lcp2_crtpollist - create an Intel(R) TXT policy list
lcp2_crtpollist COMMAND [OPTION]
lcp2_crtpollist is used to create an Intel(R) TXT policy
list.
- --create
- Create a TXT policy list. The following options are available:
- --listver ver
- policy list version. Supported values are: 0x100 (legacy LCP_POLICY_LIST),
0x200, 0x201 (legacy LCP_POLICY_LIST2) and 0x300 (current
LCP_POLICY_LIST2_1).
- --out file
- output file for policy list
- [file]...
- policy element files (created with the lcp2_crpolelt command).
- --sign
- Sign a TXT policy list.
- --sigalg <rsa|rsapss|ecdsa|sm2>
- Signature algorithm. Lists version 0x100 only support rsa (rsa pkcs 1.5).
Lists version 0x200 and 0x201 support rsa (rsa pkcs 1.5) and ecdsa. Lists
version 0x300 support rsapss and ecdsa.
- --hashalg <sha1|sha256|sha384|sha512|sm2>
- Hash algorithm used for signing a list. Lists version 0x100 only support
SHA1.
- --pub file
- Public key to use, must be in PEM format.
- [--priv file]
- Private key to use, must be in PEM format. This option is required unless
you use the --nosig option
- [--rev counter]
- Revocation counter value
- [--nosig]
- Don't add a SigBlock. This option is ignored if list is version
0x300.
- --out file
- Policy list file (input and output)
- --addsig
- Add a signature. This option is ignored if list is version 0x300.
- --show
file
- Show contents of a policy file
- --verify
file
- Verify policy version 0x300 file.
- --version
- Show tool version.
- --help
- Print out the tool's help message.
- --verbose
- Enable verbose output; can be specified with any command.
Create unsigned policy list with MLE element:
lcp2_crtpollist --create --out list.lst mle.elt
Sign policy:
lcp2_crtpollist --sign --sigalg rsa --pub pubkey.pem --priv privkey.pem --out list.lst
Full documentation of MLE, Intel(R) TXT and LCP is available in
Intel(R) TXT Measured Launch Environment Deleveloper's Guide, available
at:
http://www.intel.com/content/www/us/en/software-developers/intel-txt-software-development-guide.html
lcp2_crtpol(8), lcp2_crtpolelt(8),
lcp2_mlehash(8), openssl(1).