linuxkit/pkg/tss/README.md
Pratik Mallya 8333ea0b5e Update README to include privileged flag
Without the privileged flag, the tcsd daemon does not have
access to the mounted host device files, especially the tpm
device file.

Signed-off-by: Pratik Mallya <pratik.mallya@gmail.com>
2018-03-06 01:32:04 -06:00

36 lines
1.2 KiB
Markdown

# LinuxKit tpm
Image to provide a tcsd daemon and tpm tools to support tpm, based on [trousers and tpm-tools](https://sourceforge.net/projects/trousers/) .
## Usage
If you want to interact with a tpm chip, you need a `tcsd` daemon running to control it and provide a communication endpoint for all of your tpm commands.
This image provides both a `tcsd` daemon to run in a container, and the command line `tpm-tools`.
### Daemon
To run a `tcsd` daemon - you **must** run exactly one on a tpm-enabled host to interact with the tpm - just start the container.
#### LinuxKit
In LinuxKit, add the following to your moby `.yml`:
```
services:
- name: tcsd
image: "secureapp/tss:<hash>"
```
The above will launch `tcsd` listening on localhost only.
#### Docker
In regular docker or other container environment, start the container in the background. Be sure to map `/dev:/dev` and expose port `30003`, and run with the privileged flag set to true. The privileged flag is required to allow the container access to device files on the host.
```
docker run -d -v /dev:/dev --privileged=true -p 30003:30003 linuxkit/tss:{TAG}
```
### CLI Tools
To run the CLI tools, just run them:
```
docker run -it --privileged=true --rm linuxkit/tss:{TAG} tpm_nvread
```