tpm2_ptool: How to delete primaries

To remove a TPM primary object, start by displaying all primaries using the tpm2_ptool listprimaries command. This will output a list of available primaries along with their IDs.

$ tpm2_ptool listprimaries
- config:
    esys-tr: 810000000022000b02109599b4eb448cb9131343102bb42f280cc154b054ce8ad59c41f9bc582a5000000001011a0001000b00030072000000060080004300100800000000000100f1005e20a1c617cfdf3cecf38f44e34fdf20519f622e6f99ba93b24fa441b554a20267f3d598d91958dbb56c2580228aed0ada3e50f026326fc000464c43e4fb5c0f8b610c6463fcafcd3ea51a8e80fda2f6805b5a9c2ff13d0548d729f567385df2d005b6a2964cc394e10a42e06fba0ea4c8c6e8cc609783fec51f3dd75162c1b04da4468cff2a5a73818cf51db48713ca85074fbc6a3579cc48e941ac31b9a1ca75d88a5d8b2c1fe736a4743d7e29ae87bb8a09563ac3656a5c1ddf0d6e5c5280af9538947d7560e1608eb5cb1e7ae7a4f417f30c491802bde5641d47f22bed528c49ad52a9c431a5087a1bfc811b0c29955f8c35ea63835318540b67e91f
    transient: false
  id: 1

The relevant information is id: 1 at the end of the output.

If you intend to erase the primary with ID 1, please double-check your decision. This process cannot be undone and will permanently delete all related objects and data.

tpm2_ptool destroy --pid 1

This will ask you to confirm the deletion. You will need to type y to proceed with the removal.

$ tpm2_ptool destroy --pid 1
This will delete the primary object of id "1" and all associated data from db under "/home/user/.tpm2_pkcs11" [y/N]

Once the command completes, you can confirm the removal by running tpm2_ptool listprimaries again.

$ tpm2_ptool listprimaries

If nothing is listed, it means there are no remaining primaries.

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee