tcsd(8) [centos man page]
tcsd(8) System Manager's Manual tcsd(8) TCG Software Stack NAME
tcsd - daemon that manages Trusted Computing resources SYNOPSIS
tcsd [-f] [-e] [-c <configfile> ] [-h] DESCRIPTION
Trousers is an open-source TCG Software Stack (TSS), released under the BSD License. Trousers aims to be compliant with the current (1.1b) and upcoming (1.2) TSS specifications available from the Trusted Computing Group website: http://www.trustedcomputinggroup.org. tcsd is a user space daemon that should be (according to the TSS spec) the only portal to the TPM device driver. At boot time, tcsd should be started, it should open the TPM device driver and from that point on, all requests to the TPM should go through the TSS stack. The tcsd manages TPM resources and handles requests from TSP's both local and remote. -f, --foreground run the daemon in the foreground -e attempt to connect to software TPMs over TCP -c, --config <configfile> use the provided configuration file rather than the default configuration file -h, --help display help message ACCESS CONTROL
There are two types of access control for the tcsd, access to the daemon's socket itself and access to specific commands internal to the tcsd. Access to the tcsd's port should be controlled by the system administrator using firewall rules. If using iptables, the following rule will allow a specific host access to the tcsd: # iptables -A INPUT -s $IP_ADDRESS -p tcp --destination-port 30003 -j ACCEPT Access to individual commands internal to the tcsd is configured by the tcsd configuration file's "remote_ops" directive. Each function call in the TCS API is reachable by a unique ordinal. Each labeled "remote op" actually defines a set of ordinals (usually more than one) necessary to accomplish the operation. So, for example, the "random" operation enables the ordinals for opening and closing a context, calling TCS_StirRandom and TCS_GetRandom, as well as TCS_FreeMemory. By default, connections from localhost will allow any ordinals. DATA FILES
TSS applications have access to 2 different kinds of 'persistant' storage. 'User' persistant storage has the lifetime of that of the application using it and therefore is destroyed when an application exits. User PS is controlled by the TSP of the application. 'System' persistent storage is controlled by the TCS and stays valid across application lifetimes, tcsd restarts and system resets. Data registered in system PS stays valid until an application requests that it be removed. User PS files are by default stored as /var/lib/tpm/user.{pid} and the system PS file by default is /var/lib/tpm/system.data. The system PS file is initially created when ownership of the TPM is first taken. CONFIGURATION
tcsd configuration is stored by default in /etc/tcsd.conf DEBUG OUTPUT
If TrouSerS has been compiled with debugging enabled, the debugging output can be supressed by setting the TSS_DEBUG_OFF environment variable. DEVICE DRIVERS
tcsd is compatible with the IBM Research TPM device driver available from http://ibmswtpm.sourceforge.net/ and the TPM device driver available from http://sf.net/projects/tpmdd, which is also available in the upstream Linux kernel and many Linux distros. CONFORMING TO
tcsd conforms to the Trusted Computing Group Software Specification version 1.1 Golden SEE ALSO
tcsd.conf(5) AUTHOR
Kent Yoder REPORTING BUGS
Report bugs to <trousers-tech@lists.sf.net> TSS 1.1 2005-03-15 tcsd(8)
Check Out this Related Man Page
tcsd.conf(5) File Formats Manual tcsd.conf(5) TCG Software Stack NAME
tcsd.conf - configuration file for the trousers TCS daemon. DESCRIPTION
This file, by default /etc/tcsd.conf is read by the trousers TCSD daemon, tcsd (see tcsd(8)). The tcsd.conf file that is installed by trousers contains all the default options, commented out. OPTIONS
port The port that TCSD will listen on for connections, local and remote, from applications. num_threads The maximum number of threads that the TCSD will spawn simultaneously to service applications. After num_threads threads have been spawned, any application that attempts to connect to the TCSD will receive an error. system_ps_file The location of the system persistent storage file. The system persistent storage file holds keys and data across restarts of the TCSD and system reboots. firmware_log_file Path to the file containing the current firmware PCR event log data. The interface to this log is usually provided by the TPM device driver. kernel_log_file Path to the file containing the current kernel PCR event log data. By default, this data will be parsed in the format pro- vided by the Integrity Measurement Architecture LSM. firmware_pcrs A list of PCR indices that are manipulated only by the system firmware and therefore are not extended or logged by the TCSD. Applications that call Tcsi_PcrExtend on PCRs listed here will receive an error. kernel_pcrs A list of PCR indices that are manipulated only by the kernel and therefore are not extended or logged by the TCSD. Applica- tions that call Tcsi_PcrExtend on PCRs listed here will receive an error. platform_cred Path to the platform credential for your TPM. Your TPM manufacturer may have provided you with a set of credentials (cer- tificates) that should be used when creating identities using your TPM. When a user of your TPM makes an identity, this credential will be encrypted as part of that process. See the 1.1b TPM Main specification section 9.3 for information on this process. conformance_cred Path to the conformance credential for your TPM. Your TPM manufacturer may have provided you with a set of credentials (certificates) that should be used when creating identities using your TPM. When a user of your TPM makes an identity, this credential will be encrypted as part of that process. See the 1.1b TPM Main specification section 9.3 for information on this process. endorsement_cred Path to the endorsement credential for your TPM. Your TPM manufacturer may have provided you with a set of credentials (certificates) that should be used when creating identities using your TPM. When a user of your TPM makes an identity, this credential will be encrypted as part of that process. See the 1.1b TPM Main specification section 9.3 for information on this process. remote_ops A list of TCS commands which will be allowed to be executed on this machine's TCSD by TSP's on non-local hosts (over the inter- net). By default, access to all operations is denied. host_platform_class Determines the TCG specification of the host's platform class. This refers to one of the specifications contained in the TCG web site. The default is PC specification version 1.2 . all_platform_classes Specifies all the TCG defined platforms associated with the host platform. The host_platform_class must not be defined here. By default, all platforms but the host platform are associated. EXAMPLE
port = 30003 num_threads = 10 system_ps_file = /var/lib/tpm/system.data firmware_log_file = /proc/tpm/firmware_events kernel_log_file = /proc/tcg/measurement_events firmware_pcrs = 0,1,2,3,4,5,6,7 kernel_pcrs = 10,11 platform_cred = /var/lib/tpm/platform.cert conformance_cred = /var/lib/tpm/conformance.cert endorsement_cred = /var/lib/tpm/endorsement.cert remote_ops = create_key,random host_platform_class = server_12 all_platform_classes = pc_11,pc_12,mobile_12 SEE ALSO
tcsd(8) AUTHOR
Kent Yoder REPORTING BUGS
Report bugs to <trousers-tech@lists.sf.net> TSS 1.1 2006-07-14 tcsd.conf(5)