1
.\" Copyright (C) 2005 International Business Machines Corporation
11
.de Sp \" Vertical space (when we can't use .PP)
17
.ie \\n(.$>=3 .ne \\$3
21
.TH "tcsd" 8 "2005-03-15" "TSS 1.1"
25
tcsd \- daemon that manages Trusted Computing resources
34
Trousers is an open-source TCG Software Stack (TSS), released under the Common
35
Public License. Trousers aims to be compliant with the current (1.1b) and
36
upcoming (1.2) TSS specifications available from the Trusted Computing Group
37
website: http://www.trustedcomputinggroup.org.
39
\fBtcsd\fR is a user space daemon that should be (according to the TSS spec)
40
the only portal to the TPM device driver. At boot time, \fBtcsd\fR should
41
be started, it should open the TPM device driver and from that point on, all
42
requests to the TPM should go through the TSS stack. The \fBtcsd\fR manages TPM
43
resources and handles requests from TSP's both local and remote.
47
run the daemon in the foreground
51
There are two types of access control for the \fBtcsd\fR, access to the
52
daemon's socket itself and access to specific commands internal to the
53
\fBtcsd\fR. Access to the \fBtcsd\fR's port should be controlled by the system
54
administrator using firewall rules. If using iptables, the following rule
55
will allow a specific host access to the tcsd:
57
# iptables -A INPUT -s $IP_ADDRESS -p tcp --destination-port @TCSD_DEFAULT_PORT@ -j ACCEPT
59
Access to individual commands internal to the tcsd is configured by the
60
\fBtcsd\fR configuration file's "remote_ops" directive. Each function call
61
in the TCS API is reachable by a unique ordinal. Each labeled "remote op"
62
actually defines a set of ordinals (usually more than one) necessary to
63
accomplish the operation. So, for example, the "random" operation enables
64
the ordinals for opening and closing a context, calling TCS_StirRandom
65
and TCS_GetRandom, as well as TCS_FreeMemory. By default, connections from
66
localhost will allow any ordinals.
70
TSS applications have access to 2 different kinds of 'persistant' storage. 'User'
71
persistant storage has the lifetime of that of the application using it
72
and therefore is destroyed when an application exits. User PS is controlled
73
by the TSP of the application. 'System' persistent storage is controlled by
74
the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and
75
system resets. Data registered in system PS stays valid until an application
76
requests that it be removed. User PS files are by default stored as
77
/var/tpm/user.{pid} and the system PS file by default is /var/tpm/system.data.
78
The system PS file is initially created when ownership of the TPM is first
82
\fBtcsd\fR configuration is stored by default in /etc/tcsd.conf
85
If TrouSerS has been compiled with debugging enabled, the debugging output
86
can be supressed by setting the TSS_DEBUG_OFF environment variable.
90
\fBtcsd\fR is compatible with the IBM Research TPM device driver available
91
from http://www.research.ibm.com/gsal/tcpa and the TPM device driver available
92
from http://sf.net/projects/tmpdd
96
\fBtcsd\fR conforms to the Trusted Computing Group Software
97
Specification version 1.1 Golden
107
Report bugs to <@PACKAGE_BUGREPORT@>