tcsd(8)tcsd(8)
TCG Software Stack
NAMEtcsd - daemon that manages Trusted Computing resources
SYNOPSIStcsd [-f]
DESCRIPTION
Trousers is an open-source TCG Software Stack (TSS), released under the
Common Public License. Trousers aims to be compliant with the current
(1.1b) and upcoming (1.2) TSS specifications available from the Trusted
Computing Group website: http://www.trustedcomputinggroup.org.
tcsd is a user space daemon that should be (according to the TSS spec)
the only portal to the TPM device driver. At boot time, tcsd should be
started, it should open the TPM device driver and from that point on,
all requests to the TPM should go through the TSS stack. The tcsd
manages TPM resources and handles requests from TSP's both local and
remote.
-f run the daemon in the foreground
ACCESS CONTROL
There are two types of access control for the tcsd, access to the
daemon's socket itself and access to specific commands internal to the
tcsd. Access to the tcsd's port should be controlled by the system
administrator using firewall rules. If using iptables, the following
rule will allow a specific host access to the tcsd:
# iptables -A INPUT -s $IP_ADDRESS -p tcp --destination-port 30003 -j
ACCEPT
Access to individual commands internal to the tcsd is configured by the
tcsd configuration file's "remote_ops" directive. Each function call in
the TCS API is reachable by a unique ordinal. Each labeled "remote op"
actually defines a set of ordinals (usually more than one) necessary to
accomplish the operation. So, for example, the "random" operation
enables the ordinals for opening and closing a context, calling
TCS_StirRandom and TCS_GetRandom, as well as TCS_FreeMemory. By
default, connections from localhost will allow any ordinals.
DATA FILES
TSS applications have access to 2 different kinds of 'persistant'
storage. 'User' persistant storage has the lifetime of that of the
application using it and therefore is destroyed when an application
exits. User PS is controlled by the TSP of the application. 'System'
persistent storage is controlled by the TCS and stays valid across
application lifetimes, tcsd restarts and system resets. Data registered
in system PS stays valid until an application requests that it be
removed. User PS files are by default stored as
$HOME/.trousers/user.data and the system PS file by default is
/var/tpm/system/system.data. The system PS file is initially created
when ownership of the TPM is first taken.
/var/tpm/system/system.data
Contains the system PS (persistent storage) data controlled by the
TCS. By default, the SRK key is installed in PS and does not
require owner authorization to use. If the TPM has previously been
provisioned and owner-auth is required to load the SRK, then the
/var/tpm/system/system.data.auth file should be moved to
/var/tpm/system/system.data before starting the TCS (See NOTES).
/var/tpm/system/system.data.auth
This is the default PS data file to use if the TPM has been
previously configured to require owner-auth to access the SRK.
Copy this file to /var/tpm/system/system.data prior to starting the
TCS if owner-auth is needed, otherwise this file can be ignored.
CONFIGURATIONtcsd configuration is stored by default in /etc/security/tcsd.conf
DEBUG OUTPUT
If TrouSerS has been compiled with debugging enabled, the debugging
output can be supressed by setting the TSS_DEBUG_OFF environment
variable.
DEVICE DRIVERStcsd is compatible with the IBM Research TPM device driver available
from http://www.research.ibm.com/gsal/tcpa and the TPM device driver
for Linux available from http://sf.net/projects/tmpdd. It is also
compatible with the TPM device driver for Solaris which is available in
the driver/crypto/tpm package.
CONFORMING TOtcsd conforms to the Trusted Computing Group Software Specification
version 1.1 Golden
SEE ALSOtcsd.conf(5), svcadm(1M), smf(5)NOTES
The tcsd service is managed by the service management facility, smf(5),
under the service identifier:
svc:/application/security/tcsd:default
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using svcadm(1M). The service's
status can be queried using the svcs(1) command.
AUTHOR
Kent Yoder
REPORTING BUGS
Report bugs to <trousers-tech@lists.sf.net>
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌────────────────────┬────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├────────────────────┼────────────────────────────┤
│Availability │ library/security/trousers │
├────────────────────┼────────────────────────────┤
│Interface Stability │ Uncommitted │
└────────────────────┴────────────────────────────┘
NOTES
Source for trousers is available at http://opensolaris.org and at
http://sourceforge.net/projects/trousers. Documentation is available
at file:///usr/share/man, and http://sourceforge.net/projects/trousers.
TSS 1.1 2005-03-15 tcsd(8)
