|
|
| |
TPM2-ABRMD(8) |
TPM2 Software Stack |
TPM2-ABRMD(8) |
tpm2-abrmd - TPM2 access broker and resource management daemon
tpm2-abrmd
[-m][-e][-i][-o][-l logger-name][-r][-s][-g /dev/urandom][-t conf]
tpm2-abrmd is a daemon that implements the TPM access broker and resource
manager as described by the Trusted Computing Group (TGC) in the
“TSS System Level API and TPM Command Transmission Interface
Specification”. This daemon uses the DBus system bus and some
pipes to communicate with clients.
- -t, --tcti
- Provide the daemon with a string that describes the TCTI and how to
configure it for communication with the next component down the TSS2
stack. This string is formatted as "tcti-name:tcti-conf"
where:
- 'tcti-name'
- The name of the TCTI library shared object file. Libraries are found using
the same algorithm as dlopen (3). If the TCTI library file name follows
the naming convention: libtss2-tcti-<name>.so.0 where
<name> is the name for the TCTI, the value of <name>
may be supplied in place of the full library file name. See 'EXAMPLES'
below.
- 'tcti-conf'
- The configuration string passed to the TCTI library upon
initialization.
If this option is omitted (or a NULL string provided) then a
default TCTI is used in it's default configuration. If the string does not
contain a colon then it will be interpreted as only the 'tcti-name'. To
provide only the configuration string (using the default TCTI) then the
first character in the string passed to this option must be a colon followed
by the configuration string. See examples below.
- -o, --allow-root
- Allow daemon to run as root. If this option is not provided the daemon
will refused to run as the root user. Use of this option is not
recommended.
- -m, --max-connections
- Set an upper bound on the number of concurrent client connections allowed.
Once this number of client connections is reached new connections will be
rejected with an error. If the option is not specified the default is
27.
- -f, --flush-all
- Flush all objects and sessions when daemon is started.
- -l, --logger
- Direct logging output to named logging target. Supported targets are
stdout and syslog. If the logger option is not specified the
default is stdout.
- -e, --max-sessions
- Set and upper bound on the number of sessions that each client connection
is allowed to create (loaded or active) at any one time. If the option is
not specified the default is 4.
- -r, --max-transients
- Set an upper bound on the number of transient objects that each client
connection allowed to load. Once this number of objects is reached
attempts to load new transient objects will produce an error. If the
option is not specified the default is 27.
- -n, --dbus-name
- Claim the given name on dbus. This option overrides the default of
com.intel.tss2.Tabrmd.
- -g, --prng-seed-file
- Read seed for pseudo-random number generator from the provided file.
- -s, --session
- Connect daemon to the session dbus. If the option is not specified the
daemon connects to the system dbus.
- -v, --version
- Display version string.
- Execute daemon with default TCTI and options:
- tpm2-abrmd
- Execute daemon with default TCTI and provided config string:
- tpm2-abrmd --tcti=":/dev/tpm0"
- This is equivalent to:
- tpm2-abrmd --tcti="device:/dev/tpm0"
tpm2-abrmd --tcti="libtss2-tcti-device.so.0:/dev/tpm0"
- Have daemon use swtpm TPM2 Simulator tcti library
- This connects to a TPM2 simulator via a TCP swtpm.
tpm2-abrmd --tcti="swtpm"
tpm2-abrmd --tcti="libtss2-tcti-swtpm.so.0"
- Have daemon use tcti library 'libtss2-tcti-swtpm.so.0' and config
string
- tpm2-abrmd --tcti=swtpm:host=127.0.0.1,port=5555"
tpm2-abrmd
--tcti="libtss2-tcti-swtpm.so.0:host=127.0.0.1,port=5555"
Philip Tricca <philip.b.tricca@intel.com>
This page is part of the 2.4.1 release of Intel's TPM2 Access Broker &
Resource Management Daemon. A description of the project, information about
reporting bugs, and the latest version of this page can be found at
https://github.com/01org/tpm2-abrmd/.
Visit the GSP FreeBSD Man Page Interface. Output converted with ManDoc. |