Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

lcp_mlehash(8) [centos man page]

LCP_MLEHASH(8)							   User Manuals 						    LCP_MLEHASH(8)

lcp_mlehash - generate a SHA-1 hash of a TXT MLE binary file suitable for use in a TXT launch control policy SYNOPSIS
lcp_mlehash [-v] [-c cmdline] [-h] mle-file DESCRIPTION
lcp_mlehash is used to generate a SHA-1 hash of the portion of an executable file that contains the Intel(R) TXT measured launched environ- ment (MLE). In the MLE binary file, the portion of the file to be used as the MLE is specified in the MLE header structure. If verbose mode is not used, the output is suitable for use as the mle-file to the lcp_crtpol and lcp_crtpolelt commands. OPTIONS
mle-file File name of the MLE binary. If it is a gzip file then it will be un-ziped before hashing. -v Verbose mode, display progress indications. -c cmdline Specify quote-delimited command line. It is important to specify the command line that is used when launching the MLE or the hash will not match what is calculated by SINIT. -h Print out the help message. EXAMPLES
lcp_mlehash -c "logging=memory,serial,vga" /boot/tboot.gz > mle-hash SEE ALSO
lcp_readpol(8), lcp_writepol(8), lcp_crtpol(8), lcp_crtpolelt(8). tboot 2011-12-31 LCP_MLEHASH(8)

Check Out this Related Man Page

TB_POLGEN(8)							   User Manuals 						      TB_POLGEN(8)

tb_polgen - manage tboot verified launch policy SYNOPSIS
tb_polgen is used to manage tboot verified launch policy. COMMANDS
--create Create an empty tboot verified launch policy file. --type nonfatal | continue | halt Nonfatal means ignoring all non-fatal errors and continuing. Continue means ignoring verification errors and halting other- wise. Halt means halting on any errors. [--ctrl policy-control-value] The default value 1 is to extend policy into PCR 17. policy-file --add Add a module hash entry into a policy file. --num module-number | any The module-number is the 0-based module number corresponding to modules loaded by the bootloader. --pcr TPM-PCR-number | none The TPM-PCR-number is the PCR to extend the module's measurement into. --hash any | image [--cmdline command-line] The command line is from grub.conf, and it should not include the module name (e.g. "/xen.gz"). [--image image-file-name] policy-file --del Delete a module hash entry from a policy file. --num module-number | any The module-number is the 0-based module number corresponding to modules loaded by the bootloader. [--pos hash-number] The hash-number is the 0-based index of the hash, within the list of hashes for the specified module. policy-file --unwrap Extract the tboot verified launch policy from a TXT LCP element file. --elt elt-file policy-file --show policy-file Show the policy information in a policy file. --help Print out the help message. --verbose Enable verbose output; can be specified with any command. EXAMPLES
tb_polgen --create --type nonfatal vl.pol tb_polgen --add --num 0 --pcr none --hash image --cmdline "cmdline" --image /boot/xen.gz vl.pol tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "cmdline" --image /boot/vmlinuz- vl.pol tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image /boot/initrd- vl.pol tb_polgen --del --num 1 vl.pol tb_polgen --show --verbose vl.pol Note1: It is not necessary to specify a PCR for module 0, since this module's measurement will always be extended to PCR 18. If a PCR is speci- fied, then the measurement will be extended to that PCR in addition to PCR 18. Note2: --unwrap is not implemented correctly. There should be a defined UUID for this and that should be checked before copying the data. There should be a wrap or similar command to generates an element file for a policy. SEE ALSO
lcp_crtpol(8), lcp_crtpol2(8), lcp_crtpolelt(8). tboot 2011-12-31 TB_POLGEN(8)
Man Page