| |
| # |
| # This is the configuration file for the trousers tcsd. (The Trusted Computing |
| # Software Stack Core Services Daemon). |
| # |
| # Defaults are listed below, commented out |
| # |
| # Send questions to: trousers-users@lists.sourceforge.net |
| # |
| |
| # Option: port |
| # Values: 1 - 65535 |
| # Description: The port that the tcsd will listen on. |
| # |
| # port = 30003 |
| # |
| |
| # Option: num_threads |
| # Values: 1 - 65535 |
| # Description: The number of threads that the tcsd will spawn internally. |
| # |
| # num_threads = 10 |
| # |
| |
| # Option: system_ps_file |
| # Values: Any absolute directory path |
| # Description: Path where the tcsd creates its persistent storage file. |
| # |
| # system_ps_file = /var/lib/tpm/system.data |
| # |
| |
| # Option: firmware_log_file |
| # Values: Any absolute directory path |
| # Description: Path to the file containing the current firmware PCR event |
| # log data. The interface to this log is usually provided by the TPM |
| # device driver. |
| # |
| # firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements |
| # |
| |
| # Option: kernel_log_file |
| # Values: Any absolute directory path |
| # Description: Path to the file containing the current kernel PCR event |
| # log data. By default, this data will be parsed in the format provided |
| # by the Integrity Measurement Architecture LSM. See |
| # http://sf.net/projects/linux-ima for more info on getting IMA. |
| # |
| # |
| # kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements |
| # |
| |
| # Option: firmware_pcrs |
| # Values: PCR indices, separated by commas (no whitespace) |
| # Description: A list of PCR indices that are manipulated only by the system |
| # firmware and therefore are not extended or logged by the TCSD. |
| # |
| # firmware_pcrs = |
| # |
| |
| # Option: kernel_pcrs |
| # Values: PCR indices, separated by commas (no whitespace) |
| # Description: A list of PCR indices that are manipulated only by the kernel |
| # and therefore are not extended or logged by the TCSD. |
| # |
| # kernel_pcrs = |
| # |
| |
| # Option: platform_cred |
| # Values: Any absolute directory path (example: /path/to/platform.cert) |
| # Description: Path to the file containing your TPM's platform credential. |
| # The platform credential may have been provided to you by your TPM |
| # manufacturer. If so, set platform_cred to the path to the file on disk. |
| # Whenever a new TPM identity is created, the credential will be used. See |
| # Tspi_TPM_CollateIdentityRequest(3) for more information. |
| # |
| # platform_cred = |
| # |
| |
| # Option: conformance_cred |
| # Values: Any absolute directory path (example: /path/to/conformance.cert) |
| # Description: Path to the file containing your TPM's conformance credential. |
| # The conformance credential may have been provided to you by your TPM |
| # manufacturer. If so, set conformance_cred to the path to the file on disk. |
| # Whenever a new TPM identity is created, the credential will be used. See |
| # Tspi_TPM_CollateIdentityRequest(3) for more information. |
| # |
| # conformance_cred = |
| # |
| |
| # Option: endorsement_cred |
| # Values: Any absolute directory path (example: /path/to/endorsement.cert) |
| # Description: Path to the file containing your TPM's endorsement credential. |
| # The endorsement credential may have been provided to you by your TPM |
| # manufacturer. If so, set endorsement_cred to the path to the file on disk. |
| # Whenever a new TPM identity is created, the credential will be used. See |
| # Tspi_TPM_CollateIdentityRequest(3) for more information. |
| # |
| # endorsement_cred = |
| # |
| |
| # Option: remote_ops |
| # Values: TCS operation names, separated by commas (no whitespace) |
| # Description: A list of TCS commands which will be allowed to be executed |
| # on this machine's TCSD by TSP's on non-local hosts (over the internet). |
| # By default, access to all operations is denied. |
| # |
| # possible values: seal - encrypt data bound to PCR values |
| # unseal - decrypt data bound to PCR values |
| # registerkey - store keys in system persistent storage [Disk write access!] |
| # unregisterkey - remove keys from system persistent storage [Disk write access!] |
| # loadkey - load a key into the TPM |
| # createkey - create a key using the TPM |
| # sign - encrypt data using a private key |
| # random - generate random numbers |
| # getcapability - query the TCS/TPM for its capabilities |
| # unbind - decrypt data |
| # quote - request a signed blob containing all PCR values |
| # readpubek - access the TPM's Public EndorsementKey |
| # getregisteredkeybypublicinfo - Search system persistent storage for a public key |
| # getpubkey - Retrieve a loaded key's public data from inside the TPM |
| # selftest - execute selftest and test results ordinals |
| # |
| # remote_ops = |
| # |
| |
| # Option: enforce_exclusive_transport |
| # Values: 0 or 1 |
| # Description: When an application opens a transport session with the TPM, one |
| # of the options available is an "exclusive" session, meaning that the TPM |
| # will not execute any commands other than those coming through the transport |
| # session for the lifetime of the session. The TCSD can choose to enforce this |
| # option or not. By default, exclusive sessions are not enforced, since this |
| # could allow for a denial of service to the TPM. |
| # |
| # enforce_exclusive_transport = 0 |
| # |
| |
| # Option: host_platform_class |
| # Values: One of the TCG platform class specifications |
| # PC_11 - PC Client System, version 1.1 |
| # PC_12 - PC Client System, version 1.2 |
| # PDA_12 - PDA System, version 1.2 |
| # SERVER_12 - Server System, version 1.2 |
| # MOBILE_12 - Mobile Phone System, version 1.2 |
| # |
| # Description: This option determines the host platform (host the TCS system |
| # is running on) class, among those specified by the Trusted Computing group |
| # on https://www.trustedcomputinggroup.org/specs/. This class will be reported |
| # by the TCS daemon when an application queries it using the |
| # TSS_TCSCAP_PROP_HOST_PLATFORM sub-capability. The default is PC_12. |
| # |
| # host_platform_class = PC_12 |
| # |
| |
| # Option: all_platform_classes |
| # Values: TCG Platform class names, separated by commas (no whitespaces) |
| # PC_11 - PC Client System, version 1.1 |
| # PC_12 - PC Client System, version 1.2 |
| # PDA_12 - PDA System, version 1.2 |
| # SERVER_12 - Server System, version 1.2 |
| # MOBILE_12 - Mobile Phone System, version 1.2 |
| # |
| # Description: This option determines all the platform classes supported by the |
| # TCS daemon. This list must not include the value set as "host_platform_class" |
| # specified above. Since by default TrouSerS supports all TPM 1.2 functionality, |
| # the default is all 1.2 and 1.1 platform classes. |
| # |
| # all_platform_classes = PC_11,PDA_12,SERVER_12,MOBILE_12 |
| # |
| |
| # |
| # Option: disable_ipv4 |
| # Values: 0 or 1 |
| # Description: This options determines if the TCSD will bind itself to the |
| # machine's local IPv4 addresses in order to receive requisitions through |
| # its TCP port. Value of 1 disables IPv4 support, so clients cannot reach |
| # TCSD using that protocol. |
| # |
| # disable_ipv4 = 0 |
| # |
| |
| # |
| # Option: disable_ipv6 |
| # Values: 0 or 1 |
| # Description: This options determines if the TCSD will bind itself to the |
| # machine's local IPv6 addresses in order to receive requisitions through |
| # its TCP port. Value of 1 disables IPv6 support, so clients cannot reach |
| # TCSD using that protocol. |
| # |
| # disable_ipv6 = 0 |
| # |