Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   26626 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

TB_POLGEN(8)			 User Manuals			  TB_POLGEN(8)

NAME
       tb_polgen - manage tboot verified launch policy

SYNOPSIS
       tb_polgen COMMAND [OPTION]

DESCRIPTION
       tb_polgen is used to manage tboot verified launch policy.

COMMANDS
       --create
	      Create an empty tboot verified launch policy file.

	      --type nonfatal | continue | halt
		     Nonfatal means ignoring all non-fatal errors and continu‐
		     ing. Continue  means  ignoring  verification  errors  and
		     halting otherwise. Halt means halting on any errors.

	      [--ctrl policy-control-value]
		     The default value 1 is to extend policy into PCR 17.

	      policy-file

       --add  Add a module hash entry into a policy file.

	      --num module-number | any
		     The  module-number	 is  the  0-based module number corre‐
		     sponding to modules loaded by the bootloader.

	      --pcr TPM-PCR-number | none
		     The TPM-PCR-number is the PCR to extend the module's mea‐
		     surement into.

	      --hash any | image

	      [--cmdline command-line]
		     The  command  line	 is  from grub.conf, and it should not
		     include the module name (e.g. "/xen.gz").

	      [--image image-file-name]

	      policy-file

       --del  Delete a module hash entry from a policy file.

	      --num module-number | any
		     The module-number is the  0-based	module	number	corre‐
		     sponding to modules loaded by the bootloader.

	      [--pos hash-number]
		     The  hash-number is the 0-based index of the hash, within
		     the list of hashes for the specified module.

	      policy-file

       --unwrap
	      Extract the tboot verified launch policy from a TXT LCP  element
	      file.

	      --elt elt-file

	      policy-file

       --show policy-file
	      Show the policy information in a policy file.

       --help Print out the help message.

       --verbose
	      Enable verbose output; can be specified with any command.

EXAMPLES
       tb_polgen --create --type nonfatal vl.pol

       tb_polgen  --add	 --num	0  --pcr none --hash image --cmdline "cmdline"
       --image /boot/xen.gz vl.pol

       tb_polgen --add --num 1	--pcr  19  --hash  image  --cmdline  "cmdline"
       --image /boot/vmlinuz-2.6.18.8-xen vl.pol

       tb_polgen  --add	 --num	2  --pcr  19 --hash image --cmdline "" --image
       /boot/initrd-2.6.18.8-xen.img vl.pol

       tb_polgen --del --num 1 vl.pol

       tb_polgen --show --verbose vl.pol

   Note1:
       It is not necessary to specify a PCR for module 0, since this  module's
       measurement  will always be extended to PCR 18.	If a PCR is specified,
       then the measurement will be extended to that PCR in  addition  to  PCR
       18.

   Note2:
       --unwrap	 is  not implemented correctly. There should be a defined UUID
       for this and that should be checked  before  copying  the  data.	 There
       should  be a wrap or similar command to generates an element file for a
       policy.

SEE ALSO
       lcp_crtpol(8), lcp_crtpol2(8), lcp_crtpolelt(8).

tboot				  2011-12-31			  TB_POLGEN(8)

Vote for polarhome