lcp2_crtpollist - Man Page

create an Intel(R) TXT policy list

Synopsis

lcp2_crtpollist COMMAND [OPTION]

lcp2_crtpollist is used to create an Intel(R) TXT policy list.

Create a TXT policy list. The following options are available:

--listver ver: policy list version. Supported values are: 0x100 (legacy LCP_POLICY_LIST), 0x200, 0x201 (legacy LCP_POLICY_LIST2) and 0x300 (current LCP_POLICY_LIST2_1).
--out file: output file for policy list
[file]...: policy element files (created with the lcp2_crpolelt command).

Sign a TXT policy list.

--sigalg <rsa|rsapss|ecdsa|sm2>: Signature algorithm. Lists version 0x100 only support rsa (rsa pkcs 1.5). Lists version 0x200 and 0x201 support rsa (rsa pkcs 1.5) and ecdsa. Lists version 0x300 support rsapss and ecdsa.
--hashalg <sha1|sha256|sha384|sha512|sm2>: Hash algorithm used for signing a list. Lists version 0x100 only support SHA1.
--pub file: Public key to use, must be in PEM format.
[--priv file]: Private key to use, must be in PEM format. This option is required unless you use the --nosig option
[--rev counter]: Revocation counter value
[--nosig]: Don't add a SigBlock. This option is ignored if list is version 0x300.
--out file: Policy list file (input and output)

Add a signature. This option is ignored if list is version 0x300.

--show file

Show contents of a policy file

Verify policy version 0x300 file.

Show tool version.

Print out the tool's help message.

Enable verbose output; can be specified with any command.

Create unsigned policy list with MLE element:

lcp2_crtpollist --create --out list.lst mle.elt

Sign policy:

lcp2_crtpollist --sign --sigalg rsa --pub pubkey.pem --priv privkey.pem --out list.lst

2020-05-10 tboot User Manuals