What does "the -I option" mean?
I believe you created an index with both ownerwrite/authwrite set, right?
This below is incorrect, if you're setting ownerwrite attribute, then you don't
need to provide index auth/password. You can directly write it if you have owner auth
> . I'm also setting the attribute ownerwrite for the index so
the index can be written only if one knows the index password
Andreas answer is correct, TPM2_NV_ChangeAuth() is used to change index auth/password.
From: tpm2 [mailto:email@example.com] On Behalf Of Fuchs, Andreas
Sent: Wednesday, September 19, 2018 10:37 PM
To: Scheie, Peter M <Petre.Scheie(a)gd-ms.com>; tpm2(a)lists.01.org
Subject: Re: [tpm2] Any way to change NVRAM index password?
The normal anser:
It's complicated and requires quite some thought, so release+define is probably
The TPM-nerd answer:
The TPM-function for this is TPM2_NV_ChangeAuth, but it requires a policy-session and you
must have defined a policy with PolicyCommandCode(TPM2_CC_NV_CHANGEAUTH), since it's
an admin auth.
From: tpm2 [tpm2-bounces(a)lists.01.org] on behalf of Scheie, Peter M
Sent: Wednesday, September 19, 2018 14:47
Subject: [tpm2] Any way to change NVRAM index password?
When I define an NVRAM index using tpm2_nvdefine, one thing I set is the index password
with the -I option. I'm also setting the attribute ownerwrite for the index so the
index can be written only if one knows the index password. Is there any way to change
this password after I've set it, or do I have to remove the whole index
(tpm2_nvrelease) and recreate it with the new password?