TPM on Linux/Ubuntu in SmartRM

To enable SmartRM to use the TPM chip on Ubuntu/Linux first of all you have the chip enable and activated

  • you normally enable and activate a TPM via BIOS
  • to test if TPM is correctly enabled and activated you’ve to check if the device is available (check if the file “/dev/tpm0” exists)
  • You also need Trousers installed and running on linux

  • linux normally install trousers on default (and launch it at start-up)
  • to check if trousers is running, please digit “/etc/init.d/trousers status” or “ps - A | grep tcsd
  • sometimes linux doesn’t recognize the correct manufacture of TPM
  • to list the installed trousers moduls: “lsmod | grep tpm”
  • to check if your TPM is correctly bind, your manufacture issuer has to be listed (i.e. for Infineon, you’ve to check if tpm_infineon is listed)
  • to activate a new module, modprobe tpm_infineos, tpm_tis, tpm_ncs or tpm_atmel
  • to startup automatically the correct tpm modules you’ve to edit the “/etc/modules” file and add your module (i.e. tpm_tis)
  • to start manually trousers in foreground: “tcsd -f”
  • to check if the TPM was already ownershipped “cat /sys/class/misc/tpm0/device/pubek” and you cannot see the content or via tpm_tools launch the command “tpm_getpubek” (and it will require the ownerpwd)
  • to check if the TPM was already initialized (application specific) check if the “~/.smartRM/tpa” folder exist
  • to enable Trousers to work correctly with SmartRM, please edit the file “/etc/tcsd.conf” setting the value of the entry “num_threads” to 300