TCG Software Stack
NAME¶
tcsd - daemon that manages Trusted Computing resources
SYNOPSIS¶
tcsd [
-f] [
-e]
[
-c <configfile> ] [
-h]
DESCRIPTION¶
Trousers is an open-source TCG Software Stack (TSS), released under the BSD
License. Trousers aims to be compliant with the current (1.1b) and upcoming
(1.2) TSS specifications available from the Trusted Computing Group website:
http://www.trustedcomputinggroup.org.
tcsd is a user space daemon that should be (according to the TSS spec)
the only portal to the TPM device driver. At boot time,
tcsd should be
started, it should open the TPM device driver and from that point on, all
requests to the TPM should go through the TSS stack. The
tcsd manages
TPM resources and handles requests from TSP's both local and remote.
- -f, --foreground
- run the daemon in the foreground
- -e
- attempt to connect to software TPMs over TCP
- -c, --config <configfile>
- use the provided configuration file rather than the default configuration
file
- -h, --help
- display help message
ACCESS CONTROL¶
There are two types of access control for the
tcsd, access to the
daemon's socket itself and access to specific commands internal to the
tcsd. Access to the
tcsd's port should be controlled by the
system administrator using firewall rules. If using iptables, the following
rule will allow a specific host access to the tcsd:
# iptables -A INPUT -s $IP_ADDRESS -p tcp --destination-port 30003 -j ACCEPT
Access to individual commands internal to the tcsd is configured by the
tcsd configuration file's "remote_ops" directive. Each
function call in the TCS API is reachable by a unique ordinal. Each labeled
"remote op" actually defines a set of ordinals (usually more than
one) necessary to accomplish the operation. So, for example, the
"random" operation enables the ordinals for opening and closing a
context, calling TCS_StirRandom and TCS_GetRandom, as well as TCS_FreeMemory.
By default, connections from localhost will allow any ordinals.
DATA FILES¶
TSS applications have access to 2 different kinds of 'persistent' storage.
'User' persistent storage has the lifetime of that of the application using it
and therefore is destroyed when an application exits. User PS is controlled by
the TSP of the application. 'System' persistent storage is controlled by the
TCS and stays valid across application lifetimes,
tcsd restarts and
system resets. Data registered in system PS stays valid until an application
requests that it be removed. User PS files are by default stored as
/var/tpm/user.{pid} and the system PS file by default is /var/tpm/system.data.
The system PS file is initially created when ownership of the TPM is first
taken.
CONFIGURATION¶
tcsd configuration is stored by default in /etc/tcsd.conf
DEBUG OUTPUT¶
If TrouSerS has been compiled with debugging enabled, the debugging output can
be supressed by setting the TSS_DEBUG_OFF environment variable.
DEVICE DRIVERS¶
tcsd is compatible with the IBM Research TPM device driver available from
http://ibmswtpm.sourceforge.net/ and the TPM device driver available from
http://sf.net/projects/tpmdd, which is also available in the upstream Linux
kernel and many Linux distros.
tcsd conforms to the Trusted Computing Group Software Specification
version 1.1 Golden
SEE ALSO¶
tcsd.conf(5)
AUTHOR¶
Kent Yoder
REPORTING BUGS¶
Report bugs to <trousers-tech@lists.sf.net>