注意:

The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.

Difference between revisions of "TPM2"

From Funtoo
Jump to navigation Jump to search
(initial commit explaining what tpm 2.0 is, pre requisites, and needing enabled in bios)
 
(include coffnix's tpm packages to mergable section.)
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{warning|this document is under construction and may be incomplete.}}
TPM-2.0 is a system that has hardware random number generation, key storage outside of ram, and can decrypt LUKS encrypted drives automatically.  You may need to buy an external TPM module for your motherboard, or it may have it onboard on newer laptops.  TPM modules come in several varieties, some have 12 pins, some have 14, some have 20, and must be matched to your motherboard.  You need to have TPM 2.0 computing enabled in BIOS.
TPM-2.0 is a system that has hardware random number generation, key storage outside of ram, and can decrypt LUKS encrypted drives automatically.  You may need to buy an external TPM module for your motherboard, or it may have it onboard on newer laptops.  TPM modules come in several varieties, some have 12 pins, some have 14, some have 20, and must be matched to your motherboard.  You need to have TPM 2.0 computing enabled in BIOS.
*check tpm is found, and populates udev devices
{{console|body=
###i## dmesg {{!}} grep -i tpm && ls /dev/tpm*
}}
*check tpm version
{{console|body=
###i## cat /sys/class/tpm/tpm0/tpm_version_major
}}
*fetch interesting packages
{{console|body=
###i## emerge tpm2-tss rng-tools tpm2-abrmd tpm2-tools tpm2-totp
}}
*when available merge these
{{console|body=
###i## emerge tpm2-pkcs11 tpm2-pytss
}}
*load kernel module
{{console|body=
###i## modprobe -a tpm_{atmel,infineon,nsc,tis,crb}
}}
==tpm & secure boot presentation==
{{#evt:service=youtube|id=https://youtu.be/ywoMSwvxZo4}}

Latest revision as of 03:08, January 9, 2023

   Warning

this document is under construction and may be incomplete.

TPM-2.0 is a system that has hardware random number generation, key storage outside of ram, and can decrypt LUKS encrypted drives automatically. You may need to buy an external TPM module for your motherboard, or it may have it onboard on newer laptops. TPM modules come in several varieties, some have 12 pins, some have 14, some have 20, and must be matched to your motherboard. You need to have TPM 2.0 computing enabled in BIOS.

  • check tpm is found, and populates udev devices
root # dmesg | grep -i tpm && ls /dev/tpm*
  • check tpm version
root # cat /sys/class/tpm/tpm0/tpm_version_major
  • fetch interesting packages
root # emerge tpm2-tss rng-tools tpm2-abrmd tpm2-tools tpm2-totp
  • when available merge these
root # emerge tpm2-pkcs11 tpm2-pytss
  • load kernel module
root # modprobe -a tpm_{atmel,infineon,nsc,tis,crb}

tpm & secure boot presentation