# # This is the configuration file for the trousers tcsd. (The Trusted Computing # Software Stack Core Services Daemon). # # Defaults are listed below, commented out # # Send questions to: trousers-users@lists.sourceforge.net # # Option: port # Values: 1 - 65535 # Description: The port that the tcsd will listen on. # # port = 30003 # # Option: num_threads # Values: 1 - 65535 # Description: The number of threads that the tcsd will spawn internally. # # num_threads = 10 # # Option: system_ps_file # Values: Any absolute directory path # Description: Path where the tcsd creates its persistent storage file. # # system_ps_file = /var/lib/tpm/system.data # # Option: firmware_log_file # Values: Any absolute directory path # Description: Path to the file containing the current firmware PCR event # log data. The interface to this log is usually provided by the TPM # device driver. # # firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements # # Option: kernel_log_file # Values: Any absolute directory path # Description: Path to the file containing the current kernel PCR event # log data. By default, this data will be parsed in the format provided # by the Integrity Measurement Architecture LSM. See # http://sf.net/projects/linux-ima for more info on getting IMA. # # # kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements # # Option: firmware_pcrs # Values: PCR indices, separated by commas (no whitespace) # Description: A list of PCR indices that are manipulated only by the system # firmware and therefore are not extended or logged by the TCSD. # # firmware_pcrs = # # Option: kernel_pcrs # Values: PCR indices, separated by commas (no whitespace) # Description: A list of PCR indices that are manipulated only by the kernel # and therefore are not extended or logged by the TCSD. # # kernel_pcrs = # # Option: platform_cred # Values: Any absolute directory path (example: /path/to/platform.cert) # Description: Path to the file containing your TPM's platform credential. # The platform credential may have been provided to you by your TPM # manufacturer. If so, set platform_cred to the path to the file on disk. # Whenever a new TPM identity is created, the credential will be used. See # Tspi_TPM_CollateIdentityRequest(3) for more information. # # platform_cred = # # Option: conformance_cred # Values: Any absolute directory path (example: /path/to/conformance.cert) # Description: Path to the file containing your TPM's conformance credential. # The conformance credential may have been provided to you by your TPM # manufacturer. If so, set conformance_cred to the path to the file on disk. # Whenever a new TPM identity is created, the credential will be used. See # Tspi_TPM_CollateIdentityRequest(3) for more information. # # conformance_cred = # # Option: endorsement_cred # Values: Any absolute directory path (example: /path/to/endorsement.cert) # Description: Path to the file containing your TPM's endorsement credential. # The endorsement credential may have been provided to you by your TPM # manufacturer. If so, set endorsement_cred to the path to the file on disk. # Whenever a new TPM identity is created, the credential will be used. See # Tspi_TPM_CollateIdentityRequest(3) for more information. # # endorsement_cred = # # Option: remote_ops # Values: TCS operation names, separated by commas (no whitespace) # Description: A list of TCS commands which will be allowed to be executed # on this machine's TCSD by TSP's on non-local hosts (over the internet). # By default, access to all operations is denied. # # possible values: seal - encrypt data bound to PCR values # unseal - decrypt data bound to PCR values # registerkey - store keys in system persistent storage [Disk write access!] # unregisterkey - remove keys from system persistent storage [Disk write access!] # loadkey - load a key into the TPM # createkey - create a key using the TPM # sign - encrypt data using a private key # random - generate random numbers # getcapability - query the TCS/TPM for its capabilities # unbind - decrypt data # quote - request a signed blob containing all PCR values # readpubek - access the TPM's Public EndorsementKey # getregisteredkeybypublicinfo - Search system persistent storage for a public key # getpubkey - Retrieve a loaded key's public data from inside the TPM # selftest - execute selftest and test results ordinals # # remote_ops = # # Option: enforce_exclusive_transport # Values: 0 or 1 # Description: When an application opens a transport session with the TPM, one # of the options available is an "exclusive" session, meaning that the TPM # will not execute any commands other than those coming through the transport # session for the lifetime of the session. The TCSD can choose to enforce this # option or not. By default, exclusive sessions are not enforced, since this # could allow for a denial of service to the TPM. # # enforce_exclusive_transport = 0 # # Option: host_platform_class # Values: One of the TCG platform class specifications # PC_11 - PC Client System, version 1.1 # PC_12 - PC Client System, version 1.2 # PDA_12 - PDA System, version 1.2 # SERVER_12 - Server System, version 1.2 # MOBILE_12 - Mobile Phone System, version 1.2 # # Description: This option determines the host platform (host the TCS system # is running on) class, among those specified by the Trusted Computing group # on https://www.trustedcomputinggroup.org/specs/. This class will be reported # by the TCS daemon when an application queries it using the # TSS_TCSCAP_PROP_HOST_PLATFORM sub-capability. The default is PC_12. # # host_platform_class = PC_12 # # Option: all_platform_classes # Values: TCG Platform class names, separated by commas (no whitespaces) # PC_11 - PC Client System, version 1.1 # PC_12 - PC Client System, version 1.2 # PDA_12 - PDA System, version 1.2 # SERVER_12 - Server System, version 1.2 # MOBILE_12 - Mobile Phone System, version 1.2 # # Description: This option determines all the platform classes supported by the # TCS daemon. This list must not include the value set as "host_platform_class" # specified above. Since by default TrouSerS supports all TPM 1.2 functionality, # the default is all 1.2 and 1.1 platform classes. # # all_platform_classes = PC_11,PDA_12,SERVER_12,MOBILE_12 # # # Option: disable_ipv4 # Values: 0 or 1 # Description: This options determines if the TCSD will bind itself to the # machine's local IPv4 addresses in order to receive requisitions through # its TCP port. Value of 1 disables IPv4 support, so clients cannot reach # TCSD using that protocol. # # disable_ipv4 = 0 # # # Option: disable_ipv6 # Values: 0 or 1 # Description: This options determines if the TCSD will bind itself to the # machine's local IPv6 addresses in order to receive requisitions through # its TCP port. Value of 1 disables IPv6 support, so clients cannot reach # TCSD using that protocol. # # disable_ipv6 = 0 #