HP-UX Trusted Computing Services A.01.00 Administrator's Guide
Figure 1-2 HP-UX TCS Architecture
TCS Daemon
TDDL -
3rd Party
Applications
EVFS
TPM Hardware
TSPI Library
TPM mgmt
Commands
tpmadm
tpmlist
On-Demand
Encryption
tpmencrypt
tpmdecrypt
TPM EVFS Lib
HP-UX TPM Device Driver
libevfs_tcspbe.so
libtspi.sl
evfsvol
libtddl.a
/dev/tpm
tcsd
/etc/opt/tcs/system.data
TCSD Persistent
Key Storage
Localhost:30003
tcsd.conf
System Firmware
The first layer of software, up one level in the stack, consists of the HP-UX TPM device driver
for the TPM. This driver facilitates communication between the user space software stack (in the
form of the TSS Core Services daemon tcsd) and the chip itself, providing a layer that transports
a byte stream to and from the TPM.
The next layer of software consists of the TSS Core Services daemon (tcsd) that attaches to the
TPM device at system initialization, providing a single entry point for applications to logically
access the TPM. The tcsd daemon performs core Trusted Platform Support Service functions,
including the following:
• The Context Manager enables multiple applications to access the TPM simultaneously, while
maintaining a separate context for each application and performing the necessary switching
transparently.
• The Key and Credential Manager stores keys and authorization information on a per-session
basis, referred to as User Persistent Storage, and on a truly persistent (cross-reboot) basis,
referred to as System Persistent Storage.
• The TPM Parameter Block Generator translates from more traditional C-style function calls
to the actual TPM ordinal byte streams, then translates back the responses.
The tcsd daemon communicates with the TPM by statically linking with the TSS Device Driver
Library.
The application interface into the TSS stack is the TCG Service Provider Interface (TSPI). The
TSPI is a shared library linked into TSS-aware applications. It handles the details of connecting
to a local or remote tcsd and serializing the associated commands.
Architecture 9