1=6c10289a8da7f774cf67bd2fc8502cd4b585346a ++ ++# Test that the object can be unsealed from forward sealing. ++ ++unsealed=`tpm2 unseal -V --object-context $file_unseal_key_ctx \ ++-p pcr:$pcr_sha1_specification` ++ ++test "$unsealed" == "$secret" ++ ++rm $file_unseal_key_pub $file_unseal_key_priv $file_unseal_key_name \ ++$file_unseal_key_ctx ++ ++exit 0 +diff --git a/test/integration/tests/getekcertificate.sh b/test/integration/tests/getekcertificate.sh +index 80cc5bb..c2f6482 100644 +--- a/test/integration/tests/getekcertificate.sh ++++ b/test/integration/tests/getekcertificate.sh +@@ -31,11 +31,12 @@ fi + # Setup retries for when EK certificate cannot be retrieved on first try + getekcert_with_retries() { + trap - ERR ++ INTL_URL=https://ekop.intel.com/ekcertservice/ + cert_done= + for i in 1 2 3; + do +- tpm2 getekcertificate -u $1 -x -X -o $2 +- tpm2 getekcertificate -u $1 -x -X > $3 ++ tpm2 getekcertificate -u $1 -x -X -o $2 $INTL_URL ++ tpm2 getekcertificate -u $1 -x -X $INTL_URL > $3 + # Test that stdout output is the same as output to file + cmp $2 $3 + if [ $? == 0 ]; then +diff --git a/test/integration/tests/gettime.sh b/test/integration/tests/gettime.sh +index 054bef8..ef11fa4 100644 +--- a/test/integration/tests/gettime.sh ++++ b/test/integration/tests/gettime.sh +@@ -20,4 +20,6 @@ tpm2 load -C primary.ctx -u rsa.pub -r rsa.priv -c rsa.ctx + + tpm2 gettime -c rsa.ctx -o attest.sig --attestation attest.data + ++tpm2 print -t TPMS_ATTEST attest.data ++ + exit 0 +diff --git a/test/integration/tests/load.sh b/test/integration/tests/load.sh +index 7358d61..a0a41a7 100644 +--- a/test/integration/tests/load.sh ++++ b/test/integration/tests/load.sh +@@ -51,13 +51,13 @@ tpm2 clear + + #####file test + +-tpm2 createprimary -Q -C e -g $alg_primary_obj -G $alg_primary_key \ ++tpm2 createprimary -R -Q -C e -g $alg_primary_obj -G $alg_primary_key \ + -c $file_primary_key_ctx + +-tpm2 create -Q -g $alg_create_obj -G $alg_create_key -u $file_load_key_pub \ ++tpm2 create -R -Q -g $alg_create_obj -G $alg_create_key -u $file_load_key_pub \ + -r $file_load_key_priv -C $file_primary_key_ctx + +-tpm2 load -Q -C $file_primary_key_ctx -u $file_load_key_pub \ ++tpm2 load -R -Q -C $file_primary_key_ctx -u $file_load_key_pub \ + -r $file_load_key_priv -n $file_load_key_name -c $file_load_key_ctx + + #####handle test +diff --git a/test/integration/tests/nvcertify.sh b/test/integration/tests/nvcertify.sh +index 5f93a05..9965af8 100644 +--- a/test/integration/tests/nvcertify.sh ++++ b/test/integration/tests/nvcertify.sh +@@ -43,6 +43,8 @@ dd if=/dev/urandom of=qual.dat bs=1 count=32 + tpm2 nvcertify -C signing_key.ctx -g sha256 -f plain -s rsassa \ + -o signature.bin --attestation attestation.bin --size 32 -q qual.dat 1 + ++tpm2 print -t TPMS_ATTEST attestation.bin ++ + openssl dgst -verify sslpub.pem -keyform pem -sha256 -signature signature.bin \ + attestation.bin + +diff --git a/test/integration/tests/rsadecrypt.sh b/test/integration/tests/rsadecrypt.sh +index 24b80a4..e1c11a0 100644 +--- a/test/integration/tests/rsadecrypt.sh ++++ b/test/integration/tests/rsadecrypt.sh +@@ -12,6 +12,11 @@ file_rsaencrypt_key_name=name.load.B1_B8 + file_rsa_en_output_data=rsa_en.out + file_rsa_de_output_data=rsa_de.out + file_input_data=secret.data ++secret1=secret1 ++secret2=secret2 ++cipher=cipher ++session_dat=session.dat ++policy_dat=policy.dat + + alg_hash=sha256 + alg_primary_key=rsa +@@ -21,7 +26,8 @@ cleanup() { + rm -f $file_input_data $file_primary_key_ctx $file_rsaencrypt_key_pub \ + $file_rsaencrypt_key_priv $file_rsaencrypt_key_ctx \ + $file_rsaencrypt_key_name $file_output_data $file_rsa_en_output_data \ +- $file_rsa_de_output_data $file_rsadecrypt_key_ctx label.dat ++ $file_rsa_de_output_data $file_rsadecrypt_key_ctx label.dat \ ++ $secret1 $secret2 $cipher $session.dat $policy.dat + + if [ "$1" != "no-shut-down" ]; then + shut_down +@@ -96,5 +102,18 @@ tpm2 rsaencrypt -Q -c $file_rsaencrypt_key_ctx -o $file_rsa_en_output_data \ + tpm2 rsadecrypt -Q -c $file_rsadecrypt_key_ctx -p foo -o \ + $file_rsa_de_output_data -s oaep-sha1 $file_rsa_en_output_data + +- ++# Test rasdecrypt with polic password session with file attribute ++tpm2 createprimary -Q -C e -g $alg_hash -G $alg_primary_key -c $file_primary_key_ctx ++tpm2 startauthsession -S $session_dat --policy-session ++tpm2 policypassword -S $session_dat -L $policy_dat ++tpm2 create -Q -g $alg_hash -p foo -G $alg_rsaencrypt_key -C $file_primary_key_ctx \ ++ -L $policy_dat -c $file_rsaencrypt_key_pub ++echo $secret > $secret1 ++tpm2 rsaencrypt -c $file_rsaencrypt_key_pub -o $cipher $secret1 ++tpm2 startauthsession -S $session_dat --policy-session ++tpm2 policypassword -S $session_dat -L $policy_dat ++tpm2 rsadecrypt -c $file_rsaencrypt_key_pub -p session:${session_dat}+file:- -o $secret2 $cipher <&2 + fi + trap onerror ERR +diff --git a/test/integration/tests/tr_encode.sh b/test/integration/tests/tr_encode.sh +new file mode 100644 +index 0000000..40922de +--- /dev/null ++++ b/test/integration/tests/tr_encode.sh +@@ -0,0 +1,22 @@ ++# SPDX-License-Identifier: BSD-3-Clause ++ ++source helpers.sh ++ ++cleanup() { ++ rm -f *.tr *.ctx *.pub ++ ++ if [ "$1" != "no-shut-down" ]; then ++ shut_down ++ fi ++} ++trap cleanup EXIT ++ ++start_up ++ ++cleanup "no-shut-down" ++ ++tpm2 createprimary -c primary.ctx ++tpm2 evictcontrol -c primary.ctx -o primary.tr 0x81000002 ++tpm2 readpublic -c primary.tr -o primary.pub ++tpm2 tr_encode -c 0x81000002 -u primary.pub -o primary2.tr ++cmp primary.tr primary2.tr +diff --git a/test/integration/tests/unseal.sh b/test/integration/tests/unseal.sh +index dd6c2bc..a298579 100644 +--- a/test/integration/tests/unseal.sh ++++ b/test/integration/tests/unseal.sh +@@ -152,10 +152,8 @@ tpm2 sessionconfig enc_session.ctx --disable-encrypt + tpm2 create -Q -C prim.ctx -u seal_key.pub -r seal_key.priv -c seal_key.ctx \ + -p sealkeypass -i- <<< $secret -S enc_session.ctx + +-tpm2 sessionconfig enc_session.ctx --enable-encrypt ++tpm2 sessionconfig enc_session.ctx --enable-encrypt --disable-continuesession + unsealed=`tpm2 unseal -c seal_key.ctx -p sealkeypass -S enc_session.ctx` + test "$unsealed" == "$secret" + +-tpm2 flushcontext enc_session.ctx +- + exit 0 +diff --git a/test/unit/test_pcr.c b/test/unit/test_pcr.c +index 0d11948..f50a9f6 100644 +--- a/test/unit/test_pcr.c ++++ b/test/unit/test_pcr.c +@@ -18,14 +18,14 @@ static void test_pcr_alg_nice_names(void **state) { + TPML_PCR_SELECTION_EMPTY_INIT; + + bool result = pcr_parse_selections("sha256:16,17,18+0x0b:16,17,18", +- &friendly_pcr_selections); ++ &friendly_pcr_selections, NULL); + assert_true(result); + + TPML_PCR_SELECTION raw_pcr_selections = + TPML_PCR_SELECTION_EMPTY_INIT; + + result = pcr_parse_selections("0xb:16,17,18+0x0b:16,17,18", +- &raw_pcr_selections); ++ &raw_pcr_selections, NULL); + assert_true(result); + + assert_memory_equal(&friendly_pcr_selections, &raw_pcr_selections, +@@ -36,14 +36,14 @@ static void test_pcr_alg_nice_names(void **state) { + TPML_PCR_SELECTION_EMPTY_INIT; + + bool result_sm3 = pcr_parse_selections("sm3_256:16,17,18+0x12:16,17,18", +- &friendly_pcr_selections_sm3); ++ &friendly_pcr_selections_sm3, NULL); + assert_true(result_sm3); + + TPML_PCR_SELECTION raw_pcr_selections_sm3 = + TPML_PCR_SELECTION_EMPTY_INIT; + + result_sm3 = pcr_parse_selections("0x12:16,17,18+0x12:16,17,18", +- &raw_pcr_selections_sm3); ++ &raw_pcr_selections_sm3, NULL); + assert_true(result_sm3); + + assert_memory_equal(&friendly_pcr_selections_sm3, &raw_pcr_selections_sm3, +@@ -54,20 +54,101 @@ static void test_pcr_alg_nice_names(void **state) { + TPML_PCR_SELECTION_EMPTY_INIT; + + bool result_sha3 = pcr_parse_selections("sha3_256:16,17,18+0x27:16,17,18", +- &friendly_pcr_selections_sha3_256); ++ &friendly_pcr_selections_sha3_256, NULL); + assert_true(result_sha3); + + TPML_PCR_SELECTION raw_pcr_selections_sha3_256 = + TPML_PCR_SELECTION_EMPTY_INIT; + + result_sha3 = pcr_parse_selections("0x27:16,17,18+0x27:16,17,18", +- &raw_pcr_selections_sha3_256); ++ &raw_pcr_selections_sha3_256, NULL); + assert_true(result_sha3); + + assert_memory_equal(&friendly_pcr_selections_sha3_256, &raw_pcr_selections_sha3_256, + sizeof(raw_pcr_selections_sha3_256)); + } + ++static void test_pcr_forward_seal(void **state) { ++ ++ (void) state; ++ ++ tpm2_forwards forwards = {}; ++ TPML_PCR_SELECTION raw_pcr_selections_forward = ++ TPML_PCR_SELECTION_EMPTY_INIT; ++ // test forward sealing ++ bool result_forward = pcr_parse_selections("sha1:4,5=da39a3ee5e6b4b0d3255bfef95601890afd80709,6", ++ &raw_pcr_selections_forward, &forwards); ++ assert_true(result_forward); ++ result_forward = pcr_parse_selections("sha1:4,5=da39a3ee5e6b4b0d3255bfef95601890afd80709,6+sha256:0,1=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855,2", ++ &raw_pcr_selections_forward, &forwards); ++ assert_true(result_forward); ++ ++ // Out-of-range ++ result_forward = pcr_parse_selections( ++ "sha256:32", ++ &raw_pcr_selections_forward, &forwards); ++ assert_false(result_forward); ++ ++ // Trailing digest ++ result_forward = pcr_parse_selections( ++ "sha1:4,5=da39a3ee5e6b4b0d3255bfef95601890afd80709", ++ &raw_pcr_selections_forward, &forwards); ++ assert_true(result_forward); ++ ++ // 0x digest ++ result_forward = pcr_parse_selections( ++ "sha1:4,5=0xda39a3ee5e6b4b0d3255bfef95601890afd80709", ++ &raw_pcr_selections_forward, &forwards); ++ assert_true(result_forward); ++ ++ // Digest odd length: ++ result_forward = pcr_parse_selections( ++ "sha1:4,5=da39a", ++ &raw_pcr_selections_forward, &forwards); ++ assert_false(result_forward); ++ ++ // Digest too short: ++ result_forward = pcr_parse_selections( ++ "sha1:4,5=da39", ++ &raw_pcr_selections_forward, &forwards); ++ assert_false(result_forward); ++ ++ // Digest too long: ++ result_forward = pcr_parse_selections( ++ "sha1:4,5=11111111111111111111111111111111111111111111111111", ++ &raw_pcr_selections_forward, &forwards); ++ assert_false(result_forward); ++ ++ // Digest specified but no forwards ++ result_forward = pcr_parse_selections( ++ "sha1:4,5=da39a3ee5e6b4b0d3255bfef95601890afd80709", ++ &raw_pcr_selections_forward, NULL); ++ assert_false(result_forward); ++ ++ // Invalid PCR# ++ result_forward = pcr_parse_selections( ++ "sha1:boo,5", ++ &raw_pcr_selections_forward, NULL); ++ assert_false(result_forward); ++ ++ TPML_PCR_SELECTION pcr_selections_sha256 = ++ TPML_PCR_SELECTION_EMPTY_INIT; ++ ++ result_forward = pcr_parse_selections("sha256:16,17,18", ++ &pcr_selections_sha256, NULL); ++ assert_true(result_forward); ++ ++ TPML_PCR_SELECTION forward_pcr_selections_sha256 = ++ TPML_PCR_SELECTION_EMPTY_INIT; ++ ++ result_forward = pcr_parse_selections("sha256:16=1616161616161616161616161616161616161616161616161616161616161616,17,18", ++ &forward_pcr_selections_sha256, &forwards); ++ assert_true(result_forward); ++ ++ assert_memory_equal(&pcr_selections_sha256, &forward_pcr_selections_sha256, ++ sizeof(pcr_selections_sha256)); ++} ++ + /* link required symbol, but tpm2_tool.c declares it AND main, which + * we have a main below for cmocka tests. + */ +@@ -78,7 +159,8 @@ int main(int argc, char* argv[]) { + (void) argv; + + const struct CMUnitTest tests[] = { +- cmocka_unit_test(test_pcr_alg_nice_names) ++ cmocka_unit_test(test_pcr_alg_nice_names), ++ cmocka_unit_test(test_pcr_forward_seal) + }; + + return cmocka_run_group_tests(tests, NULL, NULL); +diff --git a/test/unit/test_tpm2_eventlog.c b/test/unit/test_tpm2_eventlog.c +index ebf50e8..1c36f90 100644 +--- a/test/unit/test_tpm2_eventlog.c ++++ b/test/unit/test_tpm2_eventlog.c +@@ -27,7 +27,7 @@ static void test_foreach_digest2_null(void **state){ + (void)state; + tpm2_eventlog_context ctx = {0}; + +- assert_false(foreach_digest2(&ctx, 0, NULL, 0, sizeof(TCG_DIGEST2))); ++ assert_false(foreach_digest2(&ctx, 0, 0, NULL, 0, sizeof(TCG_DIGEST2), 0)); + } + static void test_foreach_digest2_size(void **state) { + +@@ -36,7 +36,7 @@ static void test_foreach_digest2_size(void **state) { + TCG_DIGEST2 *digest = (TCG_DIGEST2*)buf; + tpm2_eventlog_context ctx = { .digest2_cb = foreach_digest2_test_callback }; + +- assert_false(foreach_digest2(&ctx, 0, digest, 1, sizeof(TCG_DIGEST2) - 1)); ++ assert_false(foreach_digest2(&ctx, 0, 0, digest, 1, sizeof(TCG_DIGEST2) - 1, 0)); + } + static void test_foreach_digest2(void **state) { + +@@ -47,7 +47,7 @@ static void test_foreach_digest2(void **state) { + will_return(foreach_digest2_test_callback, true); + + tpm2_eventlog_context ctx = { .digest2_cb = foreach_digest2_test_callback }; +- assert_true(foreach_digest2(&ctx, 0, digest, 1, TCG_DIGEST2_SHA1_SIZE)); ++ assert_true(foreach_digest2(&ctx, 0, 0, digest, 1, TCG_DIGEST2_SHA1_SIZE, 0)); + } + static void test_foreach_digest2_cbnull(void **state){ + +@@ -56,7 +56,7 @@ static void test_foreach_digest2_cbnull(void **state){ + TCG_DIGEST2* digest = (TCG_DIGEST2*)buf; + + tpm2_eventlog_context ctx = {0}; +- assert_true(foreach_digest2(&ctx, 0, digest, 1, TCG_DIGEST2_SHA1_SIZE)); ++ assert_true(foreach_digest2(&ctx, 0, 0, digest, 1, TCG_DIGEST2_SHA1_SIZE, 0)); + } + static void test_sha1(void **state){ + +@@ -73,7 +73,7 @@ static void test_sha1(void **state){ + memcpy(digest->Digest, "the magic words are:", TPM2_SHA1_DIGEST_SIZE); + + tpm2_eventlog_context ctx = {0}; +- assert_true(foreach_digest2(&ctx, pcr_index, digest, 1, TCG_DIGEST2_SHA1_SIZE)); ++ assert_true(foreach_digest2(&ctx, 0, pcr_index, digest, 1, TCG_DIGEST2_SHA1_SIZE, 0)); + assert_memory_equal(ctx.sha1_pcrs[pcr_index], sha1sum, sizeof(sha1sum)); + } + static void test_sha256(void **state){ +@@ -93,7 +93,7 @@ static void test_sha256(void **state){ + memcpy(digest->Digest, "The Magic Words are Squeamish Ossifrage, for RSA-129 (from 1977)", TPM2_SHA256_DIGEST_SIZE); + + tpm2_eventlog_context ctx = {0}; +- assert_true(foreach_digest2(&ctx, pcr_index, digest, 1, TCG_DIGEST2_SHA256_SIZE)); ++ assert_true(foreach_digest2(&ctx, 0, pcr_index, digest, 1, TCG_DIGEST2_SHA256_SIZE, 