Skip to main content
We’ve updated our Terms of Service. A new AI Addendum clarifies how Stack Overflow utilizes AI interactions.
Unix & Linux

Questions tagged [tpm]

Ask Question

A TPM (Trusted Platform Module) is a security coprocessor found on many PCs

45 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
6 votes
3 answers
705 views

I've been trying to find information about how systemd-cryptenroll performs full-drive encryption with LUKS. I understand that the LUKS header allows multiple keyslots, and that using the TPM as a ...
Hari's user avatar
  • 202
3 votes
1 answer
223 views

I want to run an Alpine Linux VM and want to connect the host's TPM to the VM. The host is x86_64 based. The command for qemu is qemu-system-aarch64 \ -m 1024 -cpu cortex-a57 -M virt \ -bios /...
HerpDerpington's user avatar
  • 205
0 votes
0 answers
218 views

Firstly, greetings and I hope you the reader is doing well. I have spent the last five days barely sleeping. I have been doing search engine research on many IT sites including Stack Exchange and also ...
P Williams's user avatar
  • 9
0 votes
1 answer
472 views

On Debian, how can I instruct clevis/initramfs to unlock two LUKS devices before booting? I currently have both devices configured to be unlocked through TPM2, which is correctly configured as I can ...
Maxime Thiebaut's user avatar
  • 1
3 votes
1 answer
2k views

I recently installed Ubuntu on an old SSD, as I wanted to test out some software on a different OS. After installing Ubuntu (using debootstrap, arch-chroot and apt), my EFI's NVRAM boot order got ...
Alex Leach's user avatar
  • 8,170
0 votes
1 answer
272 views

When following instructions on how to import a GPG key to a TPM, I get the following error: gpg: error from TPM: Card error. $ gpg --edit-key <key ID> gpg (GnuPG) 2.4.5; Copyright (C) 2024 g10 ...
xyakimo1's user avatar
  • 1
0 votes
3 answers
1k views

Currently, I try to understand how a measured boot is working and what components log what in which pcr of a tpm2. I have a test-setup with uefi-secure boot enabled and a tpm2 attached in a kvm ...
user3046582's user avatar
  • 101
3 votes
1 answer
2k views

TPMs are supposed to solve a chicken and egg problem of where to store unencrypted disk encryption keys such that someone can't simply pop another hard drive in the machine, boot a different OS and ...
Philip Couling's user avatar
  • 21k
1 vote
0 answers
394 views

I have been investigating using the TPM2.0 for secure persistence of secrets using the tpm2-tools. It seems sealing objects are the way to go for this kind of thing. I am hoping someone here might be ...
nuclearpidgeon's user avatar
  • 121
1 vote
0 answers
122 views

In order to do that, I think it's possible to make the password hash dependent on the TPM: that way, an attacker would need to invoke the TPM for every password hash, limiting the speed of password ...
redfast00's user avatar
  • 417
0 votes
1 answer
615 views

System: Fedora 37, Gnome 43 I enabled LUKS encryption on setup and enabled auto-decrypt via TPM 2 with following an article from Fedora Magazine. Auto-decrypt works but while it decrypts, it shows the ...
Çağan Mert İŞLEK's user avatar
  • 3
4 votes
1 answer
3k views

I have been trying to get LUKS disk encryption with TPM2 working on an HP EliteBook 850 G8 running Kali Linux 2022.3. However, I am struggling to get TPM2 disk decryption added to Initramfs. Steps I ...
lxndrblz's user avatar
  • 41
2 votes
0 answers
1k views

I cannot figure out how to get clevis to auto-decrypt my root partition on boot. What I want I want to use the TPM2 chip on my kali PC to have an encrypted disk that self-decrypt on boot. The main ...
Raphael's user avatar
  • 21
2 votes
1 answer
2k views

The man page for tpm2_load has the following example: To load an object you first must create an object under a primary object. So the first step is to create the primary object. tpm2_createprimary -...
Alex Henrie's user avatar
  • 879
5 votes
1 answer
5k views

I have an Ubuntu 20.04 machine setup that I am trying to configure for disk encryption. I am trying to setup auto unlock, but my configuration has not worked so far, and I am always prompted for a ...
Niru's user avatar
  • 161
2 votes
0 answers
2k views

Situation: I'm learning how to use some of the basic commands in the tpm2-tools software package because I have to develop some high-level test cases to verify a TPM is handling keys per customer ...
placebo_me_please's user avatar
  • 31
0 votes
1 answer
770 views

Hopefully, this is a simple question regarding hardware I'm just now learning how to use: the TPM. My laptop has a TPM 2.0, and I need to become familiar with some basic functionality offered by the ...
placebo_me_please's user avatar
  • 31
0 votes
0 answers
972 views

It seems like having no password is a big pain when working with any of the crypt tools like systemd-cryptenroll and cryptsetup! I got a volume that is protected by pkcs11-uri=auto (Smart Card) and ...
Boris Hamanov's user avatar
  • 245
2 votes
1 answer
5k views

We currently have UEFI booting up GRUB which boots up Linux. We need to implement secureboot. We're using a TPM to store our keys. Does GRUB2 support TPM - I read the only version of GRUB that ...
user515439's user avatar
  • 23
0 votes
1 answer
369 views

At reboot, with USB sticks inserted, the TPM will not allow passphraseless booting of the server. With a USB HDD inserted passphraseless booting of the server is possible. Our servers are running ...
Jacques MALAPRADE's user avatar
  • 133
0 votes
1 answer
1k views

I have this issue with latest fedora 35 beta. Clevis encrypt does not work, although I can find the TPM being active in the logs. Tried the enable operation from bios with no luck. Please, see details ...
Boris Hamanov's user avatar
  • 245
5 votes
2 answers
6k views

I am currently aware of two recent methods to bind a LUKS encrypted root partition to a TPM2: systemd-cryptenroll and clevis. Both of them seem to release the encryption key after successfully ...
Simon's user avatar
  • 195
0 votes
3 answers
4k views

I have enabled TPM 2.0 using bios. $ [ -c /dev/tpmrm0 ] && echo "TPM 2.0" TPM 2.0 When I am trying to install tpm-tools, it is giving the following error: % sudo apt install tpm-...
Ahmad Ismail's user avatar
  • 3,134
2 votes
0 answers
818 views

I have a Self Encrypted Disk (SED). I'd like to use sedutil to lock the disk, but I want the password to be sealed in the TPM module on board the system, instead of in ATA BIOS. Essentially I want the ...
user1173240's user avatar
  • 173
1 vote
1 answer
1k views

How to find out if TPM device supports "TPM 2.0 FIFO Interface" (TCG_TIS) and "TPM 2.0 FIFO Interface - (SPI)" (TCG_TIS_SPI), when they don't specify it? I'm particularly ...
pevik's user avatar
  • 1,589
1 vote
1 answer
3k views

For passwordless decryption of a LUKS volume I want to use clevis with my TPM 2.0 module. This module is recognised in Debian Testing (bullseye): /dev/tpm0 and /dev/tpmrm0 exist (so that I am able to ...
edfrank's user avatar
  • 13
0 votes
1 answer
1k views

I have Debian and Linux 5.x kernel. I get the following error: # /etc/init.d/tpm2-abrmd status ● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon Loaded: loaded (/lib/systemd/...
PersianGulf's user avatar
  • 11.3k
1 vote
1 answer
1k views

I'm at my wits' end on this one. A CentOS 7 box with a TPM module. If I reboot it from the terminal, it seems fine. But if I hard reboot it, it apparently gets stuck in this state, spitting out: Nov ...
Rail24's user avatar
  • 141
3 votes
0 answers
911 views

Im trying to get a LUKS volume unlocked by the TPM-module on a Dell Optiplex 3060. The binding seems to work fine: clevis luks bind -d /dev/nvme0n1p3 tpm2 '{"pcr_ids":"7"}' $ luksmeta show -d /dev/...
n-tchen's user avatar
  • 460
2 votes
1 answer
1k views

I'm building a machine with Yoctoproject. I need TPM module for some purposes but I can't enable it. I tried this way: I ran bitbake -c menuconfig virtual/kernel, accessed Device Drivers > ...
Batman's user avatar
  • 41
5 votes
1 answer
6k views

