Trou SerS

TrouSerS is a Common Public License (CPL) licensed TSS that has been widely used to develop Trusted Computing systems and tools. The current public version of TrouSerS only supports the version 1.1b specification of the TSS (the TCG released the version 1.2 interface specification awhile ago, adding support for new features such as DAA, locality, delegation, time stamping, and a SOAP interface). TrouSerS can be obtained at http:// trousers.sourceforge.net.

TrouSerS also contains a set of open-source command-line utilities for advanced Linux users, called TPM tools. These commands interact with the TPM and the TSS and provide a basic interface for taking and clearing ownership of the TPM; creating, getting, and restricting the Endorsement Key (EK); and setting the active, enabled, and clearable flags of the TPM state. TPM tools can be obtained from http://sourceforge.net/project/ showfiles.php?group_id=126012&package_id=153880.

Without going in depth into the TSS architecture (the specification is 750 pages long), think of the TSS as a three-layer bundle, each providing different services to general applications (see Figure 12-4):

• The TSS Device Driver Library (TDDL) defines a standard interface for the TPM so that all TPMs look and behave the same at this interface (Tddli), thus abstracting the TPM device driver and making the TSS operating system-independent. The TDDL also transitions the TPM device driver between the user and kernel modes.

• The TSS Core Services (TCS) layer gives access to all the TPM primitives and more sophisticated functions such as key management. The TCS implements the Tcsi interface, designed to provide a straightforward, simple method for controlling and requesting atomic services from the TPM.

• The TSS Service Provider (TSP) layer contains the topmost modules and implements a rich, object-oriented interface (Tspi) for the most abstract applications. While not an architectural requirement, the TSP obtains many TCG services directly from the TCS.

The PKCS#11 standard defines an API to be used to interact with devices that hold cryptographic data and perform cryptographic functions. PKCS#11 support on top of Trusted Computing allows applications to exploit the capabilities of the TPM easily o ai T3 O

Figure 12-4 Structure of the TCG Software Stack (TSS)

through the use of a cryptographic service provider (CSP). TrouSerS provides support for the PKCS#11 API; more information is available at http://trousers.sourceforge.net/pkcs11.html.

Though the TSS is a critical component of any Trusted Computing application development, it is important to understand that the TSS is not, by itself, a trusted component; its large code size and complexity renders it difficult to check. Rather, the TSS is a convenient way to access Trusted Computing functionalities and, in particular, not have to worry about concurrent access since the TPM does not manage it. Moreover, the TSS standard is extremely complex and leads to various TSS stack structures, as some elements are optional and some details are left for the implementation to specify.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment