Trusted Platform Module

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, which is a dedicated microprocessor designed to secure hardware by integrating cryptographic keys into devices.

In practice, TPM can be used for various different security applications such as secure boot and key storage.

TPM is naturally supported only on devices that have TPM hardware support. If your hardware has TPM support but it is not showing up, it might need to be enabled in the BIOS settings.

Drivers

TPM drivers are natively supported in modern kernels, but might need to be loaded:

# modprobe tpm

Depending on your chipset, you might also need to load one of the following:

# modprobe tpm_atmel tpm_bios tpm_infineon tpm_nsc tpm_tis

Usage

TPM is managed by tcsd, a userspace daemon that manages Trusted Computing resources and should be (according to the TSS spec) the only portal to the TPM device driver. tcsd is part of the trousers AUR package, which was created and released by IBM, and can be configured via /etc/tcsd.conf.

To start tcsd and watch the output, run:

# tcsd -f

or simply start and enable tcsd.service.

Once tcsd is running you might also want to install tpm-tools which provides many of the command line tools for managing the TPM.

Some other tools of interest

Tango-mail-mark-junk.png

Tango-mail-mark-junk.png

This article or section needs language, wiki syntax or style improvements.

Reason: Use Template:App (Discuss)

  • tpmmanager - A Qt front-end to tpm-tools.
  • openssl_tpm_engine - OpenSSL engine which interfaces with the TSS API
  • tpm_keyring2 - A key manager for TPM based eCryptfs keys
  • opencryptoki - A PKCS#11 implementation for Linux. It includes drivers and libraries to enable IBM cryptographic hardware as well as a software token for testing.

Basics

Start off by getting basic version info:

$ tpm_version

and running a selftest:

$ tpm_selftest
 TPM Test Results: 00000000

References