Trusted Platform Module

From ArchWiki
Jump to navigation Jump to search

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: Needs clarification about usage difference between TPM 1.2 and 2.0, Evil Maid attack defense and Trusted boot. PCR registers sealing and using in combination with LUKS. (Discuss in Talk:Trusted Platform Module#)

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, which is a dedicated microprocessor designed to secure hardware by integrating cryptographic keys into devices.

In practice a TPM can be used for various different security applications such as secure boot, key storage and random number generation.

TPM is naturally supported only on devices that have TPM hardware support. If your hardware has TPM support but it is not showing up, it might need to be enabled in the BIOS settings.


There are two very different TPM specifications: 1.2 and 2.0, which also use different software stacks.

  • TPM 1.2 uses the "TrouSerS" TSS (TCG software stack) by IBM, which is packaged as trousersAUR (tcsd) and tpm-toolsAUR (userspace). All software access the TPM through the tcsd daemon.
  • TPM 2.0 allows direct access via /dev/tpm0 (one client at a time), managed access through the tpm2-abrmd resource manager daemon, or kernel-managed access via /dev/tpmrm0. There are two choices of userspace tools, tpm2-tools by Intel and ibm-tssAUR by IBM.

TPM 2.0 requires UEFI boot; BIOS or Legacy boot systems can only use TPM 1.2.

Some TPM chips can be switched between 1.2 and 2.0 through a firmware upgrade (which can be done only a limited number of times).

Using TPM 1.2


TPM drivers are natively supported in modern kernels, but might need to be loaded:

# modprobe tpm

Depending on your chipset, you might also need to load one of the following:

# modprobe -a tpm_{atmel,infineon,nsc,tis,crb}


TPM 1.2 is managed by tcsd, a userspace daemon that manages Trusted Computing resources and should be (according to the TSS spec) the only portal to the TPM device driver. tcsd is part of the trousersAUR AUR package, which was created and released by IBM, and can be configured via /etc/tcsd.conf.

To start tcsd and watch the output, run:

# tcsd -f

or simply start and enable tcsd.service.

Once tcsd is running you might also want to install tpm-toolsAUR which provides many of the command line tools for managing the TPM.

Some other tools of interest:

  • tpmmanager — A Qt front-end to tpm-tools[dead link 2020-04-03 ⓘ] || tpmmanagerAUR
  • opencryptoki — A PKCS#11 implementation for Linux. It includes drivers and libraries to enable IBM cryptographic hardware as well as a software token for testing. || opencryptokiAUR


Start off by getting basic version info:

$ tpm_version

and running a selftest:

$ tpm_selftest -l info
TPM Test Results: 00000000 ...
tpm_selftest succeeded

Securing SSH Keys

There are several methods to use TPM to secure keys, but here we show a simple method based on simple-tpm-pk11-gitAUR.

First, create a new directory and generate the key:

$ mkdir ~/.simple-tpm-pk11
$ stpm-keygen -o ~/.simple-tpm-pk11/my.key

Point the config to the key:

key my.key

Now configure SSH to use the right PKCS11 provider:

Host *
    PKCS11Provider /usr/lib/

It is now possible to generate keys with the PKCS11 provider:

$ ssh-keygen -D /usr/lib/
Note: This method currently does not allow for multiple keys to be generated and used.

Accessing PCR registers

Platform Configuration Registers (PCR) contain hashes that can be read at any time but can only be written via the extend operation, which depends on the previous hash value, thus making a sort of blockchain. They are intended to be used for platform hardware and software integrity checking between boots (e.g. protection against Evil Maid attack). They can be used to unlock encryption keys and proving that the correct OS was booted.

PCR Use Notes
PCR0 Core System Firmware executable code (aka Firmware) May change if you upgrade your UEFI
PCR1 Core System Firmware data (aka UEFI settings)
PCR2 Extended or pluggable executable code
PCR3 Extended or pluggable firmware data Set during Boot Device Select UEFI boot phase
PCR4 Boot Manager
PCR5 GPT / Partition Table
PCR6 Resume from S4 and S5 Power State Events
PCR7 Secure Boot State
PCR 8 to 10 Reserved for Future Use
PCR11 BitLocker Access Control
PCR12 Data events and highly volatile events
PCR13 Boot Module Details
PCR14 Boot Authorities
PCR 15 to 23 Reserved for Future Use

tpm2-totp-gitAUR facilitates this check with an human observer and dedicated trusted devise.

# cat /sys/kernel/security/tpm0/ascii_bios_measurements

Using TPM 2.0

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: This section is a stub. You can help by expanding it with information on how to set up and use a TPM 2.0 device. (Discuss in Talk:Trusted Platform Module#)

Many informative resources to learn how to configure and make use of TPM 2.0 services in daily applications are available from the tpm2-software community.

Checking support

A TPM 2.0 chip has been a requirement for computers certified to run Windows 10 since 2016-07-28.[1] Linux has had support for TPM 2.0 since version 3.20[2] and should not require any other steps to be enabled on a default Arch install.

Two ways to verify whether TPM 2.0 is setup without specific software:

  • checking the logs with e.g. dmesg | grep -i tpm
  • read the value of /sys/class/tpm/tpm0/device/description[3] or /sys/class/tpm/tpm0/tpm_version_major


Good examples of TPM 2.0 usage include:


tcsd.service failed to start

After installing trousersAUR, the tcsd.service service may not start correctly due to permission issues.[4] It is possible to fix this either by rebooting or by triggering the udev rule that is included in the trousersAUR package:

# udevadm control --reload-rules
# udevadm trigger

See also