Provided by: tboot_1.9.7-0ubuntu1_amd64 bug


       lcp_crtpol - create a TXT v1 Launch Control Policy


       lcp_crtpol  -t  policy-type  [-a  hashalg] [-v version] [-sr SINIT-revocation-counter] [-s
       srtm-file] [-m mle-file] [-o  policy-file]  [-b  policy-data-file]  [-pcf  policy-control-
       field] [-h]


       lcp_crtpol  is  used to create a TXT v1 LCP policy (and optionally policy data), which can
       later be written to the TPM. The policy created are for  platforms  produced  before  2009
       (Weybridge, Montevina, McCreary).


       -t policy-type
              Policy  type  can  be UINT8 or string. 5 strings are supported for the reserved LCP
              policy types. Strings and default policy type values for each string are:

              0 or "hashonly"

              1 or "unsigned"

              2 or "signed"

              3 or "any"

              4 or "forceowner"

       -a hashalg
              Hash algorithm. Currently we only support SHA-1 algorithm: 0 OR 'sha1'.

       -v version
              Version number. Currently it can be set to 0 or 1 if specified. The  default  value
              is 0.

       -sr SINIT-revocation-counter
              The default sinit revocation counter is 0.

       -s srtm-file
              File name of platform configuration data, as produced by lcp_crtpconf.

       -m mle-file
              File name of file containing the MLE hash values. This is a text file that contains
              one SHA-1 hash per line.  The  value  of  the  hash  must  be  hexadecimal  values,
              specified  either  a  single un-deliminated set or as space-delimited two-character
              (i.e. one byte) values.  This can be produced by the lcp_mlehash command.

       -o policy-file
              File name to store the output policy.

       -b policy-data-file
              File name to store the LCP Policy data.

       -pcf policy-control-field
              The default policy control field value is 0.

       -h     Print out the help message


       lcp_crtpol -t 0  -m mle-file  -o policy-hashonly-file

       lcp_crtpol -t 1  -m mle-file  -s pconf-file  -b  policy-data-file

       lcp_crtpol -t unsigned  -a sha1  -m mle-file  -s pconf-file  -o  policy-unsigned-file   -b


       lcp_readpol(8), lcp_writepol(8), lcp_mlehash(8), lcp_crtpconf(8).