centos man page for tb_polgen

Centos Man Pages All Man Pages Latest Topics Forum Categories

Query: tb_polgen

OS: centos

Section: 8

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

TB_POLGEN(8)							   User Manuals 						      TB_POLGEN(8)


NAME

       tb_polgen - manage tboot verified launch policy


SYNOPSIS

       tb_polgen COMMAND [OPTION]


DESCRIPTION

       tb_polgen is used to manage tboot verified launch policy.


COMMANDS

       --create
	      Create an empty tboot verified launch policy file.

	      --type nonfatal | continue | halt
		     Nonfatal  means  ignoring all non-fatal errors and continuing. Continue means ignoring verification errors and halting other-
		     wise. Halt means halting on any errors.

	      [--ctrl policy-control-value]
		     The default value 1 is to extend policy into PCR 17.

	      policy-file

       --add  Add a module hash entry into a policy file.

	      --num module-number | any
		     The module-number is the 0-based module number corresponding to modules loaded by the bootloader.

	      --pcr TPM-PCR-number | none
		     The TPM-PCR-number is the PCR to extend the module's measurement into.

	      --hash any | image

	      [--cmdline command-line]
		     The command line is from grub.conf, and it should not include the module name (e.g. "/xen.gz").

	      [--image image-file-name]

	      policy-file

       --del  Delete a module hash entry from a policy file.

	      --num module-number | any
		     The module-number is the 0-based module number corresponding to modules loaded by the bootloader.

	      [--pos hash-number]
		     The hash-number is the 0-based index of the hash, within the list of hashes for the specified module.

	      policy-file

       --unwrap
	      Extract the tboot verified launch policy from a TXT LCP element file.

	      --elt elt-file

	      policy-file

       --show policy-file
	      Show the policy information in a policy file.

       --help Print out the help message.

       --verbose
	      Enable verbose output; can be specified with any command.


EXAMPLES

       tb_polgen --create --type nonfatal vl.pol

       tb_polgen --add --num 0 --pcr none --hash image --cmdline "cmdline" --image /boot/xen.gz vl.pol

       tb_polgen --add --num 1 --pcr 19 --hash image --cmdline "cmdline" --image /boot/vmlinuz-2.6.18.8-xen vl.pol

       tb_polgen --add --num 2 --pcr 19 --hash image --cmdline "" --image /boot/initrd-2.6.18.8-xen.img vl.pol

       tb_polgen --del --num 1 vl.pol

       tb_polgen --show --verbose vl.pol

   Note1:
       It is not necessary to specify a PCR for module 0, since this module's measurement will always be extended to PCR 18.  If a PCR	is  speci-
       fied, then the measurement will be extended to that PCR in addition to PCR 18.

   Note2:
       --unwrap  is  not  implemented correctly. There should be a defined UUID for this and that should be checked before copying the data. There
       should be a wrap or similar command to generates an element file for a policy.


SEE ALSO

       lcp_crtpol(8), lcp_crtpol2(8), lcp_crtpolelt(8).

tboot								    2011-12-31							      TB_POLGEN(8)
Related Man Pages
lcp_crtpollist(8) - centos
sediffx(1) - debian
checkmodule(8) - debian
sediffx(1) - centos
update-bootloader(1) - linux
Similar Topics in the Unix Linux Community
DB2 convert digits to binary format
CentOS7 restoring file capabilities
Shopt -s histappend
CentOS 6 ran out of space, need to reclaim it
[TIP] Processing YAML files with yq