From: Frank Brehm Date: Sat, 16 Jul 2016 05:44:12 +0000 (+0200) Subject: committing changes in /etc after emerge run X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=08e53021155d8794709639316f46ac01a24882f4;p=config%2Fbruni%2Fetc.git committing changes in /etc after emerge run Package changes: +app-crypt/trousers-0.3.10-r1 --- diff --git a/conf.d/tcsd b/conf.d/tcsd new file mode 100644 index 00000000..78bedb9f --- /dev/null +++ b/conf.d/tcsd @@ -0,0 +1,9 @@ +# /etc/conf.d/tscd + +# Configuration file for the TrouSerS' TCS daemon (tcsd) init script +# Have a look on /etc/tcsd.conf too, there is more to configure there. + +# TPM_MODULES: name of the module(s) that should be loaded. You only need to +# set this if your driver is not compiled in kernel and is not already loaded +# on boot. (default: unset) +#TPM_MODULES="tpm_atmel" diff --git a/init.d/tcsd b/init.d/tcsd new file mode 100755 index 00000000..567dc5ef --- /dev/null +++ b/init.d/tcsd @@ -0,0 +1,39 @@ +#!/sbin/openrc-run +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +depend() { + use logger + need net +} + +checkconfig() { + local mod + if [ -n "${TPM_MODULES}" ] ; then + for mod in ${TPM_MODULES} ; do + lsmod | grep -q "^${mod}\b" \ + || modprobe ${mod} &>/dev/null \ + || ewarn "Failed to load module ${mod}" + done + # Should we sleep or something to wait for device creation? + fi + if [ ! -c /dev/tpm ] && [ ! -c /dev/tpm0 ] ; then + eerror "No TPM device found!" + return 1 + fi + return 0 +} + +start() { + ebegin "Starting TrouSerS' TCS daemon (tcsd)" + checkconfig || eend $? + start-stop-daemon --start --user tss --exec /usr/sbin/tcsd + eend $? +} + +stop() { + ebegin "Stopping TrouSerS' TCS daemon (tcsd)" + start-stop-daemon --stop --quiet --exec /usr/sbin/tcsd --user tss + eend $? +} diff --git a/tcsd.conf b/tcsd.conf new file mode 100644 index 00000000..e23fd4fd --- /dev/null +++ b/tcsd.conf @@ -0,0 +1,170 @@ + +# +# This is the configuration file for the trousers tcsd. (The Trusted Computing +# Software Stack Core Services Daemon). +# +# Defaults are listed below, commented out +# +# Send questions to: trousers-users@lists.sourceforge.net +# + +# Option: port +# Values: 1 - 65535 +# Description: The port that the tcsd will listen on. +# +# port = 30003 +# + +# Option: num_threads +# Values: 1 - 65535 +# Description: The number of threads that the tcsd will spawn internally. +# +# num_threads = 10 +# + +# Option: system_ps_file +# Values: Any absolute directory path +# Description: Path where the tcsd creates its persistent storage file. +# +# system_ps_file = /var/lib/tpm/system.data +# + +# Option: firmware_log_file +# Values: Any absolute directory path +# Description: Path to the file containing the current firmware PCR event +# log data. The interface to this log is usually provided by the TPM +# device driver. +# +# firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements +# + +# Option: kernel_log_file +# Values: Any absolute directory path +# Description: Path to the file containing the current kernel PCR event +# log data. By default, this data will be parsed in the format provided +# by the Integrity Measurement Architecture LSM. See +# http://sf.net/projects/linux-ima for more info on getting IMA. +# +# +# kernel_log_file = /sys/kernel/security/ima/binary_runtime_measurements +# + +# Option: firmware_pcrs +# Values: PCR indices, separated by commas (no whitespace) +# Description: A list of PCR indices that are manipulated only by the system +# firmware and therefore are not extended or logged by the TCSD. +# +# firmware_pcrs = +# + +# Option: kernel_pcrs +# Values: PCR indices, separated by commas (no whitespace) +# Description: A list of PCR indices that are manipulated only by the kernel +# and therefore are not extended or logged by the TCSD. +# +# kernel_pcrs = +# + +# Option: platform_cred +# Values: Any absolute directory path (example: /path/to/platform.cert) +# Description: Path to the file containing your TPM's platform credential. +# The platform credential may have been provided to you by your TPM +# manufacturer. If so, set platform_cred to the path to the file on disk. +# Whenever a new TPM identity is created, the