lcp_crtpolelt man page

lcp_crtpolelt — create an Intel(R) TXT policy element of specified type.

Synopsis

lcp_crtpolelt COMMAND [OPTION]

lcp_crtpolelt is used to create an Intel(R) TXT policy element of specified type.

create an policy element

--type type: type of element; must be first option; see below for type strings and their options
--out file: output file name
[--ctrl pol-elt-ctr1]: PolEltControl field (hex or decimal)

--show file

show policy element

enable verbose output; can be specified with any command

print out the help message

mle [--minver ver]: minimum version of SINIT
mle [file1][file2]...: one or more files containing MLE hash(es); each file can contain multiple hashes
pconf [file1][file2]...: one or more files containing PCR numbers and the desired digest of each; each file will be a PCONF
custom [--uuid UUID]: UUID in format: {0xaabbccdd, 0xeeff, 0xgghh, 0xiijj, {0xkk 0xll, 0xmm, 0xnn, 0xoo, 0xpp}} or "--uuid tboot" to use default
custom [file]: file containing element data

1	lcp_mlehash -c "logging=serial,vga,memory" /boot/tboot.gz > mle-hash
2	lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 17 --out mle.elt mle-hash

1	cat /sys/devices/platform/tpm_tis/pcrs \| grep -e PCR-00 -e PCR-01 > pcrs
2	lcp_crtpolelt --create --type pconf --out pconf.elt pcrs

1	Create hash file containing BIOS hash(es), e.g. named sbios-hash
2	lcp_crtpolelt --create --type sbios --out sbios.elt sbios-hash

1	Create or determine the UUID that will identify this data format (e.g. using uuidgen(1)).
2	Create the data file that will be placed in this element (e.g. the policy file from tb_polgen(8)).
3	lcp_crtpolelt --create --type custom --out custom.elt --uuid uuid-value data-file

2011-12-31 tboot User Manuals