NAME¶
lcp_crtpolelt - create an Intel(R) TXT policy element of specified
type.
SYNOPSIS¶
lcp_crtpolelt COMMAND [OPTION]
DESCRIPTION¶
lcp_crtpolelt is used to create an Intel(R) TXT policy
element of specified type.
OPTIONS¶
- --create
- create an policy element
- --type type
- type of element; must be first option; see below for type strings and
their options
- --out file
- output file name
- [--ctrl pol-elt-ctr1]
- PolEltControl field (hex or decimal)
- --show file
- show policy element
- --verbose
- enable verbose output; can be specified with any command
- --help
- print out the help message
Available type options:¶
- mle [--minver ver]
- minimum version of SINIT
- mle [file1][file2]...
- one or more files containing MLE hash(es); each file can contain multiple
hashes
- pconf [file1][file2]...
- one or more files containing PCR numbers and the desired digest of each;
each file will be a PCONF
- custom [--uuid UUID]
- UUID in format: {0xaabbccdd, 0xeeff, 0xgghh, 0xiijj, {0xkk 0xll, 0xmm,
0xnn, 0xoo, 0xpp}} or "--uuid tboot" to use default
- custom [file]
- file containing element data
EXAMPLES¶
Create an MLE element:¶
| 1 |
lcp_mlehash -c "logging=serial,vga,memory"
/boot/tboot.gz > mle-hash |
| 2 |
lcp_crtpolelt --create --type mle --ctrl
0x00 --minver 17 --out mle.elt
mle-hash |
Create a PCONF element:¶
| 1 |
cat /sys/devices/platform/tpm_tis/pcrs | grep -e
PCR-00 -e PCR-01 > pcrs |
| 2 |
lcp_crtpolelt --create --type pconf --out
pconf.elt pcrs |
Create an SBIOS element:¶
| 1 |
Create hash file containing BIOS hash(es), e.g. named
sbios-hash |
| 2 |
lcp_crtpolelt --create --type sbios --out
sbios.elt sbios-hash |
Create a CUSTOM element:¶
| 1 |
Create or determine the UUID that will identify this data format (e.g.
using uuidgen(1)). |
| 2 |
Create the data file that will be placed in this element (e.g. the
policy file from tb_polgen(8)). |
| 3 |
lcp_crtpolelt --create --type custom --out
custom.elt --uuid uuid-value data-file |