lcp_mlehash man page

lcp_mlehash — generate a SHA-1 hash of a TXT MLE binary file suitable for use in a TXT launch control policy

Synopsis

lcp_mlehash [-v] [-c cmdline] [-h] mle-file

Description

lcp_mlehash is used to generate a SHA-1 hash of the portion of an executable file that contains the Intel® TXT measured launched environment (MLE). In the MLE binary file, the portion of the file to be used as the MLE is specified in the MLE header structure. If verbose mode is not used, the output is suitable for use as the mle-file to the lcp_crtpol and lcp_crtpolelt commands.

Options

mle-file
File name of the MLE binary. If it is a gzip file then it will be un-ziped before hashing.
-v
Verbose mode, display progress indications.
-c cmdline
Specify quote-delimited command line. It is important to specify the command line that is used when launching the MLE or the hash will not match what is calculated by SINIT.
-h
Print out the help message.

Examples

lcp_mlehash -c "logging=memory,serial,vga" /boot/tboot.gz > mle-hash

See Also

lcp_readpol(8), lcp_writepol(8), lcp_crtpol(8), lcp_crtpolelt(8).

Referenced By

lcp_crtpol(8), lcp_crtpol2(8), lcp_crtpolelt(8).

2011-12-31 tboot User Manuals