Provided by: tboot_1.10.5-4_amd64 
NAME
lcp2_crtpolelt - create an Intel(R) TXT policy element of specified type.
SYNOPSIS
lcp2_crtpolelt COMMAND [ ELEMENT TYPE OPTIONS ] [OPTION]
DESCRIPTION
lcp_crtpolelt is used to create an Intel(R) TXT policy element of specified type. Supports LCP elements
both in current and legacy formats: LCP_MLE_ELEMENT2, LCP_STM_ELEMENT2, LCP_PCONF_ELEMENT2,
LCP_PCONF_ELEMENT, LCP_MLE_ELEMENT and LCP_CUSTOM_ELEMENT.
COMMANDS
--create --type type --out FILE [--ctrl pol_elt_ctr1]
create a policy element specified by the --type option.
--type type
type of element. Must be first option. See below for type strings and their options
--out FILE
output file name
[--ctrl value]
PolEltControl field (hex or decimal)
--show file [FILE]
show a policy element
--version
show tool version
--verbose
enable verbose output; can be specified with any command
--help print out the help message
OPTIONS
The --create command requires additional parameters depending on the element's type
mle2 [--minver ver] [--alg algorithm] file [file...]
--minver ver minimum version of SINIT (hex or decimal)
--alg <sha1|sha256|sha386|sha512> hash algorithm
file [file...] one or more text files, each containing one or more MLE hashes
(as text, one hash per line); Hash files can be created with
lcp2_mlehash.
custom --uuid UUID file
--uuid UUID UUID in format: {0xaabbccdd, 0xeeff, 0xgghh, 0xiijj, {0xkk 0xll, 0xmm, 0xnn, 0xoo,
0xpp}} or "--uuid tboot" to use default
file file containing element data
sbios [--alg algorithm] file [file...]
--alg <sha1|sha256|sha386|sha512> hash algorithm
file [file...] one or more files containing one or more BIOS hashes (as text,
one hash per line); the first hash in the first file will be the
fallback hash
stm [--alg algorithm] file [file...]
--alg <sha1|sha256|sha386|sha512> hash algorithm
file [file...] one or more text files, each containing one or more STM hashes
(as text, one hash per line);
pconf2 --alg algorithm [--pcrN hash_value]
--alg <sha1|sha256|sha386|sha512> PCR hash algorithm
--pcrN hash_value PCR value for PCR #N, where 0 <= N <= 7.
mle [--minver ver] file [file...]
--minver ver minimum version of SINIT (hex or decimal)
file [file...]
one or more text files, each containing one or more MLE SHA1 hashes (as text, one hash per
line); Hash files can be created with lcp2_mlehash.
pconf file [file...]
one or more text files, each containing PCR information; Each file should have the following
structure: first line should be: 'locality:<value>' followed by up to 8 lines, each
representing one PCR (0 to 7) and its contents: e.g. Locality represents TPM's locality at
release. It is a byte, of which bits 0 to 4 represent their respective locality (bit0 - locality0
and so on). Bits 5-7 are reserved and must be 0. Value must be at least 1 - locality0 selected,
and at most 0x1F (all localities selected).
EXAMPLES
Create MLE element:
lcp2_crtpolelt --create --type mle --out mle.elt --ctrl 0x00 --alg sha256 --minver 0 mle_hash
Create PCONF2 element:
lcp2_crtpolelt --create --type pconf2 --out pconf2.elt --ctrl 0x00 --alg sha256 --pcr0 <PCR[0] hash> --pcr3 <PCR[3] hash>
Create PCONF element:
lcp2_crtpolelt --create --type pconf pcrInfo1.txt pcrInfo2.txt --out pconf2.elt --ctrl 0x00
SEE ALSO
Full documentation of MLE, Intel(R) TXT and LCP is available in Intel(R) TXT Measured Launch Environment
Deleveloper's Guide, available at: http://www.intel.com/content/www/us/en/software-developers/intel-txt-
software-development-guide.html
lcp2_crtpol(8), lcp2_mlehash(8), lcp2_crtpollist(8), uuidgen(1), tb_polgen(8).
tboot 2020-05-10 LCP2_CRTPOLELT(8)