Tree [f99162] TROUSERS_0_1_11 /

File Date Author Commit
dist 2005-04-14 kyoder kyoder [bc9e4b] change /var/tpm to /var/lib/tpm
doc 2005-01-14 kyoder kyoder [a0971a] add updated design doc
man 2005-05-16 kyoder kyoder [e1a3b3] updated formatting
src 2005-06-01 kyoder kyoder [0cdcbe] only log remote connection connect/disconnect o...
AUTHORS 2004-12-28 kyoder kyoder [981647] added blurb about IBM
ChangeLog 2005-06-01 kyoder kyoder [33fd96] updated for 0.1.11 release
LICENSE 2004-12-10 kyoder kyoder [4c6a90] Initial revision 2004-12-10 kyoder kyoder [4c6a90] Initial revision
NEWS 2004-12-10 kyoder kyoder [4c6a90] Initial revision
NICETOHAVES 2004-12-10 kyoder kyoder [4c6a90] Initial revision
README 2005-06-01 kyoder kyoder [8bc150] removed bootstrap req; we'll do bootstrap befor...
TODO 2005-04-29 kyoder kyoder [4a821e] updated
aclocal.m4 2005-03-15 ratliff ratliff [70c111] Minor README update and new man page for tcsd 2005-06-01 kyoder kyoder [f99162] copy libtool files locally for distribution 2005-06-01 kyoder kyoder [009bf2] added new ssh-askpass paths 2005-03-15 ratliff ratliff [70c111] Minor README update and new man page for tcsd

Read Me

trousers README

  Trousers is an open-source TCG Software Stack (TSS), released under the Common Public
License. Trousers aims to be compliant with the current (1.1b) and upcoming (1.2)
TSS specifications available from the Trusted Computing Group website:


  Currently this software is BETA quality and will build, however it is not
fully functional.

  Packages needed to build:

  gtk2-devel OR openssh-askpass
    Using gtk2-devel builds a native GTK2 popup into trousers, using openssh-askpass
    calls the ssh-askpass program externally to grab secrets from your GUI. The
    askpass method makes 40K smaller and reduces the number of dynamic libs
    from 26 to 6!
  openssl-0.9.7 or newer
  openssl-devel-0.9.7 or newer
  pthreads library (glibc-devel)


  02/01/05: Right now there are 2 ways to get the TSS up and running:

  A Grab the source code for an older version of the TPM device driver from here:, configure, make, make
    install in the tpm-2.0 directory of that archive, then follow the instructions
    under RUNNING The TSS, below.


  B Build and install the latest TPM device driver from
    either compiled in or loaded as a module. If you are doing this, trousers
    should just work after a vanilla build. Follow the build instructions below
    and read RUNNING The TSS, below.

  To build trousers after you have the device driver installed:

  $ ./configure [--enable-debug] [--enable-prof] [--enable-efence] [--enable-gcov]
  $ make
  $ make install

  By default the build will place everything in /usr/local. To install in a
slightly more predictable place, use `./configure --prefix=/usr`.


  This TSS implementation has several components.

  A) The TCS Daemon - A user space daemon who should be (according to the TSS spec)
  the only portal to the TPM device driver. At boot time, the TCS Daemon should be
  started, it should open the TPM device driver and from that point on, all
  requests to the TPM should go through the TSS stack. The TCSD manages TPM
  resources and handles requests from TSP's both local and remote.

  B) The TSP shared library - The TSP (TCG Service Provider) is a shared library
  that enables applications to talk to TCSD's both locally and remotely. The TSP
  also manages resources used in commicating with the application and the TCSD
  and transparently contacts the TCSD whenever necessary

  C) Persistant storage files - TSS's have 2 different kinds of 'persistant'
  storage. 'User' persistant storage has the lifetime of that of the application
  using it (not very persistent, IMO) and therefore is destroyed when an application
  exits.  User PS is controlled by the TSP of the application.  'System' persistent
  storage is controlled by the TCS and stays valid across application lifetimes, TCSD
  restarts and system resets. Data registered in system PS stays valid until an
  application requests that it be removed. User PS files are by default stored as
  /var/lib/tpm/user.{pid} and the system PS file by default is /var/lib/tpm/ The
  system PS file is initially created when ownership of the TPM is first taken.

  D) A config file. By default located in $prefix/etc/tcsd.conf.


  Before running your app:

  If you're using the device driver from the IBM research site (section A of BUILDING),
you'll need to do the following to create a device node:

  1) Create the device file for your tpm
  # /bin/mknod /dev/tpm c 10 224
  2) Change the device settings:
  # chown tss:tss /dev/tpm
  # chmod 0600 /dev/tpm
  3) load the tpm device driver:
  # modprobe tpm

  If you're using the device driver from the tpmdd project and have udev enabled, you
need to add the following line to your udev.permissions file (usually in /etc/udev


  and then just load the device driver with:
  # modprobe tpm_atmel
  # modprobe tpm_natl

  start the TCS Core Services daemon, by default /usr/local/sbin/tcsd.
  # startproc -u tss /usr/local/sbin/tcsd

  You can really just ignore this RUNNING section and run everything as root, with
a root owned device and so on, but the exploitability of the tcsd at this point is
still in question, considering its reachable over the internet.

  At this point your apps should be ready to run!

  'make install' will run ldconfig, but if /usr/local/lib is not in your
/etc/, this won't make a difference. You may need to manually
add it and run ldconfig as root to allow your apps to link at run time


 # sh
 # ./configure --prefix=/usr
 # cd ..
 # mv trousers trousers-${version}
 # tar zcvf /usr/src/packages/SOURCES/trousers-${version}.tar.gz trousers-${version}
 # rpmbuild -bb trousers-${version}/dist/trousers.spec