diff --git "a/TSB-Agent\345\274\200\346\272\220\347\211\210\346\234\254\347\233\256\345\275\225\347\273\223\346\236\204\350\257\264\346\230\216-\345\217\257\344\277\241\345\215\216\346\263\260.pdf" "b/TSB-Agent\345\274\200\346\272\220\347\211\210\346\234\254\347\233\256\345\275\225\347\273\223\346\236\204\350\257\264\346\230\216.pdf"
similarity index 43%
rename from "TSB-Agent\345\274\200\346\272\220\347\211\210\346\234\254\347\233\256\345\275\225\347\273\223\346\236\204\350\257\264\346\230\216-\345\217\257\344\277\241\345\215\216\346\263\260.pdf"
rename to "TSB-Agent\345\274\200\346\272\220\347\211\210\346\234\254\347\233\256\345\275\225\347\273\223\346\236\204\350\257\264\346\230\216.pdf"
index 9a4083cde7fb513631130d110db40f5ec85d9a69..c09590253b082d57356b6f98bd36d82074eda2c6 100644
Binary files "a/TSB-Agent\345\274\200\346\272\220\347\211\210\346\234\254\347\233\256\345\275\225\347\273\223\346\236\204\350\257\264\346\230\216-\345\217\257\344\277\241\345\215\216\346\263\260.pdf" and "b/TSB-Agent\345\274\200\346\272\220\347\211\210\346\234\254\347\233\256\345\275\225\347\273\223\346\236\204\350\257\264\346\230\216.pdf" differ
diff --git a/tss-main/read_sysram/Makefile b/tss-main/read_sysram/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..145cdbf3a6d3e8934d9e952dd2f0cd00ab2cf519
--- /dev/null
+++ b/tss-main/read_sysram/Makefile
@@ -0,0 +1,11 @@
+# Makefile 4.0
+obj-m := read_sysram.o
+CURRENT_PATH := $(shell pwd)
+LINUX_KERNEL := $(shell uname -r)
+#LINUX_KERNEL_PATH := /usr/src/linux-headers-$(LINUX_KERNEL)
+LINUX_KERNEL_PATH := /lib/modules/$(shell uname -r)/build
+
+all:
+	make -C $(LINUX_KERNEL_PATH) M=$(CURRENT_PATH) modules
+clean:
+	make -C $(LINUX_KERNEL_PATH) M=$(CURRENT_PATH) clean
diff --git a/tss-main/read_sysram/read_sysram.c b/tss-main/read_sysram/read_sysram.c
new file mode 100644
index 0000000000000000000000000000000000000000..9b381526d8fdbce5015168b9349c28d72bf7f00f
--- /dev/null
+++ b/tss-main/read_sysram/read_sysram.c
@@ -0,0 +1,150 @@
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/fs.h>
+#include <linux/cdev.h>
+#include <linux/version.h>
+#include <linux/uaccess.h>
+#include <linux/kdev_t.h>
+#include <asm/io.h>
+
+MODULE_LICENSE("Dual BSD/GPL");
+
+static unsigned int major = 222;
+static unsigned int minor = 0;
+static dev_t dev_no;
+static struct class* cls = NULL;
+static struct device* cls_dev = NULL;
+
+static unsigned long addr     = 0x0;
+static unsigned long len      = 0x0;
+static unsigned long per_len  = 1024;
+
+void test_func(void)
+{
+    printk(KERN_ALERT "you call me\n");
+}
+
+int static memread_dev_open(struct inode *inode, struct file *file)
+{
+    printk(KERN_NOTICE "file open in memread_dev_open......finished!\n");
+    return 0;
+}
+
+int static memread_dev_release(struct inode *inode, struct file *file)
+{
+    printk(KERN_NOTICE "file release in memread_dev_release......finished!\n");
+    return 0;
+}
+
+ssize_t memread_dev_read(struct file *file, char __user *buf,size_t count, loff_t *offset)
+{
+  if (addr == 0 || len == 0) {
+    return -1;
+  }
+
+  unsigned char *buffer = vmalloc(len);
+  int i = 0;
+  int res;
+  unsigned char *ptr = (unsigned char *)addr;
+
+  memset(buffer, 0, len);
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)
+  long ret = copy_from_kernel_nofault(buffer, ptr, len);
+ #elif
+  long ret = probe_kernel_read(buffer, ptr, len);
+ #endif
+  if (ret != 0) {
+    vfree(buffer);
+    return -1;
+  }
+
+  res = copy_to_user((char *)buf, buffer, len);
+  vfree(buffer);
+  if(res == 0)
+    return res;
+  else
+    return -1;
+}
+
+ssize_t memread_dev_write(struct file *file, const char __user *buf, size_t count, loff_t *offset)
+{
+  return 0;
+}
+
+static long memread_dev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
+{
+    switch (cmd) {
+        case 0:
+            addr = arg;
+            break;
+        case 1:
+            len = arg;
+            break;
+        default:
+            break;
+    }
+
+    return 0;
+}
+
+static struct cdev memread_dev;
+
+static struct file_operations fops ={
+    .owner = THIS_MODULE,
+    .open  = memread_dev_open,
+    .release = memread_dev_release,
+    .read = memread_dev_read,
+    .write = memread_dev_write,
+    .unlocked_ioctl = memread_dev_ioctl
+};
+
+
+static int memread_init(void)
+{
+  int result = 0;
+
+    printk(KERN_NOTICE "memread ko init!\n");
+
+    dev_no = MKDEV(major, minor);
+
+    result = register_chrdev(major, "hello", &fops);
+    if (result < 0) {
+        printk(KERN_NOTICE "register chrdev failed! result: %d\n", result);
+        return result;
+    }
+
+    cls = class_create(THIS_MODULE, "memread_cls");
+    if (IS_ERR(cls) != 0) {
+        printk(KERN_NOTICE "class create failed!");
+        result = PTR_ERR(cls);
+        goto err_1;
+    }
+
+    cls_dev = device_create(cls, NULL, dev_no, NULL, "memread_dev");
+    if (IS_ERR(cls_dev) != 0) {
+        printk(KERN_NOTICE "device create failed!");
+        result = PTR_ERR(cls_dev);
+        goto err_2;
+    }
+
+    return 0;
+
+err_2:
+    class_destroy(cls);
+err_1:
+    unregister_chrdev(major, "hello");
+    return result;
+}
+
+void memread_exit(void)
+{
+  printk(KERN_NOTICE "goodbye\n");
+  device_destroy(cls, dev_no);
+  class_destroy(cls);
+  unregister_chrdev(major, "hello");
+  return;
+}
+
+module_init(memread_init);
+module_exit(memread_exit);
+EXPORT_SYMBOL(test_func);
diff --git a/tss-main/tcf/src/tcf_tnc.c b/tss-main/tcf/src/tcf_tnc.c
index 969d6b3c327cc3617ec69a84f06cd191678d0660..dc38c12b43b2908d10923ef3327055b76380b661 100644
--- a/tss-main/tcf/src/tcf_tnc.c
+++ b/tss-main/tcf/src/tcf_tnc.c
@@ -14,7 +14,6 @@
 /*
  * 更新可信网络连接策略。
  * 只有设置
- */
 int tcf_update_tnc_policy(struct tnc_policy_update *update,
 		const char *uid,int cert_type,
 		int auth_length,unsigned char *auth){
@@ -34,11 +33,12 @@ int tcf_update_tnc_policy(struct tnc_policy_update *update,
 		httc_write_version_notices (ntohll (update->be_replay_counter), POLICY_TYPE_TNC);
 		return ret;
 }
+ */
 
