0
|
1 |
*** man/man8/tcsd.8.in.old Thu Dec 18 07:09:04 2008
|
|
2 |
--- man/man8/tcsd.8.in Thu Dec 18 07:37:35 2008
|
|
3 |
***************
|
|
4 |
*** 74,85 ****
|
|
5 |
the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and
|
|
6 |
system resets. Data registered in system PS stays valid until an application
|
|
7 |
requests that it be removed. User PS files are by default stored as
|
|
8 |
! /var/tpm/user.{pid} and the system PS file by default is /var/tpm/system.data.
|
|
9 |
The system PS file is initially created when ownership of the TPM is first
|
|
10 |
taken.
|
|
11 |
|
|
12 |
.SH "CONFIGURATION"
|
|
13 |
! \fBtcsd\fR configuration is stored by default in /etc/tcsd.conf
|
|
14 |
|
|
15 |
.SH "DEBUG OUTPUT"
|
|
16 |
If TrouSerS has been compiled with debugging enabled, the debugging output
|
|
17 |
--- 74,105 ----
|
|
18 |
the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and
|
|
19 |
system resets. Data registered in system PS stays valid until an application
|
|
20 |
requests that it be removed. User PS files are by default stored as
|
|
21 |
! $HOME/.trousers/user.data and the system PS file by default is /var/tpm/system/system.data.
|
|
22 |
The system PS file is initially created when ownership of the TPM is first
|
|
23 |
taken.
|
|
24 |
+ .PP
|
|
25 |
+ \fB/var/tpm/system/system.data\fR
|
|
26 |
+ .ad
|
|
27 |
+ .RS 4n
|
|
28 |
+ Contains the system PS (persistent storage) data controlled by the TCS. By default,
|
|
29 |
+ the SRK key is installed in PS and does not require owner authorization to use. If the
|
|
30 |
+ TPM has previously been provisioned and owner-auth is required to load the SRK,
|
|
31 |
+ then the /var/tpm/system/system.data.auth file should be moved to
|
|
32 |
+ /var/tpm/system/system.data before starting the TCS (See NOTES).
|
|
33 |
+ .RE
|
|
34 |
+ .sp
|
|
35 |
+ .PP
|
|
36 |
+ \fB/var/tpm/system/system.data.auth\fR
|
|
37 |
+ .ad
|
|
38 |
+ .RS 4n
|
|
39 |
+ This is the default PS data file to use if the TPM has been previously
|
|
40 |
+ configured to require owner-auth to access the SRK. Copy this file
|
|
41 |
+ to /var/tpm/system/system.data prior to starting the TCS if owner-auth is
|
|
42 |
+ needed, otherwise this file can be ignored.
|
|
43 |
+ .RE
|
|
44 |
|
|
45 |
.SH "CONFIGURATION"
|
|
46 |
! \fBtcsd\fR configuration is stored by default in /etc/security/tcsd.conf
|
|
47 |
|
|
48 |
.SH "DEBUG OUTPUT"
|
|
49 |
If TrouSerS has been compiled with debugging enabled, the debugging output
|
|
50 |
***************
|
|
51 |
*** 88,95 ****
|
|
52 |
.SH "DEVICE DRIVERS"
|
|
53 |
.PP
|
|
54 |
\fBtcsd\fR is compatible with the IBM Research TPM device driver available
|
|
55 |
! from http://www.research.ibm.com/gsal/tcpa and the TPM device driver available
|
|
56 |
! from http://sf.net/projects/tmpdd
|
|
57 |
|
|
58 |
.SH "CONFORMING TO"
|
|
59 |
.PP
|
|
60 |
--- 108,116 ----
|
|
61 |
.SH "DEVICE DRIVERS"
|
|
62 |
.PP
|
|
63 |
\fBtcsd\fR is compatible with the IBM Research TPM device driver available
|
|
64 |
! from http://www.research.ibm.com/gsal/tcpa and the TPM device driver for
|
|
65 |
! Linux available from http://sf.net/projects/tmpdd. It is also compatible
|
11
|
66 |
! with the TPM device driver for Solaris which is available in the driver/crypto/tpm package.
|
0
|
67 |
|
|
68 |
.SH "CONFORMING TO"
|
|
69 |
.PP
|
|
70 |
***************
|
|
71 |
*** 98,105 ****
|
|
72 |
|
|
73 |
.SH "SEE ALSO"
|
|
74 |
.PP
|
|
75 |
! \fBtcsd.conf\fR(5)
|
|
76 |
|
|
77 |
.SH "AUTHOR"
|
|
78 |
Kent Yoder
|
|
79 |
|
|
80 |
--- 119,142 ----
|
|
81 |
|
|
82 |
.SH "SEE ALSO"
|
|
83 |
.PP
|
|
84 |
! \fBtcsd.conf\fR(5), \fBsvcadm\fR(1M), \fBsmf\fR(5)
|
|
85 |
|
|
86 |
+ .SH "NOTES"
|
|
87 |
+ .sp
|
|
88 |
+ .LP
|
|
89 |
+ The \fBtcsd\fR service is managed by the service management facility, \fBsmf\fR(5), under
|
|
90 |
+ the service identifier:
|
|
91 |
+ .sp
|
|
92 |
+ .in +2
|
|
93 |
+ .nf
|
|
94 |
+ svc:/application/security/tcsd:default
|
|
95 |
+ .fi
|
|
96 |
+ .in -2
|
|
97 |
+ .sp
|
|
98 |
+ .LP
|
|
99 |
+ Administrative actions on this service, such as enabling, disabling, or requesting restart, can be
|
|
100 |
+ performed using \fBsvcadm\fR(1M). The service's status can be queried using the \fBsvcs\fR(1) command.
|
|
101 |
+
|
|
102 |
.SH "AUTHOR"
|
|
103 |
Kent Yoder
|
|
104 |
|