tcsd Daemon
Purpose
Manages trusted computing resources.
Syntax
tcsd [ -f ]
Description
TrouSerS is an open source Trusted Computing Group Software Stack (TSS) that is released under the Common Public License. TrouSerS aims to be compliant with 1.1b and 1.2 TSS specifications.
According to the TSS specification, the tcsd daemon is a user-space daemon that must be the only portal to the Trusted Platform Module (TPM) device driver. At boot time, the system must start the tcsd daemon, and then the tcsd daemon communicates with the TPM device driver. From that point onwards, all requests to the TPM are routed through the TSS. The tcsd daemon manages the TPM resources and handles both local and remote requests from the TCG Service Provider (TSP).
Flags
| Item | Description |
|---|---|
| -f | Runs the tcsd daemon in the foreground. |
Access Control
There are two types of access control for the tcsd daemon: access to the daemon socket and access to specific commands that are internal to the tcsd daemon.
Access to the tcsd daemon port is controlled by the system administrator by using firewall rules.
Access to individual commands that are internal to the tcsd daemon is configured by the remote_ops directive of the tcsd configuration file. Each function call in the TCG Core Services (TCS) API is reachable by a unique ordinal. Each labeled remote_op directive defines a set of ordinals (usually more than one) that are necessary to accomplish the operation. For example, the random operation enables the ordinals for opening and closing a context, calling the TCS_StirRandom, the TCS_GetRandom, and the TCS_FreeMemory functions. By default, connections from a local host allow any ordinals.
Data Files
TSS applications have access to the following types of persistent storage:
- User persistent storage
- User persistent storage has a lifetime similar to the lifetime
of the application that uses it; therefore, it is destroyed when an
application exits. User persistent storage is controlled by the TSP
of the application. By default, user persistent storage files are
stored as
/var/tss/lib/tpm/user.{pid}. - System persistent storage
- System persistent storage is controlled by the TCS and stays valid across application lifetimes,
the tcsd daemon restarts, and system resets. The data registered
in system persistent storage remains valid until an application requests
its removal. By default, system persistent storage files are stored
as
/var/tss/lib/tpm/system.data. The system persistent storage file is initially created when ownership of the TPM is received.
Files
| Item | Description |
|---|---|
| /etc/security/tss/tcsd.conf | Contains all the default options and configurations for the tcsd daemon. |
Conforming To
The tcsd daemon conforms to the TSS specification Version 1.10 Golden.