bionic (8) lcp_mlehash.8.gz

Provided by: tboot_1.9.6-0ubuntu1_amd64 bug

NAME
       lcp_mlehash  -  generate  a  SHA-1 hash of a TXT MLE binary file suitable for use in a TXT launch control
       policy


SYNOPSIS
       lcp_mlehash [-v] [-c cmdline] [-h] mle-file


DESCRIPTION
       lcp_mlehash is used to generate a SHA-1 hash of the portion of  an  executable  file  that  contains  the
       Intel®  TXT  measured  launched environment (MLE).  In the MLE binary file, the portion of the file to be
       used as the MLE is specified in the MLE header structure.  If verbose mode is not  used,  the  output  is
       suitable for use as the mle-file to the lcp_crtpol and lcp_crtpolelt commands.


OPTIONS
       mle-file
              File name of the MLE binary.  If it is a gzip file then it will be un-ziped before hashing.

       -v     Verbose mode, display progress indications.

       -c cmdline
              Specify  quote-delimited  command  line.  It is important to specify the command line that is used
              when launching the MLE or the hash will not match what is calculated by SINIT.

       -h     Print out the help message.


EXAMPLES
       lcp_mlehash -c "logging=memory,serial,vga" /boot/tboot.gz > mle-hash


SEE ALSO
       lcp_readpol(8), lcp_writepol(8), lcp_crtpol(8), lcp_crtpolelt(8).