LCP_CRTPOL(8) User Manuals LCP_CRTPOL(8)NAMElcp_crtpol - create a TXT v1 Launch Control Policy
SYNOPSISlcp_crtpol-t policy-type [-a hashalg] [-v version] [-sr SINIT-revoca‐
tion-counter] [-s srtm-file] [-m mle-file] [-o policy-file] [-b policy-
data-file] [-pcf policy-control-field] [-h]
DESCRIPTIONlcp_crtpol is used to create a TXT v1 LCP policy (and optionally policy
data), which can later be written to the TPM. The policy created are
for platforms produced before 2009 (Weybridge, Montevina, McCreary).
OPTIONS-t policy-type
Policy type can be UINT8 or string. 5 strings are supported for
the reserved LCP policy types. Strings and default policy type
values for each string are:
0 or "hashonly"
1 or "unsigned"
2 or "signed"
3 or "any"
4 or "forceowner"
-a hashalg
Hash algorithm. Currently we only support SHA-1 algorithm: 0 OR
'sha1'.
-v version
Version number. Currently it can be set to 0 or 1 if specified.
The default value is 0.
-sr SINIT-revocation-counter
The default sinit revocation counter is 0.
-s srtm-file
File name of platform configuration data, as produced by
lcp_crtpconf.
-m mle-file
File name of file containing the MLE hash values. This is a text
file that contains one SHA-1 hash per line. The value of the
hash must be hexadecimal values, specified either a single un-
deliminated set or as space-delimited two-character (i.e. one
byte) values. This can be produced by the lcp_mlehash command.
-o policy-file
File name to store the output policy.
-b policy-data-file
File name to store the LCP Policy data.
-pcf policy-control-field
The default policy control field value is 0.
-h Print out the help message
EXAMPLESlcp_crtpol-t 0 -m mle-file -o policy-hashonly-file
lcp_crtpol-t 1 -m mle-file -s pconf-file -b policy-data-file
lcp_crtpol-t unsigned -a sha1 -m mle-file -s pconf-file -o policy-
unsigned-file -b policy-data-file
SEE ALSOlcp_readpol(8), lcp_writepol(8), lcp_mlehash(8), lcp_crtpconf(8).
tboot 2011-12-31 LCP_CRTPOL(8)