Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
11121314151617181920
local and remote TSS applications. It provides a single entry point for user-space processes to
logically access the TPM.
The tcsd daemon includes the following components that perform core Trusted Platform Support
Service functions:
The Context Manager allows multiple applications to access the TPM simultaneously by
maintaining a separate context for each application and transparently handling any needed
context switching.
The Key and Credential Manager stores keys and authorization data.
The TPM Parameter Block Generator translates parameters received through TSS function
calls to the ordinal byte stream format used by TPM and translates back the responses.
System Persistent Storage
The TPM stores only a small number of keys in its internal memory. TCS also stores keys on
disk, in System Persistent Storage. For more information on TPM key storage areas, see “TPM
Key Storage” (page 15) .
Port Number
The tcsd daemon receives service requests and commands from TSS applications using a TCP
port. The default port number is 30003.
The tcsd.conf Configuration File
The tcsd.conf configuration file specifies tcsd operating parameters including data storage
directories, and log file locations. For more information, see “Modifying tcsd Operating
Parameters” (page 69).
TSPI Library
The application interface to the TSS stack is the TCG Service Provider Interface (TSPI). The TSPI
is a shared library used by TSS-aware applications. It enables an application to establish a TCP
connection to a local or remote tcsd and serializes the associated commands to the tcsd daemon.
The primary user interface to the TPM is through the utilities and commands that use the TSPI,
as described in the sections that follow. In addition, customers and Independent Software Vendors
(ISVs) can write applications that use the TSPI library.
TPM Management Utilities
TCS includes utilities to administer the TPM and provide TPM diagnostics. These utilities are
as follows:
tpmadm The tpmadm command administers the TPM at initial setup and for periodic
maintenance. The tpmadm command also supports subcommands to back up and
restore TPM keys.
tpmlist The tpmlist command reports TPM status; for example, whether the TPM is active,
enabled, owned, ownable, or clearable. It also lists information about TPM keys.
On-Demand Encryption Utilities
TCS includes the following utilities to provide a simple method for users to encrypt and decrypt
a file or group of files as needed:
tpmencrypt
tpmdecrypt
These utilities use the system processor to encrypt and decrypt the data for bulk encryption
performance and to avoid overloading the TPM. The bulk encryption key is encrypted using the
Architecture 13