Provided by: tpm2-abrmd_3.0.0-1ubuntu2_amd64 
NAME
tpm2-abrmd - TPM2 access broker and resource management daemon
SYNOPSIS
tpm2-abrmd [-m][-e][-i][-o][-l logger-name][-r][-s][-g /dev/urandom][-t conf]
DESCRIPTION
tpm2-abrmd is a daemon that implements the TPM access broker and resource manager as described by the
Trusted Computing Group (TGC) in the “TSS System Level API and TPM Command Transmission Interface
Specification”. This daemon uses the DBus system bus and some pipes to communicate with clients.
OPTIONS
-t, --tcti
Provide the daemon with a string that describes the TCTI and how to configure it for communication
with the next component down the TSS2 stack. This string is formatted as "tcti-name:tcti-conf"
where:
'tcti-name'
The name of the TCTI library shared object file. Libraries are found using the same
algorithm as dlopen (3). If the TCTI library file name follows the naming convention:
libtss2-tcti-<name>.so.0 where <name> is the name for the TCTI, the value of <name> may be
supplied in place of the full library file name. See 'EXAMPLES' below.
'tcti-conf'
The configuration string passed to the TCTI library upon initialization.
If this option is omitted (or a NULL string provided) then a default TCTI is used in it's default
configuration. If the string does not contain a colon then it will be interpreted as only the
'tcti-name'. To provide only the configuration string (using the default TCTI) then the first
character in the string passed to this option must be a colon followed by the configuration
string. See examples below.
-o, --allow-root
Allow daemon to run as root. If this option is not provided the daemon will refused to run as the
root user. Use of this option is not recommended.
-m, --max-connections
Set an upper bound on the number of concurrent client connections allowed. Once this number of
client connections is reached new connections will be rejected with an error. If the option is not
specified the default is 27.
-f, --flush-all
Flush all objects and sessions when daemon is started.
-l, --logger
Direct logging output to named logging target. Supported targets are stdout and syslog. If the
logger option is not specified the default is stdout.
-e, --max-sessions
Set and upper bound on the number of sessions that each client connection is allowed to create
(loaded or active) at any one time. If the option is not specified the default is 4.
-r, --max-transients
Set an upper bound on the number of transient objects that each client connection allowed to load.
Once this number of objects is reached attempts to load new transient objects will produce an
error. If the option is not specified the default is 27.
-n, --dbus-name
Claim the given name on dbus. This option overrides the default of com.intel.tss2.Tabrmd.
-g, --prng-seed-file
Read seed for pseudo-random number generator from the provided file.
-s, --session
Connect daemon to the session dbus. If the option is not specified the daemon connects to the
system dbus.
-v, --version
Display version string.
EXAMPLES
Execute daemon with default TCTI and options:
tpm2-abrmd
Execute daemon with default TCTI and provided config string:
tpm2-abrmd --tcti=":/dev/tpm0"
This is equivalent to:
tpm2-abrmd --tcti="device:/dev/tpm0"
tpm2-abrmd --tcti="libtss2-tcti-device.so.0:/dev/tpm0"
Have daemon use swtpm TPM2 Simulator tcti library
´libtss2-tcti-swtpm.so.0´. This connects to a TPM2 simulator via a TCP swtpm.
tpm2-abrmd --tcti="swtpm"
tpm2-abrmd --tcti="libtss2-tcti-swtpm.so.0"
Have daemon use tcti library ´libtss2-tcti-swtpm.so.0´ and config string
´host=127.0.0.1,port=5555´: tpm2-abrmd --tcti=swtpm:host=127.0.0.1,port=5555"
tpm2-abrmd --tcti="libtss2-tcti-swtpm.so.0:host=127.0.0.1,port=5555"
AUTHOR
Philip Tricca <philip.b.tricca@intel.com>
SEE ALSO
tcsd(8)
COLOPHON
This page is part of the 3.0.0 release of Intel's TPM2 Access Broker & Resource Management Daemon. A
description of the project, information about reporting bugs, and the latest version of this page can be
found at https://github.com/01org/tpm2-abrmd/.
Intel March 2018 TPM2-ABRMD(8)