Provided by: tboot_1.8.2~0ubuntu1_amd64
NAME
lcp_mlehash - generate a SHA-1 hash of a TXT MLE binary file suitable for use in a TXT launch control policy
SYNOPSIS
lcp_mlehash [-v] [-c cmdline] [-h] mle-file
DESCRIPTION
lcp_mlehash is used to generate a SHA-1 hash of the portion of an executable file that contains the IntelĀ® TXT measured launched environment (MLE). In the MLE binary file, the portion of the file to be used as the MLE is specified in the MLE header structure. If verbose mode is not used, the output is suitable for use as the mle-file to the lcp_crtpol and lcp_crtpolelt commands.
OPTIONS
mle-file File name of the MLE binary. If it is a gzip file then it will be un-ziped before hashing. -v Verbose mode, display progress indications. -c cmdline Specify quote-delimited command line. It is important to specify the command line that is used when launching the MLE or the hash will not match what is calculated by SINIT. -h Print out the help message.
EXAMPLES
lcp_mlehash -c "logging=memory,serial,vga" /boot/tboot.gz > mle-hash
SEE ALSO
lcp_readpol(8), lcp_writepol(8), lcp_crtpol(8), lcp_crtpolelt(8).