diff --git a/Makefile b/Makefile
index 2256670..61cc63b 100644
--- a/Makefile
+++ b/Makefile
@@ -11,3 +11,4 @@ test: trust
 	bats tests/keyset.bats
 	bats tests/project.bats
 	bats tests/sudi.bats
+	bats tests/policygen.bats
diff --git a/cmd/trust/policygen.go b/cmd/trust/policygen.go
index 6fa15ea..0f56d51 100644
--- a/cmd/trust/policygen.go
+++ b/cmd/trust/policygen.go
@@ -79,7 +79,7 @@ func doTpmPolicygen(ctx *cli.Context) error {
 	if err != nil {
 		return err
 	}
-	err = os.WriteFile(passwdOutFile, passwdPolDigest, 0400)
+	err = os.WriteFile(passwdOutFile, passwdPolDigest, 0644)
 	if err != nil {
 		return err
 	}
@@ -95,7 +95,7 @@ func doTpmPolicygen(ctx *cli.Context) error {
 	if err != nil {
 		return err
 	}
-	err = os.WriteFile(luksOutFile, luksPolDigest, 0400)
+	err = os.WriteFile(luksOutFile, luksPolDigest, 0644)
 	if err != nil {
 		return err
 	}
diff --git a/tests/policygen.bats b/tests/policygen.bats
index f70a9be..8048f7a 100644
--- a/tests/policygen.bats
+++ b/tests/policygen.bats
@@ -2,17 +2,31 @@ load helpers
 
 function setup() {
 	common_setup
+	rm -rf "${BATS_TMPDIR}/passwd.out" "${BATS_TMPDIR}/luks.out"
+	rm -rf "${BATS_TMPDIR}/luks_policy.out" "${BATS_TMPDIR}/passwd_policy.out"
 }
 
 function teardown() {
 	common_teardown
+	rm -rf "${BATS_TMPDIR}/passwd.out" "${BATS_TMPDIR}/luks.out"
+	rm -rf "${BATS_TMPDIR}/luks_policy.out" "${BATS_TMPDIR}/passwd_policy.out"
 }
 
 @test "Generate a policy" {
-	trust tpm-policy-gen --passwd-pcr7-file sample1/pcr7-tpm.bin \
-	    --production-pcr7-file sample1/pcr7-prod.bin \
-	    --passwd-policy-file sample1/passwd.out \
-	    --luks-policy-file sample1/luks.out
-	diff sample1/passwd.out sample1/passwd.policy
-	diff sample1/luks.out sample1/luks.policy
+	trust tpm-policy-gen --pcr7-tpm "${BATS_TEST_DIRNAME}/sample1/pcr7-tpm.bin" \
+	    --pcr7-production "${BATS_TEST_DIRNAME}/sample1/pcr7-prod.bin" \
+	    --passwd-policy-file "${BATS_TMPDIR}/passwd.out" \
+	    --luks-policy-file "${BATS_TMPDIR}/luks.out" \
+		--policy-version 0001
+	diff "${BATS_TMPDIR}/passwd.out" "${BATS_TEST_DIRNAME}/sample1/passwd.policy"
+	diff "${BATS_TMPDIR}/luks.out" "${BATS_TEST_DIRNAME}/sample1/luks.policy"
+}
+
+@test "Generate a policy using defaults" {
+	current_dir=${PWD}; cd "${BATS_TMPDIR}"
+	trust tpm-policy-gen --pcr7-tpm "${BATS_TEST_DIRNAME}/sample1/pcr7-tpm.bin" \
+	    --pcr7-production "${BATS_TEST_DIRNAME}/sample1/pcr7-prod.bin"
+	cd $current_dir
+	diff "${BATS_TMPDIR}/passwd_policy.out" "${BATS_TEST_DIRNAME}/sample1/passwd.policy"
+	diff "${BATS_TMPDIR}/luks_policy.out" "${BATS_TEST_DIRNAME}/sample1/luks.policy"
 }
diff --git a/tests/sample1/luks.policy b/tests/sample1/luks.policy
index f274c86..5376d22 100644
Binary files a/tests/sample1/luks.policy and b/tests/sample1/luks.policy differ