1LCP_CRTPOLELT(8)                 User Manuals                 LCP_CRTPOLELT(8)
2
3
4

NAME

6       lcp_crtpolelt  -  create  an  Intel(R)  TXT policy element of specified
7       type.
8

SYNOPSIS

10       lcp_crtpolelt COMMAND [OPTION]
11

DESCRIPTION

13       lcp_crtpolelt is used to create an Intel(R) TXT policy element of spec‐
14       ified type.
15

OPTIONS

17       --create
18              create an policy element
19
20              --type type           type of element; must be first option; see
21                                    below for type strings and their options
22
23              --out file            output file name
24
25              [--ctrl pol-elt-ctr1] PolEltControl field (hex or decimal)
26
27       --show file
28              show policy element
29
30       --verbose
31              enable verbose output; can be specified with any command
32
33       --help print out the help message
34
35   Available type options:
36       mle [--minver ver]
37              minimum version of SINIT
38
39       mle [file1][file2]...
40              one or more files containing MLE hash(es); each file can contain
41              multiple hashes
42
43       pconf [file1][file2]...
44              one  or more files containing PCR numbers and the desired digest
45              of each; each file will be a PCONF
46
47       custom [--uuid UUID]
48              UUID in format: {0xaabbccdd, 0xeeff, 0xgghh, 0xiijj, {0xkk 0xll,
49              0xmm, 0xnn, 0xoo, 0xpp}} or "--uuid tboot" to use default
50
51       custom [file]
52              file containing element data
53

EXAMPLES

55   Create an MLE element:
56       1   lcp_mlehash  -c  "logging=serial,vga,memory"  /boot/tboot.gz > mle-
57           hash
58       2   lcp_crtpolelt --create --type mle --ctrl  0x00  --minver  17  --out
59           mle.elt mle-hash
60
61   Create a PCONF element:
62       1   cat /sys/devices/platform/tpm_tis/pcrs | grep -e PCR-00 -e PCR-01 >
63           pcrs
64       2   lcp_crtpolelt --create --type pconf --out pconf.elt pcrs
65
66   Create an SBIOS element:
67       1   Create hash file containing BIOS hash(es), e.g. named sbios-hash
68
69       2   lcp_crtpolelt --create --type sbios --out sbios.elt sbios-hash
70
71   Create a CUSTOM element:
72       1   Create or determine the UUID that will identify  this  data  format
73           (e.g. using uuidgen(1)).
74       2   Create  the data file that will be placed in this element (e.g. the
75           policy file from tb_polgen(8)).
76       3   lcp_crtpolelt --create --type custom --out custom.elt --uuid  uuid-
77           value data-file
78

SEE ALSO

80       lcp_crtpol2(8),  lcp_mlehash(8), lcp_crtpollist(8), uuidgen(1), tb_pol‐
81       gen(8).
82
83
84
85tboot                             2011-12-31                  LCP_CRTPOLELT(8)