Tree [ecd66b] TROUSERS_0_2_4 /

HTTPS access

File Date Author Commit
 dist 2005-12-01 kyoder kyoder [9fed16] initial add -- sample files for own...
 doc 2005-10-27 kyoder kyoder [ac6c37] updated
 man 2005-10-11 kyoder kyoder [0a8f2c] corrected function signature and description
 src 2005-12-02 kyoder kyoder [e90134] updated libtool library release number
 tools 2005-09-21 kyoder kyoder [a4f460] Make libtrousers a libtool library
 AUTHORS 2004-12-28 kyoder kyoder [981647] added blurb about IBM
 ChangeLog 2005-12-02 kyoder kyoder [ecd66b] updated with cvs tag
 LICENSE 2004-12-10 kyoder kyoder [4c6a90] Initial revision 2005-07-07 kyoder kyoder [e97f3f] added tools dir
 NEWS 2004-12-10 kyoder kyoder [4c6a90] Initial revision
 NICETOHAVES 2004-12-10 kyoder kyoder [4c6a90] Initial revision
 README 2005-12-02 kyoder kyoder [805ba6] added section on using trousers on an owned TPM
 README.selinux 2005-07-20 kyoder kyoder [9e3cdf] SELinux support
 TODO 2005-12-01 kyoder kyoder [12d504] updated
 aclocal.m4 2005-03-15 ratliff ratliff [70c111] Minor README update and new man page for tcsd 2005-07-19 kyoder kyoder [cf8adf] add --foreign to automake, the imported COPYING... 2005-12-02 kyoder kyoder [cc5104] changed version to 0.2.4 2005-03-15 ratliff ratliff [70c111] Minor README update and new man page for tcsd

Read Me

trousers README

  Trousers is an open-source TCG Software Stack (TSS), released under
the Common Public License. Trousers aims to be compliant with the
current (1.1b) and upcoming (1.2) TSS specifications available from
the Trusted Computing Group website:


  Currently this software is BETA quality and will build, however it
is not fully functional.

  Packages needed to build:

  automake > 1.4
  autoconf > 1.4
  openssl >= 0.9.7
  openssl-devel >= 0.9.7
  pthreads library (glibc-devel)


  Build and install the latest TPM device driver from either compiled in or loaded as a
  module. UPDATE: This driver is now included in the vanilla 2.6.12
  kernel!  If you are doing this, trousers should just work after a
  vanilla build. Follow the build instructions below and read
  RUNNING the TSS, below.

  To build trousers after you have the device driver installed:

  $ sh
  $ ./configure [--enable-debug] [--enable-prof] [--enable-efence] \
  $ make
  $ make install

  Here are the default locations of files that trousers installs:

  /usr/local/lib/ ->
  /usr/local/lib/ ->

  By default the build will place everything in /usr/local. To install
in a slightly more predictable place, use `./configure --prefix=/usr`.

  'make install' will run ldconfig, but if /usr/local/lib is not in
your /etc/, this won't make a difference. You may need to
manually add it and run ldconfig as root to allow your apps to link at
run time to


  If you've already taken ownership of your TPM using a TSS under another
operating system, there are a few issues you should be aware of.

  Auth vs No-Auth SRK:  In order to trick trousers into thinking it has taken
ownership of the TPM it's running on, you will need to create a persistent
storage file for trousers to use.  Normally trousers would create this file
itself at the time ownership is taken.  If your SRK has been given an
authorization password by the non-Linux OS, you will need to move the file
dist/ to /usr/local/var/lib/tpm/  If you've
taken ownership of your TPM with issuing a password, move
dist/ to /usr/local/var/lib/tpm/

  Passwords:  When entering passwords for keys you'd like to use in both
Linux and other OS's, you'll need to take note of how you entered those
passwords.  The TSS spec states that when a password is entered through a
GUI popup dialog box provided by the TSS library, the password should be
converted to the UTF-16 encoding and then hashed using SHA-1, including
the UTF-16 null terminator in the hash calculation.

  In order to work around this problem, specify the -u option to the
tpm-tools command line to convert the password to UTF-16 before hashing.
This, however, unfolds yet another problem...

  Some TSS stacks aren't compliant with the TSS spec, in that they hash
their passwords without including the terminating null character.  This
means that there are effectively two versions of any password set through
a popup dialog box.  Trousers will include the terminating null character
in its hashes of UTF-16 data.

  We'll do our best to track other TSS software and how it behaves.  Please
see the trousers FAQ at for more information.


  This TSS implementation has several components.

  A) The TCS Daemon - A user space daemon that should be (according to
     the TSS spec) the only portal to the TPM device driver. At boot
     time, the TCS Daemon should be started, it should open the TPM
     device driver and from that point on, all requests to the TPM
     should go through the TSS stack. The TCSD manages TPM resources
     and handles requests from TSP's both local and remote.

  B) The TSP shared library - The TSP (TCG Service Provider) is a
     shared library that enables applications to talk to TCSD's both
     locally and remotely. The TSP also manages resources used in
     commicating with the application and the TCSD and transparently
     contacts the TCSD whenever necessary

  C) Persistent storage files - TSS's have 2 different kinds of
     'persistent' storage. 'User' persistent storage has the lifetime
     of that of the application using it (not very persistent, IMO)
     and therefore is destroyed when an application exits.  User PS is
     controlled by the TSP of the application.  'System' persistent
     storage is controlled by the TCS and stays valid across
     application lifetimes, TCSD restarts and system resets. Data
     registered in system PS stays valid until an application requests
     that it be removed. User PS files are by default stored as
     /var/lib/tpm/user.{pid} and the system PS file by default is
     /var/lib/tpm/ The system PS file is initially created
     when ownership of the TPM is first taken.

  D) A config file. By default located in $prefix/etc/tcsd.conf.


  By default, the TCS daemon is not reachable over the internet, so if
you just plan to access it locally, running it as root with a root owned
device node is probably ok.  Just make sure your device driver is loaded
and start the tcsd as root.

  If you would like to run the TCS daemon as an unprivleged user,
please follow these instructions:

  If you're using the device driver from a linux 2.6.12+ kernel and have
udev enabled, you need to add the following line to your
udev.permissions file (usually in /etc/udev somewhere):


  and then just load the device driver with:
  # modprobe tpm_atmel
  # modprobe tpm_natl

  start the TCS Core Services daemon, by default /usr/local/sbin/tcsd.
  # startproc -u tss /usr/local/sbin/tcsd


 # sh
 # ./configure --prefix=/usr
 # cd ..
 # mv trousers trousers-${version}
 # tar zcvf /usr/src/packages/SOURCES/trousers-${version}.tar.gz \
 # rpmbuild -bb trousers-${version}/dist/trousers.spec


Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks