Trusted Platform Module

From ArchWiki
Revision as of 19:44, 19 April 2010 by Nonix (talk | contribs) (some basic things, i have no knowledge about this at all ;-))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

A Trusted Platform Module is a "Security Chip" which is built in many modern PCs.

Have a look on Wikipedia for more general information.

TPM or not TPM

First you must find out if you have an TPM in your computer, and what kind of TPM.

For ThinkPads have a look in the Thinkwiki.

Enabling in the BIOS

Just look for an Entry like "Enable TPM-Chip" and set it on Enabled.


Drivers are Kernel Modules and can be loaded with

modprobe tpm

or tpm_atmel, tpm_bios, tpm_infineon, tpm_nsc or tpm_tis, depending on your chipset.


For using a TPM you must compile some Packages from the AUR.

You will need the Trousers package, wich is created and released by IBM.

It brings you the great "tcsd", a user space daemon that manages Trusted Computing resources and should be (according to the TSS spec) the only portal to the TPM device driver.

Tcsd has a manpage. You can configure tcsd trough /etc/tcsd.conf.

For starting tcsd and watching the output, run

tcsd -f

or simply add tcsd to the DAEMONS line in /etc/rc.conf for automatic startup with every boot.

Using the TPM

There are several AUR-packages for using the TPM with trousers, most of are also part of the trousers project.


Is a set of tools like tpm_changeownerauth, tpm_clear, tpm_createek, tpm_getpubek, tpm_resetdalock, tpm_restrictpubek, tpm_revokeek, tpm_sealdate, tpm_selftest, tpm_setactive, tpm_setclearable, tpm_setenable, tpm_setoperatorauth, tpm_setownable, tpm_setpresence, tpm_takeownership, tpm_version.

Each of them has an own manpage.


is not developed by the trousers crew.

Seems to be an easy to use Qt-Frontend to tpm-tools, and seems to be crashing a lot.


OpenSSL engine which interfaces with the TSS API


A key manager for TPM based eCryptfs keys