Visit Our UNIX and Linux User Community

Linux and UNIX Man Pages

Test Your Knowledge in Computers #548
Difficulty: Medium
The assignment operator is not a unary operator.
True or False?
Linux & Unix Commands - Search Man Pages

lcp_crtpol(8) [centos man page]

LCP_CRTPOL(8)							   User Manuals 						     LCP_CRTPOL(8)

lcp_crtpol - create a TXT v1 Launch Control Policy SYNOPSIS
lcp_crtpol -t policy-type [-a hashalg] [-v version] [-sr SINIT-revocation-counter] [-s srtm-file] [-m mle-file] [-o policy-file] [-b pol- icy-data-file] [-pcf policy-control-field] [-h] DESCRIPTION
lcp_crtpol is used to create a TXT v1 LCP policy (and optionally policy data), which can later be written to the TPM. The policy created are for platforms produced before 2009 (Weybridge, Montevina, McCreary). OPTIONS
-t policy-type Policy type can be UINT8 or string. 5 strings are supported for the reserved LCP policy types. Strings and default policy type val- ues for each string are: 0 or "hashonly" 1 or "unsigned" 2 or "signed" 3 or "any" 4 or "forceowner" -a hashalg Hash algorithm. Currently we only support SHA-1 algorithm: 0 OR 'sha1'. -v version Version number. Currently it can be set to 0 or 1 if specified. The default value is 0. -sr SINIT-revocation-counter The default sinit revocation counter is 0. -s srtm-file File name of platform configuration data, as produced by lcp_crtpconf. -m mle-file File name of file containing the MLE hash values. This is a text file that contains one SHA-1 hash per line. The value of the hash must be hexadecimal values, specified either a single un-deliminated set or as space-delimited two-character (i.e. one byte) values. This can be produced by the lcp_mlehash command. -o policy-file File name to store the output policy. -b policy-data-file File name to store the LCP Policy data. -pcf policy-control-field The default policy control field value is 0. -h Print out the help message EXAMPLES
lcp_crtpol -t 0 -m mle-file -o policy-hashonly-file lcp_crtpol -t 1 -m mle-file -s pconf-file -b policy-data-file lcp_crtpol -t unsigned -a sha1 -m mle-file -s pconf-file -o policy-unsigned-file -b policy-data-file SEE ALSO
lcp_readpol(8), lcp_writepol(8), lcp_mlehash(8), lcp_crtpconf(8). tboot 2011-12-31 LCP_CRTPOL(8)

Check Out this Related Man Page

LCP_CRTPOLLIST(8)						   User Manuals 						 LCP_CRTPOLLIST(8)

lcp_crtpollist - create an Intel(R) TXT policy list SYNOPSIS
lcp_crtpollist is used to create an Intel(R) TXT policy list. OPTIONS
--create Create an TXT policy list. The following options are available: --out file policy list file [--ver version] version [file]... policy element files --sigh Sign an TXT policy list. --pub key-file PEM file of public key --out file policy list file [--priv key-file] PEM file of private key [--rev rev-ctr] revocation counter value [--nosig] don't add SigBlock --addsig --sig file file containing signature (big-endian) --out file policy list file --show file policy list file --help Print out the help message. --verbose Enable verbose output; can be specified with any command. EXAMPLES
Create policy list: Assuming there have been two element file mle.elt and pconf.elt generated by lcp_crtpolelt(8) The following example can create an unsigned policy list: lcp_crtpollist --create --out list-unsig.lst mle.elt pconf.elt Sign policy list: Unsigned policy list can be signed by the command lcp_crtpollist(8) or openssl(1). The openssl(1) signing is supported for cases where the signing environment is separate from the policy creation environment and the software allowed to run there is strictly controlled and already supports openssl(1). The following example uses openssl(1) to sign the list: 1 openssl rsa -pubout -in privkey.pem -out pubkey.pem 2 cp list-unsig.lst list-sig.lst 3 lcp_crtpollist --sigh --pub pubkey.pem --nosig --out list-sig.lst 4 openssl genrsa -out privkey.pem 2048 5 openssl dgst -sha1 -sign privkey.pem -out list.sig list-sig.lst 6 lcp_crtpollist --addsig --sig list.sig --out list-sig.lst lcp_crtpollist can also be used to sigh a policy list. The following example are intended to be mutually exclusive with the preceding exam- ple. 1 openssl genrsa -out privkey.pem 2048 2 openssl rsa -pubout -in privkey.pem -out pubkey.pem 3 cp list-unsig.lst list-sig.lst 4 lcp_crtpollist --sign --pub pubkey.pem --priv privkey.pem --out list-sig.lst SEE ALSO
lcp_crtpol2(8), lcp_crtpolelt(8), lcp_crtpollist(8), openssl(1). tboot 2011-12-31 LCP_CRTPOLLIST(8)

Featured Tech Videos