0)); + assert_memory_equal(ctx.sha256_pcrs[pcr_index], sha256sum, sizeof(sha256sum)); + } + static void test_foreach_digest2_cbfail(void **state){ +@@ -105,7 +105,7 @@ static void test_foreach_digest2_cbfail(void **state){ + will_return(foreach_digest2_test_callback, false); + + tpm2_eventlog_context ctx = { .digest2_cb = foreach_digest2_test_callback }; +- assert_false(foreach_digest2(&ctx, 0, digest, 1, TCG_DIGEST2_SHA1_SIZE)); ++ assert_false(foreach_digest2(&ctx, 0, 0, digest, 1, TCG_DIGEST2_SHA1_SIZE, 0)); + } + static void test_digest2_accumulator_callback(void **state) { + +@@ -292,6 +292,7 @@ static void test_foreach_event2_parse_event2body_fail(void **state){ + + eventhdr->DigestCount = 1; + eventhdr->EventType = EV_EFI_VARIABLE_BOOT; ++ eventhdr->PCRIndex = 0; + digest->AlgorithmId = TPM2_ALG_SHA1; + event->EventSize = 1; + +diff --git a/test/unit/test_tpm2_header.c b/test/unit/test_tpm2_header.c +index c93f64e..c8daca5 100644 +--- a/test/unit/test_tpm2_header.c ++++ b/test/unit/test_tpm2_header.c +@@ -18,11 +18,7 @@ static void test_tpm_command_header(void **state) { + 0x00, 0x06, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x7f + }; + +- tpm2_command_header *c = tpm2_command_header_from_bytes(command_bytes); +- +- assert_true(c->tag == 0x0180); +- assert_true(c->size == 0x16000000); +- assert_true(c->command_code == 0x7a010000); ++ const tpm2_command_header *c = tpm2_command_header_from_bytes(command_bytes); + + /* everything from bytes should be the same as the byte array */ + assert_memory_equal(c->bytes, command_bytes, sizeof(command_bytes)); +@@ -94,11 +90,7 @@ static void test_tpm_response_header(void **state) { + 0x00 + }; + +- tpm2_response_header *r = tpm2_response_header_from_bytes(response_bytes); +- +- assert_true(r->tag == 0x0180); +- assert_true(r->size == 0x1b020000); +- assert_true(r->response_code == 0x00); ++ const tpm2_response_header *r = tpm2_response_header_from_bytes(response_bytes); + + /* everything from bytes should be the same as the byte array */ + assert_memory_equal(r->bytes, response_bytes, sizeof(response_bytes)); +diff --git a/test/unit/test_tpm2_policy.c b/test/unit/test_tpm2_policy.c +index d58d34b..c98baca 100644 +--- a/test/unit/test_tpm2_policy.c ++++ b/test/unit/test_tpm2_policy.c +@@ -26,6 +26,7 @@ struct test_file { + + /* Passing tests and static data are hardcoded around this sel spec */ + #define PCR_SEL_SPEC "sha256:0,1,2,3" ++#define PCR_SEL_SPEC_FWD "sha256:0,1=96a7faaf1609b650a4f288c0904f04836ecada2f4978069486a2bb02f2f043ea,2,3=96a7faaf1609b650a4f288c0904f04836ecada2f4978069486a2bb02f2f043ea" + + /* + * Dummy value for the session handle read by the wrapped version of: +@@ -36,7 +37,7 @@ struct test_file { + /* dummy handle for esys context */ + #define ESAPI_CONTEXT ((ESYS_CONTEXT *)0xDEADBEEF) + +-/* Any PCR read returns this value */ ++/* PCR read returns this value - except for forward seal. */ + static TPM2B_DIGEST pcr_value = { + .size = 32, + .buffer = { +@@ -47,6 +48,18 @@ static TPM2B_DIGEST pcr_value = { + } + }; + ++/* Forward seal value to read for odd-numbered PCRs. These need to be ++ * overridden with forward seal values matchin pcr_value above. */ ++static TPM2B_DIGEST pcr_value_odd = { ++ .size = 32, ++ .buffer = { ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00 ++ } ++}; ++ + /* The expected hash for the pcr selection of sha256:0,1,2,3 */ + static TPM2B_DIGEST expected_policy_digest = { + .size = 32, +@@ -144,16 +157,28 @@ TSS2_RC __wrap_Esys_PCR_Read(ESYS_CONTEXT *esysContext, ESYS_TR shandle1, + UNUSED(shandle1); + UNUSED(shandle2); + UNUSED(shandle3); +- UNUSED(pcrSelectionIn); + UNUSED(pcrUpdateCounter); +- UNUSED(pcrSelectionOut); + + *pcrValues = calloc(1, sizeof(TPML_DIGEST)); + if (*pcrValues == NULL) { + return TPM2_RC_FAILURE; + } + ++ if (pcrSelectionOut) { ++ *pcrSelectionOut = calloc(1, sizeof(**pcrSelectionOut)); ++ if (*pcrSelectionOut == NULL) { ++ return TPM2_RC_FAILURE; ++ } ++ //memcpy(*pcrSelectionOut, pcrSelectionIn, sizeof(**pcrSelectionOut)); ++ (*pcrSelectionOut)->pcrSelections[0].sizeofSelect = ++ pcrSelectionIn->pcrSelections[0].sizeofSelect; ++ (*pcrSelectionOut)->pcrSelections[0].hash = ++ pcrSelectionIn->pcrSelections[0].hash; ++ (*pcrSelectionOut)->count = 1; ++ } ++ + UINT32 i; ++ UINT32 pcr; + /* NOTE: magic number of 4... The prior (SAPI) implementation had a + * semi-populated pcrValues with an appropriate count value set. + * This ESAPI call allocates the pcrValues out-value and thus we don't have +@@ -161,8 +186,23 @@ TSS2_RC __wrap_Esys_PCR_Read(ESYS_CONTEXT *esysContext, ESYS_TR shandle1, + * expected value for the *one* call we're currently making in this unit + * test. + */ +- for (i = 0; i < 4; i++) { ++ for (i = 0, pcr = 0; ++ pcr < pcrSelectionIn->pcrSelections[0].sizeofSelect * 8; ++ pcr++) { ++ if (!tpm2_util_is_pcr_select_bit_set(&pcrSelectionIn->pcrSelections[0], ++ pcr)) ++ continue; ++ + (*pcrValues)->digests[i] = pcr_value; ++ (*pcrValues)->count++; ++ i++; ++ if (pcrSelectionOut) { ++ (*pcrSelectionOut)->pcrSelections[0].pcrSelect[pcr / 8] |= ++ (1 << (pcr % 8)); ++ } ++ ++ if (i == ARRAY_LEN((*pcrValues)->digests)) ++ break; + } + + return TPM2_RC_SUCCESS; +@@ -213,10 +253,11 @@ static void test_tpm2_policy_build_pcr_good(void **state) { + assert_non_null(s); + + TPML_PCR_SELECTION pcr_selections; +- bool res = pcr_parse_selections(PCR_SEL_SPEC, &pcr_selections); ++ bool res = pcr_parse_selections(PCR_SEL_SPEC, &pcr_selections, NULL); + assert_true(res); + +- rc = tpm2_policy_build_pcr(ESAPI_CONTEXT, s, NULL, &pcr_selections, NULL); ++ rc = tpm2_policy_build_pcr(ESAPI_CONTEXT, s, NULL, &pcr_selections, NULL, ++ NULL); + assert_int_equal(rc, tool_rc_success); + + TPM2B_DIGEST *policy_digest; +@@ -301,7 +342,7 @@ static void test_tpm2_policy_build_pcr_file_good(void **state) { + * If it is, the file generation below needs to change. + */ + TPML_PCR_SELECTION pcr_selections; +- bool res = pcr_parse_selections(PCR_SEL_SPEC, &pcr_selections); ++ bool res = pcr_parse_selections(PCR_SEL_SPEC, &pcr_selections, NULL); + assert_true(res); + + /* +@@ -331,7 +372,7 @@ static void test_tpm2_policy_build_pcr_file_good(void **state) { + assert_non_null(s); + + trc = tpm2_policy_build_pcr(ESAPI_CONTEXT, s, tf->path, &pcr_selections, +- NULL); ++ NULL, NULL); + assert_int_equal(trc, tool_rc_success); + + TPM2B_DIGEST *policy_digest; +@@ -359,7 +400,7 @@ static void test_tpm2_policy_build_pcr_file_bad_size(void **state) { + * If it is, the file generation below needs to change. + */ + TPML_PCR_SELECTION pcr_selections; +- bool res = pcr_parse_selections(PCR_SEL_SPEC, &pcr_selections); ++ bool res = pcr_parse_selections(PCR_SEL_SPEC, &pcr_selections, NULL); + assert_true(res); + + /* +@@ -390,12 +431,84 @@ static void test_tpm2_policy_build_pcr_file_bad_size(void **state) { + assert_non_null(s); + + trc = tpm2_policy_build_pcr(ESAPI_CONTEXT, s, tf->path, &pcr_selections, +- NULL); ++ NULL, NULL); + tpm2_session_close(&s); + assert_null(s); + assert_int_equal(trc, tool_rc_general_error); + } + ++/* ++ * Test forward sealing. The idea is here to re-use the existing expected test ++ * results. To test the forward sealing, pcr_value_odd is written for the ++ * odd-numbered PCRs and this must be overridden with the expected pcr_value by ++ * the forward sealing value. ++ */ ++static void test_tpm2_policy_build_pcr_forward_good(void **state) { ++ ++ test_file *tf = test_file_from_state(state); ++ assert_non_null(tf); ++ ++ tpm2_forwards forwards = {}; ++ ++ /* ++ * This PCR selection must not be to big too fit in the selection ++ * array at index 0 byte index 0. ++ * ++ * If it is, the file generation below needs to change. ++ */ ++ TPML_PCR_SELECTION pcr_selections; ++ bool res = pcr_parse_selections(PCR_SEL_SPEC_FWD, &pcr_selections, ++ &forwards); ++ assert_true(res); ++ ++ /* ++ * Create a file with the expected PCR hashes based on the number of pcr ++ * selections. We know that the PCR selection above will always be in the ++ * first selection array in the first byte. ++ */ ++ UINT32 i; ++ UINT32 cnt = tpm2_util_pop_count( ++ pcr_selections.pcrSelections[0].pcrSelect[0]); ++ ++ for (i = 0; i < cnt; i++) { ++ TPM2B_DIGEST *d; ++ if (i & 1) ++ d = &pcr_value_odd; ++ else ++ d = &pcr_value; ++ ++ size_t num = fwrite(d->buffer, d->size, 1, tf->file); ++ assert_int_equal(num, 1); ++ } ++ ++ int rc = fflush(tf->file); ++ assert_int_equal(rc, 0); ++ ++ tpm2_session_data *d = tpm2_session_data_new(TPM2_SE_POLICY); ++ assert_non_null(d); ++ ++ tpm2_session *s = NULL; ++ tool_rc trc = tpm2_session_open(ESAPI_CONTEXT, d, &s); ++ assert_int_equal(trc, tool_rc_success); ++ assert_non_null(s); ++ ++ trc = tpm2_policy_build_pcr(ESAPI_CONTEXT, s, tf->path, &pcr_selections, ++ NULL, &forwards); ++ assert_int_equal(trc, tool_rc_success); ++ ++ TPM2B_DIGEST *policy_digest; ++ trc = tpm2_policy_get_digest(ESAPI_CONTEXT, s, &policy_digest, 0, ++ TPM2_ALG_ERROR); ++ assert_int_equal(rc, tool_rc_success); ++ ++ assert_int_equal(policy_digest->size, expected_policy_digest.size); ++ assert_memory_equal(policy_digest->buffer, expected_policy_digest.buffer, ++ expected_policy_digest.size); ++ ++ tpm2_session_close(&s); ++ assert_null(s); ++} ++ + static void tpm2_policy_parse_policy_list_good(void **state) { + UNUSED(state); + +@@ -462,6 +575,8 @@ int main(int argc, char *argv[]) { + cmocka_unit_test_setup_teardown(test_tpm2_policy_build_pcr_file_good, + test_setup, test_teardown), + cmocka_unit_test_setup_teardown(test_tpm2_policy_build_pcr_file_bad_size, ++ test_setup, test_teardown), ++ cmocka_unit_test_setup_teardown(test_tpm2_policy_build_pcr_forward_good, + test_setup, test_teardown) + }; + +diff --git a/test/unit/test_tpm2_session.c b/test/unit/test_tpm2_session.c +index 50977dc..dccb87f 100644 +--- a/test/unit/test_tpm2_session.c ++++ b/test/unit/test_tpm2_session.c +@@ -24,10 +24,11 @@ static void test_tpm2_create_dummy_context(TPMS_CONTEXT *context) { + memset(context->contextBlob.buffer, '\0', context->contextBlob.size); + } + +-tool_rc __wrap_tpm2_context_save(ESYS_CONTEXT *esysContext, ESYS_TR saveHandle, ++tool_rc __wrap_tpm2_context_save(ESYS_CONTEXT *esysContext, ESYS_TR saveHandle, bool autoflush, + TPMS_CONTEXT **context) { + + UNUSED(esysContext); ++ UNUSED(autoflush); + + // context should be non-null or bool files_save_tpm_context_to_file() + // segfaults +diff --git a/tools/fapi/tss2_gettpm2object.c b/tools/fapi/tss2_gettpm2object.c +index 650bb4b..07e816b 100644 +--- a/tools/fapi/tss2_gettpm2object.c ++++ b/tools/fapi/tss2_gettpm2object.c +@@ -108,11 +108,11 @@ static int tss2_tool_onrun (FAPI_CONTEXT *fctx) { + } + + e_rc = Esys_Initialize(&esys_ctx, tcti, NULL); +- ++ + if (blob_type == FAPI_ESYSBLOB_CONTEXTLOAD) { + size_t offset = 0; + TPMS_CONTEXT context; +- ++ + if (e_rc != TPM2_RC_SUCCESS) { + LOG_PERR("Esys_Initialize", e_rc); + goto error; +@@ -127,7 +127,7 @@ static int tss2_tool_onrun (FAPI_CONTEXT *fctx) { + LOG_PERR("Esys_ContextLoad", e_rc); + goto error; + } +- t_rc = files_save_tpm_context_to_file(esys_ctx, esys_handle, stream); ++ t_rc = files_save_tpm_context_to_file(esys_ctx, esys_handle, stream, false); + if (t_rc != tool_rc_success) { + goto error; + } +@@ -148,7 +148,7 @@ static int tss2_tool_onrun (FAPI_CONTEXT *fctx) { + LOG_ERR("IO error for path \"%s\"", ctx.data); + goto error; + } +- ++ + Esys_TR_Close(esys_ctx, &esys_handle_deser); + Esys_Finalize(&esys_ctx); + } +diff --git a/tools/misc/tpm2_checkquote.c b/tools/misc/tpm2_checkquote.c +index fe8ef11..498dffb 100644 +--- a/tools/misc/tpm2_checkquote.c ++++ b/tools/misc/tpm2_checkquote.c +@@ -54,10 +54,54 @@ static tpm2_verifysig_ctx ctx = { + .pcr_hash = TPM2B_TYPE_INIT(TPM2B_DIGEST, buffer), + }; + ++/** ++ * Size of the table with the possible padding schemes ++ */ ++#define N_PADDING 3 ++ ++/** ++ * Table with possible padding schemes to guess the one appropriate for ++ * for RSA signature verification ++ */ ++static const int rsaPadding[N_PADDING] = { -1 , /*<< no padding */ ++ RSA_PKCS1_PADDING, RSA_PKCS1_PSS_PADDING }; ++ ++static bool compare_pcr_selection(TPML_PCR_SELECTION *attest_sel, TPML_PCR_SELECTION *pcr_sel) { ++ if (attest_sel->count != pcr_sel->count) { ++ LOG_ERR("Selection sizes do not match."); ++ return false; ++ } ++ for (uint32_t i = 0; i < attest_sel->count; i++) { ++ for (uint32_t j = 0; j < pcr_sel->count; j++) { ++ if (attest_sel->pcrSelections[i].hash == ++ pcr_sel->pcrSelections[j].hash) { ++ if (attest_sel->pcrSelections[i].sizeofSelect != ++ pcr_sel->pcrSelections[j].sizeofSelect) { ++ LOG_ERR("Bitmask size does not match"); ++ return false; ++ } ++ if (memcmp(&attest_sel->pcrSelections[i].pcrSelect[0], ++ &pcr_sel->pcrSelections[j].pcrSelect[0], ++ attest_sel->pcrSelections[i].sizeofSelect) != 0) { ++ LOG_ERR("Selection bitmasks do not match"); ++ return false; ++ } ++ break; ++ } ++ if (j == pcr_sel->count - 1) { ++ LOG_ERR("Hash selections to not match."); ++ return false; ++ } ++ } ++ } ++ return true; ++} ++ + static bool verify(void) { + + bool result = false; + EVP_PKEY_CTX *pkey_ctx = NULL; ++ int rc; + + /* read the public key */ + EVP_PKEY *pkey = NULL; +@@ -78,39 +122,60 @@ static bool verify(void) { + #endif + #endif + +- pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL); +- if (!pkey_ctx) { +- LOG_ERR("EVP_PKEY_CTX_new failed: %s", ERR_error_string(ERR_get_error(), NULL)); +- goto err; +- } +- +- /* get the digest alg */ +- /* TODO SPlit loading on plain vs tss format to detect the hash alg */ +- /* If its a plain sig we need -g */ +- const EVP_MD *md = tpm2_openssl_md_from_tpmhalg(ctx.halg); +- // TODO error handling +- +- int rc = EVP_PKEY_verify_init(pkey_ctx); +- if (!rc) { +- LOG_ERR("EVP_PKEY_verify_init failed: %s", ERR_error_string(ERR_get_error(), NULL)); +- goto err; +- } +- +- rc = EVP_PKEY_CTX_set_signature_md(pkey_ctx, md); +- if (!rc) { +- LOG_ERR("EVP_PKEY_CTX_set_signature_md failed: %s", ERR_error_string(ERR_get_error(), NULL)); +- goto err; +- } +- + /* TODO