TPM2-ABRMD(8)                 TPM2 Software Stack                TPM2-ABRMD(8)

       tpm2-abrmd - TPM2 access broker and resource management daemon

       tpm2-abrmd [-m][-e][-i][-o][-l logger-
       name][-r][-s][-g /dev/urandom][-t conf]

       tpm2-abrmd is a daemon that implements the TPM access broker and
       resource manager as described by the Trusted Computing Group (TGC) in
       the “TSS System Level API and TPM Command Transmission Interface
       Specification”.  This daemon uses the DBus system bus and some pipes to
       communicate with clients.

       -t, --tcti
              Provide the daemon with a string that describes the TCTI and how
              to configure it for communication with the next component down
              the TSS2 stack. This string is formatted as "tcti-name:tcti-
              conf" where:

                     The name of the TCTI library shared object file.
                     Libraries are found using the same algorithm as dlopen
                     (3). If the TCTI library file name follows the naming
                     convention: libtss2-tcti-<name>.so.0 where <name> is the
                     name for the TCTI, the value of <name> may be supplied in
                     place of the full library file name. See 'EXAMPLES'

                     The configuration string passed to the TCTI library upon

              If this option is omitted (or a NULL string provided) then a
              default TCTI is used in it's default configuration. If the
              string does not contain a colon then it will be interpreted as
              only the 'tcti-name'. To provide only the configuration string
              (using the default TCTI) then the first character in the string
              passed to this option must be a colon followed by the
              configuration string. See examples below.

       -o, --allow-root
              Allow daemon to run as root. If this option is not provided the
              daemon will refused to run as the root user. Use of this option
              is not recommended.

       -m, --max-connections
              Set an upper bound on the number of concurrent client
              connections allowed.  Once this number of client connections is
              reached new connections will be rejected with an error.

       -f, --flush-all
              Flush all objects and sessions when daemon is started.

       -l, --logger
              Direct logging output to named logging target. Supported targets
              are stdout and syslog. If the logger option is not specified the
              default is stdout.

       -e, --max-sessions
              Set and upper bound on the number of sessions that each client
              connection is allowed to create (loaded or active) at any one

       -r, --max-transients
              Set an upper bound on the number of transient objects that each
              client connection allowed to load. Once this number of objects
              is reached attempts to load new transient objects will produce
              an error.

       -n, --dbus-name
              Claim the given name on dbus. This option overrides the default

       -g, --prng-seed-file
              Read seed for pseudo-random number generator from the provided

       -s, --session
              Connect daemon to the session dbus. This option overrides the
              default behavior.

       -v, --version
              Display version string.

       Execute daemon with default TCTI and options:

       Execute daemon with default TCTI and provided config string:
          tpm2-abrmd --tcti=":/dev/tpm0"

       This is equivalent to:
          tpm2-abrmd --tcti="device:/dev/tpm0"
          tpm2-abrmd --tcti=""

       Have daemon use Microsoft/IBM TPM2 Simulator tcti library
          This connects to a TPM2 simulator via a TCP mssim.
          tpm2-abrmd --tcti="mssim"
          tpm2-abrmd --tcti=""

       Have daemon use tcti library '' and config
          tpm2-abrmd --tcti=mssim:host=,port=5555"
          tpm2-abrmd --tcti=",port=5555"

       Philip Tricca <>


       This page is part of the 2.3.2 release of Intel's TPM2 Access Broker &
       Resource Management Daemon. A description of the project, information
       about reporting bugs, and the latest version of this page can be found

Intel                             March 2018                     TPM2-ABRMD(8)