lcp_mlehash man page

lcp_mlehash — generate a SHA-1 hash of a TXT MLE binary file suitable for use in a TXT launch control policy


lcp_mlehash [-v] [-c cmdline] [-h] mle-file


lcp_mlehash is used to generate a SHA-1 hash of the portion of an executable file that contains the Intel® TXT measured launched environment (MLE).  In the MLE binary file, the  portion of the file to be used as the MLE is specified in the MLE header structure.   If verbose mode is not used, the output is suitable for use as the mle-file to the lcp_crtpol and lcp_crtpolelt commands.



File name of the MLE binary.  If it is a gzip file then it will be un-ziped before hashing.


Verbose mode, display progress indications.

-c cmdline

Specify quote-delimited command line. It is important to specify the command line that is used when launching the MLE or the hash will not match what is calculated by SINIT.


Print out the help message.


lcp_mlehash -c "logging=memory,serial,vga" /boot/tboot.gz > mle-hash

See Also

lcp_readpol(8), lcp_writepol(8), lcp_crtpol(8), lcp_crtpolelt(8).

Referenced By

lcp_crtpol(8), lcp_crtpol2(8), lcp_crtpolelt(8).

2011-12-31 tboot User Manuals