Initial commit.

2021-05-24 22:18:33 +03:00
commit e2954d55f4
3701 changed files with 330017 additions and 0 deletions
--- a/tcsd.conf
+++ b/tcsd.conf
@@ -0,0 +1,191 @@
+
+#
+# This is the configuration file for the trousers tcsd. (The Trusted Computing
+# Software Stack Core Services Daemon).
+#
+# Defaults are listed below, commented out
+#
+# Send questions to: trousers-users@lists.sourceforge.net
+#
+
+# Option: port
+# Values: 1 - 65535
+# Description: The port that the tcsd will listen on.
+#
+# port = 30003
+#
+
+# Option: num_threads
+# Values: 1 - 65535
+# Description: The number of threads that the tcsd will spawn internally.
+#
+# num_threads = 10
+#
+
+# Option: system_ps_file
+# Values: Any absolute directory path
+# Description: Path where the tcsd creates its persistent storage file.
+#
+# system_ps_file = /var/lib/tpm/system.data
+#
+
+# Option: firmware_log_file
+# Values: Any absolute directory path
+# Description: Path to the file containing the current firmware PCR event
+#  log data. The interface to this log is usually provided by the TPM
+#  device driver.
+#
+# firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
+#
+
+# Option: kernel_log_file
+# Values: Any absolute directory path
+# Description: Path to the file containing the current kernel PCR event
+#  log data. By default, this data will be parsed in the format provided
+#  by the Integrity Measurement Architecture LSM. See
+#  http://sf.net/projects/linux-ima for more info on getting IMA.
+#
+#
+# kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements
+#
+
+# Option: firmware_pcrs
+# Values: PCR indices, separated by commas (no whitespace)
+# Description: A list of PCR indices that are manipulated only by the system
+#  firmware and therefore are not extended or logged by the TCSD.
+#
+# firmware_pcrs =
+#
+
+# Option: kernel_pcrs
+# Values: PCR indices, separated by commas (no whitespace)
+# Description: A list of PCR indices that are manipulated only by the kernel
+#  and therefore are not extended or logged by the TCSD.
+#
+# kernel_pcrs =
+#
+
+# Option: platform_cred
+# Values: Any absolute directory path (example: /path/to/platform.cert)
+# Description: Path to the file containing your TPM's platform credential.
+#  The platform credential may have been provided to you by your TPM
+#  manufacturer. If so, set platform_cred to the path to the file on disk.
+#  Whenever a new TPM identity is created, the credential will be used. See
+#  Tspi_TPM_CollateIdentityRequest(3) for more information.
+#
+# platform_cred =
+#
+
+# Option: conformance_cred
+# Values: Any absolute directory path (example: /path/to/conformance.cert)
+# Description: Path to the file containing your TPM's conformance credential.
+#  The conformance credential may have been provided to you by your TPM
+#  manufacturer. If so, set conformance_cred to the path to the file on disk.
+#  Whenever a new TPM identity is created, the credential will be used. See
+#  Tspi_TPM_CollateIdentityRequest(3) for more information.
+#
+# conformance_cred =
+#
+
+# Option: endorsement_cred
+# Values: Any absolute directory path (example: /path/to/endorsement.cert)
+# Description: Path to the file containing your TPM's endorsement credential.
+#  The endorsement credential may have been provided to you by your TPM
+#  manufacturer. If so, set endorsement_cred to the path to the file on disk.
+#  Whenever a new TPM identity is created, the credential will be used. See
+#  Tspi_TPM_CollateIdentityRequest(3) for more information.
+#
+# endorsement_cred =
+#
+
+# Option: remote_ops
+# Values: TCS operation names, separated by commas (no whitespace)
+# Description: A list of TCS commands which will be allowed to be executed
+#  on this machine's TCSD by TSP's on non-local hosts (over the internet).
+#  By default, access to all operations is denied.
+#
+# possible values:  seal - encrypt data bound to PCR values
+#		    unseal - decrypt data bound to PCR values
+#		    registerkey - store keys in system persistent storage [Disk write access!]
+#		    unregisterkey - remove keys from system persistent storage [Disk write access!]
+#		    loadkey - load a key into the TPM
+#		    createkey - create a key using the TPM
+#		    sign - encrypt data using a private key
+#		    random - generate random numbers
+#		    getcapability - query the TCS/TPM for its capabilities
+#		    unbind - decrypt data
+#		    quote - request a signed blob containing all PCR values
+#		    readpubek - access the TPM's Public EndorsementKey
+#		    getregisteredkeybypublicinfo - Search system persistent storage for a public key
+#		    getpubkey - Retrieve a loaded key's public data from inside the TPM
+#		    selftest - execute selftest and test results ordinals
+#
+# remote_ops =
+#
+
+# Option: enforce_exclusive_transport
+# Values: 0 or 1
+# Description: When an application opens a transport session with the TPM, one
+#  of the options available is an "exclusive" session, meaning that the TPM
+#  will not execute any commands other than those coming through the transport
+#  session for the lifetime of the session. The TCSD can choose to enforce this
+#  option or not. By default, exclusive sessions are not enforced, since this
+#  could allow for a denial of service to the TPM.
+#
+#  enforce_exclusive_transport = 0
+#
+
+# Option: host_platform_class
+# Values: One of the TCG platform class specifications
+#	PC_11 - PC Client System, version 1.1
+#	PC_12 - PC Client System, version 1.2
+#	PDA_12 - PDA System, version 1.2
+#	SERVER_12 - Server System, version 1.2
+#	MOBILE_12 - Mobile Phone System, version 1.2
+#
+# Description: This option determines the host platform (host the TCS system
+# is running on) class, among those specified by the Trusted Computing group
+# on https://www.trustedcomputinggroup.org/specs/. This class will be reported
+# by the TCS daemon when an application queries it using the
+# TSS_TCSCAP_PROP_HOST_PLATFORM sub-capability. The default is PC_12.
+#
+# host_platform_class = PC_12
+#
+
+# Option: all_platform_classes
+# Values: TCG Platform class names, separated by commas (no whitespaces)
+#	PC_11 - PC Client System, version 1.1
+#	PC_12 - PC Client System, version 1.2
+#	PDA_12 - PDA System, version 1.2
+#	SERVER_12 - Server System, version 1.2
+#	MOBILE_12 - Mobile Phone System, version 1.2
+#
+# Description: This option determines all the platform classes supported by the
+# TCS daemon. This list must not include the value set as "host_platform_class"
+# specified above. Since by default TrouSerS supports all TPM 1.2 functionality,
+# the default is all 1.2 and 1.1 platform classes.
+#
+# all_platform_classes = PC_11,PDA_12,SERVER_12,MOBILE_12
+#
+
+#
+# Option: disable_ipv4
+# Values: 0 or 1
+# Description: This options determines if the TCSD will bind itself to the
+# machine's local IPv4 addresses in order to receive requisitions through
+# its TCP port. Value of 1 disables IPv4 support, so clients cannot reach
+# TCSD using that protocol.
+#
+#  disable_ipv4 = 0
+#
+
+#
+# Option: disable_ipv6
+# Values: 0 or 1
+# Description: This options determines if the TCSD will bind itself to the
+# machine's local IPv6 addresses in order to receive requisitions through
+# its TCP port. Value of 1 disables IPv6 support, so clients cannot reach
+# TCSD using that protocol.
+#
+#  disable_ipv6 = 0
+#