1 2# 3# This is the configuration file for the trousers tcsd. (The Trusted Computing 4# Software Stack Core Services Daemon). 5# 6# Defaults are listed below, commented out 7# 8# Send questions to: trousers-users@lists.sourceforge.net 9# 10 11# Option: port 12# Values: 1 - 65535 13# Description: The port that the tcsd will listen on. 14# 15# port = 30003 16# 17 18# Option: num_threads 19# Values: 1 - 65535 20# Description: The number of threads that the tcsd will spawn internally. 21# 22# num_threads = 10 23# 24 25# Option: system_ps_file 26# Values: Any absolute directory path 27# Description: Path where the tcsd creates its persistent storage file. 28# 29# system_ps_file = @localstatedir@/lib/tpm/system.data 30# 31 32# Option: firmware_log_file 33# Values: Any absolute directory path 34# Description: Path to the file containing the current firmware PCR event 35# log data. The interface to this log is usually provided by the TPM 36# device driver. 37# 38# firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements 39# 40 41# Option: kernel_log_file 42# Values: Any absolute directory path 43# Description: Path to the file containing the current kernel PCR event 44# log data. By default, this data will be parsed in the format provided 45# by the Integrity Measurement Architecture LSM. See 46# http://sf.net/projects/linux-ima for more info on getting IMA. 47# 48# 49# kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements 50# 51 52# Option: firmware_pcrs 53# Values: PCR indices, separated by commas (no whitespace) 54# Description: A list of PCR indices that are manipulated only by the system 55# firmware and therefore are not extended or logged by the TCSD. 56# 57# firmware_pcrs = 58# 59 60# Option: kernel_pcrs 61# Values: PCR indices, separated by commas (no whitespace) 62# Description: A list of PCR indices that are manipulated only by the kernel 63# and therefore are not extended or logged by the TCSD. 64# 65# kernel_pcrs = 66# 67 68# Option: platform_cred 69# Values: Any absolute directory path (example: /path/to/platform.cert) 70# Description: Path to the file containing your TPM's platform credential. 71# The platform credential may have been provided to you by your TPM 72# manufacturer. If so, set platform_cred to the path to the file on disk. 73# Whenever a new TPM identity is created, the credential will be used. See 74# Tspi_TPM_CollateIdentityRequest(3) for more information. 75# 76# platform_cred = 77# 78 79# Option: conformance_cred 80# Values: Any absolute directory path (example: /path/to/conformance.cert) 81# Description: Path to the file containing your TPM's conformance credential. 82# The conformance credential may have been provided to you by your TPM 83# manufacturer. If so, set conformance_cred to the path to the file on disk. 84# Whenever a new TPM identity is created, the credential will be used. See 85# Tspi_TPM_CollateIdentityRequest(3) for more information. 86# 87# conformance_cred = 88# 89 90# Option: endorsement_cred 91# Values: Any absolute directory path (example: /path/to/endorsement.cert) 92# Description: Path to the file containing your TPM's endorsement credential. 93# The endorsement credential may have been provided to you by your TPM 94# manufacturer. If so, set endorsement_cred to the path to the file on disk. 95# Whenever a new TPM identity is created, the credential will be used. See 96# Tspi_TPM_CollateIdentityRequest(3) for more information. 97# 98# endorsement_cred = 99# 100 101# Option: remote_ops 102# Values: TCS operation names, separated by commas (no whitespace) 103# Description: A list of TCS commands which will be allowed to be executed 104# on this machine's TCSD by TSP's on non-local hosts (over the internet). 105# By default, access to all operations is denied. 106# 107# possible values: seal - encrypt data bound to PCR values 108# unseal - decrypt data bound to PCR values 109# registerkey - store keys in system persistent storage [Disk write access!] 110# unregisterkey - remove keys from system persistent storage [Disk write access!] 111# loadkey - load a key into the TPM 112# createkey - create a key using the TPM 113# sign - encrypt data using a private key 114# random - generate random numbers 115# getcapability - query the TCS/TPM for its capabilities 116# unbind - decrypt data 117# quote - request a signed blob containing all PCR values 118# readpubek - access the TPM's Public EndorsementKey 119# getregisteredkeybypublicinfo - Search system persistent storage for a public key 120# getpubkey - Retrieve a loaded key's public data from inside the TPM 121# selftest - execute selftest and test results ordinals 122# 123# remote_ops = 124# 125 126# Option: enforce_exclusive_transport 127# Values: 0 or 1 128# Description: When an application opens a transport session with the TPM, one 129# of the options available is an "exclusive" session, meaning that the TPM 130# will not execute any commands other than those coming through the transport 131# session for the lifetime of the session. The TCSD can choose to enforce this 132# option or not. By default, exclusive sessions are not enforced, since this 133# could allow for a denial of service to the TPM. 134# 135# enforce_exclusive_transport = 0 136# 137 138# Option: host_platform_class 139# Values: One of the TCG platform class specifications 140# PC_11 - PC Client System, version 1.1 141# PC_12 - PC Client System, version 1.2 142# PDA_12 - PDA System, version 1.2 143# SERVER_12 - Server System, version 1.2 144# MOBILE_12 - Mobile Phone System, version 1.2 145# 146# Description: This option determines the host platform (host the TCS system 147# is running on) class, among those specified by the Trusted Computing group 148# on https://www.trustedcomputinggroup.org/specs/. This class will be reported 149# by the TCS daemon when an application queries it using the 150# TSS_TCSCAP_PROP_HOST_PLATFORM sub-capability. The default is PC_12. 151# 152# host_platform_class = PC_12 153# 154 155# Option: all_platform_classes 156# Values: TCG Platform class names, separated by commas (no whitespaces) 157# PC_11 - PC Client System, version 1.1 158# PC_12 - PC Client System, version 1.2 159# PDA_12 - PDA System, version 1.2 160# SERVER_12 - Server System, version 1.2 161# MOBILE_12 - Mobile Phone System, version 1.2 162# 163# Description: This option determines all the platform classes supported by the 164# TCS daemon. This list must not include the value set as "host_platform_class" 165# specified above. Since by default TrouSerS supports all TPM 1.2 functionality, 166# the default is all 1.2 and 1.1 platform classes. 167# 168# all_platform_classes = PC_11,PDA_12,SERVER_12,MOBILE_12 169# 170 171# 172# Option: disable_ipv4 173# Values: 0 or 1 174# Description: This options determines if the TCSD will bind itself to the 175# machine's local IPv4 addresses in order to receive requisitions through 176# its TCP port. Value of 1 disables IPv4 support, so clients cannot reach 177# TCSD using that protocol. 178# 179# disable_ipv4 = 0 180# 181 182# 183# Option: disable_ipv6 184# Values: 0 or 1 185# Description: This options determines if the TCSD will bind itself to the 186# machine's local IPv6 addresses in order to receive requisitions through 187# its TCP port. Value of 1 disables IPv6 support, so clients cannot reach 188# TCSD using that protocol. 189# 190# disable_ipv6 = 0 191# 192