lcp_crtpolelt (8) - Linux Manuals

lcp_crtpolelt: create an Intel(R) TXT policy element of specified type.

NAME

lcp_crtpolelt - create an Intel(R) TXT policy element of specified type.

SYNOPSIS

lcp_crtpolelt COMMAND [OPTION]

DESCRIPTION

lcp_crtpolelt is used to create an Intel(R) TXT policy element of specified type.

OPTIONS

--create

create an policy element

--type type

type of element; must be first option; see below for type strings and their options

--out file

output file name

[--ctrl pol-elt-ctr1]

PolEltControl field (hex or decimal)

--show file

show policy element

--verbose

enable verbose output; can be specified with any command

--help

print out the help message

Available type options:

mle [--minver ver]

minimum version of SINIT

mle [file1][file2]...

one or more files containing MLE hash(es); each file can contain multiple hashes

pconf [file1][file2]...

one or more files containing PCR numbers and the desired digest of each; each file will be a PCONF

custom [--uuid UUID]

UUID in format: {0xaabbccdd, 0xeeff, 0xgghh, 0xiijj, {0xkk 0xll, 0xmm, 0xnn, 0xoo, 0xpp}} or "--uuid tboot" to use default

custom [file]

file containing element data

EXAMPLES

Create an MLE element:

1	lcp_mlehash -c "logging=serial,vga,memory" /boot/tboot.gz > mle-hash
2	lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 17 --out mle.elt mle-hash

Create a PCONF element:

1	cat /sys/devices/platform/tpm_tis/pcrs | grep -e PCR-00 -e PCR-01 > pcrs
2	lcp_crtpolelt --create --type pconf --out pconf.elt pcrs

Create an SBIOS element:

1	Create hash file containing BIOS hash(es), e.g. named sbios-hash
2	lcp_crtpolelt --create --type sbios --out sbios.elt sbios-hash

Create a CUSTOM element:

1	Create or determine the UUID that will identify this data format (e.g. using uuidgen(1)).
2	Create the data file that will be placed in this element (e.g. the policy file from tb_polgen(8)).
3	lcp_crtpolelt --create --type custom --out custom.elt --uuid uuid-value data-file