credential will be used. See +# Tspi_TPM_CollateIdentityRequest(3) for more information. +# +# platform_cred = +# + +# Option: conformance_cred +# Values: Any absolute directory path (example: /path/to/conformance.cert) +# Description: Path to the file containing your TPM's conformance credential. +# The conformance credential may have been provided to you by your TPM +# manufacturer. If so, set conformance_cred to the path to the file on disk. +# Whenever a new TPM identity is created, the credential will be used. See +# Tspi_TPM_CollateIdentityRequest(3) for more information. +# +# conformance_cred = +# + +# Option: endorsement_cred +# Values: Any absolute directory path (example: /path/to/endorsement.cert) +# Description: Path to the file containing your TPM's endorsement credential. +# The endorsement credential may have been provided to you by your TPM +# manufacturer. If so, set endorsement_cred to the path to the file on disk. +# Whenever a new TPM identity is created, the credential will be used. See +# Tspi_TPM_CollateIdentityRequest(3) for more information. +# +# endorsement_cred = +# + +# Option: remote_ops +# Values: TCS operation names, separated by commas (no whitespace) +# Description: A list of TCS commands which will be allowed to be executed +# on this machine's TCSD by TSP's on non-local hosts (over the internet). +# By default, access to all operations is denied. +# +# possible values: seal - encrypt data bound to PCR values +# unseal - decrypt data bound to PCR values +# registerkey - store keys in system persistent storage [Disk write access!] +# unregisterkey - remove keys from system persistent storage [Disk write access!] +# loadkey - load a key into the TPM +# createkey - create a key using the TPM +# sign - encrypt data using a private key +# random - generate random numbers +# getcapability - query the TCS/TPM for its capabilities +# unbind - decrypt data +# quote - request a signed blob containing all PCR values +# readpubek - access the TPM's Public EndorsementKey +# getregisteredkeybypublicinfo - Search system persistent storage for a public key +# getpubkey - Retrieve a loaded key's public data from inside the TPM +# selftest - execute selftest and test results ordinals +# +# remote_ops = +# + +# Option: enforce_exclusive_transport +# Values: 0 or 1 +# Description: When an application opens a transport session with the TPM, one +# of the options available is an "exclusive" session, meaning that the TPM +# will not execute any commands other than those coming through the transport +# session for the lifetime of the session. The TCSD can choose to enforce this +# option or not. By default, exclusive sessions are not enforced, since this +# could allow for a denial of service to the TPM. +# +# enforce_exclusive_transport = 0 +# + +# Option: host_platform_class +# Values: One of the TCG platform class specifications +# PC_11 - PC Client System, version 1.1 +# PC_12 - PC Client System, version 1.2 +# PDA_12 - PDA System, version 1.2 +# SERVER_12 - Server System, version 1.2 +# MOBILE_12 - Mobile Phone System, version 1.2 +# +# Description: This option determines the host platform (host the TCS system +# is running on) class, among those specified by the Trusted Computing group +# on https://www.trustedcomputinggroup.org/specs/. This class will be reported +# by the TCS daemon when an application queries it using the +# TSS_TCSCAP_PROP_HOST_PLATFORM sub-capability. The default is PC_12. +# +# host_platform_class = PC_12 +# + +# Option: all_platform_classes +# Values: TCG Platform class names, separated by commas (no whitespaces) +# PC_11 - PC Client System, version 1.1 +# PC_12 - PC Client System, version 1.2 +# PDA_12 - PDA System, version 1.2 +# SERVER_12 - Server System, version 1.2 +# MOBILE_12 - Mobile Phone System, version 1.2 +# +# Description: This option determines all the platform classes supported by the +# TCS daemon. This list must not include the value set as "host_platform_class" +# specified above. Since by default TrouSerS supports all TPM 1.2 functionality, +# the default is all 1.2 and 1.1 platform classes. +# +# all_platform_classes = PC_11,PDA_12,SERVER_12,MOBILE_12 +# +