Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [tpm]

A TPM (Trusted Platform Module) is a security coprocessor found on many PCs

A TPM (Trusted Platform Module) is a security coprocessor found on many PCs. It can store and use keys that can't be copied out, ensure the first step of by allowing only signed operating system bootloaders, and generate platform health attestations to guarantee that a platform is running a particular operating system configuration.

The Linux software stack to use a TPM is .

Not to be confused with .

41 questions
35
votes
2 answers

How to determine if computer has TPM (Trusted Platform Module) available

Wanting to play around with Trusted Platform Module stuff, I installed TrouSerS and tried to start tcsd, but I got this error: TCSD TDDL ERROR: Could not find a device to open! However, my kernel has multiple TPM modules loaded: # lsmod | grep…
Matthew Cline
  • 3,265
  • 4
  • 24
  • 38
16
votes
2 answers

How do I use the TPM to seal away data on an UEFI booted system?

I would like to seal away files on my system using keys stored in the TPM. Since my system uses UEFI to boot, I can no longer use TrustedGrub as a boot loader to maintain my trust chain. Are there any alternatives / ways to make use of the TPM on…
Marcus
  • 243
  • 3
  • 5
13
votes
3 answers

ACPI region does not cover the entire command/response buffer

I'm experiencing system freezes and looking in the journal I see kernel (4.14.15-1-MANJARO) errors such as: kernel: tpm_crb MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer. [mem 0xfed40000-0xfed4087f flags…
Tom Hale
  • 28,728
  • 32
  • 139
  • 229
11
votes
5 answers

a tpm error (7) occurred attempting to read a pcr value in centos

I'm getting this error while booting and my computer won't start. a tpm error (7) occurred attempting to read a pcr value I installed CentOS 7 on a z400 workstation computer. I was working on it and mounted a USB device from terminal and rebooted…
AUREL
  • 111
  • 1
  • 1
  • 3
5
votes
1 answer

How to check if TPM2.0 is owned and if TPM is enabled in Ubuntu 16.04?

Is there any command to check if TPM2.0 is owned (i.e., ownership is taken) and if TPM is enabled on Ubuntu 16.04? For TPM1.2 this was possible with cat /sys/class/tpm/tpm0/device/owned We are using TPM2.0, Intel TXT, Ubuntu 16.04 and DL380Gen10…
Venkata Ramana
  • 51
  • 1
  • 2
5
votes
0 answers

TPM passwordless boot

I'm trying to create device with CentOS6, encrypted disk (with LUKS), TPM module and TrustedGRUB to boot securely and without interaction. I'm following instructions from https://github.com/shpedoikal/tpm-luks but i'm still being asked for password…
MoonWolf
  • 51
  • 2
4
votes
2 answers

Why doesn't `head -c 2 /dev/hwrng` work?

I have an Atmel 97SC3201 in my computer and set the following in the kernel: CONFIG_HW_RANDOM_TPM CONFIG_TCG_TPM CONFIG_TCG_ATMEL /dev has tpm0 and hwrng, but running this command returns the following: head -c 2 /dev/hwrng output: head: error…
sam
  • 41
  • 2
4
votes
2 answers

LUKS + TPM2 + PIN

I am currently aware of two recent methods to bind a LUKS encrypted root partition to a TPM2: systemd-cryptenroll and clevis. Both of them seem to release the encryption key after successfully checking the PCRs the key was sealed against. But I…
Simon
  • 175
  • 2
  • 10
4
votes
0 answers

Install Linux on Chromebook with failed TPM module?

I have a Samsung XE303C12 Chromebook which apparently has a failed TPM module. It won't boot into ChromeOS, and when I try to recover the OS, I'm told that an error has occurred. I hit Tab and the recovery_reason is 0x05 TPM error in read-only…
Josh M.
  • 243
  • 3
  • 10
3
votes
1 answer

Ubuntu 20.04 clevis-luks setup auto unlocking not working

I have an Ubuntu 20.04 machine setup that I am trying to configure for disk encryption. I am trying to setup auto unlock, but my configuration has not worked so far, and I am always prompted for a password. To do this I followed the following…
Niru
  • 141
  • 5
3
votes
0 answers

CentOS-8 - Unsealing LUKS volume with TPM2 module - clevis issue

Im trying to get a LUKS volume unlocked by the TPM-module on a Dell Optiplex 3060. The binding seems to work fine: clevis luks bind -d /dev/nvme0n1p3 tpm2 '{"pcr_ids":"7"}' $ luksmeta show -d /dev/nvme0n1p3 0 active empty 1 active…
n-tchen
  • 400
  • 3
  • 12
2
votes
1 answer

How must I configure Debian or Ubuntu to ensure there's a chain of trust from TPM to Login?

TPMs are supposed to solve a chicken and egg problem of where to store unencrypted disk encryption keys such that someone can't simply pop another hard drive in the machine, boot a different OS and read the keys right off the disk / flash / BIOS /…
Philip Couling
  • 17,591
  • 5
  • 42
  • 82
2
votes
0 answers

cryptsetup ignoring unknown option 'tpm2-device'

I have been trying to get LUKS disk encryption with TPM2 working on an HP EliteBook 850 G8 running Kali Linux 2022.3. However, I am struggling to get TPM2 disk decryption added to Initramfs. Steps I have taken so far: Ensured that TPM2 is enabled…
lxndrblz
  • 21
  • 1
2
votes
0 answers

Clevis auto decrypt not wokring ( Kali 2022.2 + LUKS + TPM2 + Clevis )

I cannot figure out how to get clevis to auto-decrypt my root partition on boot. What I want I want to use the TPM2 chip on my kali PC to have an encrypted disk that self-decrypt on boot. The main purpose is to prevent the data leak in case of…
Raphael
  • 21
  • 3
2
votes
1 answer

What is a TPM2 "object context"?

The man page for tpm2_load has the following example: To load an object you first must create an object under a primary object. So the first step is to create the primary object. tpm2_createprimary -c primary.ctx Step 2 is to create an object…
Alex Henrie
  • 715
  • 1
  • 8
  • 13
1
2 3