 /*
  * 读取可信网络连接策略
- */
 int tcf_get_tnc_policy(struct tnc_policy **tnc_policy,int *length){
 	return tcs_get_tnc_policy(tnc_policy,length);
 }
 
+ */
diff --git a/tss-main/tcs/scripts/PKG/srv.bak b/tss-main/tcs/scripts/PKG/srv.bak
index 1ec00f391597e1b2bff63226089131f3a9d5fbdb..b41f3004ca4b7316a479f03179434791dad9f663 100644
--- a/tss-main/tcs/scripts/PKG/srv.bak
+++ b/tss-main/tcs/scripts/PKG/srv.bak
@@ -11,10 +11,19 @@ then
 fi
 
 if [ $1 == "start" ]; then
-	insmod /usr/local/httcsec/tss/kernel/httctdd.ko
-	insmod /usr/local/httcsec/tss/kernel/tddl.ko sync=0
+	insmod /usr/local/httcsec/tss/kernel/read_sysram.ko
+	insmod /usr/local/httcsec/tss/kernel/httctdd.ko httcsec_messsage_prot=24
+	insmod /usr/local/httcsec/tss/kernel/tddl.ko sync=1
+	if ps -ef | grep -v grep | grep "tpcmproxy" > /dev/null
+	then
+		echo "tpcmproxy process is already running."
+	else
+		/usr/local/httcsec/tss/tpcmproxy & 
+		sleep 8
+	fi
 	source /usr/local/httcsec/tss/symbol.sh
 	insmod /usr/local/httcsec/tss/kernel/httctcs.ko k_kallsyms_lookup_name=$kallsyms_lookup_name k_do_invalidatepage=$do_invalidatepage
+
 	insmod /usr/local/httcsec/tss/kernel/httctcs-ex.ko
 	
 	chmod 666 /dev/httctcs
@@ -22,10 +31,26 @@ if [ $1 == "start" ]; then
 	chmod 666 /dev/tpcm_ttd
 
 elif [ $1 == "stop" ]; then
-	rmmod httctcs-ex
+	rmmod httctcs_ex
 	rmmod httctcs
+	#killall tpcmproxy
+	kill -9 `pidof tpcmproxy` >/dev/null 2>&1
 	rmmod tddl
+	while true
+        do
+                refcount=`lsmod | egrep "^httctdd" | awk '{print $3}'`
+                if [ -z "$refcount" ]; then
+                        break
+                fi
+                if [ "$refcount" -ge "1" ]; then
+                        echo "httctdd in use, waiting..."
+                        sleep 1
+                else
+                        break
+                fi
+        done
 	rmmod httctdd
+	rmmod read_sysram
 else
 	usage
 	exit