tpm2-abrmd man page

tpm2-abrmd — TPM2 access broker and resource management daemon

Synopsis

tpm2-abrmd [-m][-e][-i][-o][-l logger-name][-r][-s][-g /dev/urandom][-t conf]

Description

tpm2-abrmd is a daemon that implements the TPM access broker and resource manager as described by the Trusted Computing Group (TGC) in the “TSS System Level API and TPM Command Transmission Interface Specification”. This daemon uses the DBus system bus and some pipes to communicate with clients.

Options

-t--tcti

Provide the daemon with a string that describes the TCTI and how to configure it for communication with the next component down the TSS2 stack. This string is formatted as "tcti-name:tcti-conf" where:

'tcti-name'

The name of the TCTI library shared object file. Libraries are found using the same algorithm as dlopen (3). If the TCTI library file name follows the naming convention: libtss2-tcti-<name>.so.0 where <name> is the name for the TCTI, the value of <name> may be supplied in place of the full library file name. See 'Examples' below.

'tcti-conf'

The configuration string passed to the TCTI library upon initialization.

If this option is omitted (or a NULL string provided) then a default TCTI is used in it's default configuration. If the string does not contain a colon then it will be interpreted as only the 'tcti-name'. To provide only the configuration string (using the default TCTI) then the first character in the string passed to this option must be a colon followed by the configuration string. See examples below.

-o--allow-root

Allow daemon to run as root. If this option is not provided the daemon will refused to run as the root user. Use of this option is not recommended.

-m--max-connections

Set an upper bound on the number of concurrent client connections allowed. Once this number of client connections is reached new connections will be rejected with an error.

-f--flush-all

Flush all objects and sessions when daemon is started.

-l--logger

Direct logging output to named logging target. Supported targets are stdout and syslog. If the logger option is not specified the default is stdout.

-e--max-sessions

Set and upper bound on the number of sessions that each client connection is allowed to create (loaded or active) at any one time.

-r--max-transients

Set an upper bound on the number of transient objects that each client connection allowed to load. Once this number of objects is reached attempts to load new transient objects will produce an error.

-n--dbus-name

Claim the given name on dbus. This option overrides the default of com.intel.tss2.Tabrmd.

-g--prng-seed-file

Read seed for pseudo-random number generator from the provided file.

-s--session

Connect daemon to the session dbus. This option overrides the default behavior.

-v--version

Display version string.

Examples

Execute daemon with default TCTI and options:

tpm2-abrmd

Execute daemon with default TCTI and provided config string:

tpm2-abrmd --tcti=":/dev/tpm0"

This is equivalent to:

tpm2-abrmd --tcti="device:/dev/tpm0"
tpm2-abrmd --tcti="libtss2-tcti-device.so.0:/dev/tpm0"

Have daemon use Microsoft/IBM TPM2 Simulator tcti library

This connects to a TPM2 simulator via a TCP mssim.
tpm2-abrmd --tcti="mssim"
tpm2-abrmd --tcti="libtss2-tcti-mssim.so.0"

Have daemon use tcti library 'libtss2-tcti-mssim.so.0' and config string

tpm2-abrmd --tcti=mssim:host=127.0.0.1,port=5555"
tpm2-abrmd --tcti="libtss2-tcti-mssim.so.0:host=127.0.0.1,port=5555"

Author

Philip Tricca <philip.b.tricca@intel.com>

See Also

tcsd(8)

Colophon

This page is part of the 2.0.1 release of Intel's TPM2 Access Broker & Resource Management Daemon. A description of the project, information about reporting bugs, and the latest version of this page can be found at https://github.com/01org/tpm2-abrmd/.

Referenced By

tss2-tcti-device(7), Tss2_Tcti_Device_Init(3), tss2-tcti-mssim(7), Tss2_Tcti_Mssim_Init(3), tss2-tcti-tabrmd(7), Tss2_Tcti_Tabrmd_Init(3).

March 2018 Intel TPM2 Software Stack