Script to provision the TPM before control is handed off to the VM. TPM2TOOLS_TCTI will be provided to configure tpm2-tools to use the swtpm instance transparently. TCTI is also provided as a generic value, consumer is expected to re-export it however it may need (TPM2OPENSSL_TCTI, TPM2_PKCS11_TCTI, …).

null

tpm2_nvdefine 0xcafecafe \
  -C o \
  -a "ownerread|policyread|policywrite|ownerwrite|authread|authwrite"
echo "foobar" | tpm2_nvwrite 0xcafecafe -C o