/etc/tcsd.conf is in trousers 0.3.13-4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 | #
# This is the configuration file for the trousers tcsd. (The Trusted Computing
# Software Stack Core Services Daemon).
#
# Defaults are listed below, commented out
#
# Send questions to: trousers-users@lists.sourceforge.net
#
# Option: port
# Values: 1 - 65535
# Description: The port that the tcsd will listen on.
#
# port = 30003
#
# Option: num_threads
# Values: 1 - 65535
# Description: The number of threads that the tcsd will spawn internally.
#
# num_threads = 10
#
# Option: system_ps_file
# Values: Any absolute directory path
# Description: Path where the tcsd creates its persistent storage file.
#
# system_ps_file = /var/lib/tpm/system.data
#
# Option: firmware_log_file
# Values: Any absolute directory path
# Description: Path to the file containing the current firmware PCR event
# log data. The interface to this log is usually provided by the TPM
# device driver.
#
# firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
#
# Option: kernel_log_file
# Values: Any absolute directory path
# Description: Path to the file containing the current kernel PCR event
# log data. By default, this data will be parsed in the format provided
# by the Integrity Measurement Architecture LSM. See
# http://sf.net/projects/linux-ima for more info on getting IMA.
#
#
# kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements
#
# Option: firmware_pcrs
# Values: PCR indices, separated by commas (no whitespace)
# Description: A list of PCR indices that are manipulated only by the system
# firmware and therefore are not extended or logged by the TCSD.
#
# firmware_pcrs =
#
# Option: kernel_pcrs
# Values: PCR indices, separated by commas (no whitespace)
# Description: A list of PCR indices that are manipulated only by the kernel
# and therefore are not extended or logged by the TCSD.
#
# kernel_pcrs =
#
# Option: platform_cred
# Values: Any absolute directory path (example: /path/to/platform.cert)
# Description: Path to the file containing your TPM's platform credential.
# The platform credential may have been provided to you by your TPM
# manufacturer. If so, set platform_cred to the path to the file on disk.
# Whenever a new TPM identity is created, the credential will be used. See
# Tspi_TPM_CollateIdentityRequest(3) for more information.
#
# platform_cred =
#
# Option: conformance_cred
# Values: Any absolute directory path (example: /path/to/conformance.cert)
# Description: Path to the file containing your TPM's conformance credential.
# The conformance credential may have been provided to you by your TPM
# manufacturer. If so, set conformance_cred to the path to the file on disk.
# Whenever a new TPM identity is created, the credential will be used. See
# Tspi_TPM_CollateIdentityRequest(3) for more information.
#
# conformance_cred =
#
# Option: endorsement_cred
# Values: Any absolute directory path (example: /path/to/endorsement.cert)
# Description: Path to the file containing your TPM's endorsement credential.
# The endorsement credential may have been provided to you by your TPM
# manufacturer. If so, set endorsement_cred to the path to the file on disk.
# Whenever a new TPM identity is created, the credential will be used. See
# Tspi_TPM_CollateIdentityRequest(3) for more information.
#
# endorsement_cred =
#
# Option: remote_ops
# Values: TCS operation names, separated by commas (no whitespace)
# Description: A list of TCS commands which will be allowed to be executed
# on this machine's TCSD by TSP's on non-local hosts (over the internet).
# By default, access to all operations is denied.
#
# possible values: seal - encrypt data bound to PCR values
# unseal - decrypt data bound to PCR values
# registerkey - store keys in system persistent storage [Disk write access!]
# unregisterkey - remove keys from system persistent storage [Disk write access!]
# loadkey - load a key into the TPM
# createkey - create a key using the TPM
# sign - encrypt data using a private key
# random - generate random numbers
# getcapability - query the TCS/TPM for its capabilities
# unbind - decrypt data
# quote - request a signed blob containing all PCR values
# readpubek - access the TPM's Public EndorsementKey
# getregisteredkeybypublicinfo - Search system persistent storage for a public key
# getpubkey - Retrieve a loaded key's public data from inside the TPM
# selftest - execute selftest and test results ordinals
#
# remote_ops =
#
# Option: enforce_exclusive_transport
# Values: 0 or 1
# Description: When an application opens a transport session with the TPM, one
# of the options available is an "exclusive" session, meaning that the TPM
# will not execute any commands other than those coming through the transport
# session for the lifetime of the session. The TCSD can choose to enforce this
# option or not. By default, exclusive sessions are not enforced, since this
# could allow for a denial of service to the TPM.
#
# enforce_exclusive_transport = 0
#
# Option: host_platform_class
# Values: One of the TCG platform class specifications
# PC_11 - PC Client System, version 1.1
# PC_12 - PC Client System, version 1.2
# PDA_12 - PDA System, version 1.2
# SERVER_12 - Server System, version 1.2
# MOBILE_12 - Mobile Phone System, version 1.2
#
# Description: This option determines the host platform (host the TCS system
# is running on) class, among those specified by the Trusted Computing group
# on https://www.trustedcomputinggroup.org/specs/. This class will be reported
# by the TCS daemon when an application queries it using the
# TSS_TCSCAP_PROP_HOST_PLATFORM sub-capability. The default is PC_12.
#
# host_platform_class = PC_12
#
# Option: all_platform_classes
# Values: TCG Platform class names, separated by commas (no whitespaces)
# PC_11 - PC Client System, version 1.1
# PC_12 - PC Client System, version 1.2
# PDA_12 - PDA System, version 1.2
# SERVER_12 - Server System, version 1.2
# MOBILE_12 - Mobile Phone System, version 1.2
#
# Description: This option determines all the platform classes supported by the
# TCS daemon. This list must not include the value set as "host_platform_class"
# specified above. Since by default TrouSerS supports all TPM 1.2 functionality,
# the default is all 1.2 and 1.1 platform classes.
#
# all_platform_classes = PC_11,PDA_12,SERVER_12,MOBILE_12
#
#
# Option: disable_ipv4
# Values: 0 or 1
# Description: This options determines if the TCSD will bind itself to the
# machine's local IPv4 addresses in order to receive requisitions through
# its TCP port. Value of 1 disables IPv4 support, so clients cannot reach
# TCSD using that protocol.
#
# disable_ipv4 = 0
#
#
# Option: disable_ipv6
# Values: 0 or 1
# Description: This options determines if the TCSD will bind itself to the
# machine's local IPv6 addresses in order to receive requisitions through
# its TCP port. Value of 1 disables IPv6 support, so clients cannot reach
# TCSD using that protocol.
#
# disable_ipv6 = 0
#
|