lcp_writepol(8) [centos man page]

LCP_WRITEPOL(8) 						   User Manuals 						   LCP_WRITEPOL(8)

NAME

       lcp_writepol - write LCP policy into a TPM NV index

SYNOPSIS

       lcp_writepol -i index-value [-f policy-file | -e] [-p passwd] [-h]

DESCRIPTION

       lcp_writepol is used to write LCP policy into a (previously-defined) TPM NV index. It also supports writing arbitrary data into a specified
       index.

OPTIONS

       -i index-value
	      Designate the index for writing. Index can be UINT32 or string. 3 strings are supported for the reserved LCP  indices.  Strings  and
	      default index values for each string are:

	      default
		     0x50000001(INDEX_LCP_DEF)

	      owner  0x40000001(INDEX_LCP_OWN)

	      aux    0x50000002(INDEX_LCP_AUX)

       -f policy-file
	      File name where the policy data is stored.

       -e     Write 0 length data to the index. This is useful for special indices, such as those permission is WRITEDFINE.

       -p password
	      The TPM owner password

       -h     Print out the help message

EXAMPLES

       lcp_writepol -i default	-f policy-file

       lcp_writepol -i 0x00011101  -e

       lcp_writepol -i 0x00011101  -f policy-file  -p 123456

SEE ALSO

       lcp_readpol(8), lcp_crtpol(8).

tboot								    2011-12-31							   LCP_WRITEPOL(8)

LCP_CRTPOL(8)							   User Manuals 						     LCP_CRTPOL(8)

NAME

       lcp_crtpol - create a TXT v1 Launch Control Policy

SYNOPSIS

       lcp_crtpol  -t  policy-type [-a hashalg] [-v version] [-sr SINIT-revocation-counter] [-s srtm-file] [-m mle-file] [-o policy-file] [-b pol-
       icy-data-file] [-pcf policy-control-field] [-h]

DESCRIPTION

       lcp_crtpol is used to create a TXT v1 LCP policy (and optionally policy data), which can later be written to the TPM.  The  policy  created
       are for platforms produced before 2009 (Weybridge, Montevina, McCreary).

OPTIONS

       -t policy-type
	      Policy  type can be UINT8 or string. 5 strings are supported for the reserved LCP policy types. Strings and default policy type val-
	      ues for each string are:

	      0 or "hashonly"

	      1 or "unsigned"

	      2 or "signed"

	      3 or "any"

	      4 or "forceowner"

       -a hashalg
	      Hash algorithm. Currently we only support SHA-1 algorithm: 0 OR 'sha1'.

       -v version
	      Version number. Currently it can be set to 0 or 1 if specified. The default value is 0.

       -sr SINIT-revocation-counter
	      The default sinit revocation counter is 0.

       -s srtm-file
	      File name of platform configuration data, as produced by lcp_crtpconf.

       -m mle-file
	      File name of file containing the MLE hash values. This is a text file that contains one SHA-1 hash per line. The value of  the  hash
	      must be hexadecimal values, specified either a single un-deliminated set or as space-delimited two-character (i.e. one byte) values.
	      This can be produced by the lcp_mlehash command.

       -o policy-file
	      File name to store the output policy.

       -b policy-data-file
	      File name to store the LCP Policy data.

       -pcf policy-control-field
	      The default policy control field value is 0.

       -h     Print out the help message

EXAMPLES

       lcp_crtpol -t 0	-m mle-file  -o policy-hashonly-file

       lcp_crtpol -t 1	-m mle-file  -s pconf-file  -b	policy-data-file

       lcp_crtpol -t unsigned  -a sha1	-m mle-file  -s pconf-file  -o policy-unsigned-file  -b policy-data-file

SEE ALSO

       lcp_readpol(8), lcp_writepol(8), lcp_mlehash(8), lcp_crtpconf(8).

tboot								    2011-12-31							     LCP_CRTPOL(8)