tpm2-abrmd(8)

1TPM2-ABRMD(8)                 TPM2 Software Stack                TPM2-ABRMD(8)
2
3
4

NAME

6       tpm2-abrmd - TPM2 access broker and resource management daemon
7

SYNOPSIS

9       tpm2-abrmd       [-m][-e][-i][-o][-l logger-name][-r][-s][-g /dev/uran‐
10       dom][-t conf]
11

DESCRIPTION

13       tpm2-abrmd is a daemon that implements the TPM access  broker  and  re‐
14       source manager as described by the Trusted Computing Group (TGC) in the
15       “TSS System Level API and TPM Command Transmission Interface Specifica‐
16       tion”.  This daemon uses the DBus system bus and some pipes to communi‐
17       cate with clients.
18

OPTIONS

20       -t, --tcti
21              Provide the daemon with a string that describes the TCTI and how
22              to  configure  it for communication with the next component down
23              the TSS2 stack. This string  is  formatted  as  "tcti-name:tcti-
24              conf" where:
25
26              'tcti-name'
27                     The  name  of  the  TCTI  library shared object file. Li‐
28                     braries are found using the same algorithm as dlopen (3).
29                     If  the TCTI library file name follows the naming conven‐
30                     tion: libtss2-tcti-<name>.so.0 where <name> is  the  name
31                     for  the  TCTI,  the  value  of <name> may be supplied in
32                     place of the full library file name. See  'EXAMPLES'  be‐
33                     low.
34
35              'tcti-conf'
36                     The  configuration string passed to the TCTI library upon
37                     initialization.
38
39              If this option is omitted (or a NULL string provided) then a de‐
40              fault  TCTI is used in it's default configuration. If the string
41              does not contain a colon then it will be interpreted as only the
42              'tcti-name'. To provide only the configuration string (using the
43              default TCTI) then the first character in the string  passed  to
44              this  option  must  be  a  colon  followed  by the configuration
45              string. See examples below.
46
47       -o, --allow-root
48              Allow daemon to run as root. If this option is not provided  the
49              daemon  will refused to run as the root user. Use of this option
50              is not recommended.
51
52       -m, --max-connections
53              Set an upper bound on the number of  concurrent  client  connec‐
54              tions  allowed.   Once  this  number  of  client  connections is
55              reached new connections will be rejected with an error.  If  the
56              option is not specified the default is 27.
57
58       -f, --flush-all
59              Flush all objects and sessions when daemon is started.
60
61       -l, --logger
62              Direct logging output to named logging target. Supported targets
63              are stdout and syslog. If the logger option is not specified the
64              default is stdout.
65
66       -e, --max-sessions
67              Set  and  upper bound on the number of sessions that each client
68              connection is allowed to create (loaded or active)  at  any  one
69              time. If the option is not specified the default is 4.
70
71       -r, --max-transients
72              Set  an upper bound on the number of transient objects that each
73              client connection allowed to load. Once this number  of  objects
74              is  reached  attempts to load new transient objects will produce
75              an error. If the option is not specified the default is 27.
76
77       -n, --dbus-name
78              Claim the given name on dbus. This option overrides the  default
79              of com.intel.tss2.Tabrmd.
80
81       -g, --prng-seed-file
82              Read  seed  for pseudo-random number generator from the provided
83              file.
84
85       -s, --session
86              Connect daemon to the session dbus. If the option is not  speci‐
87              fied the daemon connects to the system dbus.
88
89       -v, --version
90              Display version string.
91

EXAMPLES

93       Execute daemon with default TCTI and options:
94          tpm2-abrmd
95
96       Execute daemon with default TCTI and provided config string:
97          tpm2-abrmd --tcti=":/dev/tpm0"
98
99       This is equivalent to:
100          tpm2-abrmd --tcti="device:/dev/tpm0"
101          tpm2-abrmd --tcti="libtss2-tcti-device.so.0:/dev/tpm0"
102
103       Have daemon use swtpm TPM2 Simulator tcti library
104          This connects to a TPM2 simulator via a TCP swtpm.
105          tpm2-abrmd --tcti="swtpm"
106          tpm2-abrmd --tcti="libtss2-tcti-swtpm.so.0"
107
108       Have  daemon  use  tcti  library  'libtss2-tcti-swtpm.so.0'  and config
109       string
110          tpm2-abrmd --tcti=swtpm:host=127.0.0.1,port=5555"
111          tpm2-abrmd --tcti="libtss2-tcti-swtpm.so.0:host=127.0.0.1,port=5555"
112

AUTHOR

114       Philip Tricca <philip.b.tricca@intel.com>
115

COLOPHON

120       This page is part of the 3.0.0 release of Intel's TPM2 Access Broker  &
121       Resource  Management  Daemon. A description of the project, information
122       about reporting bugs, and the latest version of this page can be  found
123       at https://github.com/01org/tpm2-abrmd/.
124
125
126
127Intel                             March 2018                     TPM2-ABRMD(8)