dump actual signature */ + tpm2_tool_output("sig: "); + tpm2_util_hexdump(ctx.signature.buffer, ctx.signature.size); + tpm2_tool_output("\n"); + +- // Verify the signature matches message digest ++ /* Try all possible padding schemes for verification */ ++ for (int i = 0; i < N_PADDING; i++) { ++ pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL); ++ if (!pkey_ctx) { ++ LOG_ERR("EVP_PKEY_CTX_new failed: %s", ERR_error_string(ERR_get_error(), NULL)); ++ goto err; ++ } ++ ++ /* get the digest alg */ ++ /* TODO SPlit loading on plain vs tss format to detect the hash alg */ ++ /* If its a plain sig we need -g */ ++ const EVP_MD *md = tpm2_openssl_md_from_tpmhalg(ctx.halg); ++ if (!md) { ++ LOG_ERR("Algorithm not supported: %x", ctx.halg); ++ goto err; ++ } ++ ++ rc = EVP_PKEY_verify_init(pkey_ctx); ++ if (!rc) { ++ LOG_ERR("EVP_PKEY_verify_init failed: %s", ERR_error_string(ERR_get_error(), NULL)); ++ goto err; ++ } ++ ++ rc = EVP_PKEY_CTX_set_signature_md(pkey_ctx, md); ++ if (!rc) { ++ LOG_ERR("EVP_PKEY_CTX_set_signature_md failed: %s", ERR_error_string(ERR_get_error(), NULL)); ++ goto err; ++ } ++ ++ if (rsaPadding[i] != -1) { ++ rc = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, rsaPadding[i]); ++ if (rc < 0) { ++ LOG_ERR("EVP_PKEY_CTX_set_rsa_padding"); ++ goto err; ++ } ++ } + +- rc = EVP_PKEY_verify(pkey_ctx, ctx.signature.buffer, ctx.signature.size, +- ctx.msg_hash.buffer, ctx.msg_hash.size); ++ // Verify the signature matches message digest ++ ++ rc = EVP_PKEY_verify(pkey_ctx, ctx.signature.buffer, ctx.signature.size, ++ ctx.msg_hash.buffer, ctx.msg_hash.size); ++ ++ if (rc == 1) { ++ break; ++ } else { ++ EVP_PKEY_CTX_free(pkey_ctx); ++ pkey_ctx = NULL; ++ } ++ } + if (rc != 1) { + if (rc == 0) { + LOG_ERR("Error validating signed message with public key provided"); +@@ -128,6 +193,13 @@ static bool verify(void) { + goto err; + } + ++ // check magic ++ if (ctx.attest.magic != TPM2_GENERATED_VALUE) { ++ LOG_ERR("Bad magic, got: 0x%x, expected: 0x%x", ++ ctx.attest.magic, TPM2_GENERATED_VALUE); ++ return false; ++ } ++ + // Also ensure digest from quote matches PCR digest + if (ctx.flags.pcr) { + if (!tpm2_util_verify_digests(&ctx.attest.attested.quote.pcrDigest, +@@ -179,7 +251,8 @@ static TPM2B_ATTEST *message_from_file(const char *msg_file_path) { + static bool parse_selection_data_from_selection_string(FILE *pcr_input, + TPML_PCR_SELECTION *pcr_select, tpm2_pcrs *pcrs) { + +- bool result = pcr_parse_selections(ctx.pcr_selection_string, pcr_select); ++ bool result = pcr_parse_selections(ctx.pcr_selection_string, pcr_select, ++ NULL); + if (!result) { + LOG_ERR("Could not parse PCR selections"); + return false; +@@ -387,7 +460,7 @@ static tool_rc init(void) { + } + + TPM2B_ATTEST *msg = NULL; +- TPML_PCR_SELECTION pcr_select; ++ TPML_PCR_SELECTION pcr_select = { 0 }; + tpm2_pcrs *pcrs; + tpm2_pcrs temp_pcrs = {}; + tool_rc return_value = tool_rc_general_error; +@@ -550,6 +623,14 @@ static tool_rc init(void) { + goto err; + } + ++ if (ctx.flags.pcr) { ++ if (!compare_pcr_selection(&ctx.attest.attested.quote.pcrSelect, ++ &pcr_select)) { ++ LOG_ERR("PCR selection does not match PCR slection from attest!"); ++ goto err; ++ } ++ } ++ + // Figure out the digest for this message + res = tpm2_openssl_hash_compute_data(ctx.halg, msg->attestationData, + msg->size, &ctx.msg_hash); +diff --git a/tools/misc/tpm2_encodeobject.c b/tools/misc/tpm2_encodeobject.c +index 4fe06ce..eee939f 100644 +--- a/tools/misc/tpm2_encodeobject.c ++++ b/tools/misc/tpm2_encodeobject.c +@@ -39,9 +39,12 @@ struct tpm_encodeobject_ctx { + } object; + + char *output_path; ++ bool autoflush; + }; + +-static tpm_encodeobject_ctx ctx; ++static tpm_encodeobject_ctx ctx = { ++ .autoflush = false, ++}; + + static bool on_option(char key, char *value) { + switch (key) { +@@ -76,9 +79,10 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "parent-context", required_argument, NULL, 'C' }, + { "output", required_argument, NULL, 'o' }, + { "key-auth", no_argument, NULL, 'p' }, ++ { "autoflush", no_argument, NULL, 'R' }, + }; + +- *opts = tpm2_options_new("P:u:r:C:o:p", ARRAY_LEN(topts), topts, on_option, ++ *opts = tpm2_options_new("P:u:r:C:o:pR", ARRAY_LEN(topts), topts, on_option, + NULL, 0); + + return *opts != NULL; +@@ -125,7 +129,7 @@ static tool_rc init(ESYS_CONTEXT *ectx) { + TPM2_HANDLE_ALL_W_NV); + } + +-static int encode(void) { ++static int encode(ESYS_CONTEXT *ectx) { + + uint8_t private_buf[sizeof(ctx.object.private)]; + size_t private_len = 0; +@@ -186,6 +190,16 @@ static int encode(void) { + } + + PEM_write_bio_TSSPRIVKEY_OBJ(bio, tpk); ++ ++ if ((ctx.autoflush || tpm2_util_env_yes(TPM2TOOLS_ENV_AUTOFLUSH)) && ++ ctx.parent.object.path && ++ (ctx.parent.object.handle & TPM2_HR_RANGE_MASK) == TPM2_HR_TRANSIENT) { ++ rval = Esys_FlushContext(ectx, ctx.parent.object.tr_handle); ++ if (rval != TPM2_RC_SUCCESS) { ++ return tool_rc_general_error; ++ } ++ } ++ + rc = tool_rc_success; + + error: +@@ -210,7 +224,7 @@ static tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { + return rc; + } + +- return encode(); ++ return encode(ectx); + } + + // Register this tool with tpm2_tool.c +diff --git a/tools/misc/tpm2_print.c b/tools/misc/tpm2_print.c +index d7c41c2..faa5ac3 100644 +--- a/tools/misc/tpm2_print.c ++++ b/tools/misc/tpm2_print.c +@@ -103,6 +103,97 @@ static bool print_TPMS_QUOTE_INFO(TPMS_QUOTE_INFO *info, size_t indent_count) { + return true; + } + ++static void print_TPMS_CERTIFY_INFO(TPMS_CERTIFY_INFO *certify_info, size_t indent_count) { ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("name: "); ++ tpm2_util_print_tpm2b(&certify_info->name); ++ tpm2_tool_output("\n"); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("qualifiedName: "); ++ tpm2_util_print_tpm2b(&certify_info->qualifiedName); ++ tpm2_tool_output("\n"); ++} ++ ++static void print_TPMS_CREATION_INFO(TPMS_CREATION_INFO *creation_info, size_t indent_count) { ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("objectName: "); ++ tpm2_util_print_tpm2b(&creation_info->objectName); ++ tpm2_tool_output("\n"); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("creationHash: "); ++ tpm2_util_print_tpm2b(&creation_info->creationHash); ++ tpm2_tool_output("\n"); ++} ++ ++static void print_TPMS_COMMAND_AUDIT_INFO(TPMS_COMMAND_AUDIT_INFO *command_audit_info, ++ size_t indent_count) { ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("auditCounter: %"PRIu64"\n", command_audit_info->auditCounter); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("digestAlg: %s\n", tpm2_alg_util_algtostr(command_audit_info->digestAlg, ++ tpm2_alg_util_flags_hash)); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("auditDigest: "); ++ tpm2_util_print_tpm2b(&command_audit_info->auditDigest); ++ tpm2_tool_output("\n"); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("commandDigest: "); ++ tpm2_util_print_tpm2b(&command_audit_info->commandDigest); ++ tpm2_tool_output("\n"); ++} ++ ++static void print_TPMS_SESSION_AUDIT_INFO(TPMS_SESSION_AUDIT_INFO *session_audit_info, ++ size_t indent_count) { ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("exclusiveSession: %s\n", session_audit_info->exclusiveSession ? "yes" : "no"); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("sessionDigest: "); ++ tpm2_util_print_tpm2b(&session_audit_info->sessionDigest); ++ tpm2_tool_output("\n"); ++} ++ ++static void print_TPMS_CLOCK_INFO(TPMS_CLOCK_INFO *clock_info, size_t indent_count) { ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("clock: %"PRIu64"\n", clock_info->clock); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("resetCount: %"PRIu32"\n", clock_info->resetCount); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("restartCount: %"PRIu32"\n", clock_info->restartCount); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("safe: %s\n", clock_info->safe ? "yes" : "no"); ++} ++ ++static void print_TPMS_TIME_INFO(TPMS_TIME_INFO *time_info, size_t indent_count) { ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("time: %"PRIu64"\n", time_info->time); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("clockInfo:\n"); ++ print_TPMS_CLOCK_INFO(&time_info->clockInfo, indent_count + 1); ++} ++ ++static void print_TPMS_TIME_ATTEST_INFO(TPMS_TIME_ATTEST_INFO *time_info, size_t indent_count) { ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("time:\n"); ++ print_TPMS_TIME_INFO(&time_info->time, indent_count + 1); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("firmwareVersion: %"PRIu64"\n", time_info->firmwareVersion); ++ tpm2_tool_output("\n"); ++} ++ ++static void print_TPMS_NV_CERTIFY_INFO(TPMS_NV_CERTIFY_INFO *nv_certify_info, ++ size_t indent_count) { ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("indexName: "); ++ tpm2_util_print_tpm2b(&nv_certify_info->indexName); ++ tpm2_tool_output("\n"); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("offset: %"PRIu32"\n", nv_certify_info->offset); ++ print_yaml_indent(indent_count); ++ tpm2_tool_output("nvContents: "); ++ tpm2_util_print_tpm2b(&nv_certify_info->nvContents); ++ tpm2_tool_output("\n"); ++} ++ + static bool print_TPMS_ATTEST(FILE* fd) { + + TPMS_ATTEST attest = { 0 }; +@@ -149,14 +240,44 @@ static bool print_TPMS_ATTEST(FILE* fd) { + sizeof(attest.firmwareVersion)); + tpm2_tool_output("\n"); + ++ tpm2_tool_output("attested:\n"); ++ print_yaml_indent(1); ++ + switch (attest.type) { + case TPM2_ST_ATTEST_QUOTE: +- tpm2_tool_output("attested:\n"); +- print_yaml_indent(1); + tpm2_tool_output("quote:\n"); + return print_TPMS_QUOTE_INFO(&attest.attested.quote, 2); + break; +- ++ case TPM2_ST_ATTEST_CERTIFY: ++ tpm2_tool_output("certify:\n"); ++ print_TPMS_CERTIFY_INFO(&attest.attested.certify, 2); ++ return true; ++ break; ++ case TPM2_ST_ATTEST_CREATION: ++ tpm2_tool_output("creation:\n"); ++ print_TPMS_CREATION_INFO(&attest.attested.creation, 2); ++ return true; ++ break; ++ case TPM2_ST_ATTEST_COMMAND_AUDIT: ++ tpm2_tool_output("commandAudit:\n"); ++ print_TPMS_COMMAND_AUDIT_INFO(&attest.attested.commandAudit, 2); ++ return true; ++ break; ++ case TPM2_ST_ATTEST_SESSION_AUDIT: ++ tpm2_tool_output("sessiondAudit:\n"); ++ print_TPMS_SESSION_AUDIT_INFO(&attest.attested.sessionAudit, 2); ++ return true; ++ break; ++ case TPM2_ST_ATTEST_TIME: ++ tpm2_tool_output("time:\n"); ++ print_TPMS_TIME_ATTEST_INFO(&attest.attested.time, 2); ++ return true; ++ break; ++ case TPM2_ST_ATTEST_NV : ++ tpm2_tool_output("nv:\n"); ++ print_TPMS_NV_CERTIFY_INFO(&attest.attested.nv, 2); ++ return true; ++ break; + default: + LOG_ERR("Cannot print unsupported type 0x%" PRIx16, attest.type); + return false; +@@ -302,7 +423,7 @@ static bool print_TPM2B_PUBLIC(FILE *fstream) { + static bool print_TSSPRIVKEY_OBJ(FILE *fstream) { + + UNUSED(fstream); +- ++ + TPM2B_PUBLIC pub = { 0 }; + TPM2B_PRIVATE priv = { 0 }; + tool_rc rc = tpm2_util_object_fetch_priv_pub_from_tpk(ctx.file.path, &pub, +diff --git a/tools/misc/tpm2_tr_encode.c b/tools/misc/tpm2_tr_encode.c +new file mode 100644 +index 0000000..6df30f5 +--- /dev/null ++++ b/tools/misc/tpm2_tr_encode.c +@@ -0,0 +1,207 @@ ++/* SPDX-License-Identifier: BSD-3-Clause */ ++ ++#include ++#include ++#include ++ ++#include ++ ++#include "files.h" ++#include "log.h" ++#include "tpm2_convert.h" ++#include "tpm2_identity_util.h" ++#include "tpm2_tool.h" ++ ++typedef struct tpm2_tr_encode_ctx tpm2_tr_encode_ctx; ++struct tpm2_tr_encode_ctx { ++ const char *context_arg; ++ const char *public_arg; ++ const char *output_arg; ++}; ++static tpm2_tr_encode_ctx ctx; ++ ++static bool tpm2_util_persistent_to_esys_tr(TPM2_HANDLE handle, TPM2B_PUBLIC *public, TPM2B_NAME *name, uint8_t **tr_buf, size_t *size) { ++ ++#define IESYSC_KEY_RSRC 1 ++ /* ++ * So this is the format of an ESYS_TR: ++ * 4 bytes TPM2_HANDLE ++ * TPM2B_NAME ++ * 4 bytes resource type ++ * TPM2B_PUBLIC ++ */ ++ ++ /* can only serialize persistent objects */ ++ if ((handle >> TPM2_HR_SHIFT) != TPM2_HT_PERSISTENT) { ++ LOG_ERR("Handle must be persistent, got: 0x%x", handle); ++ return false; ++ } ++ ++ /* Step 1 calculate the size */ ++ size_t buf_size = SIZE_MAX; ++ size_t offset = 0; ++ void *buffer = NULL; ++ for (unsigned i=0; i < 2; i++) { ++ TSS2_RC rc = Tss2_MU_TPM2_HANDLE_Marshal( ++ handle, ++ buffer, ++ buf_size, ++ &offset); ++ if (rc != TSS2_RC_SUCCESS) { ++ LOG_PERR(Tss2_MU_TPM2_HANDLE_Marshal, rc); ++ free(buffer); ++ return false; ++ } ++ ++ rc = Tss2_MU_TPM2B_NAME_Marshal( ++ name, ++ buffer, ++ buf_size, ++ &offset); ++ if (rc != TSS2_RC_SUCCESS) { ++ LOG_PERR(Tss2_MU_TPM2B_NAME_Marshal, rc); ++ free(buffer); ++ return false; ++ } ++ ++ rc = Tss2_MU_UINT32_Marshal( ++ IESYSC_KEY_RSRC, ++ buffer, ++ buf_size, ++ &offset); ++ if (rc != TSS2_RC_SUCCESS) { ++ LOG_PERR(Tss2_MU_UINT32_Marshal, rc); ++ free(buffer); ++ return false; ++ } ++ ++ rc = Tss2_MU_TPM2B_PUBLIC_Marshal( ++ public, ++ buffer, ++ buf_size, ++ &offset); ++ if (rc != TSS2_RC_SUCCESS) { ++ LOG_PERR(Tss2_MU_TPM2B_PUBLIC_Marshal, rc); ++ free(buffer); ++ return false; ++ } ++ ++ /* ++ * on the first time through allocate the buffer for population on ++ * the next loop ++ */ ++ if (i == 0) { ++ buf_size = offset; ++ offset = 0; ++ buffer = calloc(1, buf_size); ++ if (!buffer) { ++ return 1; ++ } ++ } ++ } ++ ++ *size = offset; ++ *tr_buf = buffer; ++ ++ return true; ++} ++ ++static bool on_option(char key, char *value) { ++ ++ switch (key) { ++ case 'c': ++ ctx.context_arg = value; ++ break; ++ case 'u': ++ ctx.public_arg = value; ++ break; ++ case 'o': ++ ctx.output_arg = value; ++ break; ++ ++ } ++ return true; ++} ++ ++static bool tpm2_tool_onstart(tpm2_options **opts) { ++ const struct option topts[] = { ++ { "object-context", required_argument, NULL, 'c' }, ++ { "public", required_argument, NULL, 'u' }, ++ { "output", required_argument, NULL, 'o' }, ++ }; ++ ++ *opts = tpm2_options_new("c:u:o:", ARRAY_LEN(topts), topts, on_option, ++ NULL, TPM2_OPTIONS_NO_SAPI); ++ return *opts != NULL; ++} ++ ++static bool