man/man8/tcsd.8.in - chromiumos/third_party/trousers - Git at Google

 .\" Copyright (C) 2005 International Business Machines Corporation
 .\"
 .de Sh \" Subsection
 .br
 .if t .Sp
 .ne 5
 .PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "tcsd" 8 "2005-03-15" "TSS 1.1"
 .ce 1
 TCG Software Stack
 .SH NAME
 tcsd \- daemon that manages Trusted Computing resources
 .SH "SYNOPSIS"
 .ad l
 .hy 0
 .B tcsd
 .RB [ \-f ]

 .SH "DESCRIPTION"
 .PP
 Trousers is an open-source TCG Software Stack (TSS), released under the Common
 Public License. Trousers aims to be compliant with the current (1.1b) and
 upcoming (1.2) TSS specifications available from the Trusted Computing Group
 website: http://www.trustedcomputinggroup.org.

 \fBtcsd\fR is a user space daemon that should be (according to the TSS spec)
 the only portal to the TPM device driver. At boot time, \fBtcsd\fR should
 be started, it should open the TPM device driver and from that point on, all
 requests to the TPM should go through the TSS stack. The \fBtcsd\fR manages TPM
 resources and handles requests from TSP's both local and remote.

 .TP
 \fB\-f\fR
 run the daemon in the foreground

 .SH "ACCESS CONTROL"
 .PP
 There are two types of access control for the \fBtcsd\fR, access to the
 daemon's socket itself and access to specific commands internal to the
 \fBtcsd\fR. Access to the \fBtcsd\fR's port should be controlled by the system
 administrator using firewall rules.  If using iptables, the following rule
 will allow a specific host access to the tcsd:

 # iptables -A INPUT -s $IP_ADDRESS -p tcp --destination-port @TCSD_DEFAULT_PORT@ -j ACCEPT

 Access to individual commands internal to the tcsd is configured by the
 \fBtcsd\fR configuration file's "remote_ops" directive. Each function call
 in the TCS API is reachable by a unique ordinal.  Each labeled "remote op"
 actually defines a set of ordinals (usually more than one) necessary to
 accomplish the operation. So, for example, the "random" operation enables
 the ordinals for opening and closing a context, calling TCS_StirRandom
 and TCS_GetRandom, as well as TCS_FreeMemory. By default, connections from
 localhost will allow any ordinals.

 .SH "DATA FILES"
 .PP
 TSS applications have access to 2 different kinds of 'persistant' storage. 'User'
 persistant storage has the lifetime of that of the application using it
 and therefore is destroyed when an application exits.  User PS is controlled
 by the TSP of the application.  'System' persistent storage is controlled by
 the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and
 system resets. Data registered in system PS stays valid until an application
 requests that it be removed. User PS files are by default stored as
 /var/tpm/user.{pid} and the system PS file by default is /var/tpm/system.data.
 The system PS file is initially created when ownership of the TPM is first
 taken.

 .SH "CONFIGURATION"
 \fBtcsd\fR configuration is stored by default in /etc/tcsd.conf

 .SH "DEBUG OUTPUT"
 If TrouSerS has been compiled with debugging enabled, the debugging output
 can be supressed by setting the TSS_DEBUG_OFF environment variable.

 .SH "DEVICE DRIVERS"
 .PP
 \fBtcsd\fR is compatible with the IBM Research TPM device driver available
 from http://www.research.ibm.com/gsal/tcpa and the TPM device driver available
 from http://sf.net/projects/tmpdd

 .SH "CONFORMING TO"
 .PP
 \fBtcsd\fR conforms to the Trusted Computing Group Software
 Specification version 1.1 Golden

 .SH "SEE ALSO"
 .PP
 \fBtcsd.conf\fR(5)

