Ubuntu – Does Ubuntu use TPM 2.0 chip


My Intel motherboard has a TPM 2.0 chip. Ubuntu 13.04 seems to have a driver for it, but what does it do with it, anything? Can it be switched off/disabled?

Best Answer

The Trusted Platform Module TPM offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a random number generator. It also includes capabilities such as remote attestation and sealed storage.


TPM is disabled by default unless you want to use it. To enable do the following:

First login as root

> sudo -s

and install Trousers and the TPM Tools:

> apt-get install tpm-tools trousers

Head to the directory where the Kernel modules are located /lib/modules/#.x.y-z-generic/kernel/drivers/char/tpm, there you'll find the modules you need:

ls -la /lib/modules/`uname -r`/kernel/drivers/char/tpm
total 116
drwxr-xr-x 2 root root  4096 Feb  3 07:00 .
drwxr-xr-x 8 root root  4096 Feb  3 07:00 ..
-rw-r--r-- 1 root root 12248 Jan 30 19:54 tpm_atmel.ko
-rw-r--r-- 1 root root 18104 Jan 30 19:54 tpm_i2c_infineon.ko
-rw-r--r-- 1 root root 24864 Jan 30 19:54 tpm_infineon.ko
-rw-r--r-- 1 root root 13496 Jan 30 19:54 tpm_nsc.ko
-rw-r--r-- 1 root root 30344 Jan 30 19:54 tpm_tis.ko

For my machine it was sufficient to load tpm_tis.ko.

> modprobe tpm_tis.ko

Now you should "see" the TPM (tpm0) in /sys/class/misc/ and be able to print the PCRs

> cat /sys/class/misc/tpm0/device/pcrs
PCR-00: xx 82 F8 37 D6 83 21 56 ff F7 FB 94 25 D8 7A 38 47 57 BF 83
PCR-01: yy 93 6D 55 81 BE 16 99 ff 88 DA D1 D9 B5 67 53 54 A7 41 71
PCR-02: zz DE 58 4D CE F0 3F 6A ff AC 1A 24 0A 83 58 93 89 6F 21 8D
PCR-03: aa 3F 78 0F 11 A4 B4 99 ff FC AA 80 CD 6E 39 57 C3 3B 22 75
PCR-04: bb 0B 67 73 D3 6F B5 AD ff 11 F5 43 C5 DA 92 C9 D4 69 E4 33

If tpm_tis doesn't work on your machine, simply use trial and error for finding the right module. You can't damage stuff. Btw: if you like to load the Kernel module automatically, edit /etc/modules and add "tpm_tis" to the list of modules.

If you've got the right module loaded, start the tcsd. Notice: unlike to other distributions you can't invoke the tcsd in Ubuntu by

> /etc/init.d/tcsd start

You need to type

> tcsd

If you like some debugging info, add -f:

> tcsd -f

Now you're ready to go:

> tpm_version
TPM 1.2 Version Info:
Chip Version:
Spec Level:          2
Errata Revision:     0
TPM Vendor ID:       ATML
TPM Version:         01010000
Manufacturer Info:   41544d4c

Now you can take ownership of your TPM:

> tpm_takeownership
Enter owner password: OWNERPASS
Confirm password: OWNERPASS
Enter SRK password: SRKPASS
Confirm password: SRKPASS

more information how to use TPM in linux is founded here and here.

Related Question