TB_POLGEN - Online Linux Manual PageSection : 8
Updated : 2011-12-31
Source : tboot
Note : User Manuals
NAMEtb_polgen − manage tboot verified launch policy
SYNOPSIStb_polgen COMMAND [OPTION]
DESCRIPTIONtb_polgen is used to manage tboot verified launch policy.
COMMANDS−−create Create an empty tboot verified launch policy file. −−type nonfatal | continue | halt Nonfatal means ignoring all non-fatal errors and continuing. Continue means ignoring verification errors and halting otherwise. Halt means halting on any errors. [−−ctrl policy-control-value] The default value 1 is to extend policy into PCR 17. policy-file −−add Add a module hash entry into a policy file. −−num module-number | any The module-number is the 0-based module number corresponding to modules loaded by the bootloader. −−pcr TPM-PCR-number | none The TPM-PCR-number is the PCR to extend the module's measurement into. −−hash any | image [−−cmdline command-line] The command line is from grub.conf, and it should not include the module name (e.g. "/xen.gz"). [−−image image-file-name] policy-file −−del Delete a module hash entry from a policy file. −−num module-number | any The module-number is the 0-based module number corresponding to modules loaded by the bootloader. [−−pos hash-number] The hash-number is the 0-based index of the hash, within the list of hashes for the specified module. policy-file −−unwrap Extract the tboot verified launch policy from a TXT LCP element file. −−elt elt-file policy-file −−show policy-file Show the policy information in a policy file. −−help Print out the help message. −−verbose Enable verbose output; can be specified with any command.
EXAMPLEStb_polgen −−create −−type nonfatal vl.pol tb_polgen −−add −−num 0 −−pcr none −−hash image −−cmdline "cmdline" −−image /boot/xen.gz vl.pol tb_polgen −−add −−num 1 −−pcr 19 −−hash image −−cmdline "cmdline" −−image /boot/vmlinuz-2.6.18.8-xen vl.pol tb_polgen −−add −−num 2 −−pcr 19 −−hash image −−cmdline "" −−image /boot/initrd-2.6.18.8-xen.img vl.pol tb_polgen −−del −−num 1 vl.pol tb_polgen −−show −−verbose vl.pol
Note1:It is not necessary to specify a PCR for module 0, since this module's measurement will always be extended to PCR 18. If a PCR is specified, then the measurement will be extended to that PCR in addition to PCR 18.
Note2:--unwrap is not implemented correctly. There should be a defined UUID for this and that should be checked before copying the data. There should be a wrap or similar command to generates an element file for a policy.
SEE ALSOlcp_crtpol(8), lcp_crtpol2(8), lcp_crtpolelt(8). 0
Johanes Gumabo
Data Size : 15,853 byte
man-tb_polgen.8Build : 2024-12-05, 20:55 :
Visitor Screen : x
Visitor Counter ( page / site ) : 2 / 203,611
Visitor ID : :
Visitor IP : 13.58.77.244 :
Visitor Provider : AMAZON-02 :
Provider Position ( lat x lon ) : 39.962500 x -83.006100 : x
Provider Accuracy Radius ( km ) : 1000 :
Provider City : Columbus :
Provider Province : Ohio , : ,
Provider Country : United States :
Provider Continent : North America :
Visitor Recorder : Version :
Visitor Recorder : Library :
Online Linux Manual Page : Version : Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page : Library : lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page : Library : lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base : Version : Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base : Library : lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36
Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.