1LCP2_CRTPOLELT(8)                User Manuals                LCP2_CRTPOLELT(8)
2
3
4

NAME

6       lcp2_crtpolelt  -  create  an  Intel(R) TXT policy element of specified
7       type.
8

SYNOPSIS

10       lcp2_crtpolelt COMMAND [ ELEMENT TYPE OPTIONS ] [OPTION]
11

DESCRIPTION

13       lcp_crtpolelt is used to create an Intel(R) TXT policy element of spec‐
14       ified  type.  Supports LCP elements both in current and legacy formats:
15       LCP_MLE_ELEMENT2, LCP_STM_ELEMENT2, LCP_PCONF_ELEMENT2,  LCP_PCONF_ELE‐
16       MENT, LCP_MLE_ELEMENT and LCP_CUSTOM_ELEMENT.
17

COMMANDS

19       --create --type type --out FILE [--ctrl pol_elt_ctr1]
20              create a policy element specified by the --type option.
21
22              --type type
23                     type of element. Must be first option. See below for type
24                     strings and their options
25
26              --out FILE
27                     output file name
28
29              [--ctrl value]
30                     PolEltControl field (hex or decimal)
31
32       --show file [FILE]
33              show a policy element
34
35       --version
36              show tool version
37
38       --verbose
39              enable verbose output; can be specified with any command
40
41       --help print out the help message
42

OPTIONS

44       The --create command requires additional parameters  depending  on  the
45       element's type
46
47       mle2 [--minver ver] [--alg algorithm] file [file...]
48
49              --minver ver                      minimum  version of SINIT (hex
50                                                or decimal)
51
52              --alg <sha1|sha256|sha386|sha512> hash algorithm
53
54              file [file...]                    one or more text  files,  each
55                                                containing  one  or  more  MLE
56                                                hashes (as text, one hash  per
57                                                line);  Hash files can be cre‐
58                                                ated with lcp2_mlehash.
59
60       custom --uuid UUID file
61
62              --uuid UUID UUID in format: {0xaabbccdd, 0xeeff, 0xgghh, 0xiijj,
63                          {0xkk  0xll,  0xmm,  0xnn,  0xoo,  0xpp}} or "--uuid
64                          tboot" to use default
65
66              file        file containing element data
67
68       sbios [--alg algorithm] file [file...]
69
70              --alg <sha1|sha256|sha386|sha512> hash algorithm
71
72              file [file...]                    one or more  files  containing
73                                                one  or  more  BIOS hashes (as
74                                                text, one hash per line);  the
75                                                first  hash  in the first file
76                                                will be the fallback hash
77
78       stm [--alg algorithm] file [file...]
79
80              --alg <sha1|sha256|sha386|sha512> hash algorithm
81
82              file [file...]                    one or more text  files,  each
83                                                containing  one  or  more  STM
84                                                hashes (as text, one hash  per
85                                                line);
86
87       pconf2 --alg algorithm [--pcrN hash_value]
88
89              --alg <sha1|sha256|sha386|sha512> PCR hash algorithm
90
91              --pcrN hash_value                 PCR  value for PCR #N, where 0
92                                                <= N <= 7.
93
94       mle [--minver ver] file [file...]
95              --minver ver minimum version of SINIT (hex or decimal)
96
97              file [file...]
98                     one or more text files, each containing one or  more  MLE
99                     SHA1  hashes (as text, one hash per line); Hash files can
100                     be created with lcp2_mlehash.
101
102       pconf file [file...]
103              one or more text files, each containing  PCR  information;  Each
104              file  should have the following structure: first line should be:
105              'locality:<value>' followed by up  to  8  lines,   each   repre‐
106              senting one PCR (0 to 7) and its contents: e.g.  Locality repre‐
107              sents TPM's locality at release.  It is a byte, of which bits  0
108              to  4  represent their respective locality (bit0 - locality0 and
109              so on). Bits 5-7 are reserved and must be 0. Value  must  be  at
110              least  1  - locality0 selected, and at most 0x1F (all localities
111              selected).
112

EXAMPLES

114       Create MLE element:
115       lcp2_crtpolelt --create --type mle --out mle.elt --ctrl 0x00 --alg sha256 --minver 0 mle_hash
116
117       Create PCONF2 element:
118       lcp2_crtpolelt --create --type pconf2 --out pconf2.elt --ctrl 0x00 --alg sha256 --pcr0 <PCR[0] hash> --pcr3 <PCR[3] hash>
119
120       Create PCONF element:
121       lcp2_crtpolelt --create --type pconf pcrInfo1.txt pcrInfo2.txt --out pconf2.elt --ctrl 0x00
122

SEE ALSO

124       Full documentation of MLE, Intel(R) TXT and LCP  is  available  in  In‐
125       tel(R)  TXT  Measured Launch Environment Deleveloper's Guide, available
126       at:   http://www.intel.com/content/www/us/en/software-developers/intel-
127       txt-software-development-guide.html
128
129       lcp2_crtpol(8),    lcp2_mlehash(8),   lcp2_crtpollist(8),   uuidgen(1),
130       tb_polgen(8).
131
132
133
134tboot                             2020-05-10                 LCP2_CRTPOLELT(8)
Impressum