Provided by: tboot_1.10.5-4_amd64 bug

NAME
       lcp2_crtpol - create an Intel TXT Launch Control Policy


SYNOPSIS
       lcp2_crtpol  <--create|--show|--help>  [--brief]  [--verbose]  --alg  alg  --type  <any|list> [LISTFILES]
       [--minver  <ver>]  [--rev  <counter1>[,counterN]]  [--ctrl  <pol_ctrl>]   --pol   <POLICY FILE>   [--data
       <POLICY DATA FILE>] [--mask mask] [--auxalg alg] --sign alg [--polver version]


DESCRIPTION
       lcp2_crtpol  is  used to create a TXT LCP policy (and optionally policy data), which can later be written
       to the TPM. This tool allows creating policies for TPM 1.2 and TPM 2.0.  Policy format  is  specified  by
       the --polver option.


COMMANDS
       --create
              Create a policy.

       --show Show  contents  of  a  policy  file,  policy data file or both. If you specify one file it must be
              either a policy file or a policy data file.  If you specify two files, one must be a  policy  file
              and the other a policy data file.

       --help Show help text.

       --version
              Show tool version.


OPTIONS
       --brief
              Use brief format for output.

       --verbose
              Use verbose format for output.

       --alg alg
              Specify algorithm for the LCP. Supported values are sha1, sha256 or sm3.

       --type <any|list>
              Specify  type  of  the policy. If --type is list, specify a comma-separated list of up to 8 policy
              list files (created with the lcp2_crtpollist command).

       --minver version
              Specify minimum allowed SINIT module version number (SINITMinVersion).

       --max_sinit_min version
              Specify maximum allowed value of the minimal SINIT module version number (MaxSinitMinVersion).

       --rev <counter1>[,counterN]
              Specify a comma-separated list of revocation counters.

       --ctrl <pol ctrl>
              Specify PolicyControl value. The default is 0 (LCP_DEFAULT_POLICY_CONTROL).

       --pol <POLICY FILE>
              Specify output file for the policy.

       --data <POLICY DATA FILE>
              Specify output file for the policy data.

       --mask mask
              Specify the policy hash algorithm mask. Supported values are sha1, sha256, sha384, sha512 or  sm3.
              This  option  can  be  used  multiple times to specify several allowed algorithms. Policy versions
              2.0-2.4 only support SHA1.

       --auxalg alg
              Specify the AUX hash algorithm. Supported values are sha1, sha256, sha384, sha512 or sm3.  You can
              also specify a raw value in hex (the value must start with "0x"). This option is  only  valid  for
              policy versions 3.0 or 3.1.

       --sign alg
              Specify   the   allowed  LCP  signature  algorithm  mask.  Supported  values  are:  rsa-2048-sha1,
              rsa-2048-sha256, rsa-3072-sha256, rsa-3072-sha384, ecdsa-p256, ecdsa-p384 sm3. This option can  be
              used multiple times to specify several allowed algorithms.

       --polver version
              Specify  LCP policy version. Supported values are 2.0-2.4 (for TPM 1.2) and 3.0-3.2 (for TPM 2.0).
              If not specified, this option defaults to 3.0.


EXAMPLES
       lcp2_crtpol --create --type list --pol list.pol --alg sha256 --data list.data --sign 0x8 list.lst


SEE ALSO
       Full documentation of MLE, Intel(R) TXT and LCP is available in Intel(R) TXT Measured Launch  Environment
       Deleveloper's  Guide, available at: http://www.intel.com/content/www/us/en/software-developers/intel-txt-
       software-development-guide.html

       lcp2_crtpollist(8), lcp2_crtpolelt(8), lcp2_mlehash(8),

tboot                                              2020-05-10                                     LCP2_CRTPOL(8)