lcp_mlehash man page
lcp_mlehash — generate a SHA-1 hash of a TXT MLE binary file suitable for use in a TXT launch control policy
lcp_mlehash [-v] [-c cmdline] [-h] mle-file
lcp_mlehash is used to generate a SHA-1 hash of the portion of an executable file that contains the Intel® TXT measured launched environment (MLE). In the MLE binary file, the portion of the file to be used as the MLE is specified in the MLE header structure. If verbose mode is not used, the output is suitable for use as the mle-file to the lcp_crtpol and lcp_crtpolelt commands.
File name of the MLE binary. If it is a gzip file then it will be un-ziped before hashing.
Verbose mode, display progress indications.
- -c cmdline
Specify quote-delimited command line. It is important to specify the command line that is used when launching the MLE or the hash will not match what is calculated by SINIT.
Print out the help message.
lcp_mlehash -c "logging=memory,serial,vga" /boot/tboot.gz > mle-hash
lcp_readpol(8), lcp_writepol(8), lcp_crtpol(8), lcp_crtpolelt(8).
lcp_crtpol(8), lcp_crtpol2(8), lcp_crtpolelt(8).