check_options(void) { ++ ++ bool result = true; ++ ++ if (!ctx.context_arg) { ++ LOG_ERR("Object Handle must be specified by option \"-c\""); ++ result = false; ++ } ++ ++ if (!ctx.public_arg) { ++ LOG_ERR("Objects expected TPM2B_PUBLIC must be specified by option \"-u\""); ++ result = false; ++ } ++ ++ if (!ctx.output_arg) { ++ LOG_ERR("The output file for the generated serialized ESYS_TR must be specified by option \"-o\""); ++ result = false; ++ } ++ ++ return result; ++} ++ ++static tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { ++ ++ UNUSED(flags); ++ UNUSED(ectx); ++ ++ bool result = check_options(); ++ if (!result) { ++ return tool_rc_option_error; ++ } ++ ++ TPMI_RH_PROVISION handle; ++ result = tpm2_util_handle_from_optarg(ctx.context_arg, &handle, TPM2_HANDLES_FLAGS_PERSISTENT); ++ if (!result) { ++ return tool_rc_option_error; ++ } ++ ++ TPM2B_PUBLIC pub = { 0 }; ++ result = files_load_public(ctx.public_arg, &pub); ++ if (!result) { ++ LOG_ERR("Failed to load public key \"%s\"", ctx.public_arg); ++ return tool_rc_option_error; ++ } ++ ++ /* calculate the name */ ++ TPM2B_NAME name = TPM2B_TYPE_INIT(TPM2B_NAME, name); ++ result = tpm2_identity_create_name(&pub, &name); ++ if (!result) { ++ LOG_ERR("Failed to calculate name"); ++ return tool_rc_general_error; ++ } ++ ++ uint8_t *buf = NULL; ++ size_t buf_size = 0; ++ result = tpm2_util_persistent_to_esys_tr(handle, &pub, &name, &buf, &buf_size); ++ if (!result) { ++ LOG_ERR("Could not convert to serialized ESYS_TR"); ++ return tool_rc_general_error; ++ } ++ ++ result = files_save_bytes_to_file(ctx.output_arg, buf, ++ buf_size); ++ free(buf); ++ ++ return result ? tool_rc_success : tool_rc_general_error; ++} ++ ++// Register this tool with tpm2_tool.c ++TPM2_TOOL_REGISTER("tr_encode", tpm2_tool_onstart, tpm2_tool_onrun, NULL, NULL) +diff --git a/tools/tpm2_certifycreation.c b/tools/tpm2_certifycreation.c +index c301aad..b6dbc6f 100644 +--- a/tools/tpm2_certifycreation.c ++++ b/tools/tpm2_certifycreation.c +@@ -209,7 +209,7 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) { + rc = tpm2_util_bin_from_hex_or_file(ctx.policy_qualifier_data, + &ctx.policy_qualifier.size, ctx.policy_qualifier.buffer) ? + tool_rc_success : tool_rc_general_error; +- ++ + if (rc != tool_rc_success) { + LOG_ERR("Could not load qualifier data"); + return rc; +diff --git a/tools/tpm2_changeauth.c b/tools/tpm2_changeauth.c +index 4b65ea9..f2ad99f 100644 +--- a/tools/tpm2_changeauth.c ++++ b/tools/tpm2_changeauth.c +@@ -21,6 +21,8 @@ struct changeauth_ctx { + tpm2_loaded_object obj; + } parent; + ++ bool autoflush; ++ + struct { + const char *auth_current; + const char *auth_new; +@@ -59,6 +61,7 @@ static changeauth_ctx ctx = { + .parameter_hash_algorithm = TPM2_ALG_ERROR, + .aux_session_handle[0] = ESYS_TR_NONE, + .aux_session_handle[1] = ESYS_TR_NONE, ++ .autoflush = false, + }; + + static tool_rc hierarchy_change_auth(ESYS_CONTEXT *ectx) { +@@ -77,15 +80,29 @@ static tool_rc nv_change_auth(ESYS_CONTEXT *ectx) { + + static tool_rc object_change_auth(ESYS_CONTEXT *ectx) { + ++ TSS2_RC rval; ++ + if (!ctx.object.out_path) { + LOG_ERR("Require private output file path option -r"); + return tool_rc_general_error; + } + +- return tpm2_object_change_auth(ectx, &ctx.parent.obj, &ctx.object.obj, ++ tool_rc rc = tpm2_object_change_auth(ectx, &ctx.parent.obj, &ctx.object.obj, + ctx.new_auth, &ctx.out_private, &ctx.cp_hash, &ctx.rp_hash, + ctx.parameter_hash_algorithm, ctx.aux_session_handle[0], + ctx.aux_session_handle[1]); ++ if (rc != tool_rc_success) { ++ return rc; ++ } ++ if ((ctx.autoflush || tpm2_util_env_yes(TPM2TOOLS_ENV_AUTOFLUSH)) && ++ ctx.parent.obj.path && ++ (ctx.parent.obj.handle & TPM2_HR_RANGE_MASK) == TPM2_HR_TRANSIENT) { ++ rval = Esys_FlushContext(ectx, ctx.parent.obj.tr_handle); ++ if (rval != TPM2_RC_SUCCESS) { ++ return tool_rc_general_error; ++ } ++ } ++ return tool_rc_success; + } + + static tool_rc change_authorization(ESYS_CONTEXT *ectx) { +@@ -317,6 +334,10 @@ static bool on_option(char key, char *value) { + return false; + } + break; ++ case 'R': ++ ctx.autoflush = true; ++ break; ++ + /*no default */ + } + +@@ -333,8 +354,9 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "cphash", required_argument, NULL, 0 }, + { "rphash", required_argument, NULL, 1 }, + { "session", required_argument, NULL, 'S' }, ++ { "autoflush", no_argument, NULL, 'R' }, + }; +- *opts = tpm2_options_new("p:c:C:r:S:", ARRAY_LEN(topts), topts, ++ *opts = tpm2_options_new("p:c:C:r:S:R", ARRAY_LEN(topts), topts, + on_option, on_arg, 0); + + return *opts != NULL; +diff --git a/tools/tpm2_create.c b/tools/tpm2_create.c +index 559998f..cf25137 100644 +--- a/tools/tpm2_create.c ++++ b/tools/tpm2_create.c +@@ -61,7 +61,7 @@ struct tpm_create_ctx { + } object; + + bool is_createloaded; +- ++ bool autoflush; + /* + * Parameter hashes + */ +@@ -103,6 +103,7 @@ static tpm_create_ctx ctx = { + .is_command_dispatch = true, + .parameter_hash_algorithm = TPM2_ALG_ERROR, + .format = pubkey_format_tss, ++ .autoflush = false, + }; + + static bool load_outside_info(TPM2B_DATA *outside_info) { +@@ -125,6 +126,8 @@ static void print_help_message() { + + static tool_rc create(ESYS_CONTEXT *ectx) { + ++ TSS2_RC rval; ++ + /* + * 1. TPM2_CC_ OR Retrieve cpHash + */ +@@ -179,6 +182,14 @@ static tool_rc create(ESYS_CONTEXT *ectx) { + } + } + ++ if ((ctx.autoflush || tpm2_util_env_yes(TPM2TOOLS_ENV_AUTOFLUSH)) && ++ ctx.parent.object.path && ++ (ctx.parent.object.handle & TPM2_HR_RANGE_MASK) == TPM2_HR_TRANSIENT) { ++ rval = Esys_FlushContext(ectx, ctx.parent.object.tr_handle); ++ if (rval != TPM2_RC_SUCCESS) { ++ return tool_rc_general_error; ++ } ++ } + return tool_rc_success; + } + +@@ -209,7 +220,7 @@ static tool_rc process_output(ESYS_CONTEXT *ectx) { + if (ctx.is_createloaded && ctx.object.template_data_path) { + is_file_op_success = files_save_template( + &ctx.object.in_public.publicArea, ctx.object.template_data_path); +- ++ + if (!is_file_op_success) { + LOG_ERR("Could not save public template to file."); + return tool_rc_general_error; +@@ -311,7 +322,7 @@ create_out: + + if (ctx.object.ctx_path) { + rc = files_save_tpm_context_to_path(ectx, ctx.object.object_handle, +- ctx.object.ctx_path); ++ ctx.object.ctx_path, ctx.autoflush); + + if (rc != tool_rc_success) { + goto out; +@@ -394,9 +405,7 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) { + } + + /* Check command type */ +- if ((ctx.object.ctx_path || ctx.object.template_data_path) && +- (!ctx.object.creation_data_file && !ctx.object.creation_ticket_file && +- !ctx.object.creation_hash_file)) { ++ if ((ctx.object.ctx_path || ctx.object.template_data_path)) { + ctx.is_createloaded = true; + } + +@@ -529,7 +538,7 @@ static bool on_option(char key, char *value) { + ctx.object.outside_info_data = value; + break; + case 'l': +- if (!pcr_parse_selections(value, &ctx.object.creation_pcr)) { ++ if (!pcr_parse_selections(value, &ctx.object.creation_pcr, NULL)) { + LOG_ERR("Could not parse pcr selections, got: \"%s\"", value); + return false; + } +@@ -559,6 +568,9 @@ static bool on_option(char key, char *value) { + case 'o': + ctx.output_path = value; + break; ++ case 'R': ++ ctx.autoflush = true; ++ break; + /* no default */ + }; + +@@ -590,9 +602,10 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "session", required_argument, NULL, 'S' }, + { "format", required_argument, NULL, 'f' }, + { "output", required_argument, NULL, 'o' }, ++ { "autoflush", no_argument, NULL, 'R' }, + }; + +- *opts = tpm2_options_new("P:p:g:G:a:i:L:u:r:C:c:t:d:q:l:S:o:f:", ++ *opts = tpm2_options_new("P:p:g:G:a:i:L:u:r:C:c:t:d:q:l:S:o:f:R", + ARRAY_LEN(topts), topts, on_option, NULL, 0); + + return *opts != NULL; +diff --git a/tools/tpm2_createak.c b/tools/tpm2_createak.c +index 7c77929..8239e5f 100644 +--- a/tools/tpm2_createak.c ++++ b/tools/tpm2_createak.c +@@ -112,6 +112,7 @@ struct createak_context { + struct { + UINT8 f :1; + } flags; ++ bool autoflush; + }; + + static createak_context ctx = { +@@ -128,6 +129,7 @@ static createak_context ctx = { + }, + }, + .flags = { 0 }, ++ .autoflush = false + }; + + static tool_rc init_ak_public(TPMI_ALG_HASH name_alg, TPM2B_PUBLIC *public) { +@@ -367,7 +369,7 @@ static tool_rc create_ak(ESYS_CONTEXT *ectx) { + // If the AK isn't persisted we always save a context file of the + // transient AK handle for future tool interactions. + tmp_rc = files_save_tpm_context_to_path(ectx, loaded_sha1_key_handle, +- ctx.ak.out.ctx_file); ++ ctx.ak.out.ctx_file, false); + if (tmp_rc != tool_rc_success) { + rc = tmp_rc; + LOG_ERR("Error saving tpm context for handle"); +@@ -459,6 +461,9 @@ static bool on_option(char key, char *value) { + case 'q': + ctx.ak.out.qname_file = value; + break; ++ case 'R': ++ ctx.autoflush = true; ++ break; + } + + return true; +@@ -479,9 +484,10 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "public", required_argument, NULL, 'u' }, + { "private", required_argument, NULL, 'r' }, + { "ak-qualified-name", required_argument, NULL, 'q' }, ++ { "autoflush", no_argument, NULL, 'R' }, + }; + +- *opts = tpm2_options_new("P:p:C:c:n:G:g:s:f:u:r:q:", ARRAY_LEN(topts), topts, ++ *opts = tpm2_options_new("P:p:C:c:n:G:g:s:f:u:r:q:R", ARRAY_LEN(topts), topts, + on_option, NULL, 0); + + return *opts != NULL; +diff --git a/tools/tpm2_createek.c b/tools/tpm2_createek.c +index aa2cc67..ea1229a 100644 +--- a/tools/tpm2_createek.c ++++ b/tools/tpm2_createek.c +@@ -100,6 +100,7 @@ struct createek_context { + tpm2_hierarchy_pdata objdata; + char *out_file_path; + tpm2_convert_pubkey_fmt format; ++ bool autoflush; + struct { + UINT8 f :1; + UINT8 t :1; +@@ -118,7 +119,8 @@ static createek_context ctx = { + }, + }, + .flags = { 0 }, +- .find_persistent_handle = false ++ .find_persistent_handle = false, ++ .autoflush = false + }; + + typedef struct alg_map alg_map; +@@ -237,24 +239,46 @@ static tool_rc set_ek_template(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *input_public) { + goto out; + } + +- // Read EK nonce +- UINT16 nonce_size = 0; ++ // Check whether nonce exists + if (nonce_nv_index) { +- rc = tpm2_util_nv_read(ectx, nonce_nv_index, 0, 0, +- &ctx.auth_owner_hierarchy.object, &nonce, &nonce_size, &cp_hash, +- &rp_hash, TPM2_ALG_SHA256, 0, ESYS_TR_NONE, ESYS_TR_NONE, NULL); ++ TPMS_CAPABILITY_DATA *capabilities = NULL; ++ ++ rc = tpm2_getcap(ectx, TPM2_CAP_HANDLES, nonce_nv_index, ++ 1, NULL, &capabilities); + if (rc != tool_rc_success) { + goto out; + } ++ ++ if (capabilities->data.tpmProperties.count == 0 || ++ capabilities->data.handles.handle[0] != nonce_nv_index) { ++ free(capabilities); ++ // The EK Template is used unmodified ++ goto out; ++ } ++ free(capabilities); ++ } else { ++ // The EK Template is used unmodified ++ goto out; ++ } ++ ++ // Read EK nonce ++ UINT16 nonce_size = 0; ++ rc = tpm2_util_nv_read(ectx, nonce_nv_index, 0, 0, ++ &ctx.auth_owner_hierarchy.object, &nonce, &nonce_size, &cp_hash, ++ &rp_hash, TPM2_ALG_SHA256, 0, ESYS_TR_NONE, ESYS_TR_NONE, NULL); ++ if (rc != tool_rc_success) { ++ goto out; + } + + if (input_public->publicArea.type == TPM2_ALG_RSA) { +- memcpy(&input_public->publicArea.unique.rsa.buffer, &nonce, nonce_size); +- input_public->publicArea.unique.rsa.size = 256; ++ if (nonce_size) { ++ memcpy(&input_public->publicArea.unique.rsa.buffer, nonce, nonce_size); ++ input_public->publicArea.unique.rsa.size = 256; ++ } + } else { + // ECC is only other supported algorithm + if (nonce_size) { +- memcpy(&input_public->publicArea.unique.ecc.x.buffer, &nonce, nonce_size); ++ memcpy(&input_public->publicArea.unique.ecc.x.buffer, nonce, nonce_size); + input_public->publicArea.unique.ecc.x.size = 32; + input_public->publicArea.unique.ecc.y.size = 32; + } +@@ -312,7 +336,7 @@ static tool_rc create_ek_handle(ESYS_CONTEXT *ectx) { + } else { + /* If it wasn't persistent, save a context for future tool interactions */ + tool_rc rc = files_save_tpm_context_to_path(ectx, +- ctx.objdata.out.handle, ctx.auth_ek.ctx_path); ++ ctx.objdata.out.handle, ctx.auth_ek.ctx_path, ctx.autoflush); + if (rc != tool_rc_success) { + LOG_ERR("Error saving tpm context for handle"); + return rc; +@@ -370,6 +394,10 @@ static bool on_option(char key, char *value) { + case 't': + ctx.flags.t = true; + break; ++ case 'R': ++ ctx.autoflush = true; ++ break; ++ + } + + return true; +@@ -385,9 +413,10 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "format", required_argument, NULL, 'f' }, + { "ek-context", required_argument, NULL, 'c' }, + { "template", no_argument, NULL, 't' }, ++ { "autoflush", no_argument, NULL, 'R' }, + }; + +- *opts = tpm2_options_new("P:w:G:u:f:c:t", ARRAY_LEN(topts), topts, ++ *opts = tpm2_options_new("P:w:G:u:f:c:tR", ARRAY_LEN(topts), topts, + on_option, NULL, 0); + + return *opts != NULL; +diff --git a/tools/tpm2_createpolicy.c b/tools/tpm2_createpolicy.c +index 041005d..25227d8 100644 +--- a/tools/tpm2_createpolicy.c ++++ b/tools/tpm2_createpolicy.c +@@ -78,7 +78,7 @@ static tool_rc parse_policy_type_specific_command(ESYS_CONTEXT *ectx) { + + rc = tpm2_policy_build_pcr(ectx, pctx.common_policy_options.policy_session, + pctx.pcr_policy_options.raw_pcrs_file, +- &pctx.pcr_policy_options.pcr_selections, NULL); ++ &pctx.pcr_policy_options.pcr_selections, NULL, NULL); + if (rc != tool_rc_success) { + LOG_ERR("Could not build pcr policy"); + return rc; +@@ -118,7 +118,7 @@ static bool on_option(char key, char *value) { + break; + case 'l': + result = pcr_parse_selections(value, +- &pctx.pcr_policy_options.pcr_selections); ++ &pctx.pcr_policy_options.pcr_selections, NULL); + if (!result) { + LOG_ERR("Failed to parse PCR string %s", value); + return false; +diff --git a/tools/tpm2_createprimary.c b/tools/tpm2_createprimary.c +index 8483db9..61498f7 100644 +--- a/tools/tpm2_createprimary.c ++++ b/tools/tpm2_createprimary.c +@@ -34,6 +34,7 @@ struct tpm_createprimary_ctx { + char *key_auth_str; + char *unique_file; + char *outside_info_data; ++ bool autoflush; + + /* + * Outputs +@@ -68,6 +69,7 @@ static tpm_createprimary_ctx ctx = { + .format = pubkey_format_tss, + .auth_hierarchy.ctx_path = "owner", + .parameter_hash_algorithm = TPM2_ALG_ERROR, ++ .autoflush = false, + }; + + static tool_rc createprimary(ESYS_CONTEXT *ectx) { +@@ -117,7 +119,7 @@ static tool_rc process_output(ESYS_CONTEXT *ectx) { + tpm2_util_public_to_yaml(ctx.objdata.out.public, 0); + + rc = ctx.context_file ? files_save_tpm_context_to_path(ectx, +- ctx.objdata.out.handle, ctx.context_file) : tool_rc_success; ++ ctx.objdata.out.handle, ctx.context_file, ctx.autoflush) : tool_rc_success; + if (rc != tool_rc_success) { + LOG_ERR("Failed saving object context."); + return rc; +@@ -331,7 +333,8 @@ static bool on_option(char key, char *value) { + ctx.outside_info_data = value; + break; + case 'l': +- result = pcr_parse_selections(value, &ctx.objdata.in.creation_pcr); ++ result = pcr_parse_selections(value, &ctx.objdata.in.creation_pcr, ++ NULL); + if (!result) { + LOG_ERR("Could not parse pcr selections, got: \"%s\"", value); + return result; +@@ -350,6 +353,9 @@ static bool on_option(char key, char *value) { + case 'o': + ctx.output_path = value; + break; ++ case 'R': ++ ctx.autoflush = true; ++ break; + /* no default */ + } + +@@ -377,9 +383,10 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "cphash", required_argument, 0, 2 }, + { "format", required_argument, 0, 'f' }, + { "output", required_argument, 0, 'o' }, ++ { "autoflush", no_argument, 0, 'R' }, + }; + +- *opts = tpm2_options_new("C:P:p:g:G:c:L:a:u:t:d:q:l:o:f:", ARRAY_LEN(topts), ++ *opts = tpm2_options_new("C:P:p:g:G:c:L:a:u:t:d:q:l:o:f:R", ARRAY_LEN(topts), + topts, on_option, 0, 0); + + return *opts != 0; +diff --git a/tools/tpm2_duplicate.c b/tools/tpm2_duplicate.c +index 47a5771..2c7c340 100644 +--- a/tools/tpm2_duplicate.c ++++ b/tools/tpm2_duplicate.c +@@ -26,6 +26,7 @@ struct tpm_duplicate_ctx { + const char *ctx_path; + const char *auth_str; + char *policy_str; ++ char *attr_str; + tpm2_loaded_object object; + } duplicable_key; + +@@ -214,7 +215,7 @@ static tool_rc process_openssl_duplicate(void) { + setup_default_attrs(&attrs, is_policy_specified, is_auth_specified); + + TPM2B_PUBLIC template = { 0 }; +- tool_rc rc = tpm2_alg_util_public_init(ctx.key_type, 0, 0, ++ tool_rc rc = tpm2_alg_util_public_init(ctx.key_type, 0, ctx.duplicable_key.attr_str, + ctx.duplicable_key.policy_str, attrs, &template); + if (rc != tool_rc_success) { + return rc; +@@ -243,7 +244,7 @@ static bool set_key_algorithm(const char *algstr, TPMT_SYM_DEF_OBJECT * obj) { + obj->algorithm = TPM2_ALG_NULL; + return true; + } +- ++ + bool is_algstr_aes = (strcmp(algstr, "aes") == 0); + if (is_algstr_aes) { + obj->algorithm = TPM2_ALG_AES; +@@ -538,6 +539,9 @@ static bool on_option(char key, char *value) { + case 'k': + ctx.in_private_key_file = value; + break; ++ case 'a': ++ ctx.duplicable_key.attr_str = value; ++ break; + case 0: + ctx.cp_hash_path = value; + break; +@@ -555,6 +559,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "auth", required_argument, 0, 'p'}, + { "policy", required_argument, 0, 'L'}, + { "wrapper-algorithm", required_argument, 0, 'G'}, ++ { "key-algorithm", required_argument, 0, 'G'}, + { "private", required_argument, 0, 'r'}, + { "public", required_argument, 0, 'u'}, + { "private-key", required_argument, 0, 'k'}, +@@ -564,10 +569,11 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "parent-context", required_argument, 0, 'C'}, + { "parent-public", required_argument, 0, 'U'}, + { "key-context", required_argument, 0, 'c'}, ++ { "attributes", required_argument, 0, 'a'}, + { "cphash", required_argument, 0, 0 }, + }; + +- *opts = tpm2_options_new("p:L:G:i:C:o:s:r:c:U:k:u:", ARRAY_LEN(topts), topts, ++ *opts = tpm2_options_new("p:L:G:i:C:o:s:r:c:U:k:u:a:", ARRAY_LEN(topts), topts, + on_option, 0, TPM2_OPTIONS_OPTIONAL_SAPI); + + return *opts != 0; +diff --git a/tools/tpm2_ecdhzgen.c b/tools/tpm2_ecdhzgen.c +index 723bcd8..219cdf7 100644 +--- a/tools/tpm2_ecdhzgen.c ++++ b/tools/tpm2_ecdhzgen.c +@@ -21,13 +21,14 @@ struct tpm_ecdhzgen_ctx { + + TPM2B_ECC_POINT Q; + const char *ecdh_pub_path; ++ const char *ecdh_pub_key_path; + + /* + * Outputs + */ + const char *ecdh_Z_path; + TPM2B_ECC_POINT *Z; +- ++ + /* + * Parameter hashes + */ +@@ -114,11 +115,27 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) { + /* + * 3. Command specific initializations + */ +- bool is_file_op_success = true; +- is_file_op_success = files_load_ecc_point(ctx.ecdh_pub_path, &ctx.Q); +- if (!is_file_op_success) { +- LOG_ERR("Failed to load public input ECC point Q"); +- return tool_rc_general_error; ++ if (ctx.ecdh_pub_key_path) { ++ TPM2B_PUBLIC public = { 0 }; ++ bool is_file_op_success = true; ++ is_file_op_success = files_load_public(ctx.ecdh_pub_key_path, &public); ++ if (!is_file_op_success) { ++ LOG_ERR("Failed to load public input ECC public key"); ++ return tool_rc_general_error; ++ } ++ if (public.publicArea.type != TPM2_ALG_ECC) { ++ LOG_ERR("Only ECC public keys can be used."); ++ return tool_rc_general_error; ++ } ++ ctx.Q.point = public.publicArea.unique.ecc; ++ ctx.Q.size = 0; ++ } else { ++ bool is_file_op_success = true; ++ is_file_op_success = files_load_ecc_point(ctx.ecdh_pub_path, &ctx.Q); ++ if (!is_file_op_success) { ++ LOG_ERR("Failed to load public input ECC point Q"); ++ return tool_rc_general_error; ++ } + } + /* + * 4. Configuration for calculating the pHash +@@ -156,6 +173,10 @@ static tool_rc check_options(void) { + LOG_ERR("Specify path to save the ecdh secret or Z point"); + return tool_rc_option_error; + } ++ if (ctx.ecdh_pub_path && ctx.ecdh_pub_key_path) { ++ LOG_ERR("Only pub key or pub point can be specified not both."); ++ return tool_rc_option_error; ++ } + + return tool_rc_success; + } +@@ -173,6 +194,9 @@ static bool on_option(char key, char *value) { + case 'u': + ctx.ecdh_pub_path = value; + break; ++ case 'k': ++ ctx.ecdh_pub_key_path = value; ++ break; + case 'o': + ctx.ecdh_Z_path = value; + break; +@@ -190,12 +214,13 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "key-context", required_argument, 0, 'c' }, + { "key-auth", required_argument, 0, 'p' }, + { "public", required_argument, 0, 'u' }, ++ { "public-key", required_argument, 0, 'k' }, + { "output", required_argument, 0, 'o' }, + { "cphash", required_argument, 0, 0 }, + + }; + +- *opts = tpm2_options_new("c:p:u:o:", ARRAY_LEN(topts), topts, ++ *opts = tpm2_options_new("c:p:u:k:o:", ARRAY_LEN(topts), topts, + on_option, 0, 0); + + return *opts != 0; +diff --git a/tools/tpm2_encryptdecrypt.c b/tools/tpm2_encryptdecrypt.c +index 8340387..e9087dc 100644 +--- a/tools/tpm2_encryptdecrypt.c ++++ b/tools/tpm2_encryptdecrypt.c +@@ -105,7 +105,7 @@ static bool evaluate_pkcs7_padding_requirements(uint16_t remaining_bytes, + } + + /* +- * Only apply/ strip padding to the last block. ++ * Only apply / strip padding to the last block. + */ + bool is_last_block = (remaining_bytes <= TPM2_MAX_DIGEST_BUFFER && + remaining_bytes > 0); +@@ -155,7 +155,19 @@ static void strip_pkcs7_padding_data_from_output(uint8_t *pad_data, + LOG_WARN("Encrypted input is not block length aligned."); + } + +- *pad_data = out_data->buffer[last_block_length - 1]; ++ *pad_data = out_data->buffer[out_data->size - 1]; ++ ++ if (*pad_data > ctx.padded_block_len) { ++ LOG_WARN("Padding data is larger than block length: %d", *pad_data); ++ return; ++ } ++ ++ for (uint8_t offset = *pad_data; offset > 1; --offset) { ++ if (out_data->buffer[out_data->size - offset] != *pad_data) { ++ LOG_WARN("Inconsistent padding within decrypted input"); ++ return; ++ } ++ } + + out_data->size -= *pad_data; + } +diff --git a/tools/tpm2_flushcontext.c b/tools/tpm2_flushcontext.c +index 53b38e7..9b39671 100644 +--- a/tools/tpm2_flushcontext.c ++++ b/tools/tpm2_flushcontext.c +@@ -144,7 +144,7 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) { + + ctx.context_handle_count++; + } +- ++ + if (!ctx.is_t_l_s_specified && !ctx.is_arg_transient) { + rc = tpm2_session_restore(ectx, ctx.context_arg, true, + &ctx.arg_session); +@@ -195,7 +195,7 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) { + LOG_ERR("Error reading handle info from TPM."); + return tool_rc_general_error; + } +- ++ + unsigned j = 0; //Iterates through all available handles in t/l/s + for (j = 0; j < capability_data->data.handles.count; j++) { + rc = tpm2_util_sys_handle_to_esys_handle(ectx, +diff --git a/tools/tpm2_geteccparameters.c b/tools/tpm2_geteccparameters.c +index 46f4201..4fd91f8 100644 +--- a/tools/tpm2_geteccparameters.c ++++ b/tools/tpm2_geteccparameters.c +@@ -37,7 +37,7 @@ static tpm_geteccparameters_ctx ctx = { + }; + + static tool_rc geteccparameters(ESYS_CONTEXT *ectx) { +- ++ + tool_rc rc = tpm2_geteccparameters(ectx, ctx.curve_id, &ctx.parameters, + &ctx.cp_hash, ctx.parameter_hash_algorithm); + if (rc != tool_rc_success) { +diff --git a/tools/tpm2_getekcertificate.c b/tools/tpm2_getekcertificate.c +index 41115b8..b88c364 100644 +--- a/tools/tpm2_getekcertificate.c ++++ b/tools/tpm2_getekcertificate.c +@@ -20,12 +20,52 @@ + #include "tpm2_nv_util.h" + #include "tpm2_tool.h" + ++ ++typedef enum tpm_manufacturer tpm_manufacturer; ++enum tpm_manufacturer { ++ VENDOR_AMD = 0x414D4400, ++ VENDOR_ATMEL = 0x41544D4C, ++ VENDOR_BROADCOM = 0x4252434D, ++ VENDOR_CISCO = 0x4353434F, ++ VENDOR_FLYSLICE = 0x464C5953, ++ VENDOR_ROCKCHIP = 0x524F4343, ++ VENDOR_GOOGLE = 0x474F4F47, ++ VENDOR_HPE = 0x48504500, ++ VENDOR_HUAWEI = 0x48495349, ++ VENDOR_IBM = 0x49424D00, ++ VENDOR_IBMSIM = 0x49424D20, // Used only by mssim/ibmswtpm2 ++ VENDOR_INFINEON = 0x49465800, ++ VENDOR_INTEL = 0x494E5443, ++ VENDOR_LENOVO = 0x4C454E00, ++ VENDOR_MICROSOFT = 0x4D534654, ++ VENDOR_NSM = 0x4E534D20, ++ VENDOR_NATIONZ = 0x4E545A00, ++ VENDOR_NUVOTON = 0x4E544300, ++ VENDOR_QUALCOMM = 0x51434F4D, ++ VENDOR_SAMSUNG = 0x534D534E, ++ VENDOR_SINOSUN = 0x534E5300, ++ VENDOR_SMSC = 0x534D5343, ++ VENDOR_STM = 0x53544D20, ++ VENDOR_TXN = 0x54584E00, ++ VENDOR_WINBOND = 0x57454300, ++}; ++ ++typedef enum pubkey_enc_mode pubkey_enc_mode; ++enum pubkey_enc_mode { ++ ENC_AUTO = 0, ++ ENC_INTEL = 1, ++ ENC_AMD = 2, ++}; ++ ++#define EK_SERVER_INTEL "https://ekop.intel.com/ekcertservice/" ++#define EK_SERVER_AMD "https://ftpm.amd.com/pki/aia/" ++ + typedef struct tpm_getekcertificate_ctx tpm_getekcertificate_ctx; + struct tpm_getekcertificate_ctx { + // TPM Device properties + bool is_tpm2_device_active; + bool is_cert_on_nv; +- bool is_intc_cert; ++ tpm_manufacturer manufacturer; + bool is_rsa_ek_cert_nv_location_defined; + bool is_ecc_ek_cert_nv_location_defined; + bool is_tpmgeneratedeps; +@@ -36,25 +76,75 @@ struct tpm_getekcertificate_ctx { + char *ec_cert_path_2; + FILE *ec_cert_file_handle_2; + unsigned char *rsa_cert_buffer; +- uint16_t rsa_cert_buffer_size; ++ size_t rsa_cert_buffer_size; + unsigned char *ecc_cert_buffer; +- uint16_t ecc_cert_buffer_size; ++ size_t ecc_cert_buffer_size; + bool is_cert_raw; ++ size_t curl_buffer_size; + // EK certificate hosting particulars + char *ek_server_addr; + unsigned int SSL_NO_VERIFY; + char *ek_path; ++ pubkey_enc_mode encoding; + bool verbose; + TPM2B_PUBLIC *out_public; + }; + ++/* ++ * Sourced from TCG Vendor ID Registry v1.06: ++ * https://trustedcomputinggroup.org/resource/vendor-id-registry/ ++ * ++ */ ++ ++typedef enum ek_nv_index ek_nv_index; ++enum ek_nv_index { ++ RSA_EK_CERT_NV_INDEX = 0x01C00002, ++ ECC_EK_CERT_NV_INDEX = 0x01C0000A ++}; ++ + static tpm_getekcertificate_ctx ctx = { + .is_tpm2_device_active = true, +- .ek_server_addr = "https://ekop.intel.com/ekcertservice/", + .is_cert_on_nv = true, + .cert_count = 0, ++ .encoding = ENC_AUTO, + }; + ++ ++static char *get_ek_server_address(void) { ++ if (ctx.ek_server_addr) // set by CLI ++ { ++ return ctx.ek_server_addr; ++ } ++ switch (ctx.manufacturer) { ++ case VENDOR_INTEL: ++ return EK_SERVER_INTEL; ++ case VENDOR_AMD: ++ return EK_SERVER_AMD; ++ default: ++ LOG_ERR("No EK server address found for manufacturer."); ++ return NULL; ++ } ++} ++ ++#define AMD_EK_URI_LEN 16 // AMD EK takes first 16 hex chars of hash ++ ++static pubkey_enc_mode get_encoding(void) { ++ /* ++ * If one is explicitly set, use it. ++ */ ++ if (ctx.encoding != ENC_AUTO) { ++ return ctx.encoding; ++ } ++ /* ++ * Currently it's assumed AMD is the only one with a different encoding. ++ */ ++ if (ctx.manufacturer == VENDOR_AMD) { ++ return ENC_AMD; ++ } else { ++ return ENC_INTEL; ++ } ++} ++ + static unsigned char *hash_ek_public(void) { + + unsigned char *hash = (unsigned char*) malloc(SHA256_DIGEST_LENGTH); +@@ -64,55 +154,130 @@ static unsigned char *hash_ek_public(void) { + } + + EVP_MD_CTX *sha256 = EVP_MD_CTX_new(); ++ if (!hash) { ++ LOG_ERR("OOM"); ++ goto evperr; ++ } + int is_success = EVP_DigestInit(sha256, EVP_sha256()); + if (!is_success) { + LOG_ERR("EVP_DigestInit failed"); + goto err; + } + +- switch (ctx.out_public->publicArea.type) { +- case TPM2_ALG_RSA: +- is_success = EVP_DigestUpdate(sha256, +- ctx.out_public->publicArea.unique.rsa.buffer, +- ctx.out_public->publicArea.unique.rsa.size); +- if (!is_success) { +- LOG_ERR("EVP_DigestUpdate failed"); +- goto err; ++ if (ctx.encoding == ENC_AMD) { ++ switch (ctx.out_public->publicArea.type) { ++ case TPM2_ALG_RSA: { ++ /* ++ * hash = sha256(00 00 22 22 || (uint32_t) exp || modulus) ++ */ ++ BYTE buf[4] = { 0x00, 0x00, 0x22, 0x22 }; // Prefix ++ is_success = EVP_DigestUpdate(sha256, buf, sizeof(buf)); ++ if (!is_success) { ++ LOG_ERR("EVP_DigestUpdate failed"); ++ goto err; ++ } ++ ++ uint32_t exp = ctx.out_public->publicArea.parameters.rsaDetail.exponent; ++ if (exp == 0) { ++ exp = 0x00010001; // 0 indicates default ++ } else { ++ LOG_WARN("non-default exponent used"); ++ } ++ buf[3] = (BYTE)exp; ++ buf[2] = (BYTE)(exp>>=8); ++ buf[1] = (BYTE)(exp>>=8); ++ buf[0] = (BYTE)(exp>>8); ++ is_success = EVP_DigestUpdate(sha256, buf, sizeof(buf)); ++ if (!is_success) { ++ LOG_ERR("EVP_DigestUpdate failed"); ++ goto