TPM on Linux/Ubuntu in SmartRM
To enable SmartRM to use the TPM chip on Ubuntu/Linux first of all you have the chip enable and activated
- you normally enable and activate a TPM via BIOS
- to test if TPM is correctly enabled and activated you’ve to check if the device is available (check if the file “/dev/tpm0” exists)
You also need Trousers installed and running on linux
- linux normally install trousers on default (and launch it at start-up)
- to check if trousers is running, please digit “/etc/init.d/trousers status” or “ps - A | grep tcsd”
- sometimes linux doesn’t recognize the correct manufacture of TPM
- to list the installed trousers moduls: “lsmod | grep tpm”
- to check if your TPM is correctly bind, your manufacture issuer has to be listed (i.e. for Infineon, you’ve to check if tpm_infineon is listed)
- to activate a new module, modprobe tpm_infineos, tpm_tis, tpm_ncs or tpm_atmel
- to startup automatically the correct tpm modules you’ve to edit the “/etc/modules” file and add your module (i.e. tpm_tis)
- to start manually trousers in foreground: “tcsd -f”
- to check if the TPM was already ownershipped “cat /sys/class/misc/tpm0/device/pubek” and you cannot see the content or via tpm_tools launch the command “tpm_getpubek” (and it will require the ownerpwd)
- to check if the TPM was already initialized (application specific) check if the “~/.smartRM/tpa” folder exist
- to enable Trousers to work correctly with SmartRM, please edit the file “/etc/tcsd.conf” setting the value of the entry “num_threads” to 300