1LCP_CRTPOL(8)                    User Manuals                    LCP_CRTPOL(8)
2
3
4

NAME

6       lcp_crtpol - create a TXT v1 Launch Control Policy
7

SYNOPSIS

9       lcp_crtpol  -t policy-type [-a hashalg] [-v version] [-sr SINIT-revoca‐
10       tion-counter] [-s srtm-file] [-m mle-file] [-o policy-file] [-b policy-
11       data-file] [-pcf policy-control-field] [-h]
12

DESCRIPTION

14       lcp_crtpol is used to create a TXT v1 LCP policy (and optionally policy
15       data), which can later be written to the TPM. The  policy  created  are
16       for platforms produced before 2009 (Weybridge, Montevina, McCreary).
17

OPTIONS

19       -t policy-type
20              Policy  type can be UINT8 or string. 5 strings are supported for
21              the reserved LCP policy types. Strings and default  policy  type
22              values for each string are:
23
24              0 or "hashonly"
25
26              1 or "unsigned"
27
28              2 or "signed"
29
30              3 or "any"
31
32              4 or "forceowner"
33
34       -a hashalg
35              Hash  algorithm. Currently we only support SHA-1 algorithm: 0 OR
36              'sha1'.
37
38       -v version
39              Version number. Currently it can be set to 0 or 1 if  specified.
40              The default value is 0.
41
42       -sr SINIT-revocation-counter
43              The default sinit revocation counter is 0.
44
45       -s srtm-file
46              File  name  of  platform  configuration  data,  as  produced  by
47              lcp_crtpconf.
48
49       -m mle-file
50              File name of file containing the MLE hash values. This is a text
51              file  that  contains  one  SHA-1 hash per line. The value of the
52              hash must be hexadecimal values, specified either a  single  un-
53              deliminated  set  or  as space-delimited two-character (i.e. one
54              byte) values.  This can be produced by the lcp_mlehash command.
55
56       -o policy-file
57              File name to store the output policy.
58
59       -b policy-data-file
60              File name to store the LCP Policy data.
61
62       -pcf policy-control-field
63              The default policy control field value is 0.
64
65       -h     Print out the help message
66

EXAMPLES

68       lcp_crtpol -t 0  -m mle-file  -o policy-hashonly-file
69
70       lcp_crtpol -t 1  -m mle-file  -s pconf-file  -b  policy-data-file
71
72       lcp_crtpol -t unsigned  -a sha1  -m mle-file  -s pconf-file  -o policy-
73       unsigned-file  -b policy-data-file
74

SEE ALSO

76       lcp_readpol(8), lcp_writepol(8), lcp_mlehash(8), lcp_crtpconf(8).
77
78
79
80tboot                             2011-12-31                     LCP_CRTPOL(8)
Impressum