err; ++ } ++ ++ is_success = EVP_DigestUpdate(sha256, ++ ctx.out_public->publicArea.unique.rsa.buffer, ++ ctx.out_public->publicArea.unique.rsa.size); ++ if (!is_success) { ++ LOG_ERR("EVP_DigestUpdate failed"); ++ goto err; ++ } ++ break; + } +- +- if (ctx.out_public->publicArea.parameters.rsaDetail.exponent != 0) { +- LOG_ERR("non-default exponents unsupported"); +- goto err; ++ case TPM2_ALG_ECC: { ++ /* ++ * hash = sha256(00 00 44 44 || (uint32_t) exp || modulus) ++ */ ++ BYTE buf[4] = { 0x00, 0x00, 0x44, 0x44 }; // Prefix ++ is_success = EVP_DigestUpdate(sha256, buf, sizeof(buf)); ++ if (!is_success) { ++ LOG_ERR("EVP_DigestUpdate failed"); ++ goto err; ++ } ++ is_success = EVP_DigestUpdate(sha256, ++ ctx.out_public->publicArea.unique.ecc.x.buffer, ++ ctx.out_public->publicArea.unique.ecc.x.size); ++ if (!is_success) { ++ LOG_ERR("EVP_DigestUpdate failed"); ++ goto err; ++ } ++ ++ is_success = EVP_DigestUpdate(sha256, ++ ctx.out_public->publicArea.unique.ecc.y.buffer, ++ ctx.out_public->publicArea.unique.ecc.y.size); ++ if (!is_success) { ++ LOG_ERR("EVP_DigestUpdate failed"); ++ goto err; ++ } ++ break; + } +- BYTE buf[3] = { 0x1, 0x00, 0x01 }; // Exponent +- is_success = EVP_DigestUpdate(sha256, buf, sizeof(buf)); +- if (!is_success) { +- LOG_ERR("EVP_DigestUpdate failed"); ++ default: ++ LOG_ERR("unsupported EK algorithm"); + goto err; + } +- break; +- +- case TPM2_ALG_ECC: +- is_success = EVP_DigestUpdate(sha256, +- ctx.out_public->publicArea.unique.ecc.x.buffer, +- ctx.out_public->publicArea.unique.ecc.x.size); +- if (!is_success) { +- LOG_ERR("EVP_DigestUpdate failed"); +- goto err; +- } +- +- is_success = EVP_DigestUpdate(sha256, +- ctx.out_public->publicArea.unique.ecc.y.buffer, +- ctx.out_public->publicArea.unique.ecc.y.size); +- if (!is_success) { +- LOG_ERR("EVP_DigestUpdate failed"); ++ } else { ++ switch (ctx.out_public->publicArea.type) { ++ case TPM2_ALG_RSA: ++ is_success = EVP_DigestUpdate(sha256, ++ ctx.out_public->publicArea.unique.rsa.buffer, ++ ctx.out_public->publicArea.unique.rsa.size); ++ if (!is_success) { ++ LOG_ERR("EVP_DigestUpdate failed"); ++ goto err; ++ } ++ ++ if (ctx.out_public->publicArea.parameters.rsaDetail.exponent != 0) { ++ LOG_ERR("non-default exponents unsupported"); ++ goto err; ++ } ++ BYTE buf[3] = { 0x1, 0x00, 0x01 }; // Exponent ++ is_success = EVP_DigestUpdate(sha256, buf, sizeof(buf)); ++ if (!is_success) { ++ LOG_ERR("EVP_DigestUpdate failed"); ++ goto err; ++ } ++ break; ++ ++ case TPM2_ALG_ECC: ++ is_success = EVP_DigestUpdate(sha256, ++ ctx.out_public->publicArea.unique.ecc.x.buffer, ++ ctx.out_public->publicArea.unique.ecc.x.size); ++ if (!is_success) { ++ LOG_ERR("EVP_DigestUpdate failed"); ++ goto err; ++ } ++ ++ is_success = EVP_DigestUpdate(sha256, ++ ctx.out_public->publicArea.unique.ecc.y.buffer, ++ ctx.out_public->publicArea.unique.ecc.y.size); ++ if (!is_success) { ++ LOG_ERR("EVP_DigestUpdate failed"); ++ goto err; ++ } ++ break; ++ ++ default: ++ LOG_ERR("unsupported EK algorithm"); + goto err; + } +- break; +- +- default: +- LOG_ERR("unsupported EK algorithm"); +- goto err; + } + + is_success = EVP_DigestFinal_ex(sha256, hash, NULL); +@@ -134,8 +299,9 @@ static unsigned char *hash_ek_public(void) { + + return hash; + err: +- free(hash); + EVP_MD_CTX_free(sha256); ++evperr: ++ free(hash); + return NULL; + } + +@@ -192,20 +358,74 @@ static char *base64_encode(const unsigned char* buffer) + return final_string; + } + ++#define NULL_TERM_LEN 1 // '\0' ++ ++static char *encode_ek_public_amd(void) { ++ unsigned char *hash = hash_ek_public(); ++ if (!hash) { ++ LOG_ERR("EK hash is null"); ++ return NULL; ++ } ++ char *hash_str = malloc(AMD_EK_URI_LEN * 2 + NULL_TERM_LEN); ++ for (size_t i = 0; i < AMD_EK_URI_LEN; i++) ++ { ++ sprintf((char*)(hash_str + (i*2)), "%02x", hash[i]); ++ } ++ hash_str[AMD_EK_URI_LEN * 2] = '\0'; ++ return hash_str; ++} ++ ++static char *encode_ek_public_intel(void) { ++ unsigned char *hash = hash_ek_public(); ++ char *b64 = base64_encode(hash); ++ free(hash); ++ if (!b64) { ++ LOG_ERR("base64_encode returned null"); ++ } ++ return b64; ++} ++ ++static char *encode_ek_public(void) { ++ if (ctx.encoding == ENC_AMD) { ++ return encode_ek_public_amd(); ++ } else { ++ return encode_ek_public_intel(); ++ } ++} ++/* ++ * As only one cert is downloaded at a time, we can simply use ++ * rsa_cert_buffer for either RSA EK cert or ECC EK cert. ++ */ + static size_t writecallback(char *contents, size_t size, size_t nitems, +- void *CERT_BUFFER) { ++ void *userdata) { ++ UNUSED(userdata); ++ const size_t chunk_size = size * nitems; + +- strncpy(CERT_BUFFER, (const char *)contents, nitems * size); +- ctx.rsa_cert_buffer_size = nitems * size; ++ if (!chunk_size) { ++ return 0; ++ } ++ ++ const size_t new_used_size = ctx.rsa_cert_buffer_size + chunk_size; ++ if (ctx.curl_buffer_size < new_used_size) { ++ const size_t new_buf_size = ctx.curl_buffer_size + CURL_MAX_WRITE_SIZE; ++ void *new_buf = realloc(ctx.rsa_cert_buffer, new_buf_size); ++ if (!new_buf) { ++ LOG_ERR("OOM when downloading EK cert"); ++ return 0; ++ } ++ ctx.rsa_cert_buffer = new_buf; ++ ctx.curl_buffer_size = new_buf_size; ++ } + +- return ctx.rsa_cert_buffer_size; ++ memcpy(ctx.rsa_cert_buffer + ctx.rsa_cert_buffer_size, contents, chunk_size); ++ ctx.rsa_cert_buffer_size += chunk_size; ++ return chunk_size; + } + +-static bool retrieve_web_endorsement_certificate(char *b64h) { ++static bool retrieve_web_endorsement_certificate(char *uri) { + +- #define NULL_TERM_LEN 1 // '\0' + #define PATH_JOIN_CHAR_LEN 1 // '/' +- size_t len = strlen(ctx.ek_server_addr) + strlen(b64h) + NULL_TERM_LEN + ++ size_t len = strlen(ctx.ek_server_addr) + strlen(uri) + NULL_TERM_LEN + + PATH_JOIN_CHAR_LEN; + char *weblink = (char *) malloc(len); + if (!weblink) { +@@ -214,6 +434,14 @@ static bool retrieve_web_endorsement_certificate(char *b64h) { + } + + bool ret = true; ++ ctx.rsa_cert_buffer = malloc(CURL_MAX_WRITE_SIZE); ++ if (!ctx.rsa_cert_buffer) { ++ LOG_ERR("OOM"); ++ ret = false; ++ goto out_memory; ++ } ++ ctx.curl_buffer_size = CURL_MAX_WRITE_SIZE; ++ + CURLcode rc = curl_global_init(CURL_GLOBAL_DEFAULT); + if (rc != CURLE_OK) { + LOG_ERR("curl_global_init failed: %s", curl_easy_strerror(rc)); +@@ -244,9 +472,9 @@ static bool retrieve_web_endorsement_certificate(char *b64h) { + bool is_slash_append_required = + strncmp((ctx.ek_server_addr + strlen(ctx.ek_server_addr) - 1), "/", 1); + if (is_slash_append_required) { +- snprintf(weblink, len, "%s%s%s", ctx.ek_server_addr, "/", b64h); ++ snprintf(weblink, len, "%s%s%s", ctx.ek_server_addr, "/", uri); + } else { +- snprintf(weblink, len, "%s%s", ctx.ek_server_addr, b64h); ++ snprintf(weblink, len, "%s%s", ctx.ek_server_addr, uri); + } + + rc = curl_easy_setopt(curl, CURLOPT_URL, weblink); +@@ -276,18 +504,6 @@ static bool retrieve_web_endorsement_certificate(char *b64h) { + ret = false; + goto out_easy_cleanup; + } +- /* +- * As only one cert is downloaded at a time, we can simply use +- * rsa_cert_buffer for either RSA EK cert or ECC EK cert. +- */ +- ctx.rsa_cert_buffer = malloc(CURL_MAX_WRITE_SIZE); +- rc = curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)ctx.rsa_cert_buffer); +- if (rc != CURLE_OK) { +- LOG_ERR("curl_easy_setopt for CURLOPT_WRITEDATA failed: %s", +- curl_easy_strerror(rc)); +- ret = false; +- goto out_easy_cleanup; +- } + + rc = curl_easy_setopt(curl, CURLOPT_FAILONERROR, true); + if (rc != CURLE_OK) { +@@ -308,6 +524,12 @@ out_easy_cleanup: + out_global_cleanup: + curl_global_cleanup(); + out_memory: ++ if (!ret && ctx.rsa_cert_buffer) { ++ free(ctx.rsa_cert_buffer); ++ ctx.rsa_cert_buffer = NULL; ++ ctx.rsa_cert_buffer_size = 0; ++ ctx.curl_buffer_size = 0; ++ } + free(weblink); + + return ret; +@@ -321,28 +543,27 @@ static bool get_web_ek_certificate(void) { + } + + bool ret = true; +- unsigned char *hash = hash_ek_public(); +- char *b64 = base64_encode(hash); +- if (!b64) { +- LOG_ERR("base64_encode returned null"); +- ret = false; +- goto out; ++ char *ek_uri = encode_ek_public(); ++ if (!ek_uri) { ++ LOG_ERR("Failed to encode EK."); ++ return false; + } + +- LOG_INFO("%s", b64); ++ LOG_INFO("%s", ek_uri); + +- ret = retrieve_web_endorsement_certificate(b64); ++ ctx.ek_server_addr = get_ek_server_address(); ++ if (!ctx.ek_server_addr) { ++ LOG_ERR("Please specify an EK server address on the command line."); ++ ret = false; ++ goto out; ++ } + +- free(b64); +-out: +- free(hash); ++ ret = retrieve_web_endorsement_certificate(ek_uri); ++ out: ++ free(ek_uri); + return ret; + } + +-#define INTC 0x494E5443 +-#define IBM 0x49424D20 +-#define RSA_EK_CERT_NV_INDEX 0x01C00002 +-#define ECC_EK_CERT_NV_INDEX 0x01C0000A + tool_rc get_tpm_properties(ESYS_CONTEXT *ectx) { + + TPMI_YES_NO more_data; +@@ -355,12 +576,10 @@ tool_rc get_tpm_properties(ESYS_CONTEXT *ectx) { + goto get_tpm_properties_out; + } + +- if (capability_data->data.tpmProperties.tpmProperty[0].value == IBM) { +- LOG_WARN("The TPM device is a simulator —— Inspect the certficate chain and root certificate"); +- } ++ ctx.manufacturer = capability_data->data.tpmProperties.tpmProperty[0].value; + +- if (capability_data->data.tpmProperties.tpmProperty[0].value == INTC) { +- ctx.is_intc_cert = true; ++ if (ctx.manufacturer == VENDOR_IBMSIM) { ++ LOG_WARN("The TPM device is a simulator —— Inspect the certficate chain and root certificate"); + } + + free(capability_data); +@@ -378,7 +597,7 @@ tool_rc get_tpm_properties(ESYS_CONTEXT *ectx) { + + free(capability_data); + rc = tpm2_getcap(ectx, TPM2_CAP_HANDLES, +- tpm2_util_hton_32(TPM2_HT_NV_INDEX), TPM2_PT_NV_INDEX_MAX, NULL, ++ TPM2_NV_INDEX_FIRST, TPM2_PT_NV_INDEX_MAX, NULL, + &capability_data); + if (rc != tool_rc_success) { + LOG_ERR("Failed to read capability data for NV indices."); +@@ -419,8 +638,9 @@ static tool_rc nv_read(ESYS_CONTEXT *ectx, TPMI_RH_NV_INDEX nv_index) { + * with attributes: + * ppwrite|ppread|ownerread|authread|no_da|written|platformcreate + */ ++ const bool is_rsa = nv_index == RSA_EK_CERT_NV_INDEX; + char index_string[11]; +- if (nv_index == RSA_EK_CERT_NV_INDEX) { ++ if (is_rsa) { + strcpy(index_string, "0x01C00002"); + } else { + strcpy(index_string, "0x01C0000A"); +@@ -435,15 +655,20 @@ static tool_rc nv_read(ESYS_CONTEXT *ectx, TPMI_RH_NV_INDEX nv_index) { + + TPM2B_DIGEST cp_hash = { 0 }; + TPM2B_DIGEST rp_hash = { 0 }; +- rc = nv_index == RSA_EK_CERT_NV_INDEX ? +- ++ uint16_t nv_buf_size = 0; ++ rc = is_rsa ? + tpm2_util_nv_read(ectx, nv_index, 0, 0, &object, &ctx.rsa_cert_buffer, +- &ctx.rsa_cert_buffer_size, &cp_hash, &rp_hash, TPM2_ALG_SHA256, 0, ++ &nv_buf_size, &cp_hash, &rp_hash, TPM2_ALG_SHA256, 0, + ESYS_TR_NONE, ESYS_TR_NONE, NULL) : + + tpm2_util_nv_read(ectx, nv_index, 0, 0, &object, &ctx.ecc_cert_buffer, +- &ctx.ecc_cert_buffer_size, &cp_hash, &rp_hash, TPM2_ALG_SHA256, 0, ++ &nv_buf_size, &cp_hash, &rp_hash, TPM2_ALG_SHA256, 0, + ESYS_TR_NONE, ESYS_TR_NONE, NULL); ++ if (is_rsa) { ++ ctx.rsa_cert_buffer_size = nv_buf_size; ++ } else { ++ ctx.ecc_cert_buffer_size = nv_buf_size; ++ } + + nv_read_out: + tmp_rc = tpm2_session_close(&object.session); +@@ -497,7 +722,8 @@ static tool_rc get_nv_ek_certificate(ESYS_CONTEXT *ectx) { + + static tool_rc print_intel_ek_certificate_warning(void) { + +- if (ctx.is_intc_cert && ctx.is_tpmgeneratedeps && !ctx.is_cert_on_nv) { ++ if (ctx.manufacturer == VENDOR_INTEL && ++ ctx.is_tpmgeneratedeps && !ctx.is_cert_on_nv) { + + LOG_ERR("Cannot proceed. For further information please refer to: " + "https://www.intel.com/content/www/us/en/security-center/" +@@ -605,22 +831,22 @@ static tool_rc process_output(void) { + * the EK public hash in addition to the certificate data. + * If so set the flag. + */ +- if (ctx.rsa_cert_buffer) { +- ctx.is_intc_cert = ctx.is_intc_cert ? ctx.is_intc_cert : +- !(strncmp((const char *)ctx.rsa_cert_buffer, ++ bool is_intel_cert = ctx.manufacturer == VENDOR_INTEL; ++ ++ if (!is_intel_cert && ctx.rsa_cert_buffer) { ++ is_intel_cert = !(strncmp((const char *)ctx.rsa_cert_buffer, + "{\"pubhash", strlen("{\"pubhash"))); + } + +- if (ctx.ecc_cert_buffer) { +- ctx.is_intc_cert = ctx.is_intc_cert ? ctx.is_intc_cert : +- !(strncmp((const char *)ctx.ecc_cert_buffer, ++ if (!is_intel_cert && ctx.ecc_cert_buffer) { ++ is_intel_cert = !