Man page - lcp2_crtpollist(8)

Packages contains this manual

Package: tboot
apt-get install tboot

Manuals in package:

Documentations in package:

lcp2_crtpollist - create an Intel(R) TXT policy list

lcp2_crtpollist COMMAND [ OPTION ]

lcp2_crtpollist is used to create an Intel(R) TXT policy list.

--create

Create a TXT policy list. The following options are available:

	--listver ver		policy list version. Supported values are: 0x100 (legacy LCP_POLICY_LIST), 0x200, 0x201 (legacy LCP_POLICY_LIST2) and 0x300 (current LCP_POLICY_LIST2_1).
	--out file

output file for policy list

	[ file ]...		policy element files (created with the lcp2_crpolelt command).
	--sign

Sign a TXT policy list.

	--sigalg <rsa\|rsapss\|ecdsa\|sm2>		Signature algorithm. Lists version 0x100 only support rsa (rsa pkcs 1.5). Lists version 0x200 and 0x201 support rsa (rsa pkcs 1.5) and ecdsa. Lists version 0x300 support rsapss and ecdsa.
	--hashalg

<sha1|sha256|sha384|sha512|sm2>

			Hash algorithm used for signing a list. Lists version 0x100 only support SHA1.
	--pub file		Public key to use, must be in PEM format.
	[--priv file ]		Private key to use, must be in PEM format. This option is required unless you use the --nosig option
	[ --rev counter ]		Revocation counter value
	[ --nosig ]		Don’t add a SigBlock. This option is ignored if list is version 0x300.
	--out file		Policy list file (input and output)

--addsig

Add a signature. This option is ignored if list is version 0x300.

	--sig file		File containing signature (big-endian)
	--out file		Policy list file

--show file

Show contents of a policy file

--verify file

Verify policy version 0x300 file.

--version

Show tool version.

--help

Print out the tool’s help message.

--verbose

Enable verbose output; can be specified with any command.

Create unsigned policy list with MLE element:
lcp2_crtpollist --create --out list.lst mle.elt

Sign policy:
lcp2_crtpollist --sign --sigalg rsa --pub pubkey.pem --priv privkey.pem --out list.lst