Provided by: tboot_1.8.3-0ubuntu1_i386 bug


       lcp_crtpol - create a TXT v1 Launch Control Policy


       lcp_crtpol  -t  policy-type  [-a  hashalg]  [-v  version]  [-sr  SINIT-
       revocation-counter] [-s srtm-file] [-m mle-file] [-o  policy-file]  [-b
       policy-data-file] [-pcf policy-control-field] [-h]


       lcp_crtpol is used to create a TXT v1 LCP policy (and optionally policy
       data), which can later be written to the TPM. The  policy  created  are
       for platforms produced before 2009 (Weybridge, Montevina, McCreary).


       -t policy-type
              Policy  type can be UINT8 or string. 5 strings are supported for
              the reserved LCP policy types. Strings and default  policy  type
              values for each string are:

              0 or "hashonly"

              1 or "unsigned"

              2 or "signed"

              3 or "any"

              4 or "forceowner"

       -a hashalg
              Hash  algorithm. Currently we only support SHA-1 algorithm: 0 OR

       -v version
              Version number. Currently it can be set to 0 or 1 if  specified.
              The default value is 0.

       -sr SINIT-revocation-counter
              The default sinit revocation counter is 0.

       -s srtm-file
              File  name  of  platform  configuration  data,  as  produced  by

       -m mle-file
              File name of file containing the MLE hash values. This is a text
              file  that  contains  one  SHA-1 hash per line. The value of the
              hash must be hexadecimal values, specified either a  single  un-
              deliminated  set  or  as space-delimited two-character (i.e. one
              byte) values.  This can be produced by the lcp_mlehash command.

       -o policy-file
              File name to store the output policy.

       -b policy-data-file
              File name to store the LCP Policy data.

       -pcf policy-control-field
              The default policy control field value is 0.

       -h     Print out the help message


       lcp_crtpol -t 0  -m mle-file  -o policy-hashonly-file

       lcp_crtpol -t 1  -m mle-file  -s pconf-file  -b  policy-data-file

       lcp_crtpol -t unsigned  -a sha1  -m mle-file  -s pconf-file  -o policy-
       unsigned-file  -b policy-data-file


       lcp_readpol(8), lcp_writepol(8), lcp_mlehash(8), lcp_crtpconf(8).