TB_POLGEN - Online Linux Manual PageSection : 8
Updated : 2011-12-31
Source : tboot
Note : User Manuals

NAMEtb_polgen − manage tboot verified launch policy

SYNOPSIStb_polgen COMMAND [OPTION]

DESCRIPTIONtb_polgen is used to manage tboot verified launch policy.

COMMANDS−−create  Create an empty tboot verified launch policy file. −−type nonfatal | continue | halt  Nonfatal means ignoring all non-fatal errors and continuing. Continue means ignoring verification errors and halting otherwise. Halt means halting on any errors. [−−ctrl policy-control-value]  The default value 1 is to extend policy into PCR 17. policy-file  −−add  Add a module hash entry into a policy file. −−num module-number | any  The module-number is the 0-based module number corresponding to modules loaded by the bootloader. −−pcr TPM-PCR-number | none  The TPM-PCR-number is the PCR to extend the module's measurement into. −−hash any | image  [−−cmdline command-line]  The command line is from grub.conf, and it should not include the module name (e.g. "/xen.gz"). [−−image image-file-name]  policy-file  −−del  Delete a module hash entry from a policy file. −−num module-number | any  The module-number is the 0-based module number corresponding to modules loaded by the bootloader. [−−pos hash-number]  The hash-number is the 0-based index of the hash, within the list of hashes for the specified module. policy-file  −−unwrap  Extract the tboot verified launch policy from a TXT LCP element file. −−elt elt-file  policy-file  −−show policy-file  Show the policy information in a policy file. −−help  Print out the help message. −−verbose  Enable verbose output; can be specified with any command.

EXAMPLEStb_polgen −−create −−type nonfatal vl.pol tb_polgen −−add −−num 0 −−pcr none −−hash image −−cmdline "cmdline" −−image /boot/xen.gz vl.pol tb_polgen −−add −−num 1 −−pcr 19 −−hash image −−cmdline "cmdline" −−image /boot/vmlinuz-2.6.18.8-xen vl.pol tb_polgen −−add −−num 2 −−pcr 19 −−hash image −−cmdline "" −−image /boot/initrd-2.6.18.8-xen.img vl.pol tb_polgen −−del −−num 1 vl.pol tb_polgen −−show −−verbose vl.pol

Note1:It is not necessary to specify a PCR for module 0, since this module's measurement will always be extended to PCR 18. If a PCR is specified, then the measurement will be extended to that PCR in addition to PCR 18.

Note2:--unwrap is not implemented correctly. There should be a defined UUID for this and that should be checked before copying the data. There should be a wrap or similar command to generates an element file for a policy.

SEE ALSOlcp_crtpol(8), lcp_crtpol2(8), lcp_crtpolelt(8).
0
Johanes Gumabo
Data Size   :   15,853 byte
man-tb_polgen.8Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   2 / 203,611
Visitor ID   :     :  
Visitor IP   :   13.58.77.244   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.