Manual Pages for UNIX Operating System command usage for man tcsd
Maintenance Procedures tcsd(8)
TCG Software Stack
NAME
tcsd - daemon that manages Trusted Computing resources
SYNOPSIS
tcsd [-f]
DESCRIPTION
Trousers is an open-source TCG Software Stack (TSS),
released under the Common Public License. Trousers aims to
be compliant with the current (1.1b) and upcoming (1.2) TSS
specifications available from the Trusted Computing Group
website: http://www.trustedcomputinggroup.org.
tcsd is a user space daemon that should be (according to the
TSS spec) the only portal to the TPM device driver. At boot
time, tcsd should be started, it should open the TPM device
driver and from that point on, all requests to the TPM
should go through the TSS stack. The tcsd manages TPM
resources and handles requests from TSP's both local and
remote.
-f run the daemon in the foreground
ACCESS CONTROL
There are two types of access control for the tcsd, access
to the daemon's socket itself and access to specific
commands internal to the tcsd. Access to the tcsd's port
should be controlled by the system administrator using
firewall rules. If using iptables, the following rule will
allow a specific host access to the tcsd:
# iptables -A INPUT -s $IP_ADDRESS -p tcp --destination-port
30003 -j ACCEPT
Access to individual commands internal to the tcsd is
configured by the tcsd configuration file's "remote_ops"
directive. Each function call in the TCS API is reachable by
a unique ordinal. Each labeled "remote op" actually defines
a set of ordinals (usually more than one) necessary to
accomplish the operation. So, for example, the "random"
operation enables the ordinals for opening and closing a
context, calling TCS_StirRandom and TCS_GetRandom, as well
as TCS_FreeMemory. By default, connections from localhost
will allow any ordinals.
TSS 1.1 Last change: 2005-03-15 1
Maintenance Procedures tcsd(8)
DATA FILES
TSS applications have access to 2 different kinds of
'persistant' storage. 'User' persistant storage has the
lifetime of that of the application using it and therefore
is destroyed when an application exits. User PS is
controlled by the TSP of the application. 'System'
persistent storage is controlled by the TCS and stays valid
across application lifetimes, tcsd restarts and system
resets. Data registered in system PS stays valid until an
application requests that it be removed. User PS files are
by default stored as $HOME/.trousers/user.data and the
system PS file by default is /var/tpm/system/system.data.
The system PS file is initially created when ownership of
the TPM is first taken.
/var/tpm/system/system.data
Contains the system PS (persistent storage) data
controlled by the TCS. By default, the SRK key is
installed in PS and does not require owner authorization
to use. If the TPM has previously been provisioned and
owner-auth is required to load the SRK, then the
/var/tpm/system/system.data.auth file should be moved to
/var/tpm/system/system.data before starting the TCS (See
NOTES).
/var/tpm/system/system.data.auth
This is the default PS data file to use if the TPM has
been previously configured to require owner-auth to
access the SRK. Copy this file to
/var/tpm/system/system.data prior to starting the TCS if
owner-auth is needed, otherwise this file can be
ignored.
CONFIGURATION
tcsd configuration is stored by default in
/etc/security/tcsd.conf
DEBUG OUTPUT
If TrouSerS has been compiled with debugging enabled, the
debugging output can be supressed by setting the
TSS_DEBUG_OFF environment variable.
DEVICE DRIVERS
tcsd is compatible with the IBM Research TPM device driver
available from http://www.research.ibm.com/gsal/tcpa and the
TPM device driver for Linux available from
http://sf.net/projects/tmpdd. It is also compatible with
the TPM device driver for Solaris which is available in the
TSS 1.1 Last change: 2005-03-15 2
Maintenance Procedures tcsd(8)
driver/crypto/tpm package.
CONFORMING TO
tcsd conforms to the Trusted Computing Group Software
Specification version 1.1 Golden
SEE ALSO
tcsd.conf(5), svcadm(1M), smf(5)
NOTES
The tcsd service is managed by the service management
facility, smf(5), under the service identifier:
svc:/application/security/tcsd:default
Administrative actions on this service, such as enabling,
disabling, or requesting restart, can be performed using
svcadm(1M). The service's status can be queried using the
svcs(1) command.
AUTHOR
Kent Yoder
REPORTING BUGS
Report bugs to
ATTRIBUTES
See attributes(5) for descriptions of the following
attributes:
__________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|____________________|_____________________________|_
| Availability | library/security/trousers |
|____________________|_____________________________|_
| Interface Stability| Uncommitted |
|____________________|____________________________|
NOTES
Source for trousers is available at http://opensolaris.org
and at http://sourceforge.net/projects/trousers.
Documentation is available at file:///usr/share/man, and
http://sourceforge.net/projects/trousers.
TSS 1.1 Last change: 2005-03-15 3