Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

Diff of /dist/tcsd.conf.in [3297fc] .. [4c6a90] Maximize Restore

  Switch to side-by-side view

--- a/dist/tcsd.conf.in
+++ b/dist/tcsd.conf.in
@@ -1,11 +1,11 @@
 
 #
 # This is the configuration file for the trousers tcsd. (The Trusted Computing
-# Software Stack Core Services Daemon).
+# Software Stack Core Services Daemon.
 #
 # Defaults are listed below, commented out
 #
-# Send questions to: trousers-users@lists.sourceforge.net
+#
 #
 
 # Option: port
@@ -26,7 +26,7 @@
 # Values: Any absolute directory path
 # Description: Path where the tcsd creates its persistent storage file.
 #
-# system_ps_file = @localstatedir@/lib/tpm/system.data
+# system_ps_file = @localstatedir@/tpm/system.data
 #
 
 # Option: firmware_log_file
@@ -35,18 +35,16 @@
 #  log data. The interface to this log is usually provided by the TPM
 #  device driver.
 #
-# firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
+# firmware_log_file = /proc/tpm/firmware_events
 #
 
 # Option: kernel_log_file
 # Values: Any absolute directory path
 # Description: Path to the file containing the current kernel PCR event
 #  log data. By default, this data will be parsed in the format provided
-#  by the Integrity Measurement Architecture LSM. See
-#  http://sf.net/projects/linux-ima for more info on getting IMA.
+#  by the Integrity Measurement Architecture LSM.
 #
-#
-# kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements
+# kernel_log_file = /proc/tcg/measurement_events
 #
 
 # Option: firmware_pcrs
@@ -54,7 +52,7 @@
 # Description: A list of PCR indices that are manipulated only by the system
 #  firmware and therefore are not extended or logged by the TCSD.
 #
-# firmware_pcrs =
+# firmware_pcrs = 0,1,2,3,4,5,6,7
 #
 
 # Option: kernel_pcrs
@@ -62,130 +60,6 @@
 # Description: A list of PCR indices that are manipulated only by the kernel
 #  and therefore are not extended or logged by the TCSD.
 #
-# kernel_pcrs =
+# kernel_pcrs = 10
 #
 
-# Option: platform_cred
-# Values: Any absolute directory path (example: /path/to/platform.cert)
-# Description: Path to the file containing your TPM's platform credential.
-#  The platform credential may have been provided to you by your TPM
-#  manufacturer. If so, set platform_cred to the path to the file on disk.
-#  Whenever a new TPM identity is created, the credential will be used. See
-#  Tspi_TPM_CollateIdentityRequest(3) for more information.
-#
-# platform_cred =
-#
-
-# Option: conformance_cred
-# Values: Any absolute directory path (example: /path/to/conformance.cert)
-# Description: Path to the file containing your TPM's conformance credential.
-#  The conformance credential may have been provided to you by your TPM
-#  manufacturer. If so, set conformance_cred to the path to the file on disk.
-#  Whenever a new TPM identity is created, the credential will be used. See
-#  Tspi_TPM_CollateIdentityRequest(3) for more information.
-#
-# conformance_cred =
-#
-
-# Option: endorsement_cred
-# Values: Any absolute directory path (example: /path/to/endorsement.cert)
-# Description: Path to the file containing your TPM's endorsement credential.
-#  The endorsement credential may have been provided to you by your TPM
-#  manufacturer. If so, set endorsement_cred to the path to the file on disk.
-#  Whenever a new TPM identity is created, the credential will be used. See
-#  Tspi_TPM_CollateIdentityRequest(3) for more information.
-#
-# endorsement_cred =
-#
-
-# Option: remote_ops
-# Values: TCS operation names, separated by commas (no whitespace)
-# Description: A list of TCS commands which will be allowed to be executed
-#  on this machine's TCSD by TSP's on non-local hosts (over the internet).
-#  By default, access to all operations is denied.
-#
-# possible values:  seal - encrypt data bound to PCR values
-#		    unseal - decrypt data bound to PCR values
-#		    registerkey - store keys in system persistent storage [Disk write access!]
-#		    unregisterkey - remove keys from system persistent storage [Disk write access!]
-#		    loadkey - load a key into the TPM
-#		    createkey - create a key using the TPM
-#		    sign - encrypt data using a private key
-#		    random - generate random numbers
-#		    getcapability - query the TCS/TPM for its capabilities
-#		    unbind - decrypt data
-#		    quote - request a signed blob containing all PCR values
-#		    readpubek - access the TPM's Public EndorsementKey
-#		    getregisteredkeybypublicinfo - Search system persistent storage for a public key
-#		    getpubkey - Retrieve a loaded key's public data from inside the TPM
-#		    selftest - execute selftest and test results ordinals
-#
-# remote_ops =
-#
-
-# Option: enforce_exclusive_transport
-# Values: 0 or 1
-# Description: When an application opens a transport session with the TPM, one
-#  of the options available is an "exclusive" session, meaning that the TPM
-#  will not execute any commands other than those coming through the transport
-#  session for the lifetime of the session. The TCSD can choose to enforce this
-#  option or not. By default, exclusive sessions are not enforced, since this
-#  could allow for a denial of service to the TPM.
-#
-#  enforce_exclusive_transport = 0
-#
-
-# Option: host_platform_class
-# Values: One of the TCG platform class specifications
-#	PC_11 - PC Client System, version 1.1
-#	PC_12 - PC Client System, version 1.2
-#	PDA_12 - PDA System, version 1.2
-#	SERVER_12 - Server System, version 1.2
-#	MOBILE_12 - Mobile Phone System, version 1.2
-#
-# Description: This option determines the host platform (host the TCS system
-# is running on) class, among those specified by the Trusted Computing group
-# on https://www.trustedcomputinggroup.org/specs/. This class will be reported
-# by the TCS daemon when an application queries it using the
-# TSS_TCSCAP_PROP_HOST_PLATFORM sub-capability. The default is PC_12.
-#
-# host_platform_class = PC_12
-#
-
-# Option: all_platform_classes
-# Values: TCG Platform class names, separated by commas (no whitespaces)
-#	PC_11 - PC Client System, version 1.1
-#	PC_12 - PC Client System, version 1.2
-#	PDA_12 - PDA System, version 1.2
-#	SERVER_12 - Server System, version 1.2
-#	MOBILE_12 - Mobile Phone System, version 1.2
-#
-# Description: This option determines all the platform classes supported by the
-# TCS daemon. This list must not include the value set as "host_platform_class"
-# specified above. Since by default TrouSerS supports all TPM 1.2 functionality,
-# the default is all 1.2 and 1.1 platform classes.
-#
-# all_platform_classes = PC_11,PDA_12,SERVER_12,MOBILE_12
-#
-
-#
-# Option: disable_ipv4
-# Values: 0 or 1
-# Description: This options determines if the TCSD will bind itself to the
-# machine's local IPv4 addresses in order to receive requisitions through
-# its TCP port. Value of 1 disables IPv4 support, so clients cannot reach
-# TCSD using that protocol.
-#
-#  disable_ipv4 = 0
-#
-
-#
-# Option: disable_ipv6
-# Values: 0 or 1
-# Description: This options determines if the TCSD will bind itself to the
-# machine's local IPv6 addresses in order to receive requisitions through
-# its TCP port. Value of 1 disables IPv6 support, so clients cannot reach
-# TCSD using that protocol.
-#
-#  disable_ipv6 = 0
-#