oracular (8) lcp2_crtpollist.8.gz
lcp2_crtpollist - create an Intel(R) TXT policy list
lcp2_crtpollist COMMAND [OPTION]
lcp2_crtpollist is used to create an Intel(R) TXT policy list.
--create Create a TXT policy list. The following options are available: --listver ver policy list version. Supported values are: 0x100 (legacy LCP_POLICY_LIST), 0x200, 0x201 (legacy LCP_POLICY_LIST2) and 0x300 (current LCP_POLICY_LIST2_1). --out file output file for policy list [file]... policy element files (created with the lcp2_crpolelt command). --sign Sign a TXT policy list. --sigalg <rsa|rsapss|ecdsa|sm2> Signature algorithm. Lists version 0x100 only support rsa (rsa pkcs 1.5). Lists version 0x200 and 0x201 support rsa (rsa pkcs 1.5) and ecdsa. Lists version 0x300 support rsapss and ecdsa. --hashalg <sha1|sha256|sha384|sha512|sm2> Hash algorithm used for signing a list. Lists version 0x100 only support SHA1. --pub file Public key to use, must be in PEM format. [--priv file] Private key to use, must be in PEM format. This option is required unless you use the --nosig option [--rev counter] Revocation counter value [--nosig] Don't add a SigBlock. This option is ignored if list is version 0x300. --out file Policy list file (input and output) --addsig Add a signature. This option is ignored if list is version 0x300. --sig file File containing signature (big-endian) --out file Policy list file --show file Show contents of a policy file --verify file Verify policy version 0x300 file. --version Show tool version. --help Print out the tool's help message. --verbose Enable verbose output; can be specified with any command.
Create unsigned policy list with MLE element: lcp2_crtpollist --create --out list.lst mle.elt Sign policy: lcp2_crtpollist --sign --sigalg rsa --pub pubkey.pem --priv privkey.pem --out list.lst
Full documentation of MLE, Intel(R) TXT and LCP is available in Intel(R) TXT Measured Launch Environment Deleveloper's Guide, available at: http://www.intel.com/content/www/us/en/software-developers/intel-txt-software-development- guide.html lcp2_crtpol(8), lcp2_crtpolelt(8), lcp2_mlehash(8), openssl(1).