This is a system daemon implementing the TPM2 access broker (TAB) & Resource
Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) is implemented using
Glib and the GObject system. In this documentation and in the code we use
tpm2-abrmd and tabrmd interchangeably.
Instructions to build and install this software are available in the INSTALL.md file.
tpm2-abrmd is a daemon. It should be started as part of the OS boot process.
Communication between the daemon and clients using the TPM is done with a
combination of DBus and Unix pipes. DBus is used for discovery, session
management and the 'cancel', 'setLocality', and 'getPollHandles' API calls
(mostly these aren't yet implemented). Pipes are used to send and receive
TPM commands and responses (respectively) between client and server.
The daemon owns the com.intel.tss2.Tabrmd name on dbus. It can be configured to connect to either the system or the session bus. Configuring name selection would be a handy feature but that's future work.
Check out the man page TPM2-ABRMD(8) for the currently supported options.
This repository also hosts a client library for interacting with this daemon. It is intended for use with the SAPI library (libsapi) like any other TCTI. The initialization function for this library is hard coded to connect to the tabrmd on the system bus as this is the most common configuration.
Check out the man page TCTI-TABRMD(7) and TSS2_TCTI_TABRMD_INIT(3).