tpm2_ptool: How to delete a token

If you have a TPM token you want to delete, first use the tpm2_ptool listtokens --pid 1 command to list the tokens. Use the --pid option to specify the primary (tpm2_ptool listprimaries, typically 1).

$ tpm2_ptool listtokens --pid 1
- id: 1
  label: ssh

In case you want to delete the token with the label ssh, first you really need to be sure that you want to delete this token. This action is irreversible and will remove all keys and data associated with the token.

tpm2_ptool rmtoken --label ssh

After that, use the tpm2_ptool listtokens --pid 1 command again to verify that the token has been deleted.

$ tpm2_ptool listtokens --pid 1

Empty output indicates that no token has been found.