Difference between revisions of "Trusted Platform Module"

From ArchWiki
Jump to: navigation, search
m (convert old AUR links to template)
Line 37: Line 37:
  
 
=== tpm-tools ===
 
=== tpm-tools ===
https://aur.archlinux.org/packages.php?ID=14331
+
{{AUR|tpm-tools}}
  
 
Is a set of tools like tpm_changeownerauth, tpm_clear, tpm_createek, tpm_getpubek, tpm_resetdalock, tpm_restrictpubek, tpm_revokeek, tpm_sealdate, tpm_selftest, tpm_setactive, tpm_setclearable, tpm_setenable, tpm_setoperatorauth, tpm_setownable, tpm_setpresence, tpm_takeownership, tpm_version.
 
Is a set of tools like tpm_changeownerauth, tpm_clear, tpm_createek, tpm_getpubek, tpm_resetdalock, tpm_restrictpubek, tpm_revokeek, tpm_sealdate, tpm_selftest, tpm_setactive, tpm_setclearable, tpm_setenable, tpm_setoperatorauth, tpm_setownable, tpm_setpresence, tpm_takeownership, tpm_version.
Line 44: Line 44:
  
 
=== tpmmanager ===
 
=== tpmmanager ===
https://aur.archlinux.org/packages.php?ID=30261
+
{{AUR|tpmmanager}}
  
 
A Qt front-end to tpm-tools, not developed by the trousers team.
 
A Qt front-end to tpm-tools, not developed by the trousers team.
  
 
=== openssl_tpm_engine ===
 
=== openssl_tpm_engine ===
https://aur.archlinux.org/packages.php?ID=14332
+
{{AUR|openssl_tpm_engine}}
  
 
OpenSSL engine which interfaces with the TSS API
 
OpenSSL engine which interfaces with the TSS API
  
 
=== tpm_keyring2 ===
 
=== tpm_keyring2 ===
https://aur.archlinux.org/packages.php?ID=14339
+
{{AUR|tpm_keyring2}}
  
 
A key manager for TPM based eCryptfs keys
 
A key manager for TPM based eCryptfs keys
  
 
=== opencryptoki ===
 
=== opencryptoki ===
https://aur.archlinux.org/packages.php?ID=22500
+
{{AUR|opencryptoki}}
  
 
openCryptoki is a PKCS#11 implementation for Linux. It includes drivers and libraries to enable IBM cryptographic hardware as well as a software token for testing.
 
openCryptoki is a PKCS#11 implementation for Linux. It includes drivers and libraries to enable IBM cryptographic hardware as well as a software token for testing.

Revision as of 20:16, 1 October 2013

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: please use the first argument of the template to provide a brief explanation. (Discuss in Talk:Trusted Platform Module#)

A Trusted Platform Module is a "Security Chip" which is built in many modern PCs.

Have a look on Wikipedia for more general information.

TPM or not TPM

First you must find out if you have an TPM in your computer, and what kind of TPM.

For ThinkPads have a look in the Thinkwiki.

Enabling in the BIOS

Just look for an Entry like "Enable TPM-Chip" and set it on Enabled.

Drivers

Drivers are Kernel Modules and can be loaded with

modprobe tpm

or tpm_atmel, tpm_bios, tpm_infineon, tpm_nsc or tpm_tis, depending on your chipset.

trousers/tcsd

For using a TPM you must compile some packages from the AUR.

You will need the Trousers package, which was created and released by IBM.

It provides you with "tcsd", a user space daemon that manages Trusted Computing resources and should be (according to the TSS spec) the only portal to the TPM device driver.

tcsd has a manpage. You can configure tcsd trough /etc/tcsd.conf.

For starting tcsd and watching the output, run

tcsd -f

or simply add tcsd to the DAEMONS line in /etc/rc.conf for automatic startup with every boot.

Using the TPM

There are several AUR packages for using the TPM with trousers, most of are also part of the trousers project.

tpm-tools

tpm-toolsAUR

Is a set of tools like tpm_changeownerauth, tpm_clear, tpm_createek, tpm_getpubek, tpm_resetdalock, tpm_restrictpubek, tpm_revokeek, tpm_sealdate, tpm_selftest, tpm_setactive, tpm_setclearable, tpm_setenable, tpm_setoperatorauth, tpm_setownable, tpm_setpresence, tpm_takeownership, tpm_version.

Each of them has an own manpage.

tpmmanager

tpmmanagerAUR

A Qt front-end to tpm-tools, not developed by the trousers team.

openssl_tpm_engine

openssl_tpm_engineAUR

OpenSSL engine which interfaces with the TSS API

tpm_keyring2

tpm_keyring2AUR

A key manager for TPM based eCryptfs keys

opencryptoki

opencryptokiAUR

openCryptoki is a PKCS#11 implementation for Linux. It includes drivers and libraries to enable IBM cryptographic hardware as well as a software token for testing.