mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-22 18:41:37 +00:00
Without the privileged flag, the tcsd daemon does not have access to the mounted host device files, especially the tpm device file. Signed-off-by: Pratik Mallya <pratik.mallya@gmail.com>
36 lines
1.2 KiB
Markdown
36 lines
1.2 KiB
Markdown
# LinuxKit tpm
|
|
Image to provide a tcsd daemon and tpm tools to support tpm, based on [trousers and tpm-tools](https://sourceforge.net/projects/trousers/) .
|
|
|
|
|
|
## Usage
|
|
If you want to interact with a tpm chip, you need a `tcsd` daemon running to control it and provide a communication endpoint for all of your tpm commands.
|
|
|
|
This image provides both a `tcsd` daemon to run in a container, and the command line `tpm-tools`.
|
|
|
|
### Daemon
|
|
To run a `tcsd` daemon - you **must** run exactly one on a tpm-enabled host to interact with the tpm - just start the container.
|
|
|
|
#### LinuxKit
|
|
In LinuxKit, add the following to your moby `.yml`:
|
|
|
|
```
|
|
services:
|
|
- name: tcsd
|
|
image: "secureapp/tss:<hash>"
|
|
```
|
|
|
|
The above will launch `tcsd` listening on localhost only.
|
|
|
|
#### Docker
|
|
In regular docker or other container environment, start the container in the background. Be sure to map `/dev:/dev` and expose port `30003`, and run with the privileged flag set to true. The privileged flag is required to allow the container access to device files on the host.
|
|
|
|
```
|
|
docker run -d -v /dev:/dev --privileged=true -p 30003:30003 linuxkit/tss:{TAG}
|
|
```
|
|
### CLI Tools
|
|
To run the CLI tools, just run them:
|
|
|
|
```
|
|
docker run -it --privileged=true --rm linuxkit/tss:{TAG} tpm_nvread
|
|
```
|