1
2#
3# This is the configuration file for the trousers tcsd. (The Trusted Computing
4# Software Stack Core Services Daemon).
5#
6# Defaults are listed below, commented out
7#
8# Send questions to: trousers-users@lists.sourceforge.net
9#
10
11# Option: port
12# Values: 1 - 65535
13# Description: The port that the tcsd will listen on.
14#
15# port = 30003
16#
17
18# Option: num_threads
19# Values: 1 - 65535
20# Description: The number of threads that the tcsd will spawn internally.
21#
22# num_threads = 10
23#
24
25# Option: system_ps_file
26# Values: Any absolute directory path
27# Description: Path where the tcsd creates its persistent storage file.
28#
29# system_ps_file = @localstatedir@/lib/tpm/system.data
30#
31
32# Option: firmware_log_file
33# Values: Any absolute directory path
34# Description: Path to the file containing the current firmware PCR event
35#  log data. The interface to this log is usually provided by the TPM
36#  device driver.
37#
38# firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
39#
40
41# Option: kernel_log_file
42# Values: Any absolute directory path
43# Description: Path to the file containing the current kernel PCR event
44#  log data. By default, this data will be parsed in the format provided
45#  by the Integrity Measurement Architecture LSM. See
46#  http://sf.net/projects/linux-ima for more info on getting IMA.
47#
48#
49# kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements
50#
51
52# Option: firmware_pcrs
53# Values: PCR indices, separated by commas (no whitespace)
54# Description: A list of PCR indices that are manipulated only by the system
55#  firmware and therefore are not extended or logged by the TCSD.
56#
57# firmware_pcrs =
58#
59
60# Option: kernel_pcrs
61# Values: PCR indices, separated by commas (no whitespace)
62# Description: A list of PCR indices that are manipulated only by the kernel
63#  and therefore are not extended or logged by the TCSD.
64#
65# kernel_pcrs =
66#
67
68# Option: platform_cred
69# Values: Any absolute directory path (example: /path/to/platform.cert)
70# Description: Path to the file containing your TPM's platform credential.
71#  The platform credential may have been provided to you by your TPM
72#  manufacturer. If so, set platform_cred to the path to the file on disk.
73#  Whenever a new TPM identity is created, the credential will be used. See
74#  Tspi_TPM_CollateIdentityRequest(3) for more information.
75#
76# platform_cred =
77#
78
79# Option: conformance_cred
80# Values: Any absolute directory path (example: /path/to/conformance.cert)
81# Description: Path to the file containing your TPM's conformance credential.
82#  The conformance credential may have been provided to you by your TPM
83#  manufacturer. If so, set conformance_cred to the path to the file on disk.
84#  Whenever a new TPM identity is created, the credential will be used. See
85#  Tspi_TPM_CollateIdentityRequest(3) for more information.
86#
87# conformance_cred =
88#
89
90# Option: endorsement_cred
91# Values: Any absolute directory path (example: /path/to/endorsement.cert)
92# Description: Path to the file containing your TPM's endorsement credential.
93#  The endorsement credential may have been provided to you by your TPM
94#  manufacturer. If so, set endorsement_cred to the path to the file on disk.
95#  Whenever a new TPM identity is created, the credential will be used. See
96#  Tspi_TPM_CollateIdentityRequest(3) for more information.
97#
98# endorsement_cred =
99#
100
101# Option: remote_ops
102# Values: TCS operation names, separated by commas (no whitespace)
103# Description: A list of TCS commands which will be allowed to be executed
104#  on this machine's TCSD by TSP's on non-local hosts (over the internet).
105#  By default, access to all operations is denied.
106#
107# possible values:  seal - encrypt data bound to PCR values
108#		    unseal - decrypt data bound to PCR values
109#		    registerkey - store keys in system persistent storage [Disk write access!]
110#		    unregisterkey - remove keys from system persistent storage [Disk write access!]
111#		    loadkey - load a key into the TPM
112#		    createkey - create a key using the TPM
113#		    sign - encrypt data using a private key
114#		    random - generate random numbers
115#		    getcapability - query the TCS/TPM for its capabilities
116#		    unbind - decrypt data
117#		    quote - request a signed blob containing all PCR values
118#		    readpubek - access the TPM's Public EndorsementKey
119#		    getregisteredkeybypublicinfo - Search system persistent storage for a public key
120#		    getpubkey - Retrieve a loaded key's public data from inside the TPM
121#		    selftest - execute selftest and test results ordinals
122#
123# remote_ops =
124#
125
126# Option: enforce_exclusive_transport
127# Values: 0 or 1
128# Description: When an application opens a transport session with the TPM, one
129#  of the options available is an "exclusive" session, meaning that the TPM
130#  will not execute any commands other than those coming through the transport
131#  session for the lifetime of the session. The TCSD can choose to enforce this
132#  option or not. By default, exclusive sessions are not enforced, since this
133#  could allow for a denial of service to the TPM.
134#
135#  enforce_exclusive_transport = 0
136#
137
138# Option: host_platform_class
139# Values: One of the TCG platform class specifications
140#	PC_11 - PC Client System, version 1.1
141#	PC_12 - PC Client System, version 1.2
142#	PDA_12 - PDA System, version 1.2
143#	SERVER_12 - Server System, version 1.2
144#	MOBILE_12 - Mobile Phone System, version 1.2
145#
146# Description: This option determines the host platform (host the TCS system
147# is running on) class, among those specified by the Trusted Computing group
148# on https://www.trustedcomputinggroup.org/specs/. This class will be reported
149# by the TCS daemon when an application queries it using the
150# TSS_TCSCAP_PROP_HOST_PLATFORM sub-capability. The default is PC_12.
151#
152# host_platform_class = PC_12
153#
154
155# Option: all_platform_classes
156# Values: TCG Platform class names, separated by commas (no whitespaces)
157#	PC_11 - PC Client System, version 1.1
158#	PC_12 - PC Client System, version 1.2
159#	PDA_12 - PDA System, version 1.2
160#	SERVER_12 - Server System, version 1.2
161#	MOBILE_12 - Mobile Phone System, version 1.2
162#
163# Description: This option determines all the platform classes supported by the
164# TCS daemon. This list must not include the value set as "host_platform_class"
165# specified above. Since by default TrouSerS supports all TPM 1.2 functionality,
166# the default is all 1.2 and 1.1 platform classes.
167#
168# all_platform_classes = PC_11,PDA_12,SERVER_12,MOBILE_12
169#
170
171#
172# Option: disable_ipv4
173# Values: 0 or 1
174# Description: This options determines if the TCSD will bind itself to the
175# machine's local IPv4 addresses in order to receive requisitions through
176# its TCP port. Value of 1 disables IPv4 support, so clients cannot reach
177# TCSD using that protocol.
178#
179#  disable_ipv4 = 0
180#
181
182#
183# Option: disable_ipv6
184# Values: 0 or 1
185# Description: This options determines if the TCSD will bind itself to the
186# machine's local IPv6 addresses in order to receive requisitions through
187# its TCP port. Value of 1 disables IPv6 support, so clients cannot reach
188# TCSD using that protocol.
189#
190#  disable_ipv6 = 0
191#
192