lcp2_crtpollist - Man Page

create an Intel(R) TXT policy list

Synopsis

lcp2_crtpollist COMMAND [OPTION]

Description

lcp2_crtpollist is used to create an Intel(R) TXT policy list.

Options

--create

Create a TXT policy list. The following options are available:

--listver ver

policy list version. Supported values are: 0x100 (legacy LCP_POLICY_LIST),  0x200, 0x201 (legacy LCP_POLICY_LIST2) and 0x300 (current LCP_POLICY_LIST2_1).

--out file

output file for policy list

[file]...

policy element files (created with the lcp2_crpolelt command).

--sign

Sign a TXT policy list.

--sigalg <rsa|rsapss|ecdsa|sm2>

Signature algorithm. Lists version 0x100 only support rsa (rsa pkcs 1.5). Lists  version 0x200 and 0x201 support rsa (rsa pkcs 1.5) and ecdsa. Lists version 0x300  support rsapss and ecdsa.

--hashalg <sha1|sha256|sha384|sha512|sm2>

Hash algorightm used for signing a list. Lists version 0x100 only support SHA1.

--pub file

Public key to use, must be in PEM format.

[--priv file]

Private key to use, must be in PEM format. This option is required unless you use the --nosig option

[--rev counter]

Revocation counter value

[--nosig]

Don't add a SigBlock. This option is ignored if list is version 0x300.

--out file

Policy list file (input and output)

--addsig

Add a signature. This option is ignored if list is version 0x300.

--sig file

File containing signature (big-endian)

--out file

Policy list file

--show file

Show contents of a policy file

--verify file

Verify policy version 0x300 file.

--version

Show tool version.

--help

Print out the tool's help message.

--verbose

Enable verbose output; can be specified with any command.

Examples

Create unsigned policy list with MLE element:

lcp2_crtpollist --create --out list.lst mle.elt

Sign policy:

lcp2_crtpollist --sign --sigalg rsa --pub pubkey.pem --priv privkey.pem --out list.lst

See Also

Full documentation of MLE, Intel(R) TXT and LCP is available in Intel(R) TXT Measured Launch Environment Deleveloper's Guide, available at:  http://www.intel.com/content/www/us/en/software-developers/intel-txt-software-development-guide.html

lcp2_crtpol(8), lcp2_crtpolelt(8), lcp2_mlehash(8), openssl(1).

Referenced By

lcp2_crtpol(8), lcp2_crtpolelt(8), lcp2_mlehash(8).

2020-05-10 tboot User Manuals