(strncmp((const char *)ctx.ecc_cert_buffer, + "{\"pubhash", strlen("{\"pubhash"))); + } + + /* + * Intel EK certificates on the NV-index are already in standard DER format. + */ +- if (ctx.is_intc_cert && ctx.is_cert_on_nv) { ++ if (is_intel_cert && ctx.is_cert_on_nv) { + ctx.is_cert_raw = true; + } + +@@ -628,7 +854,7 @@ static tool_rc process_output(void) { + * Convert Intel EK certificates as received in the URL safe variant of + * Base 64: https://tools.ietf.org/html/rfc4648#section-5 to PEM + */ +- if (ctx.rsa_cert_buffer && ctx.is_intc_cert && !ctx.is_cert_raw) { ++ if (ctx.rsa_cert_buffer && is_intel_cert && !ctx.is_cert_raw) { + char *split = strstr((const char *)ctx.rsa_cert_buffer, "certificate"); + char *copy_buffer = base64_decode(&split, ctx.rsa_cert_buffer_size); + ctx.rsa_cert_buffer_size = strlen(PEM_BEGIN_CERT_LINE) + +@@ -641,7 +867,7 @@ static tool_rc process_output(void) { + free(copy_buffer); + } + +- if (ctx.ecc_cert_buffer && ctx.is_intc_cert && !ctx.is_cert_raw) { ++ if (ctx.ecc_cert_buffer && is_intel_cert && !ctx.is_cert_raw) { + char *split = strstr((const char *)ctx.ecc_cert_buffer, "certificate"); + char *copy_buffer = base64_decode(&split, ctx.ecc_cert_buffer_size); + ctx.ecc_cert_buffer_size = strlen(PEM_BEGIN_CERT_LINE) + +@@ -750,6 +976,23 @@ static bool on_option(char key, char *value) { + ctx.is_tpm2_device_active = false; + ctx.is_cert_on_nv = false; + break; ++ case 'E': ++ if (!value || !value[0]) { ++ LOG_ERR("No encoding given."); ++ return false; ++ } ++ switch (value[0]) { ++ case 'a': ++ ctx.encoding = ENC_AMD; ++ break; ++ case 'i': ++ ctx.encoding = ENC_INTEL; ++ break; ++ default: ++ LOG_ERR("Must specify a (AMD) or i (Intel) for encoding."); ++ return false; ++ } ++ break; + case 0: + ctx.is_cert_raw = true; + break; +@@ -765,10 +1008,11 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "allow-unverified", no_argument, NULL, 'X' }, + { "ek-public", required_argument, NULL, 'u' }, + { "offline", no_argument, NULL, 'x' }, ++ { "encoding", required_argument, NULL, 'E' }, + { "raw", no_argument, NULL, 0 }, + }; + +- *opts = tpm2_options_new("o:u:Xx", ARRAY_LEN(topts), topts, on_option, ++ *opts = tpm2_options_new("o:u:XxE:", ARRAY_LEN(topts), topts, on_option, + on_args, 0); + + return *opts != NULL; +@@ -789,6 +1033,7 @@ static tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { + } + + ctx.verbose = flags.verbose; ++ ctx.encoding = get_encoding(); + + rc = get_ek_certificates(ectx); + if (rc != tool_rc_success) { +diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c +index f7573e1..480ed89 100644 +--- a/tools/tpm2_import.c ++++ b/tools/tpm2_import.c +@@ -79,6 +79,7 @@ struct tpm_import_ctx { + TPM2B_PUBLIC public; + char *private_key_file; + TPM2B_PRIVATE *imported_private; ++ bool autoflush; + + /* + * Parameter hashes +@@ -96,13 +97,28 @@ static tpm_import_ctx ctx = { + .encrypted_seed = TPM2B_EMPTY_INIT, + .duplicate = TPM2B_EMPTY_INIT, + .parameter_hash_algorithm = TPM2_ALG_ERROR, ++ .autoflush = false, + }; + + static tool_rc import(ESYS_CONTEXT *ectx) { + +- return tpm2_import(ectx, &ctx.parent.object, &ctx.enc_sensitive_key, ++ TSS2_RC rval; ++ ++ tool_rc rc = tpm2_import(ectx, &ctx.parent.object, &ctx.enc_sensitive_key, + &ctx.public, &ctx.duplicate, &ctx.encrypted_seed, &ctx.sym_alg, + &ctx.imported_private, &ctx.cp_hash, ctx.parameter_hash_algorithm); ++ if (rc != tool_rc_success) { ++ return rc; ++ } ++ if ((ctx.autoflush || tpm2_util_env_yes(TPM2TOOLS_ENV_AUTOFLUSH)) && ++ ctx.parent.object.path && ++ (ctx.parent.object.handle & TPM2_HR_RANGE_MASK) == TPM2_HR_TRANSIENT) { ++ rval = Esys_FlushContext(ectx, ctx.parent.object.tr_handle); ++ if (rval != TPM2_RC_SUCCESS) { ++ return tool_rc_general_error; ++ } ++ } ++ return tool_rc_success; + } + + static tool_rc process_output(ESYS_CONTEXT *ectx) { +@@ -626,6 +642,9 @@ static bool on_option(char key, char *value) { + case 1: + ctx.cp_hash_path = value; + break; ++ case 'R': ++ ctx.autoflush = true; ++ break; + default: + LOG_ERR("Invalid option"); + return false; +@@ -652,9 +671,10 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "encryption-key", required_argument, 0, 'k'}, + { "passin", required_argument, 0, 0 }, + { "cphash", required_argument, 0, 1 }, ++ { "autoflush", no_argument, 0, 'R' }, + }; + +- *opts = tpm2_options_new("P:p:G:i:C:U:u:r:a:g:s:L:k:", ARRAY_LEN(topts), ++ *opts = tpm2_options_new("P:p:G:i:C:U:u:r:a:g:s:L:k:R", ARRAY_LEN(topts), + topts, on_option, 0, 0); + + return *opts != 0; +diff --git a/tools/tpm2_load.c b/tools/tpm2_load.c +index 8b751f8..0c01ee9 100644 +--- a/tools/tpm2_load.c ++++ b/tools/tpm2_load.c +@@ -44,14 +44,18 @@ struct tpm_tool_ctx { + TPM2B_DIGEST cp_hash; + bool is_command_dispatch; + TPMI_ALG_HASH parameter_hash_algorithm; ++ bool autoflush; + }; + + static tpm_load_ctx ctx = { + .parameter_hash_algorithm = TPM2_ALG_ERROR, ++ .autoflush = false, + }; + + static tool_rc load(ESYS_CONTEXT *ectx) { + ++ TSS2_RC rval; ++ + /* + * If a tssprivkey was specified, load the private and public from the + * parsed TSSPEM file. +@@ -62,8 +66,20 @@ static tool_rc load(ESYS_CONTEXT *ectx) { + TPM2B_PUBLIC *to_load_pub = + ctx.is_tss_pem ? &tpm2_util_object_tsspem_pub : &ctx.object.public; + +- return tpm2_load(ectx, &ctx.parent.object, to_load_priv, to_load_pub, ++ tool_rc tmp_rc = tpm2_load(ectx, &ctx.parent.object, to_load_priv, to_load_pub, + &ctx.object.handle, &ctx.cp_hash, ctx.parameter_hash_algorithm); ++ if (tmp_rc != tool_rc_success) { ++ return tmp_rc; ++ } ++ if ((ctx.autoflush || tpm2_util_env_yes(TPM2TOOLS_ENV_AUTOFLUSH)) && ++ ctx.parent.object.path && ++ (ctx.parent.object.handle & TPM2_HR_RANGE_MASK) == TPM2_HR_TRANSIENT) { ++ rval = Esys_FlushContext(ectx, ctx.parent.object.tr_handle); ++ if (rval != TPM2_RC_SUCCESS) { ++ return tool_rc_general_error; ++ } ++ } ++ return tool_rc_success; + } + + static tool_rc process_output(ESYS_CONTEXT *ectx) { +@@ -110,7 +126,7 @@ static tool_rc process_output(ESYS_CONTEXT *ectx) { + } + + return files_save_tpm_context_to_path(ectx, ctx.object.handle, +- ctx.contextpath); ++ ctx.contextpath, ctx.autoflush); + } + + static tool_rc process_inputs(ESYS_CONTEXT *ectx) { +@@ -166,7 +182,7 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) { + if (!is_file_op_success) { + return tool_rc_general_error; + } +- ++ + is_file_op_success = files_load_private(ctx.object.privpath, + &ctx.object.private); + if (!is_file_op_success) { +@@ -281,6 +297,10 @@ static bool on_option(char key, char *value) { + case 0: + ctx.cp_hash_path = value; + break; ++ case 'R': ++ ctx.autoflush = true; ++ break; ++ + } + + return true; +@@ -296,9 +316,10 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "key-context", required_argument, 0, 'c' }, + { "parent-context", required_argument, 0, 'C' }, + { "cphash", required_argument, 0, 0 }, ++ { "autoflush", no_argument, 0, 'R' }, + }; + +- *opts = tpm2_options_new("P:u:r:n:C:c:", ARRAY_LEN(topts), topts, on_option, ++ *opts = tpm2_options_new("P:u:r:n:C:c:R", ARRAY_LEN(topts), topts, on_option, + 0, 0); + + return *opts != 0; +diff --git a/tools/tpm2_loadexternal.c b/tools/tpm2_loadexternal.c +index 2371470..7a7809f 100644 +--- a/tools/tpm2_loadexternal.c ++++ b/tools/tpm2_loadexternal.c +@@ -37,6 +37,7 @@ struct tpm_loadexternal_ctx { + char *passin; /* an optional auth string for the input key file for OSSL */ + TPM2B_SENSITIVE priv; /* Set the AUTH value for sensitive portion */ + TPM2B_PUBLIC pub; /* Load the users specified public object if specified via -u*/ ++ bool autoflush; /* Flush the object after creation of the ctx file */ + /* + * TSS Privkey related + */ +@@ -64,6 +65,7 @@ static tpm_loadexternal_ctx ctx = { + */ + .hierarchy_value = TPM2_RH_NULL, + .parameter_hash_algorithm = TPM2_ALG_ERROR, ++ .autoflush = false, + }; + + static tool_rc load_external(ESYS_CONTEXT *ectx) { +@@ -104,7 +106,7 @@ static tool_rc process_output(ESYS_CONTEXT *ectx) { + assert(ctx.name); + + rc = files_save_tpm_context_to_path(ectx, ctx.handle, +- ctx.context_file_path); ++ ctx.context_file_path, ctx.autoflush); + if (rc != tool_rc_success) { + goto out; + } +@@ -406,6 +408,9 @@ static bool on_option(char key, char *value) { + case 1: + ctx.cp_hash_path = value; + break; ++ case 'R': ++ ctx.autoflush = true; ++ break; + } + + return true; +@@ -426,9 +431,10 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "name", required_argument, 0, 'n'}, + { "passin", required_argument, 0, 0 }, + { "cphash", required_argument, 0, 1 }, ++ { "autoflush", no_argument, 0, 'R' }, + }; + +- *opts = tpm2_options_new("C:u:r:c:a:p:L:g:G:n:", ARRAY_LEN(topts), topts, ++ *opts = tpm2_options_new("C:u:r:c:a:p:L:g:G:n:R", ARRAY_LEN(topts), topts, + on_option, 0, 0); + + return *opts != 0; +diff --git a/tools/tpm2_nvcertify.c b/tools/tpm2_nvcertify.c +index 6b2cc3d..72e6047 100644 +--- a/tools/tpm2_nvcertify.c ++++ b/tools/tpm2_nvcertify.c +@@ -345,7 +345,7 @@ static tool_rc check_options(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { + * none we fall back to the old behavior of reading from a define NV index + * + * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the +- * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. ++ * tool option affords TPM2_OPTIONS_FAKE_TCTI. + * + * If NVindex name is not specified and tcti is not none, it is expected + * that the NV index is actually define. This behavior complies with the +@@ -535,7 +535,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + }; + + *opts = tpm2_options_new("C:P:c:p:g:s:f:o:q:S:n:", ARRAY_LEN(topts), topts, +- on_option, on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); ++ on_option, on_arg, TPM2_OPTIONS_FAKE_TCTI); + + return *opts != NULL; + } +diff --git a/tools/tpm2_nvdefine.c b/tools/tpm2_nvdefine.c +index 345e389..7b14b90 100644 +--- a/tools/tpm2_nvdefine.c ++++ b/tools/tpm2_nvdefine.c +@@ -190,7 +190,7 @@ static tool_rc handle_no_index_specified(ESYS_CONTEXT *ectx, TPM2_NV_INDEX *chos + capabilities = NULL; + + /* now find what NV indexes are in use */ +- rc = tpm2_getcap(ectx, TPM2_CAP_HANDLES, tpm2_util_hton_32(TPM2_HT_NV_INDEX), ++ rc = tpm2_getcap(ectx, TPM2_CAP_HANDLES, TPM2_NV_INDEX_FIRST, + TPM2_PT_NV_INDEX_MAX, NULL, &capabilities); + if (rc != tool_rc_success) { + goto out; +@@ -494,7 +494,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + }; + + *opts = tpm2_options_new("S:C:s:a:P:p:L:g:", ARRAY_LEN(topts), topts, +- on_option, on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); ++ on_option, on_arg, TPM2_OPTIONS_FAKE_TCTI); + + return *opts != NULL; + } +diff --git a/tools/tpm2_nvextend.c b/tools/tpm2_nvextend.c +index fcba07d..3cf1455 100644 +--- a/tools/tpm2_nvextend.c ++++ b/tools/tpm2_nvextend.c +@@ -282,7 +282,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + }; + + *opts = tpm2_options_new("S:C:P:i:n:", ARRAY_LEN(topts), topts, on_option, +- on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); ++ on_arg, TPM2_OPTIONS_FAKE_TCTI); + + return *opts != NULL; + } +diff --git a/tools/tpm2_nvincrement.c b/tools/tpm2_nvincrement.c +index ec4066b..c411fa6 100644 +--- a/tools/tpm2_nvincrement.c ++++ b/tools/tpm2_nvincrement.c +@@ -201,7 +201,7 @@ static tool_rc check_options(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { + * none we fall back to the old behavior of reading from a define NV index + * + * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the +- * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. ++ * tool option affords TPM2_OPTIONS_FAKE_TCTI. + * + * If NVindex name is not specified and tcti is not none, it is expected + * that the NV index is actually define. This behavior complies with the +@@ -292,7 +292,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + }; + + *opts = tpm2_options_new("C:P:S:n:", ARRAY_LEN(topts), topts, on_option, +- on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); ++ on_arg, TPM2_OPTIONS_FAKE_TCTI); + + return *opts != NULL; + } +diff --git a/tools/tpm2_nvread.c b/tools/tpm2_nvread.c +index d330c44..d1d855d 100644 +--- a/tools/tpm2_nvread.c ++++ b/tools/tpm2_nvread.c +@@ -25,6 +25,7 @@ struct tpm_nvread_ctx { + UINT32 size_to_read; + UINT32 offset; + bool is_yaml; ++ bool nv_specified; + + /* + * Outputs +@@ -207,6 +208,11 @@ static tool_rc check_options(tpm2_option_flags flags) { + return tool_rc_option_error; + } + ++ if(!ctx.nv_specified) { ++ LOG_ERR("Must specify NV index argument"); ++ return tool_rc_option_error; ++ } ++ + /* + * Peculiar to this and some other tools, the object (nvindex) name must + * be specified when only calculating the cpHash. +@@ -221,7 +227,7 @@ static tool_rc check_options(tpm2_option_flags flags) { + * none we fall back to the old behavior of reading from a define NV index + * + * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the +- * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. ++ * tool option affords TPM2_OPTIONS_FAKE_TCTI. + * + * If NVindex name is not specified and tcti is not none, it is expected + * that the NV index is actually define. This behavior complies with the +@@ -281,7 +287,8 @@ static bool on_arg(int argc, char **argv) { + if (!ctx.auth_hierarchy.ctx_path) { + ctx.auth_hierarchy.ctx_path = argv[0]; + } +- return on_arg_nv_index(argc, argv, &ctx.nv_index); ++ ++ return ctx.nv_specified = on_arg_nv_index(argc, argv, &ctx.nv_index); + } + + static bool on_option(char key, char *value) { +@@ -361,7 +368,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + }; + + *opts = tpm2_options_new("C:s:o:P:n:S:", ARRAY_LEN(topts), topts, on_option, +- on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); ++ on_arg, TPM2_OPTIONS_FAKE_TCTI); + + if (ctx.is_yaml) { + ctx.offset = 0; +diff --git a/tools/tpm2_nvreadlock.c b/tools/tpm2_nvreadlock.c +index 5b2234a..387e6f3 100644 +--- a/tools/tpm2_nvreadlock.c ++++ b/tools/tpm2_nvreadlock.c +@@ -186,7 +186,7 @@ static tool_rc check_options(tpm2_option_flags flags) { + * none we fall back to the old behavior of reading from a define NV index + * + * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the +- * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. ++ * tool option affords TPM2_OPTIONS_FAKE_TCTI. + * + * If NVindex name is not specified and tcti is not none, it is expected + * that the NV index is actually define. This behavior complies with the +@@ -278,7 +278,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + }; + + *opts = tpm2_options_new("C:P:S:n:", ARRAY_LEN(topts), topts, on_option, +- on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); ++ on_arg, TPM2_OPTIONS_FAKE_TCTI); + + return *opts != NULL; + } +diff --git a/tools/tpm2_nvreadpublic.c b/tools/tpm2_nvreadpublic.c +index 876b657..190749c 100644 +--- a/tools/tpm2_nvreadpublic.c ++++ b/tools/tpm2_nvreadpublic.c +@@ -23,7 +23,7 @@ struct tpm2_nvreadpublic_ctx { + * Outputs + */ + TPM2B_NV_PUBLIC **nv_public_list; +- ++ + /* + * Parameter hashes + */ +@@ -210,13 +210,13 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) { + */ + if (ctx.nv_index == 0 && ctx.is_command_dispatch) { + rc = tpm2_getcap(ectx, TPM2_CAP_HANDLES, +- TPM2_HT_NV_INDEX << 24, TPM2_PT_NV_INDEX_MAX, NULL, ++ TPM2_NV_INDEX_FIRST, TPM2_PT_NV_INDEX_MAX, NULL, + &ctx.capability_data); + if (rc != tool_rc_success) { + return rc; + } + } +- ++ + if (ctx.nv_index != 0 || !ctx.is_command_dispatch) { + /* + * This path is taken for calculating cpHash as NV index cannot be 0 +@@ -236,7 +236,7 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) { + * Individual index NV public structure is allocated by Esys_NV_ReadPublic. + */ + ctx.nv_public_list = +- malloc(ctx.capability_data->data.handles.count * sizeof(TPM2B_NV_PUBLIC*)); ++ calloc(ctx.capability_data->data.handles.count, sizeof(TPM2B_NV_PUBLIC*)); + /* + * When calculating cpHash only, Esys_NV_Readpublic isn't invoked and so + * allocate space for one index. +@@ -291,7 +291,7 @@ static tool_rc check_options(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { + * none we fall back to the old behavior of reading from a define NV index + * + * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the +- * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. ++ * tool option affords TPM2_OPTIONS_FAKE_TCTI. + * + * If NVindex name is not specified and tcti is not none, it is expected + * that the NV index is actually define. This behavior complies with the +@@ -381,7 +381,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + }; + + *opts = tpm2_options_new("S:n:", ARRAY_LEN(topts), topts, on_option, on_arg, +- TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); ++ TPM2_OPTIONS_FAKE_TCTI); + + return *opts != 0; + } +@@ -432,7 +432,9 @@ static tool_rc tpm2_tool_onstop(ESYS_CONTEXT *ectx) { + uint32_t i = 0; + if (ctx.capability_data) { + for (i = 0; i < ctx.capability_data->data.handles.count; i++) { +- free(ctx.nv_public_list[i]); ++ if (ctx.nv_public_list[i]) { ++ free(ctx.nv_public_list[i]); ++ } + } + free(ctx.capability_data); + } +diff --git a/tools/tpm2_nvsetbits.c b/tools/tpm2_nvsetbits.c +index 8665b16..841753a 100644 +--- a/tools/tpm2_nvsetbits.c ++++ b/tools/tpm2_nvsetbits.c +@@ -283,7 +283,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + }; + + *opts = tpm2_options_new("C:P:i:S:n:", ARRAY_LEN(topts), topts, on_option, +- on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); ++ on_arg, TPM2_OPTIONS_FAKE_TCTI); + + return *opts != NULL; + } +diff --git a/tools/tpm2_nvundefine.c b/tools/tpm2_nvundefine.c +index 62086c6..3e8e77e 100644 +--- a/tools/tpm2_nvundefine.c ++++ b/tools/tpm2_nvundefine.c +@@ -265,7 +265,7 @@ static tool_rc check_options(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { + * none we fall back to the old behavior of reading from a define NV index + * + * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the +- * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. ++ * tool option affords TPM2_OPTIONS_FAKE_TCTI. + * + * If NVindex name is not specified and tcti is not none, it is expected + * that the NV index is actually define. This behavior complies with the +@@ -413,7 +413,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + }; + + *opts = tpm2_options_new("C:P:S:n:", ARRAY_LEN(topts), topts, on_option, +- on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); ++ on_arg, TPM2_OPTIONS_FAKE_TCTI); + + return *opts != NULL; + } +diff --git a/tools/tpm2_nvwrite.c b/tools/tpm2_nvwrite.c +index ec7f238..e29ca8a 100644 +--- a/tools/tpm2_nvwrite.c ++++ b/tools/tpm2_nvwrite.c +@@ -295,7 +295,7 @@ static tool_rc check_options(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { + * none we fall back to the old behavior of reading from a define NV index + * + * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the +- * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. ++ * tool option affords TPM2_OPTIONS_FAKE_TCTI. + * + * If NVindex name is not specified and tcti is not none, it is expected + * that the NV index is actually define. This behavior complies with the +@@ -432,7 +432,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + }; + + *opts = tpm2_options_new("C:P:i:S:n:", ARRAY_LEN(topts), topts, on_option, +- on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); ++ on_arg, TPM2_OPTIONS_FAKE_TCTI); + + return *opts != NULL; + } +diff --git a/tools/tpm2_nvwritelock.c b/tools/tpm2_nvwritelock.c +index d0591b3..52be0be 100644 +--- a/tools/tpm2_nvwritelock.c ++++ b/tools/tpm2_nvwritelock.c +@@ -59,7 +59,7 @@ static tpm_nvwritelock_ctx ctx = { + static tool_rc nv_writelock(ESYS_CONTEXT *ectx) { + + return ctx.global_writelock ? +- ++ + tpm2_nvglobalwritelock(ectx, &ctx.auth_hierarchy.object, &ctx.cp_hash, + &ctx.rp_hash, ctx.parameter_hash_algorithm, + ctx.aux_session_handle[0], ctx.aux_session_handle[1]) : +@@ -214,7 +214,7 @@ static tool_rc check_options(tpm2_option_flags flags) { + * none we fall back to the old behavior of reading from a define NV index + * + * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the +- * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. ++ * tool option affords TPM2_OPTIONS_FAKE_TCTI. + * + * If NVindex name is not specified and tcti is not none, it is expected + * that the NV index is actually define. This behavior complies with the +@@ -313,7 +313,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + }; + + *opts = tpm2_options_new("C:P:S:n:", ARRAY_LEN(topts), topts, on_option, +- on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); ++ on_arg, TPM2_OPTIONS_FAKE_TCTI); + + return *opts != NULL; + } +diff --git a/tools/tpm2_pcrallocate.c b/tools/tpm2_pcrallocate.c +index d2a5c3d..798d433 100644 +--- a/tools/tpm2_pcrallocate.c ++++ b/tools/tpm2_pcrallocate.c +@@ -128,7 +128,7 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) { + */ + if (ctx.user_pcr_alloc_str) { + bool result = pcr_parse_selections(ctx.user_pcr_alloc_str, +- &ctx.pcr_selection); ++ &ctx.pcr_selection, NULL); + if (!result) { + LOG_ERR("Could not parse pcr selections"); + return tool_rc_general_error; +diff --git a/tools/tpm2_pcrread.c b/tools/tpm2_pcrread.c +index d8c31d2..4248cbe 100644 +--- a/tools/tpm2_pcrread.c ++++ b/tools/tpm2_pcrread.c +@@ -84,7 +84,7 @@ static tool_rc process_outputs(ESYS_CONTEXT *ectx) { + success = pcr_fwrite_values(&ctx.pcr_selections, &ctx.pcrs, + ctx.output_file); + } +- ++ + if (ctx.format == pcrs_output_format_serialized) { + success = pcr_fwrite_serialized(&ctx.pcr_selections, &ctx.pcrs, + ctx.output_file); +@@ -202,7 +202,7 @@ static bool on_arg(int argc, char *argv[]) { + ctx.selected_algorithm = tpm2_alg_util_from_optarg(argv[0], + tpm2_alg_util_flags_hash); + if (ctx.selected_algorithm == TPM2_ALG_ERROR) { +- bool res = pcr_parse_selections(argv[0], &ctx.pcr_selections); ++ bool res = pcr_parse_selections(argv[0], &ctx.pcr_selections, NULL); + if (!res) { + LOG_ERR("Neither algorithm nor pcr list, got: \"%s\"", argv[0]); + return false; +diff --git a/tools/tpm2_pcrreset.c b/tools/tpm2_pcrreset.c +index 7bb9d6f..69ba96c 100644 +--- a/tools/tpm2_pcrreset.c ++++ b/tools/tpm2_pcrreset.c +@@ -175,7 +175,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { + { "cphash", required_argument, 0, 0}, + + }; +- ++ + *opts = tpm2_options_new(NULL, ARRAY_LEN(topts), topts, on_option, on_arg, + 0); + return *opts != NULL; +diff --git a/tools/tpm2_policypcr.c b/tools/tpm2_policypcr.c +index da95916..afb508f 100644 +--- a/tools/tpm2_policypcr.c ++++ b/tools/tpm2_policypcr.c +@@ -14,6 +14,7 @@ struct tpm2_policypcr_ctx { + const char *session_path; + const char *raw_pcrs_file; + TPML_PCR_SELECTION pcr_selection; ++ struct tpm2_forwards forwards; + const char *policy_out_path; + TPM2B_DIGEST *raw_pcr_digest; + tpm2_session *session; +@@ -55,7 +56,8 @@ static bool on_option(char key, char *value) { + ctx.raw_pcrs_file = value; + break; + case 'l': { +- bool result = pcr_parse_selections(value, &ctx.pcr_selection); ++ bool result = pcr_parse_selections(value, &ctx.pcr_selection, ++ &ctx.forwards); + if (!result) { + LOG_ERR("Could not parse PCR selections"); + return false; +@@ -110,7 +112,7 @@ static tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { + } + + rc = tpm2_policy_build_pcr(ectx, ctx.session, ctx.raw_pcrs_file, +- &ctx.pcr_selection, ctx.raw_pcr_digest); ++ &ctx.pcr_selection, ctx.raw_pcr_digest, &ctx.forwards); + if (rc != tool_rc_success) { + LOG_ERR("Could not build pcr policy"); + return rc; +diff --git a/tools/tpm2_policyrestart.c b/tools/tpm2_policyrestart.c +index 40a1d52..af41e5b 100644 +--- a/tools/tpm2_policyrestart.c ++++ b/tools/tpm2_policyrestart.c +@@ -108,7 +108,7 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) { + + ctx.parameter_hash_algorithm = tpm2_util_calculate_phash_algorithm(ectx, + cphash_path, &ctx.cp_hash, 0, 0, all_sessions); +- ++ + /* + * 4.b Determine if TPM2_CC_ is to be dispatched + */ +diff --git a/tools/tpm2_policysecret.c b/tools/tpm2_policysecret.c +index 8c1d65c..13a7858 100644 +--- a/tools/tpm2_policysecret.c ++++ b/tools/tpm2_policysecret.c +@@ -94,7 +94,7 @@ static tool_rc process_output(ESYS_CONTEXT *ectx) { + is_file_op_success = files_save_bytes_to_file( + ctx.policy_timeout_path, ctx.timeout->buffer, + ctx.timeout->size); +- ++ + if (!is_file_op_success) { + LOG_ERR("Failed to save timeout to file."); + return tool_rc_general_error; +@@ -108,7 +108,7 @@ static tool_rc process_output(ESYS_CONTEXT *ectx) { + } else { + is_file_op_success = files_save_authorization_ticket( + ctx.policy_ticket, ctx.policy_ticket_path); +- ++ + if (!is_file_op_success) { + LOG_ERR("Failed to save auth ticket"); + return tool_rc_general_error; +@@ -144,7 +144,7 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) { + if (rc != tool_rc_success) { + return rc; + } +- ++ + rc = tpm2_session_restore(ectx, ctx.extended_session_path, false, + &ctx.extended_session); + if (rc != tool_rc_success) { +diff --git a/tools/tpm2_quote.c b/tools/tpm2_quote.c +index 81d161b..c0758ff 100644 +--- a/tools/tpm2_quote.c ++++ b/tools/tpm2_quote.c +@@ -309,7 +309,7 @@ static bool on_option(char key, char *value) { + ctx.key.auth_str = value; + break; + case 'l': +- result = pcr_parse_selections(value, &ctx.pcr_selections); ++ result = pcr_parse_selections(value, &ctx.pcr_selections, NULL); + if (!result) { + LOG_ERR("Could not parse pcr selections, got: \"%s\"", value); + return false; +diff --git a/tools/tpm2_send.c b/tools/tpm2_send.c +index 94936a0..a4da569 100644 +--- a/tools/tpm2_send.c ++++ b/tools/tpm2_send.c +@@ -44,7 +44,7 @@ static int read_command_from_file(FILE *f, tpm2_command_header **c, + return 0; + } + +- tpm2_command_header *header = tpm2_command_header_from_bytes(buffer); ++ const tpm2_command_header *header = tpm2_command_header_from_bytes(buffer); + + UINT32 command_size = tpm2_command_header_get_size(header, true); + UINT32 data_size = tpm2_command_header_get_size(header, false); +@@ -70,8 +70,8 @@ static int read_command_from_file(FILE *f, tpm2_command_header **c, + LOG_INFO("command code: 0x%08x", tpm2_command_header_get_code(command)); + + ret = fread(command->data, data_size, 1, f); +- if (ret != 1 && ferror(f)) { +- LOG_ERR("Failed to read command body: %s", strerror (errno)); ++ if (ret != 1) { ++ LOG_ERR("Failed to read command body: %s", feof(f) ? "EOF" : strerror (errno)); + free(command); + return -1; + } +@@ -84,7 +84,7 @@ static int read_command_from_file(FILE *f, tpm2_command_header **c, + + static bool write_response_to_file(FILE *f, UINT8 *rbuf) { + +- tpm2_response_header *r = tpm2_response_header_from_bytes(rbuf); ++ const tpm2_response_header *r = tpm2_response_header_from_bytes(rbuf); + + UINT32 size = tpm2_response_header_get_size(r, true); + +diff --git a/tools/tpm2_startauthsession.c b/tools/tpm2_startauthsession.c +index af57825..1089455 100644 +--- a/tools/tpm2_startauthsession.c ++++ b/tools/tpm2_startauthsession.c +@@ -337,7 +337,7 @@ static tool_rc process_input_data(ESYS_CONTEXT *ectx) { + + if (ctx.session.bind.bind_context_auth_str) { + TPM2B_AUTH authvalue = { 0 }; +- bool result = handle_str_password( ++ bool result = handle_password( + ctx.session.bind.bind_context_auth_str, &authvalue); + if (!result) { + return tool_rc_general_error; +diff --git a/tools/tpm2_tool.c b/tools/tpm2_tool.c +index 042e20a..669d6e8 100644 +--- a/tools/tpm2_tool.c ++++ b/tools/tpm2_tool.c +@@ -3,6 +3,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -149,7 +150,8 @@ int main(int argc, char **argv) { + */ + umask(0117); + +- bool is_str_tpm2 = (strcmp(argv[0], "tpm2") == 0); ++ char *argv0 = basename(argv[0]); ++ bool is_str_tpm2 = (strcmp(argv0, "tpm2") == 0); + + bool is_one_opt_specified = (argc == 2 && is_str_tpm2); + +diff --git a/tools/tpm2_unseal.c b/tools/tpm2_unseal.c +index 24968b3..0029341 100644 +--- a/tools/tpm2_unseal.c ++++ b/tools/tpm2_unseal.c +@@ -51,7 +51,7 @@ static tpm_unseal_ctx ctx = { + .parameter_hash_algorithm = TPM2_ALG_ERROR, + }; + +-tool_rc unseal(ESYS_CONTEXT *ectx) { ++static tool_rc unseal(ESYS_CONTEXT *ectx) { + + /* + * 1. TPM2_CC_ OR Retrieve cpHash +-- +2.41.0 + diff --git a/tpm2-tools-5.5.tar.gz b/tpm2-tools-5.5.tar.gz deleted file mode 100644 index 127cb3e84f1566940f0b0377181abb6dd86820be..0000000000000000000000000000000000000000 Binary files a/tpm2-tools-5.5.tar.gz and /dev/null differ diff --git a/tpm2-tools-5.7.tar.gz b/tpm2-tools-5.7.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..f17f25a430877cb5d14585a3ced3004b1fb52c31 Binary files /dev/null and b/tpm2-tools-5.7.tar.gz differ diff --git a/tpm2-tools.spec b/tpm2-tools.spec index 8c63723d2b574d873bd3aec35e17dc72223977d7..1329f4d8112ba74b58b33a2ce851a1ebfa4447e1 100644 --- a/tpm2-tools.spec +++ b/tpm2-tools.spec @@ -1,7 +1,7 @@ -%define anolis_release 2 +%define anolis_release 1 Name: tpm2-tools -Version: 5.5 +Version: 5.7 Release: %{anolis_release}%{?dist} Summary: A bunch of TPM testing toolS build upon tpm2-tss @@ -10,6 +10,7 @@ URL: https://github.com/tpm2-software/tpm2-tools Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/%{name}-%{version}.tar.gz Patch0: 0001-revert-sm2-sign-and-verifysignature.patch +Patch1: 0001-Fix-CVE-2024-29038.patch BuildRequires: make BuildRequires: gcc-c++ @@ -22,6 +23,7 @@ BuildRequires: pkgconfig(tss2-mu) >= 3.1.0 BuildRequires: pkgconfig(tss2-sys) >= 3.1.0 BuildRequires: pkgconfig(tss2-esys) >= 3.1.0 BuildRequires: pkgconfig(uuid) +BuildRequires: pandoc # tpm2-tools is heavily depending on TPM2.0-TSS project, matched tss is required Requires: tpm2-tss >= 3.1.0 @@ -63,6 +65,9 @@ Doc files for %{name} %doc docs/README.md docs/CHANGELOG.md %changelog +* Wed Jul 3 2024 Cui lichen -5.7-1 +- Fix CVE-2024-29038 + * Thu Dec 28 2023 chench -5.5-2 - revert sm2 sign and verifysignature from upstream