Current File : //usr/man/man8/tcsd.8

'\" te
.\" Copyright (C) 2005 International Business Machines Corporation
.\"
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH "tcsd" 8 "2005-03-15" "TSS 1.1"
.ce 1
TCG Software Stack 
.SH NAME
tcsd \- daemon that manages Trusted Computing resources
.SH "SYNOPSIS"
.ad l
.hy 0
.B tcsd
.RB [ \-f ]

.SH "DESCRIPTION"
.PP
Trousers is an open-source TCG Software Stack (TSS), released under the Common 
Public License. Trousers aims to be compliant with the current (1.1b) and 
upcoming (1.2) TSS specifications available from the Trusted Computing Group 
website: http://www.trustedcomputinggroup.org.

\fBtcsd\fR is a user space daemon that should be (according to the TSS spec)
the only portal to the TPM device driver. At boot time, \fBtcsd\fR should 
be started, it should open the TPM device driver and from that point on, all 
requests to the TPM should go through the TSS stack. The \fBtcsd\fR manages TPM
resources and handles requests from TSP's both local and remote.

.TP
\fB\-f\fR
run the daemon in the foreground

.SH "ACCESS CONTROL"
.PP
There are two types of access control for the \fBtcsd\fR, access to the
daemon's socket itself and access to specific commands internal to the
\fBtcsd\fR. Access to the \fBtcsd\fR's port should be controlled by the system
administrator using firewall rules.
If port = 0 in /etc/security/tcsd.conf, \fBtcsd\R uses a UNIX Domain socket.
Otherwise, \fBtcsd\fR uses a TCP port.
By default the TCP port, when enabled, is accessible only from localhost,
unless "remote_ops" in tcsd.conf is not empty.

Access to individual commands internal to the tcsd is configured by the
\fBtcsd\fR configuration file's "remote_ops" directive. Each function call
in the TCS API is reachable by a unique ordinal.  Each labeled "remote op"
actually defines a set of ordinals (usually more than one) necessary to
accomplish the operation. So, for example, the "random" operation enables
the ordinals for opening and closing a context, calling TCS_StirRandom
and TCS_GetRandom, as well as TCS_FreeMemory. By default, connections from
localhost will allow any ordinals.

.SH "DATA FILES"
.PP
TSS applications have access to 2 different kinds of 'persistant' storage. 'User' 
persistant storage has the lifetime of that of the application using it 
and therefore is destroyed when an application exits.  User PS is controlled 
by the TSP of the application.  'System' persistent storage is controlled by 
the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and 
system resets. Data registered in system PS stays valid until an application 
requests that it be removed. User PS files are by default stored as 
/var/user/$USERNAME/tpm/userps/user.data and the system PS file by default is
/var/tpm/system/system.data.  The system PS file is initially created when 
ownership of the TPM is first taken.
.PP
\fB/var/tpm/system/system.data\fR
.ad
.RS 4n
Contains the system PS (persistent storage) data controlled by the TCS.  By default,
the SRK key is installed in PS and does not require owner authorization to use.  If the
TPM has previously been provisioned and owner-auth is required to load the SRK,
then the /var/tpm/system/system.data.auth file should be moved to 
/var/tpm/system/system.data before starting the TCS (See NOTES).
.RE
.sp
.PP
\fB/var/tpm/system/system.data.auth\fR
.ad
.RS 4n
This is the default PS data file to use if the TPM has been previously 
configured to require owner-auth to access the SRK.  Copy this file 
to /var/tpm/system/system.data prior to starting the TCS if owner-auth is
needed, otherwise this file can be ignored.
.RE

.SH "CONFIGURATION"
\fBtcsd\fR configuration is stored by default in /etc/security/tcsd.conf

.SH "DEBUG OUTPUT"
If TrouSerS has been compiled with debugging enabled, the debugging output
can be supressed by setting the TSS_DEBUG_OFF environment variable.

.SH "DEVICE DRIVERS"
.PP
\fBtcsd\fR is compatible with the IBM Research TPM device driver available
from http://www.research.ibm.com/gsal/tcpa and the TPM device driver for 
Linux available from http://sf.net/projects/tmpdd.  It is also compatible 
with the TPM device driver for Solaris which is available in the driver/crypto/tpm package.

.SH "CONFORMING TO"
.PP
\fBtcsd\fR conforms to the Trusted Computing Group Software
Specification version 1.1 Golden


.\" Oracle has added the ARC stability level to this manual page
.SH ATTRIBUTES
See
.BR attributes (5)
for descriptions of the following attributes:
.sp
.TS
box;
cbp-1 | cbp-1
l | l .
ATTRIBUTE TYPE	ATTRIBUTE VALUE 
=
Availability	library/security/trousers
=
Stability	Uncommitted
.TE 
.PP
.SH "SEE ALSO"
.PP
\fBtcsd.conf\fR(5), \fBsvcadm\fR(1M), \fBsmf\fR(5)

.SH "NOTES"
.sp
.LP
The \fBtcsd\fR service is managed by the service management facility, \fBsmf\fR(5), under
the service identifier:
.sp
.in +2
.nf
svc:/application/security/tcsd:default
.fi
.in -2
.sp
.LP
Administrative actions on this service, such as enabling, disabling, or requesting restart, can be
performed using \fBsvcadm\fR(1M). The service's status can be queried using the \fBsvcs\fR(1) command.

.SH "AUTHOR"
Kent Yoder

.SH "REPORTING BUGS"
Report bugs to <trousers-tech@lists.sf.net>


.\" Oracle has added source availability information to this manual page
This software was built from source available at https://java.net/projects/solaris-userland.  The original community source was downloaded from  http://sourceforge.net/projects/trousers/files/trousers/0.3.6/trousers-0.3.6.tar.gz

Further information about this software can be found on the open source community website at http://sourceforge.net/projects/trousers/files/trousers/.