1LCP2_CRTPOLELT(8) User Manuals LCP2_CRTPOLELT(8)
2
6 lcp2_crtpolelt - create an Intel(R) TXT policy element of specified
7 type.
8
10 lcp2_crtpolelt COMMAND [ ELEMENT TYPE OPTIONS ] [OPTION]
11
13 lcp_crtpolelt is used to create an Intel(R) TXT policy element of spec‐
14 ified type. Supports LCP elements both in current and legacy formats:
15 LCP_MLE_ELEMENT2, LCP_STM_ELEMENT2, LCP_PCONF_ELEMENT2, LCP_PCONF_ELE‐
16 MENT, LCP_MLE_ELEMENT and LCP_CUSTOM_ELEMENT.
17
19 --create --type type --out FILE [--ctrl pol_elt_ctr1]
20 create a policy element specified by the --type option.
21 --type type
23 type of element. Must be first option. See below for type
24 strings and their options
25 --out FILE
27 output file name
28 [--ctrl value]
30 PolEltControl field (hex or decimal)
31 --show file [FILE]
33 show a policy element
34 --version
36 show tool version
37 --verbose
39 enable verbose output; can be specified with any command
40 --help print out the help message
42
44 The --create command requires additional parameters depending on the
45 element's type
46 mle2 [--minver ver] [--alg algorithm] file [file...]
48 --minver ver minimum version of SINIT (hex
50 or decimal)
51 --alg <sha1|sha256|sha386|sha512> hash algorithm
53 file [file...] one or more text files, each
55 containing one or more MLE
56 hashes (as text, one hash per
57 line); Hash files can be cre‐
58 ated with lcp2_mlehash.
59 custom --uuid UUID file
61 --uuid UUID UUID in format: {0xaabbccdd, 0xeeff, 0xgghh, 0xiijj,
63 {0xkk 0xll, 0xmm, 0xnn, 0xoo, 0xpp}} or "--uuid
64 tboot" to use default
65 file file containing element data
67 sbios [--alg algorithm] file [file...]
69 --alg <sha1|sha256|sha386|sha512> hash algorithm
71 file [file...] one or more files containing
73 one or more BIOS hashes (as
74 text, one hash per line); the
75 first hash in the first file
76 will be the fallback hash
77 stm [--alg algorithm] file [file...]
79 --alg <sha1|sha256|sha386|sha512> hash algorithm
81 file [file...] one or more text files, each
83 containing one or more STM
84 hashes (as text, one hash per
85 line);
86 pconf2 --alg algorithm [--pcrN hash_value]
88 --alg <sha1|sha256|sha386|sha512> PCR hash algorithm
90 --pcrN hash_value PCR value for PCR #N, where 0
92 <= N <= 7.
93 mle [--minver ver] file [file...]
95 --minver ver minimum version of SINIT (hex or decimal)
96 file [file...]
98 one or more text files, each containing one or more MLE
99 SHA1 hashes (as text, one hash per line); Hash files can
100 be created with lcp2_mlehash.
101 pconf file [file...]
103 one or more text files, each containing PCR information; Each
104 file should have the following structure: first line should be:
105 'locality:<value>' followed by up to 8 lines, each repre‐
106 senting one PCR (0 to 7) and its contents: e.g. Locality repre‐
107 sents TPM's locality at release. It is a byte, of which bits 0
108 to 4 represent their respective locality (bit0 - locality0 and
109 so on). Bits 5-7 are reserved and must be 0. Value must be at
110 least 1 - locality0 selected, and at most 0x1F (all localities
111 selected).
112
114 Create MLE element:
115 lcp2_crtpolelt --create --type mle --out mle.elt --ctrl 0x00 --alg sha256 --minver 0 mle_hash
116 Create PCONF2 element:
118 lcp2_crtpolelt --create --type pconf2 --out pconf2.elt --ctrl 0x00 --alg sha256 --pcr0 <PCR[0] hash> --pcr3 <PCR[3] hash>
119 Create PCONF element:
121 lcp2_crtpolelt --create --type pconf pcrInfo1.txt pcrInfo2.txt --out pconf2.elt --ctrl 0x00
122
124 Full documentation of MLE, Intel(R) TXT and LCP is available in In‐
125 tel(R) TXT Measured Launch Environment Deleveloper's Guide, available
126 at: http://www.intel.com/content/www/us/en/software-developers/intel-
127 txt-software-development-guide.html
128 lcp2_crtpol(8), lcp2_mlehash(8), lcp2_crtpollist(8), uuidgen(1),
130 tb_polgen(8).
131tboot 2020-05-10 LCP2_CRTPOLELT(8)