github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-19 01:06:27 +00:00
Code Issues Projects Releases Wiki Activity
master
linuxkit/pkg/tss/README.md
Pratik Mallya 8333ea0b5e Update README to include privileged flag 
Without the privileged flag, the tcsd daemon does not have
access to the mounted host device files, especially the tpm
device file.

Signed-off-by: Pratik Mallya <pratik.mallya@gmail.com>
2018-03-06 01:32:04 -06:00

1.2 KiB
Raw Permalink Blame History

LinuxKit tpm

Image to provide a tcsd daemon and tpm tools to support tpm, based on trousers and tpm-tools .

Usage

If you want to interact with a tpm chip, you need a tcsd daemon running to control it and provide a communication endpoint for all of your tpm commands.

This image provides both a tcsd daemon to run in a container, and the command line tpm-tools.

Daemon

To run a tcsd daemon - you must run exactly one on a tpm-enabled host to interact with the tpm - just start the container.

LinuxKit

In LinuxKit, add the following to your moby .yml:

services:
  - name: tcsd
    image: "secureapp/tss:<hash>"

The above will launch tcsd listening on localhost only.

Docker

In regular docker or other container environment, start the container in the background. Be sure to map /dev:/dev and expose port 30003, and run with the privileged flag set to true. The privileged flag is required to allow the container access to device files on the host.

docker run -d -v /dev:/dev --privileged=true -p 30003:30003 linuxkit/tss:{TAG}

CLI Tools

To run the CLI tools, just run them:

docker run -it --privileged=true --rm linuxkit/tss:{TAG} tpm_nvread