Ubuntu – Does Ubuntu use TPM 2.0 chip

inteltpm

My Intel motherboard has a TPM 2.0 chip. Ubuntu 13.04 seems to have a driver for it, but what does it do with it, anything? Can it be switched off/disabled?

Best Answer

The Trusted Platform Module TPM offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a random number generator. It also includes capabilities such as remote attestation and sealed storage.

source

TPM is disabled by default unless you want to use it. To enable do the following:

First login as root

> sudo -s

and install Trousers and the TPM Tools:

> apt-get install tpm-tools trousers

Head to the directory where the Kernel modules are located /lib/modules/#.x.y-z-generic/kernel/drivers/char/tpm, there you'll find the modules you need:

ls -la /lib/modules/`uname -r`/kernel/drivers/char/tpm
total 116
drwxr-xr-x 2 root root  4096 Feb  3 07:00 .
drwxr-xr-x 8 root root  4096 Feb  3 07:00 ..
-rw-r--r-- 1 root root 12248 Jan 30 19:54 tpm_atmel.ko
-rw-r--r-- 1 root root 18104 Jan 30 19:54 tpm_i2c_infineon.ko
-rw-r--r-- 1 root root 24864 Jan 30 19:54 tpm_infineon.ko
-rw-r--r-- 1 root root 13496 Jan 30 19:54 tpm_nsc.ko
-rw-r--r-- 1 root root 30344 Jan 30 19:54 tpm_tis.ko

For my machine it was sufficient to load tpm_tis.ko.

> modprobe tpm_tis.ko

Now you should "see" the TPM (tpm0) in /sys/class/misc/ and be able to print the PCRs

> cat /sys/class/misc/tpm0/device/pcrs
PCR-00: xx 82 F8 37 D6 83 21 56 ff F7 FB 94 25 D8 7A 38 47 57 BF 83
PCR-01: yy 93 6D 55 81 BE 16 99 ff 88 DA D1 D9 B5 67 53 54 A7 41 71
PCR-02: zz DE 58 4D CE F0 3F 6A ff AC 1A 24 0A 83 58 93 89 6F 21 8D
PCR-03: aa 3F 78 0F 11 A4 B4 99 ff FC AA 80 CD 6E 39 57 C3 3B 22 75
PCR-04: bb 0B 67 73 D3 6F B5 AD ff 11 F5 43 C5 DA 92 C9 D4 69 E4 33

If tpm_tis doesn't work on your machine, simply use trial and error for finding the right module. You can't damage stuff. Btw: if you like to load the Kernel module automatically, edit /etc/modules and add "tpm_tis" to the list of modules.

If you've got the right module loaded, start the tcsd. Notice: unlike to other distributions you can't invoke the tcsd in Ubuntu by

> /etc/init.d/tcsd start

You need to type

> tcsd

If you like some debugging info, add -f:

> tcsd -f

Now you're ready to go:

> tpm_version
TPM 1.2 Version Info:
Chip Version:        1.2.11.5
Spec Level:          2
Errata Revision:     0
TPM Vendor ID:       ATML
TPM Version:         01010000
Manufacturer Info:   41544d4c

Now you can take ownership of your TPM:

> tpm_takeownership
Enter owner password: OWNERPASS
Confirm password: OWNERPASS
Enter SRK password: SRKPASS
Confirm password: SRKPASS

more information how to use TPM in linux is founded here and here.

Related Question