Blame | Last modification | View Log | RSS feed
## This is the configuration file for the trousers tcsd. (The Trusted Computing# Software Stack Core Services Daemon).## Defaults are listed below, commented out## Send questions to: trousers-users@lists.sourceforge.net## Option: port# Values: 1 - 65535# Description: The port that the tcsd will listen on.## port = 30003## Option: num_threads# Values: 1 - 65535# Description: The number of threads that the tcsd will spawn internally.## num_threads = 10## Option: system_ps_file# Values: Any absolute directory path# Description: Path where the tcsd creates its persistent storage file.## system_ps_file = /var/lib/tpm/system.data## Option: firmware_log_file# Values: Any absolute directory path# Description: Path to the file containing the current firmware PCR event# log data. The interface to this log is usually provided by the TPM# device driver.## firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements## Option: kernel_log_file# Values: Any absolute directory path# Description: Path to the file containing the current kernel PCR event# log data. By default, this data will be parsed in the format provided# by the Integrity Measurement Architecture LSM. See# http://sf.net/projects/linux-ima for more info on getting IMA.### kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements## Option: firmware_pcrs# Values: PCR indices, separated by commas (no whitespace)# Description: A list of PCR indices that are manipulated only by the system# firmware and therefore are not extended or logged by the TCSD.## firmware_pcrs =## Option: kernel_pcrs# Values: PCR indices, separated by commas (no whitespace)# Description: A list of PCR indices that are manipulated only by the kernel# and therefore are not extended or logged by the TCSD.## kernel_pcrs =## Option: platform_cred# Values: Any absolute directory path (example: /path/to/platform.cert)# Description: Path to the file containing your TPM's platform credential.# The platform credential may have been provided to you by your TPM# manufacturer. If so, set platform_cred to the path to the file on disk.# Whenever a new TPM identity is created, the credential will be used. See# Tspi_TPM_CollateIdentityRequest(3) for more information.## platform_cred =## Option: conformance_cred# Values: Any absolute directory path (example: /path/to/conformance.cert)# Description: Path to the file containing your TPM's conformance credential.# The conformance credential may have been provided to you by your TPM# manufacturer. If so, set conformance_cred to the path to the file on disk.# Whenever a new TPM identity is created, the credential will be used. See# Tspi_TPM_CollateIdentityRequest(3) for more information.## conformance_cred =## Option: endorsement_cred# Values: Any absolute directory path (example: /path/to/endorsement.cert)# Description: Path to the file containing your TPM's endorsement credential.# The endorsement credential may have been provided to you by your TPM# manufacturer. If so, set endorsement_cred to the path to the file on disk.# Whenever a new TPM identity is created, the credential will be used. See# Tspi_TPM_CollateIdentityRequest(3) for more information.## endorsement_cred =## Option: remote_ops# Values: TCS operation names, separated by commas (no whitespace)# Description: A list of TCS commands which will be allowed to be executed# on this machine's TCSD by TSP's on non-local hosts (over the internet).# By default, access to all operations is denied.## possible values: seal - encrypt data bound to PCR values# unseal - decrypt data bound to PCR values# registerkey - store keys in system persistent storage [Disk write access!]# unregisterkey - remove keys from system persistent storage [Disk write access!]# loadkey - load a key into the TPM# createkey - create a key using the TPM# sign - encrypt data using a private key# random - generate random numbers# getcapability - query the TCS/TPM for its capabilities# unbind - decrypt data# quote - request a signed blob containing all PCR values# readpubek - access the TPM's Public EndorsementKey# getregisteredkeybypublicinfo - Search system persistent storage for a public key# getpubkey - Retrieve a loaded key's public data from inside the TPM# selftest - execute selftest and test results ordinals## remote_ops =## Option: enforce_exclusive_transport# Values: 0 or 1# Description: When an application opens a transport session with the TPM, one# of the options available is an "exclusive" session, meaning that the TPM# will not execute any commands other than those coming through the transport# session for the lifetime of the session. The TCSD can choose to enforce this# option or not. By default, exclusive sessions are not enforced, since this# could allow for a denial of service to the TPM.## enforce_exclusive_transport = 0## Option: host_platform_class# Values: One of the TCG platform class specifications# PC_11 - PC Client System, version 1.1# PC_12 - PC Client System, version 1.2# PDA_12 - PDA System, version 1.2# SERVER_12 - Server System, version 1.2# MOBILE_12 - Mobile Phone System, version 1.2## Description: This option determines the host platform (host the TCS system# is running on) class, among those specified by the Trusted Computing group# on https://www.trustedcomputinggroup.org/specs/. This class will be reported# by the TCS daemon when an application queries it using the# TSS_TCSCAP_PROP_HOST_PLATFORM sub-capability. The default is PC_12.## host_platform_class = PC_12## Option: all_platform_classes# Values: TCG Platform class names, separated by commas (no whitespaces)# PC_11 - PC Client System, version 1.1# PC_12 - PC Client System, version 1.2# PDA_12 - PDA System, version 1.2# SERVER_12 - Server System, version 1.2# MOBILE_12 - Mobile Phone System, version 1.2## Description: This option determines all the platform classes supported by the# TCS daemon. This list must not include the value set as "host_platform_class"# specified above. Since by default TrouSerS supports all TPM 1.2 functionality,# the default is all 1.2 and 1.1 platform classes.## all_platform_classes = PC_11,PDA_12,SERVER_12,MOBILE_12### Option: disable_ipv4# Values: 0 or 1# Description: This options determines if the TCSD will bind itself to the# machine's local IPv4 addresses in order to receive requisitions through# its TCP port. Value of 1 disables IPv4 support, so clients cannot reach# TCSD using that protocol.## disable_ipv4 = 0### Option: disable_ipv6# Values: 0 or 1# Description: This options determines if the TCSD will bind itself to the# machine's local IPv6 addresses in order to receive requisitions through# its TCP port. Value of 1 disables IPv6 support, so clients cannot reach# TCSD using that protocol.## disable_ipv6 = 0#