LCP_CRTPOLELT(8) User Manuals LCP_CRTPOLELT(8)NAMElcp_crtpolelt - create an Intel(R) TXT policy element of specified
type.
SYNOPSISlcp_crtpolelt COMMAND [OPTION]
DESCRIPTIONlcp_crtpolelt is used to create an Intel(R) TXT policy element of spec‐
ified type.
OPTIONS--create
create an policy element
--type type type of element; must be first option; see
below for type strings and their options
--out file output file name
[--ctrl pol-elt-ctr1] PolEltControl field (hex or decimal)
--show file
show policy element
--verbose
enable verbose output; can be specified with any command
--help print out the help message
Available type options:
mle [--minver ver]
minimum version of SINIT
mle [file1][file2]...
one or more files containing MLE hash(es); each file can contain
multiple hashes
pconf [file1][file2]...
one or more files containing PCR numbers and the desired digest
of each; each file will be a PCONF
custom [--uuid UUID]
UUID in format: {0xaabbccdd, 0xeeff, 0xgghh, 0xiijj, {0xkk 0xll,
0xmm, 0xnn, 0xoo, 0xpp}} or "--uuid tboot" to use default
custom [file]
file containing element data
EXAMPLES
Create an MLE element:
1 lcp_mlehash -c "logging=serial,vga,memory" /boot/tboot.gz > mle-
hash
2 lcp_crtpolelt--create --type mle --ctrl 0x00 --minver 17 --out
mle.elt mle-hash
Create a PCONF element:
1 cat /sys/devices/platform/tpm_tis/pcrs | grep -e PCR-00 -e PCR-01 >
pcrs
2 lcp_crtpolelt--create --type pconf --out pconf.elt pcrs
Create an SBIOS element:
1 Create hash file containing BIOS hash(es), e.g. named sbios-hash
2 lcp_crtpolelt--create --type sbios --out sbios.elt sbios-hash
Create a CUSTOM element:
1 Create or determine the UUID that will identify this data format
(e.g. using uuidgen(1)).
2 Create the data file that will be placed in this element (e.g. the
policy file from tb_polgen(8)).
3 lcp_crtpolelt--create --type custom --out custom.elt --uuid uuid-
value data-file
SEE ALSOlcp_crtpol2(8), lcp_mlehash(8), lcp_crtpollist(8), uuidgen(1), tb_pol‐
gen(8).
tboot 2011-12-31 LCP_CRTPOLELT(8)