lcp_crtpolelt (8) Linux Manual Page
lcp_crtpolelt – create an Intel(R) TXT policy element of specified type.
Synopsis
lcp_crtpolelt COMMAND [OPTION]
Description
lcp_crtpolelt is used to create an Intel(R) TXT policy element of specified type.
Options
–createtype- create an policy element
-
- –type
- –type
- create an policy element
- type of element; must be first option; see below for type strings and their options
–outfile- output file name
- [
–ctrlpol-elt-ctr1] - PolEltControl field (hex or decimal)
–show file
–verbose
–help
Available type options:
mle[–minverver]- minimum version of SINIT
mle[file1][file2]…- one or more files containing MLE hash(es); each file can contain multiple hashes
pconf[file1][file2]…- one or more files containing PCR numbers and the desired digest of each; each file will be a PCONF
custom[–uuidUUID]- UUID in format: {0xaabbccdd, 0xeeff, 0xgghh, 0xiijj, {0xkk 0xll, 0xmm, 0xnn, 0xoo, 0xpp}} or "–uuid tboot" to use default
custom[file]- file containing element data
Examples
Create an MLE element:
| 1 | lcp_mlehash -c "logging=serial,vga,memory" /boot/tboot.gz > mle-hash
|
| 2 | lcp_crtpolelt –create –type mle –ctrl 0x00 –minver 17 –out mle.elt mle-hash
|
Create a PCONF element:
| 1 | cat /sys/devices/platform/tpm_tis/pcrs | grep -e PCR-00 -e PCR-01 > pcrs
|
| 2 | lcp_crtpolelt –create –type pconf –out pconf.elt pcrs
|
Create an SBIOS element:
| 1 | Create hash file containing BIOS hash(es), e.g. named sbios-hash |
| 2 | lcp_crtpolelt –create –type sbios –out sbios.elt sbios-hash
|
Create a CUSTOM element:
| 1 | Create or determine the UUID that will identify this data format (e.g. using uuidgen(1)).
|
| 2 | Create the data file that will be placed in this element (e.g. the policy file from tb_polgen(8)).
|
| 3 | lcp_crtpolelt –create –type custom –out custom.elt –uuid uuid-value data-file
|
See Also
lcp_crtpol2(8), lcp_mlehash(8), lcp_crtpollist(8), uuidgen(1), tb_polgen(8).