lcp_crtpolelt(8) [centos man page]
LCP_CRTPOLELT(8) User Manuals LCP_CRTPOLELT(8) NAME
lcp_crtpolelt - create an Intel(R) TXT policy element of specified type. SYNOPSIS
lcp_crtpolelt COMMAND [OPTION] DESCRIPTION
lcp_crtpolelt is used to create an Intel(R) TXT policy element of specified type. OPTIONS
--create create an policy element --type type type of element; must be first option; see below for type strings and their options --out file output file name [--ctrl pol-elt-ctr1] PolEltControl field (hex or decimal) --show file show policy element --verbose enable verbose output; can be specified with any command --help print out the help message Available type options: mle [--minver ver] minimum version of SINIT mle [file1][file2]... one or more files containing MLE hash(es); each file can contain multiple hashes pconf [file1][file2]... one or more files containing PCR numbers and the desired digest of each; each file will be a PCONF custom [--uuid UUID] UUID in format: {0xaabbccdd, 0xeeff, 0xgghh, 0xiijj, {0xkk 0xll, 0xmm, 0xnn, 0xoo, 0xpp}} or "--uuid tboot" to use default custom [file] file containing element data EXAMPLES
Create an MLE element: 1 lcp_mlehash -c "logging=serial,vga,memory" /boot/tboot.gz > mle-hash 2 lcp_crtpolelt --create --type mle --ctrl 0x00 --minver 17 --out mle.elt mle-hash Create a PCONF element: 1 cat /sys/devices/platform/tpm_tis/pcrs | grep -e PCR-00 -e PCR-01 > pcrs 2 lcp_crtpolelt --create --type pconf --out pconf.elt pcrs Create an SBIOS element: 1 Create hash file containing BIOS hash(es), e.g. named sbios-hash 2 lcp_crtpolelt --create --type sbios --out sbios.elt sbios-hash Create a CUSTOM element: 1 Create or determine the UUID that will identify this data format (e.g. using uuidgen(1)). 2 Create the data file that will be placed in this element (e.g. the policy file from tb_polgen(8)). 3 lcp_crtpolelt --create --type custom --out custom.elt --uuid uuid-value data-file SEE ALSO
lcp_crtpol2(8), lcp_mlehash(8), lcp_crtpollist(8), uuidgen(1), tb_polgen(8). tboot 2011-12-31 LCP_CRTPOLELT(8)
Check Out this Related Man Page
Tspi_Context_CreateObject(3) TCG Software Stack Developer's Reference Tspi_Context_CreateObject(3) NAME
Tspi_Context_CreateObject - create an empty object and return a handle to that object. SYNOPSIS
#include <tss/platform.h> #include <tss/tcpa_defines.h> #include <tss/tcpa_typedef.h> #include <tss/tcpa_struct.h> #include <tss/tss_typedef.h> #include <tss/tss_structs.h> #include <tss/tspi.h> TSS_RESULT Tspi_Context_CreateObject(TSS_HCONTEXT hContext, TSS_FLAG objectType, TSS_FLAG initFlags, TSS_HOBJECT* phObject); DESCRIPTION
TSS_Context_CreateObject creates and initializes an empty object of the specified type and returns a handle addressing that object. The ob- ject is bound to an already opened context hContext. PARAMETERS
hContext The handle of the context object. objectType Flag indicating the object type to create. Possible types are: TSS_OBJECT_TYPE_POLICY - a policy object. TSS_OBJECT_TYPE_ENCDATA - an encrypted data object (either sealed or bound data). TSS_OBJECT_TYPE_RSAKEY - an RSA key. TSS_OBJECT_TYPE_PCRS - a PCR composite object. TSS_OBJECT_TYPE_HASH - a hash object. initFlags Flag indicating the default attributes of the object. Attributes for each type of object are: Policy: TSS_POLICY_USAGE - a usage policy (for authorization to use an object). TSS_POLICY_MIGRATION - a migration policy. Encrypted data objects: TSS_ENCDATA_SEAL - A data object used for a Seal operation. TSS_ENCDATA_BIND - A data object used for a Bind operation. TSS_ENCDATA_LEGACY - A data object for a bind operation using a legacy key. RSA Keys: TSS_KEY_SIZE_DEFAULT - Use the default key size of the TCS you're connected to. TSS_KEY_SIZE_512 - Create a 512 bit key. TSS_KEY_SIZE_1024 - Create a 1024 bit key. TSS_KEY_SIZE_2048 - Create a 2048 bit key. TSS_KEY_SIZE_4096 - Create a 4096 bit key. TSS_KEY_SIZE_8192 - Create a 8192 bit key. TSS_KEY_SIZE_16384 - Create a 16384 bit key. TSS_KEY_TYPE_STORAGE - Create a storage key. (Used to wrap other keys). TSS_KEY_TYPE_SIGNING - Create a signing key. TSS_KEY_TYPE_BIND - Create a binding key. (Used to encrypt data). TSS_KEY_TYPE_IDENTITY - Create an identity key. (Used for an identity). TSS_KEY_TYPE_LEGACY - Create a legacy key. (Can be used for signing and binding, created from data external to a TSS). TSS_KEY_TYPE_AUTHCHANGE - Create an ephemeral key used to change authorization values. TSS_KEY_VOLATILE - Create a volatile key. (Must be unloaded at startup). TSS_KEY_NON_VOLATILE - Create a non-volatile key. (May be unloaded at startup). TSS_KEY_MIGRATABLE - Create a migratable key. TSS_KEY_NOT_MIGRATABLE - Create a non-migratable key. [DEFAULT] TSS_KEY_AUTHORIZATION - Key will require authorization. TSS_KEY_NO_AUTHORIZATION - Key will not require authorization. [DEFAULT] TSS_KEY_EMPTY_KEY - Key template which will be returned as an object with very few attributes. PCR composite objects: None. Hash objects: TSS_HASH_SHA1 - a hash object of type SHA-1. TSS_HASH_OTHER - a hash object of type other than SHA-1. phObject The handle of the object to be created. RETURN CODES
Tspi_Context_CreateObject returns TSS_SUCCESS on success, otherwise one of the following values are returned: TSS_E_INVALID_HANDLE - Either hContext or phObject is an invalid handle. TSS_E_INTERNAL_ERROR - An error occurred internal to the TSS. CONFORMING TO
Tspi_Context_CreateObject conforms to the Trusted Computing Group Software Specification version 1.1 Golden SEE ALSO
Tspi_Context_CloseObject(3). TSS 1.1 2004-05-26 Tspi_Context_CreateObject(3)