| .\" Copyright (C) 2005 International Business Machines Corporation |
| .\" |
| .de Sh \" Subsection |
| .br |
| .if t .Sp |
| .ne 5 |
| .PP |
| \fB\\$1\fR |
| .PP |
| .. |
| .de Sp \" Vertical space (when we can't use .PP) |
| .if t .sp .5v |
| .if n .sp |
| .. |
| .de Ip \" List item |
| .br |
| .ie \\n(.$>=3 .ne \\$3 |
| .el .ne 3 |
| .IP "\\$1" \\$2 |
| .. |
| .TH "tcsd" 8 "2005-03-15" "TSS 1.1" |
| .ce 1 |
| TCG Software Stack |
| .SH NAME |
| tcsd \- daemon that manages Trusted Computing resources |
| .SH "SYNOPSIS" |
| .ad l |
| .hy 0 |
| .B tcsd |
| .RB [ \-f ] |
| |
| .SH "DESCRIPTION" |
| .PP |
| Trousers is an open-source TCG Software Stack (TSS), released under the Common |
| Public License. Trousers aims to be compliant with the current (1.1b) and |
| upcoming (1.2) TSS specifications available from the Trusted Computing Group |
| website: http://www.trustedcomputinggroup.org. |
| |
| \fBtcsd\fR is a user space daemon that should be (according to the TSS spec) |
| the only portal to the TPM device driver. At boot time, \fBtcsd\fR should |
| be started, it should open the TPM device driver and from that point on, all |
| requests to the TPM should go through the TSS stack. The \fBtcsd\fR manages TPM |
| resources and handles requests from TSP's both local and remote. |
| |
| .TP |
| \fB\-f\fR |
| run the daemon in the foreground |
| |
| .SH "ACCESS CONTROL" |
| .PP |
| There are two types of access control for the \fBtcsd\fR, access to the |
| daemon's socket itself and access to specific commands internal to the |
| \fBtcsd\fR. Access to the \fBtcsd\fR's port should be controlled by the system |
| administrator using firewall rules. If using iptables, the following rule |
| will allow a specific host access to the tcsd: |
| |
| # iptables -A INPUT -s $IP_ADDRESS -p tcp --destination-port 30003 -j ACCEPT |
| |
| Access to individual commands internal to the tcsd is configured by the |
| \fBtcsd\fR configuration file's "remote_ops" directive. Each function call |
| in the TCS API is reachable by a unique ordinal. Each labeled "remote op" |
| actually defines a set of ordinals (usually more than one) necessary to |
| accomplish the operation. So, for example, the "random" operation enables |
| the ordinals for opening and closing a context, calling TCS_StirRandom |
| and TCS_GetRandom, as well as TCS_FreeMemory. By default, connections from |
| localhost will allow any ordinals. |
| |
| .SH "DATA FILES" |
| .PP |
| TSS applications have access to 2 different kinds of 'persistant' storage. 'User' |
| persistant storage has the lifetime of that of the application using it |
| and therefore is destroyed when an application exits. User PS is controlled |
| by the TSP of the application. 'System' persistent storage is controlled by |
| the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and |
| system resets. Data registered in system PS stays valid until an application |
| requests that it be removed. User PS files are by default stored as |
| /var/tpm/user.{pid} and the system PS file by default is /var/tpm/system.data. |
| The system PS file is initially created when ownership of the TPM is first |
| taken. |
| |
| .SH "CONFIGURATION" |
| \fBtcsd\fR configuration is stored by default in /etc/tcsd.conf |
| |
| .SH "DEBUG OUTPUT" |
| If TrouSerS has been compiled with debugging enabled, the debugging output |
| can be supressed by setting the TSS_DEBUG_OFF environment variable. |
| |
| .SH "DEVICE DRIVERS" |
| .PP |
| \fBtcsd\fR is compatible with the IBM Research TPM device driver available |
| from http://www.research.ibm.com/gsal/tcpa and the TPM device driver available |
| from http://sf.net/projects/tmpdd |
| |
| .SH "CONFORMING TO" |
| .PP |
| \fBtcsd\fR conforms to the Trusted Computing Group Software |
| Specification version 1.1 Golden |
| |
| .SH "SEE ALSO" |
| .PP |
| \fBtcsd.conf\fR(5) |
| |
| .SH "AUTHOR" |
| Kent Yoder |
| |
| .SH "REPORTING BUGS" |
| Report bugs to <trousers-tech@lists.sf.net> |