Provided by: tboot_1.10.2+dfsg.0-1ubuntu1_amd64 bug

NAME
       lcp2_crtpollist - create an Intel(R) TXT policy list


SYNOPSIS
       lcp2_crtpollist COMMAND [OPTION]


DESCRIPTION
       lcp2_crtpollist is used to create an Intel(R) TXT policy list.


OPTIONS
       --create
              Create a TXT policy list. The following options are available:

              --listver ver policy  list  version.  Supported values are: 0x100 (legacy LCP_POLICY_LIST), 0x200,
                            0x201 (legacy LCP_POLICY_LIST2) and 0x300 (current LCP_POLICY_LIST2_1).

              --out file output file for policy list

              [file]...  policy element files (created with the lcp2_crpolelt command).

       --sign Sign a TXT policy list.

              --sigalg <rsa|rsapss|ecdsa|sm2> Signature algorithm. Lists version 0x100  only  support  rsa  (rsa
                                              pkcs  1.5).  Lists  version  0x200 and 0x201 support rsa (rsa pkcs
                                              1.5) and ecdsa. Lists version 0x300 support rsapss and ecdsa.

              --hashalg <sha1|sha256|sha384|sha512|sm2> Hash algorightm used for signing a list.  Lists  version
                                                        0x100 only support SHA1.

              --pub file                                Public key to use, must be in PEM format.

              [--priv file]                             Private  key  to use, must be in PEM format. This option
                                                        is required unless you use the --nosig option

              [--rev counter]                           Revocation counter value

              [--nosig]                                 Don't add a SigBlock. This option is ignored if list  is
                                                        version 0x300.

              --out file                                Policy list file (input and output)

       --addsig
              Add a signature. This option is ignored if list is version 0x300.

              --sig file File containing signature (big-endian)

              --out file Policy list file

       --show file
              Show contents of a policy file

       --verify file
              Verify policy version 0x300 file.

       --version
              Show tool version.

       --help Print out the tool's help message.

       --verbose
              Enable verbose output; can be specified with any command.


EXAMPLES
       Create unsigned policy list with MLE element:
       lcp2_crtpollist --create --out list.lst mle.elt

       Sign policy:
       lcp2_crtpollist --sign --sigalg rsa --pub pubkey.pem --priv privkey.pem --out list.lst


SEE ALSO
       Full  documentation of MLE, Intel(R) TXT and LCP is available in Intel(R) TXT Measured Launch Environment
       Deleveloper's Guide, available at:  http://www.intel.com/content/www/us/en/software-developers/intel-txt-
       software-development-guide.html

       lcp2_crtpol(8), lcp2_crtpolelt(8), lcp2_mlehash(8), openssl(1).

tboot                                              2020-05-10                                 LCP2_CRTPOLLIST(8)