 .SH "AUTHOR"
 Kent Yoder

 .SH "REPORTING BUGS"
 Report bugs to <@PACKAGE_BUGREPORT@>
	.\" Copyright (C) 2005 International Business Machines Corporation
	.\"
	.de Sh \" Subsection
	.br
	.if t .Sp
	.ne 5
	.PP
	\fB\\$1\fR
	.PP
	..
	.de Sp \" Vertical space (when we can't use .PP)
	.if t .sp .5v
	.if n .sp
	..
	.de Ip \" List item
	.br
	.ie \\n(.$>=3 .ne \\$3
	.el .ne 3
	.IP "\\$1" \\$2
	..
	.TH "tcsd" 8 "2005-03-15" "TSS 1.1"
	.ce 1
	TCG Software Stack
	.SH NAME
	tcsd \- daemon that manages Trusted Computing resources
	.SH "SYNOPSIS"
	.ad l
	.hy 0
	.B tcsd
	.RB [ \-f ]

	.SH "DESCRIPTION"
	.PP
	Trousers is an open-source TCG Software Stack (TSS), released under the Common
	Public License. Trousers aims to be compliant with the current (1.1b) and
	upcoming (1.2) TSS specifications available from the Trusted Computing Group
	website: http://www.trustedcomputinggroup.org.

	\fBtcsd\fR is a user space daemon that should be (according to the TSS spec)
	the only portal to the TPM device driver. At boot time, \fBtcsd\fR should
	be started, it should open the TPM device driver and from that point on, all
	requests to the TPM should go through the TSS stack. The \fBtcsd\fR manages TPM
	resources and handles requests from TSP's both local and remote.

	.TP
	\fB\-f\fR
	run the daemon in the foreground

	.SH "ACCESS CONTROL"
	.PP
	There are two types of access control for the \fBtcsd\fR, access to the
	daemon's socket itself and access to specific commands internal to the
	\fBtcsd\fR. Access to the \fBtcsd\fR's port should be controlled by the system
	administrator using firewall rules. If using iptables, the following rule
	will allow a specific host access to the tcsd:

	# iptables -A INPUT -s $IP_ADDRESS -p tcp --destination-port @TCSD_DEFAULT_PORT@ -j ACCEPT

	Access to individual commands internal to the tcsd is configured by the
	\fBtcsd\fR configuration file's "remote_ops" directive. Each function call
	in the TCS API is reachable by a unique ordinal. Each labeled "remote op"
	actually defines a set of ordinals (usually more than one) necessary to
	accomplish the operation. So, for example, the "random" operation enables
	the ordinals for opening and closing a context, calling TCS_StirRandom
	and TCS_GetRandom, as well as TCS_FreeMemory. By default, connections from
	localhost will allow any ordinals.

	.SH "DATA FILES"
	.PP
	TSS applications have access to 2 different kinds of 'persistant' storage. 'User'
	persistant storage has the lifetime of that of the application using it
	and therefore is destroyed when an application exits. User PS is controlled
	by the TSP of the application. 'System' persistent storage is controlled by
	the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and
	system resets. Data registered in system PS stays valid until an application
	requests that it be removed. User PS files are by default stored as
	/var/tpm/user.{pid} and the system PS file by default is /var/tpm/system.data.
	The system PS file is initially created when ownership of the TPM is first
	taken.

	.SH "CONFIGURATION"
	\fBtcsd\fR configuration is stored by default in /etc/tcsd.conf

	.SH "DEBUG OUTPUT"
	If TrouSerS has been compiled with debugging enabled, the debugging output
	can be supressed by setting the TSS_DEBUG_OFF environment variable.

	.SH "DEVICE DRIVERS"
	.PP
	\fBtcsd\fR is compatible with the IBM Research TPM device driver available
	from http://www.research.ibm.com/gsal/tcpa and the TPM device driver available
	from http://sf.net/projects/tmpdd

	.SH "CONFORMING TO"
	.PP
	\fBtcsd\fR conforms to the Trusted Computing Group Software
	Specification version 1.1 Golden

	.SH "SEE ALSO"
	.PP
	\fBtcsd.conf\fR(5)

	.SH "AUTHOR"
	Kent Yoder

	.SH "REPORTING BUGS"
	Report bugs to <@PACKAGE_BUGREPORT@>