Is there any command to check if TPM2.0 is owned (i.e., ownership is taken) and if TPM is enabled on Ubuntu 16.04? For TPM1.2 this was possible with cat /sys/class/tpm/tpm0/device/owned We are using ...
Venkata Ramana's user avatar
  • 51
2 votes
0 answers
2k views

Some Linux-distro's support Secure Boot. (These distro's use a 1st-stage bootloader signed by Microsoft.) Is Linux (without any additional modules) able or is there any Linux-distro out there that is ...
user avatar
1 vote
1 answer
440 views

I have system with TPM 1.2 installed on it. Currently, I'm using tpm-tools to initialize this TPM. With the command tpm_extendpcr -p 23 tpm-pcr.key I can write a value into a PCR which works fine. ...
M. Quicly's user avatar
  • 11
1 vote
0 answers
1k views

When I try to boot up Linux Mint, it gets stuck at initramsfs with the following error messages: [ 1.892162] tpm tpm0: A tpm error (7) occurred attempting to read a pcr value [ 2.012154] ...
DeapSoup's user avatar
  • 11
13 votes
3 answers
42k views

I'm experiencing system freezes and looking in the journal I see kernel (4.14.15-1-MANJARO) errors such as: kernel: tpm_crb MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/...
Tom Hale's user avatar
  • 33.4k
1 vote
2 answers
2k views

I want to load unlock my LUKS partition (root file system) at boot time using a TPM 2.0. I've had no success using a keyscript=/path/to/script in my /etc/crypttab file, however I made progress using ...
spanishgum's user avatar
  • 195
1 vote
1 answer
1k views

I am attempting to activate and use my TPM module on CentOS6.9 running kernel 2.6.32-696.3.1.el6.x86_64. All the tutorials I've found online start with installing tpm-tools and trousers, which I've ...
novack's user avatar
  • 11
41 votes
2 answers
107k views

Wanting to play around with Trusted Platform Module stuff, I installed TrouSerS and tried to start tcsd, but I got this error: TCSD TDDL ERROR: Could not find a device to open! However, my kernel has ...
Matthew Cline's user avatar
  • 3,575
0 votes
1 answer
154 views

I am trying to install kali linux on one SSD and linux mint on the other SSD. Both instalations are encrypted using LVM encryption. Linux mint works great and also kali linux boots up the first time ...
horin's user avatar
  • 111
11 votes
5 answers
53k views

I'm getting this error while booting and my computer won't start. a tpm error (7) occurred attempting to read a pcr value I installed CentOS 7 on a z400 workstation computer. I was working on it and ...
AUREL's user avatar
  • 111
2 votes
2 answers
2k views

I'd try to use tpm (trusted platform module) built in my laptop on Debian 8. Most of tpm_* programs gives back answer: root@debian:~# tpm_takeownership Enter owner password: Confirm password: ...
Daniel Szydłowski's user avatar
  • 21
4 votes
0 answers
3k views

I have a Samsung XE303C12 Chromebook which apparently has a failed TPM module. It won't boot into ChromeOS, and when I try to recover the OS, I'm told that an error has occurred. I hit Tab and the ...
Josh M.'s user avatar
  • 240
5 votes
0 answers
565 views

I'm trying to create device with CentOS6, encrypted disk (with LUKS), TPM module and TrustedGRUB to boot securely and without interaction. I'm following instructions from https://github.com/shpedoikal/...
MoonWolf's user avatar
  • 51
16 votes
2 answers
4k views

I would like to seal away files on my system using keys stored in the TPM. Since my system uses UEFI to boot, I can no longer use TrustedGrub as a boot loader to maintain my trust chain. Are there any ...
Marcus's user avatar
  • 253
4 votes
2 answers
2k views

I have an Atmel 97SC3201 in my computer and set the following in the kernel: CONFIG_HW_RANDOM_TPM CONFIG_TCG_TPM CONFIG_TCG_ATMEL /dev has tpm0 and hwrng, but running this command returns the ...
sam's user avatar
  • 41