1tcsd(8) System Manager's Manual tcsd(8)
2 TCG Software Stack
6
8 tcsd - daemon that manages Trusted Computing resources
9
11 tcsd [-f] [-e] [-c <configfile> ] [-h]
12
15 Trousers is an open-source TCG Software Stack (TSS), released under the
16 BSD License. Trousers aims to be compliant with the current (1.1b) and
17 upcoming (1.2) TSS specifications available from the Trusted Computing
18 Group website: http://www.trustedcomputinggroup.org.
19 tcsd is a user space daemon that should be (according to the TSS spec)
21 the only portal to the TPM device driver. At boot time, tcsd should be
22 started, it should open the TPM device driver and from that point on,
23 all requests to the TPM should go through the TSS stack. The tcsd
24 manages TPM resources and handles requests from TSP's both local and
25 remote.
26 -f, --foreground
29 run the daemon in the foreground
30 -e attempt to connect to software TPMs over TCP
33 -c, --config <configfile>
36 use the provided configuration file rather than the default
37 configuration file
38 -h, --help
41 display help message
42
45 There are two types of access control for the tcsd, access to the
46 daemon's socket itself and access to specific commands internal to the
47 tcsd. Access to the tcsd's port should be controlled by the system
48 administrator using firewall rules. If using iptables, the following
49 rule will allow a specific host access to the tcsd:
50 # iptables -A INPUT -s $IP_ADDRESS -p tcp --destination-port 30003 -j
52 ACCEPT
53 Access to individual commands internal to the tcsd is configured by the
55 tcsd configuration file's "remote_ops" directive. Each function call in
56 the TCS API is reachable by a unique ordinal. Each labeled "remote op"
57 actually defines a set of ordinals (usually more than one) necessary to
58 accomplish the operation. So, for example, the "random" operation
59 enables the ordinals for opening and closing a context, calling
60 TCS_StirRandom and TCS_GetRandom, as well as TCS_FreeMemory. By
61 default, connections from localhost will allow any ordinals.
62
65 TSS applications have access to 2 different kinds of 'persistant'
66 storage. 'User' persistant storage has the lifetime of that of the
67 application using it and therefore is destroyed when an application
68 exits. User PS is controlled by the TSP of the application. 'System'
69 persistent storage is controlled by the TCS and stays valid across
70 application lifetimes, tcsd restarts and system resets. Data registered
71 in system PS stays valid until an application requests that it be
72 removed. User PS files are by default stored as /var/lib/tpm/user.{pid}
73 and the system PS file by default is /var/lib/tpm/system.data. The
74 system PS file is initially created when ownership of the TPM is first
75 taken.
76
79 tcsd configuration is stored by default in /etc/tcsd.conf
80
83 If TrouSerS has been compiled with debugging enabled, the debugging
84 output can be supressed by setting the TSS_DEBUG_OFF environment
85 variable.
86
89 tcsd is compatible with the IBM Research TPM device driver available
90 from http://ibmswtpm.sourceforge.net/ and the TPM device driver
91 available from http://sf.net/projects/tpmdd, which is also available in
92 the upstream Linux kernel and many Linux distros.
93
96 tcsd conforms to the Trusted Computing Group Software Specification
97 version 1.1 Golden
98
101 tcsd.conf(5)
102
105 Kent Yoder
106
109 Report bugs to <trousers-tech@lists.sf.net>
110TSS 1.1 2005-03-15 tcsd(8)