DOKK / manpages / debian 11 / tboot / lcp_writepol.8.en
LCP_WRITEPOL(8) User Manuals LCP_WRITEPOL(8)

lcp_writepol - write LCP policy into a TPM NV index

lcp_writepol -i index-value [-f policy-file-e] [-p passwd] [-h]

lcp_writepol is used to write LCP policy into a (previously-defined) TPM NV index. It also supports writing arbitrary data into a specified index.

Designate the index for writing. Index can be UINT32 or string. 3 strings are supported for the reserved LCP indices. Strings and default index values for each string are:
0x50000001(INDEX_LCP_DEF)
0x40000001(INDEX_LCP_OWN)
0x50000002(INDEX_LCP_AUX)
File name where the policy data is stored.
Write 0 length data to the index. This is useful for special indices, such as those permission is WRITEDFINE.
The TPM owner password
Print out the help message

lcp_writepol -i default -f policy-file

lcp_writepol -i 0x00011101 -e

lcp_writepol -i 0x00011101 -f policy-file -p 123456

lcp_readpol(8), lcp_crtpol(8).

2011-12-31 tboot