oracular (8) lcp2_crtpolelt.8.gz

Provided by: tboot_1.10.5-4_amd64 bug

NAME

       lcp2_crtpolelt - create an Intel(R) TXT policy element of specified type.

SYNOPSIS

       lcp2_crtpolelt COMMAND [ ELEMENT TYPE OPTIONS ] [OPTION]

DESCRIPTION

       lcp_crtpolelt is used to create an Intel(R) TXT policy element of specified type. Supports
       LCP elements both in  current  and  legacy  formats:  LCP_MLE_ELEMENT2,  LCP_STM_ELEMENT2,
       LCP_PCONF_ELEMENT2, LCP_PCONF_ELEMENT, LCP_MLE_ELEMENT and LCP_CUSTOM_ELEMENT.

COMMANDS

       --create --type type --out FILE [--ctrl pol_elt_ctr1]
              create a policy element specified by the --type option.

              --type type
                     type  of element. Must be first option. See below for type strings and their
                     options

              --out FILE
                     output file name

              [--ctrl value]
                     PolEltControl field (hex or decimal)

       --show file [FILE]
              show a policy element

       --version
              show tool version

       --verbose
              enable verbose output; can be specified with any command

       --help print out the help message

OPTIONS

       The --create command requires additional parameters depending on the element's type

       mle2 [--minver ver] [--alg algorithm] file [file...]

              --minver ver                      minimum version of SINIT (hex or decimal)

              --alg <sha1|sha256|sha386|sha512> hash algorithm

              file [file...]                    one or more text files, each  containing  one  or
                                                more  MLE  hashes  (as  text, one hash per line);
                                                Hash files can be created with lcp2_mlehash.

       custom --uuid UUID file

              --uuid UUID UUID in format: {0xaabbccdd, 0xeeff, 0xgghh, 0xiijj, {0xkk 0xll,  0xmm,
                          0xnn, 0xoo, 0xpp}} or "--uuid tboot" to use default

              file        file containing element data

       sbios [--alg algorithm] file [file...]

              --alg <sha1|sha256|sha386|sha512> hash algorithm

              file [file...]                    one  or  more  files  containing one or more BIOS
                                                hashes (as text, one hash per  line);  the  first
                                                hash in the first file will be the fallback hash

       stm [--alg algorithm] file [file...]

              --alg <sha1|sha256|sha386|sha512> hash algorithm

              file [file...]                    one  or  more  text files, each containing one or
                                                more STM hashes (as text, one hash per line);

       pconf2 --alg algorithm [--pcrN hash_value]

              --alg <sha1|sha256|sha386|sha512> PCR hash algorithm

              --pcrN hash_value                 PCR value for PCR #N, where 0 <= N <= 7.

       mle [--minver ver] file [file...]
              --minver ver minimum version of SINIT (hex or decimal)

              file [file...]
                     one or more text files, each containing one or  more  MLE  SHA1  hashes  (as
                     text, one hash per line); Hash files can be created with lcp2_mlehash.

       pconf file [file...]
              one  or more text files, each containing PCR information; Each file should have the
              following structure: first line should be: 'locality:<value>' followed by up  to  8
              lines,   each   representing  one  PCR  (0  to  7) and its contents: e.g.  Locality
              represents TPM's locality at release.  It is a byte, of which bits 0 to 4 represent
              their  respective  locality (bit0 - locality0 and so on). Bits 5-7 are reserved and
              must be 0. Value must be at least 1 - locality0 selected, and  at  most  0x1F  (all
              localities selected).

EXAMPLES

       Create MLE element:
       lcp2_crtpolelt --create --type mle --out mle.elt --ctrl 0x00 --alg sha256 --minver 0 mle_hash

       Create PCONF2 element:
       lcp2_crtpolelt --create --type pconf2 --out pconf2.elt --ctrl 0x00 --alg sha256 --pcr0 <PCR[0] hash> --pcr3 <PCR[3] hash>

       Create PCONF element:
       lcp2_crtpolelt --create --type pconf pcrInfo1.txt pcrInfo2.txt --out pconf2.elt --ctrl 0x00

SEE ALSO

       Full  documentation  of  MLE,  Intel(R)  TXT and LCP is available in Intel(R) TXT Measured
       Launch        Environment        Deleveloper's        Guide,         available         at:
       http://www.intel.com/content/www/us/en/software-developers/intel-txt-software-development-
       guide.html

       lcp2_crtpol(8), lcp2_mlehash(8), lcp2_crtpollist(8), uuidgen(1), tb_polgen(8).