lcp2_crtpol(8)

1LCP2_CRTPOL(8)                   User Manuals                   LCP2_CRTPOL(8)
2
3
4

NAME

6       lcp2_crtpol - create an Intel TXT Launch Control Policy
7

SYNOPSIS

9       lcp2_crtpol  <--create|--show|--help>  [--brief]  [--verbose] --alg alg
10       --type <any|list> [LISTFILES] [--minver <ver>] [--rev <counter1>[,coun‐
11       terN]]   [--ctrl   <pol_ctrl>]   --pol   <POLICY FILE>   [--data  <POL‐
12       ICY DATA FILE>] [--mask mask] [--auxalg alg] --sign alg [--polver  ver‐
13       sion]
14

DESCRIPTION

16       lcp2_crtpol  is  used to create a TXT LCP policy (and optionally policy
17       data), which can later be written to the TPM. This tool allows creating
18       policies  for  TPM  1.2 and TPM 2.0.  Policy format is specified by the
19       --polver option.
20

COMMANDS

22       --create
23              Create a policy.
24
25       --show Show contents of a policy file, policy data file or both. If you
26              specify  one  file  it  must be either a policy file or a policy
27              data file.  If you specify two files, one must be a policy  file
28              and the other a policy data file.
29
30       --help Show help text.
31
32       --version
33              Show tool version.
34

OPTIONS

36       --brief
37              Use brief format for output.
38
39       --verbose
40              Use verbose format for output.
41
42       --alg alg
43              Specify algorithm for the LCP. Supported values are sha1, sha256
44              or sm3.
45
46       --type <any|list>
47              Specify type of the policy. If --type is list, specify a  comma-
48              separated  list  of  up to 8 policy list files (created with the
49              lcp2_crtpollist command).
50
51       --minver version
52              Specify minimum allowed SINIT module version  number  (SINITMin‐
53              Version).
54
55       --max_sinit_min version
56              Specify  maximum  allowed value of the minimal SINIT module ver‐
57              sion number (MaxSinitMinVersion).
58
59       --rev <counter1>[,counterN]
60              Specify a comma-separated list of revocation counters.
61
62       --ctrl <pol ctrl>
63              Specify PolicyControl value. The default is 0  (LCP_DEFAULT_POL‐
64              ICY_CONTROL).
65
66       --pol <POLICY FILE>
67              Specify output file for the policy.
68
69       --data <POLICY DATA FILE>
70              Specify output file for the policy data.
71
72       --mask mask
73              Specify  the  policy  hash  algorithm mask. Supported values are
74              sha1, sha256, sha384, sha512 or sm3.  This option  can  be  used
75              multiple  times  to  specify  several allowed algorithms. Policy
76              versions 2.0-2.4 only support SHA1.
77
78       --auxalg alg
79              Specify the AUX  hash  algorithm.  Supported  values  are  sha1,
80              sha256, sha384, sha512 or sm3.  You can also specify a raw value
81              in hex (the value must start with "0x").  This  option  is  only
82              valid for policy versions 3.0 or 3.1.
83
84       --sign alg
85              Specify the allowed LCP signature algorithm mask. Supported val‐
86              ues  are:   rsa-2048-sha1,   rsa-2048-sha256,   rsa-3072-sha256,
87              rsa-3072-sha384,  ecdsa-p256, ecdsa-p384 sm3. This option can be
88              used multiple times to specify several allowed algorithms.
89
90       --polver version
91              Specify LCP policy version. Supported values  are  2.0-2.4  (for
92              TPM  1.2)  and 3.0-3.2 (for TPM 2.0). If not specified, this op‐
93              tion defaults to 3.0.
94

EXAMPLES

96       lcp2_crtpol --create --type list --pol list.pol --alg sha256 --data list.data --sign 0x8 list.lst
97

NAME

SYNOPSIS

DESCRIPTION

COMMANDS

OPTIONS

EXAMPLES

SEE ALSO