I have tboot running on Intel Server board E5- 2658. I get txt measured launch as true and can see the populated pcrs values.
At the moment, I don't have any LCP in TPM. My Platform is using default policy i guess.
I want to explore the option in LCP that what should happen when pcrs measurement fails i.e. system refuse to boot or boot with limited functionalities.
I checked one LCP script at https://raw.githubusercontent.com/yocum137/txt-oat/master/scripts/create...
but I couldn't find the actions in the script about what happens when pcrs measurement fails.
Could anyone help to explore these options i,e. if there are pre-configured options or creating custom options?
P.S: I also have lcp generator tool from intel but again there are no instruction regarding the issue i discussed above.