oracular (8) lcp2_crtpollist.8.gz

Provided by: tboot_1.10.5-4_amd64 bug

NAME

       lcp2_crtpollist - create an Intel(R) TXT policy list

SYNOPSIS

       lcp2_crtpollist COMMAND [OPTION]

DESCRIPTION

       lcp2_crtpollist is used to create an Intel(R) TXT policy list.

OPTIONS

       --create
              Create a TXT policy list. The following options are available:

              --listver ver policy   list   version.   Supported   values   are:   0x100  (legacy
                            LCP_POLICY_LIST), 0x200, 0x201 (legacy  LCP_POLICY_LIST2)  and  0x300
                            (current LCP_POLICY_LIST2_1).

              --out file output file for policy list

              [file]...  policy element files (created with the lcp2_crpolelt command).

       --sign Sign a TXT policy list.

              --sigalg <rsa|rsapss|ecdsa|sm2> Signature   algorithm.  Lists  version  0x100  only
                                              support rsa (rsa pkcs 1.5). Lists version 0x200 and
                                              0x201  support  rsa (rsa pkcs 1.5) and ecdsa. Lists
                                              version 0x300 support rsapss and ecdsa.

              --hashalg <sha1|sha256|sha384|sha512|sm2> Hash algorithm used for signing  a  list.
                                                        Lists version 0x100 only support SHA1.

              --pub file                                Public key to use, must be in PEM format.

              [--priv file]                             Private  key  to  use,  must  be  in  PEM
                                                        format. This option  is  required  unless
                                                        you use the --nosig option

              [--rev counter]                           Revocation counter value

              [--nosig]                                 Don't  add  a  SigBlock.  This  option is
                                                        ignored if list is version 0x300.

              --out file                                Policy list file (input and output)

       --addsig
              Add a signature. This option is ignored if list is version 0x300.

              --sig file File containing signature (big-endian)

              --out file Policy list file

       --show file
              Show contents of a policy file

       --verify file
              Verify policy version 0x300 file.

       --version
              Show tool version.

       --help Print out the tool's help message.

       --verbose
              Enable verbose output; can be specified with any command.

EXAMPLES

       Create unsigned policy list with MLE element:
       lcp2_crtpollist --create --out list.lst mle.elt

       Sign policy:
       lcp2_crtpollist --sign --sigalg rsa --pub pubkey.pem --priv privkey.pem --out list.lst

SEE ALSO

       Full documentation of MLE, Intel(R) TXT and LCP is  available  in  Intel(R)  TXT  Measured
       Launch         Environment         Deleveloper's        Guide,        available        at:
       http://www.intel.com/content/www/us/en/software-developers/intel-txt-software-development-
       guide.html

       lcp2_crtpol(8), lcp2_crtpolelt(8), lcp2_mlehash(8), openssl(1).