Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update README.md #1

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update README.md #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ Smallstep helps ensure that access to financial data, code repositories, PII and
- `systemd`-based service manager
- Trusted Platform Module (TPM 2.0)
- p11-kit
- tpm-tss2

### macOS

Expand All @@ -32,13 +31,13 @@ All platforms require an internet connection for normal operation.

### macOS

- *Location permission* - to enable management of Wifi networks, the Smallstep app needs location permission
- *Location permission* - to enable management of Wi-Fi networks, the Smallstep app needs location permission
- *Keychain access* - the Smallstep app uses the macOS keychain to store both keys and certificates it manages
- *Network Extension entitlement* - the Smallstep app requests the *Network Extension* entitlement so that it can manage VPN connections

### Linux

- *TPM read/write permission* - the Smallstep app communicates to the TPM from user-space using `tpm-tss2`, and the running user must have read/write permissions to the TPM resource manager (typically `/dev/tpmrm0`)
- *TPM read/write permission* - the Smallstep app communicates to the TPM from user-space, and the running user must have read/write permissions to the TPM resource manager (typically `/dev/tpmrm0`) or the TPM device (typically `/dev/tpm0`)

On all platforms, the Smallstep app manages a directory on the filesystem in a well-known location for management of keys and certificates:

Expand All @@ -62,7 +61,7 @@ Installers for macOS, Windows and Linux can be downloaded from [GitHub releases]

The Smallstep app collects and reports some data from the host device as part of its normal operation. These are:

- Device Identifiers from TPM-enabled platforms
- Hardware Identifiers from TPM-enabled platforms
- Device/Computer Name
- Device/Computer Hostname
- Chipset Architecture
Expand All @@ -82,7 +81,7 @@ modutil -dbdir ~/.pki/nssdb -add step-agent -libfile <path-to-p11-kit-libs>/p11-
export P11_KIT_SERVER_ADDRESS=unix:path=$XDG_RUNTIME_DIR/step-agent/step-agent-pkcs11.sock
```

After that, you should see certificates managed by Smallstep in Chrome. You'll want to add `P11_KIT_SERVER_ADDRESS` to your environment more permanents for regular usage. You can use tools like `pkcs11-tool` for troubleshooting:
After that, you should see certificates managed by Smallstep in Chrome. You'll want to add `P11_KIT_SERVER_ADDRESS` to your environment more permanently for regular usage. You can use tools like `pkcs11-tool` for troubleshooting:

`pkcs11-tool --module <path-to-p11-kit-libs>/p11-kit-client.so --list-slots`

Expand Down