With Fedora comes an option to have tcsd installed. Well, its not really an option. It installs by default apparently. This got me a bit baffled to see failed services on an almost brand new PC.
It turns out that the tcsd is a user space daemon to interact with the TPM kernel module in which is needed by hardware provided encryption services. For this you will need to have this TPM chip and since I don’t have this (nor likely to have the need for such in the near future) I’m fine to turn this off with “systemctl disable tcsd.service.
The tcsd service is a small section in the overall Trusted Computing Platform stack of solutions. The over goal is to have a piece of hardware covering encryption services to all levels of the computing stack. The idea is to have a separate bulletproof section in the system providing a trust chain not relying on memory and storage. This prevents rootkits and other type of malicious stuff infecting you system. By system I don specifically mean PC or sever since the stack is meant to be open for all sorts of equipment. If you need to secure your toaster you could potentially do so. You’ll also find the TPM architecture used by companies like Hitachi, Boing, Cisco and Microsoft. From a storage perspective TPM also plays a role in the SNIA Storage Security Industry Forum.
The overall specification is outlined by the Trusted Computing Group. A fairly large group of companies who define and contribute to the specification and develop products for this specific purpose.
Many opensource resources exist on the web but for a best start go to the above mentioned link. The Trousers libraries are the Linux opensourse interfaces mainly developed by IBM with help from many around the world.
This page provides an short overview of what sits were in the TCG stack.
What I don’t know (yet) is where this all might play in the UEFI discussion Microsoft started off a while ago. It either seems to complement each other or you’ll have conflicts. Don’t know yet. Might be worthwhile investigating.