1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
#
# This is the configuration file for the trousers tcsd. (The Trusted Computing
# Software Stack Core Services Daemon).
#
# Defaults are listed below, commented out
#
# Send questions to: trousers-users@lists.sourceforge.net
#
# Option: port
# Values: 1 - 65535
# Description: The port that the tcsd will listen on.
#
# port = 30003
#
# Option: num_threads
# Values: 1 - 65535
# Description: The number of threads that the tcsd will spawn internally.
#
# num_threads = 10
#
# Option: system_ps_file
# Values: Any absolute directory path
# Description: Path where the tcsd creates its persistent storage file.
#
# system_ps_file = @localstatedir@/lib/tpm/system.data
#
# Option: firmware_log_file
# Values: Any absolute directory path
# Description: Path to the file containing the current firmware PCR event
# log data. The interface to this log is usually provided by the TPM
# device driver.
#
# firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
#
# Option: kernel_log_file
# Values: Any absolute directory path
# Description: Path to the file containing the current kernel PCR event
# log data. By default, this data will be parsed in the format provided
# by the Integrity Measurement Architecture LSM. See
# http://sf.net/projects/linux-ima for more info on getting IMA.
#
#
# kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements
#
# Option: firmware_pcrs
# Values: PCR indices, separated by commas (no whitespace)
# Description: A list of PCR indices that are manipulated only by the system
# firmware and therefore are not extended or logged by the TCSD.
#
# firmware_pcrs =
#
# Option: kernel_pcrs
# Values: PCR indices, separated by commas (no whitespace)
# Description: A list of PCR indices that are manipulated only by the kernel
# and therefore are not extended or logged by the TCSD.
#
# kernel_pcrs =
#
# Option: platform_cred
# Values: Any absolute directory path (example: /path/to/platform.cert)
# Description: Path to the file containing your TPM's platform credential.
# The platform credential may have been provided to you by your TPM
# manufacturer. If so, set platform_cred to the path to the file on disk.
# Whenever a new TPM identity is created, the credential will be used. See
# Tspi_TPM_CollateIdentityRequest(3) for more information.
#
# platform_cred =
#
# Option: conformance_cred
# Values: Any absolute directory path (example: /path/to/conformance.cert)
# Description: Path to the file containing your TPM's conformance credential.
# The conformance credential may have been provided to you by your TPM
# manufacturer. If so, set conformance_cred to the path to the file on disk.
# Whenever a new TPM identity is created, the credential will be used. See
# Tspi_TPM_CollateIdentityRequest(3) for more information.
#
# conformance_cred =
#
# Option: endorsement_cred
# Values: Any absolute directory path (example: /path/to/endorsement.cert)
# Description: Path to the file containing your TPM's endorsement credential.
# The endorsement credential may have been provided to you by your TPM
# manufacturer. If so, set endorsement_cred to the path to the file on disk.
# Whenever a new TPM identity is created, the credential will be used. See
# Tspi_TPM_CollateIdentityRequest(3) for more information.
#
# endorsement_cred =
#
# Option: remote_ops
# Values: TCS operation names, separated by commas (no whitespace)
# Description: A list of TCS commands which will be allowed to be executed
# on this machine's TCSD by TSP's on non-local hosts (over the internet).
# By default, access to all operations is denied.
#
# possible values: seal - encrypt data bound to PCR values
# unseal - decrypt data bound to PCR values
# registerkey - store keys in system persistent storage [Disk write access!]
# unregisterkey - remove keys from system persistent storage [Disk write access!]
# loadkey - load a key into the TPM
# createkey - create a key using the TPM
# sign - encrypt data using a private key
# random - generate random numbers
# getcapability - query the TCS/TPM for its capabilities
# unbind - decrypt data
# quote - request a signed blob containing all PCR values
# readpubek - access the TPM's Public EndorsementKey
# getregisteredkeybypublicinfo - Search system persistent storage for a public key
# getpubkey - Retrieve a loaded key's public data from inside the TPM
# selftest - execute selftest and test results ordinals
#
# remote_ops =
#
# Option: enforce_exclusive_transport
# Values: 0 or 1
# Description: When an application opens a transport session with the TPM, one
# of the options available is an "exclusive" session, meaning that the TPM
# will not execute any commands other than those coming through the transport
# session for the lifetime of the session. The TCSD can choose to enforce this
# option or not. By default, exclusive sessions are not enforced, since this
# could allow for a denial of service to the TPM.
#
# enforce_exclusive_transport = 0
#
# Option: host_platform_class
# Values: One of the TCG platform class specifications
# PC_11 - PC Client System, version 1.1
# PC_12 - PC Client System, version 1.2
# PDA_12 - PDA System, version 1.2
# SERVER_12 - Server System, version 1.2
# MOBILE_12 - Mobile Phone System, version 1.2
#
# Description: This option determines the host platform (host the TCS system
# is running on) class, among those specified by the Trusted Computing group
# on https://www.trustedcomputinggroup.org/specs/. This class will be reported
# by the TCS daemon when an application queries it using the
# TSS_TCSCAP_PROP_HOST_PLATFORM sub-capability. The default is PC_12.
#
# host_platform_class = PC_12
#
# Option: all_platform_classes
# Values: TCG Platform class names, separated by commas (no whitespaces)
# PC_11 - PC Client System, version 1.1
# PC_12 - PC Client System, version 1.2
# PDA_12 - PDA System, version 1.2
# SERVER_12 - Server System, version 1.2
# MOBILE_12 - Mobile Phone System, version 1.2
#
# Description: This option determines all the platform classes supported by the
# TCS daemon. This list must not include the value set as "host_platform_class"
# specified above. Since by default TrouSerS supports all TPM 1.2 functionality,
# the default is all 1.2 and 1.1 platform classes.
#
# all_platform_classes = PC_11,PDA_12,SERVER_12,MOBILE_12
#
|
