tss2_authorizepolicy(1) -

       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)

       This  collection  of  options are common to all tss2 programs and provide information that many users may
       expect.

       • -h, --help[man|no-man]: Display the tools manpage.  By default, it attempts to invoke the manpager for
         the tool, however, on failure will output a short tool summary.  This is the same behavior if the “man”
         option argument is specified, however if explicit “man” is requested, the tool will provide errors from
         man on stderr.  If the “no-man” option if specified, or the manpager fails, the short options  will  be
         output to stdout.

         To  successfully  use  the  manpages  feature  requires the manpages to be installed or on MANPATH, See
         man(1) for more details.

       • -v, --version: Display version information for this tool, supported tctis and exit.

tss2_authorizepolicy(1) - This command signs a given policy with a given key such that the policy can  be
       referenced  from  other policies that contain a corresponding PolicyAuthorize elements.  The signature is
       done using the TPM signing schemes as specified in the cryptographic profile (cf., fapi-profile(5)).

              tss2_authorizepolicy --keyPath=HS/SRK/myPolicySignKey --policyPath=/policy/pcr-policy --policyRef=policyRef.file

       See the Mailing List (https://lists.linuxfoundation.org/mailman/listinfo/tpm2)

tpm2-tools                                         APRIL 2019                            tss2_authorizepolicy(1)

tss2_authorizepolicy(1) -

       These are the available options:

       • -P, --policyPath=STRING: Path of the new policy.

         A policyPath is composed of two elements, separated by “/”.  A policyPath starts with  “/policy”.   The
         second path element identifies the policy or policy template using a meaningful name.

       • -p, --keyPath=STRING: Path of the signing key.

       • -r, --policyRef=FILENAME or - (for stdin): A byte buffer to be included in the signature.  Optional pa‐
         rameter.

       0 on success or 1 on failure.

fapi-config(5)  to adjust Fapi parameters like the used cryptographic profile and TCTI or directories for
       the Fapi metadata storages.

       fapi-profile(5) to determine the cryptographic algorithms and parameters for all keys and operations of a
       specific TPM interaction like the name hash algorithm, the asymmetric signature algorithm, scheme and pa‐
       rameters and PCR bank selection.

tss2_authorizepolicy [OPTIONS]