tcsd.conf(5)tcsd.conf(5)
TCG Software Stack
NAMEtcsd.conf - configuration file for the trousers TCS daemon.
DESCRIPTION
This file, by default /etc/tcsd.conf is read by the trousers TCSD dae‐
mon, tcsd (see tcsd(8)). The tcsd.conf file that is installed by
trousers contains all the default options, commented out.
OPTIONS
port The port that TCSD will listen on for connections, local and
remote, from applications.
num_threads The maximum number of threads that the TCSD will spawn
simultaneously to service applications. After num_threads threads have
been spawned, any application that attempts to connect to the TCSD will
receive an error.
system_ps_file The location of the system persistent storage file. The
system persistent storage file holds keys and data across restarts of
the TCSD and system reboots.
firmware_log_file Path to the file containing the current firmware PCR
event log data. The interface to this log is usually provided by the
TPM device driver.
kernel_log_file Path to the file containing the current kernel PCR
event log data. By default, this data will be parsed in the format pro‐
vided by the Integrity Measurement Architecture LSM.
firmware_pcrs A list of PCR indices that are manipulated only by the
system firmware and therefore are not extended or logged by the TCSD.
Applications that call Tcsi_PcrExtend on PCRs listed here will receive
an error.
kernel_pcrs A list of PCR indices that are manipulated only by the ker‐
nel and therefore are not extended or logged by the TCSD. Applications
that call Tcsi_PcrExtend on PCRs listed here will receive an error.
platform_cred Path to the platform credential for your TPM. Your TPM
manufacturer may have provided you with a set of credentials (certifi‐
cates) that should be used when creating identities using your TPM.
When a user of your TPM makes an identity, this credential will be
encrypted as part of that process. See the 1.1b TPM Main specification
section 9.3 for information on this process.
conformance_cred Path to the conformance credential for your TPM. Your
TPM manufacturer may have provided you with a set of credentials (cer‐
tificates) that should be used when creating identities using your TPM.
When a user of your TPM makes an identity, this credential will be
encrypted as part of that process. See the 1.1b TPM Main specification
section 9.3 for information on this process.
endorsement_cred Path to the endorsement credential for your TPM. Your
TPM manufacturer may have provided you with a set of credentials (cer‐
tificates) that should be used when creating identities using your TPM.
When a user of your TPM makes an identity, this credential will be
encrypted as part of that process. See the 1.1b TPM Main specification
section 9.3 for information on this process.
remote_ops A list of TCS commands which will be allowed to be executed
on this machine's TCSD by TSP's on non-local hosts (over the internet).
By default, access to all operations is denied.
host_platform_class Determines the TCG specification of the host's
platform class. This refers to one of the specifications contained in
the TCG web site. The default is PC specification version 1.2 .
all_platform_classes Specifies all the TCG defined platforms associated
with the host platform. The host_platform_class must not be defined
here. By default, all platforms but the host platform are associated.
EXAMPLE
port = 30003
num_threads = 10
system_ps_file = /usr/local/var/tpm/system.data
firmware_log_file = /proc/tpm/firmware_events
kernel_log_file = /proc/tcg/measurement_events
firmware_pcrs = 0,1,2,3,4,5,6,7
kernel_pcrs = 10,11
platform_cred = /usr/local/var/lib/tpm/platform.cert
conformance_cred = /usr/local/var/lib/tpm/conformance.cert
endorsement_cred = /usr/local/var/lib/tpm/endorsement.cert
remote_ops = create_key,random
host_platform_class = server_12
all_platform_classes = pc_11,pc_12,mobile_12
SEE ALSOtcsd(8)AUTHOR
Kent Yoder
REPORTING BUGS
Report bugs to <trousers-tech@lists.sf.net>
TSS 1.1 2006-07-14 tcsd.conf(5)
