% tpm2_createpolicy(1) tpm2-tools | General Commands Manual
tpm2_createpolicy(1) - Creates simple assertion authorization policies based on multiple PCR indices values across multiple enabled banks.
tpm2_createpolicy [OPTIONS]
tpm2_createpolicy(1) - Creates simple assertion authorization policies based on multiple PCR indices values across multiple enabled banks. It can then be used with object creation and or tools using the object.
These options control creating the policy authorization session:
-
-L, --policy=FILE:
The file to save the policy digest.
-
--policy-pcr:
Identifies the PCR policy type for policy creation.
-
-g, --policy-algorithm=ALGORITHM:
The hash algorithm used in computation of the policy digest.
-
-l, --pcr-list=PCR:
The list of PCR banks and selected PCRs' ids for each bank.
-
-f, --pcr=FILE:
Optional Path or Name of the file containing expected PCR values for the specified index. Default is to read the current PCRs per the set list.
-
--policy-session:
Start a policy session of type TPM_SE_POLICY. Defaults to TPM_SE_TRIAL if this option isn't specified.
algorithm specifiers details the options for specifying cryptographic algorithms ALGORITHM.
common options details options for specifying the pcr index and bank/algorithm PCR.
common options collection of common options that provide information many users may expect.
common tcti options collection of options used to configure the various known TCTI modules.
tpm2_createpolicy \--policy-pcr -l 0x4:0 -L policy.file -f pcr0.bin