Disclaimer
Before reading this article make sure you have read and understood my article about the TPM module per se (click here to read it). The article here below explains how to install and configure TPM 1.2 on a Linux system.
Intro
A TPM module (or Trusted Platform Module) is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices. ( you can find more info about what it is and how it works at this link: here ).
If you have a TPM 2.0 please read my article about configuring TPM 2.0 instead, link here.
Let’s configure TPM 1.2 on Linux
To use it on RHEL 7 (CentOS 7, PacketLinux 2, Scientific Linux and Fedora) or Debian 9 or up and OpenSuse, first of all you need to configure your PC BIOS to enable it. This procedure will depend on the BIOS you have, the motherboard you have and the also the release of your TPM module, so for this step please check your motherboard manual.
Please Note: If you install a TPM module and leave it disabled as TPM (but you have enabled your BIOS Security CHIP flag) then you most likely will get the following error when Linux Kernel will boot up: “a tpm error (7) occurred attempting to read a pcr value”. To fix this please enable your TPM module in your BIOS.
When you have completed the full activation process on your BIOS, boot up your Linux system and login as root on your console (if you can’t login as root then remember to use sudo before each commands below!).
first of all verify that your kernel can see the TPM module correctly by checking your /var/log/message like this:
# cat /var/log/messages | grep -i tpm
It should display your tpm module release, something similar to the following string:
Mar 17 20:37:15 vmm kernel: tpm_tis 00:05: 1.2 TPM (device-id 0xD, rev-id 18)
If nothing is displayed please try also:
# dmesg | grep -i tpm
Then check if the tcsd daemon is up and running:
# systemctl status tcsd
If you can’t find tcsd you can install it via:
On CentOS, Fedora, PacketLinux, RHEL and ScientificLinux
# yum -y install trousersOn Debian, Kali and Ubuntu
# apt install trousersOn OpenSuse
# zypper install trousers -y
If tcsd is not running then you can run it via:
# systemctl start tcsd
If tcsd is not running then you may get an error like this one when you’ll try to access/connect to your tpm module: “Tspi_Context_Connect failed: 0x00003011 – layer=tsp, code=0011 (17), Communication failure”. To avoid this problem you must start tcsd.
If it starts correctly then you can make sure it will start at every system reboot via:
# systemctl enable tcsd
At this point you can install all your tpm tools via:
On CentOS, Fedora, PacketLinux, RHEL and ScientificLinux
# yum -y install tpm-tools
On Debian, Kali and Ubuntu
# apt install tpm-tools -y
On OpenSuse
# zypper install tpm-tools -y
And finally query directly your TPM module with:
# tpm_version
If everything is ok you should see an output similar to the following one:
TPM 1.2 Version Info: Chip Version: 1.2.3.19 Spec Level: 2 Errata Revision: 2 TPM Vendor ID: XYZ Vendor Specific data: xxxxxxxx yy TPM Version: zzzzzzzz Manufacturer Info: hhhhhhhh
You are now ready to get ownership of your TPM module and start the fun 🙂
In future articles we’ll see how we can use it and also how we can program it…
What next?
- Read what is a TPM module (for all platforms included mac and Raspberry Pi) here.
- Read about what you can do with a TPM either as a software developer or as a system administrator here.
- Read how to configure Linux to use your TPM 2.0 and how to check if your system has got one here.
Ok that’s it for now, thanks for reading and I hope you’ve found some useful information here. If you enjoyed this post, please don’t forget to support my blog by:
- Visiting my on-line hacking and engineering merchandise shop on redbubble.com by clicking here
- Or you can also make a donation with the PayPal link in the column on your right
- Or share this article
If you like my articles and want to keep getting informed on new ones you can follow me on on of those 21st Century thingies called Facebook, Twitter, Instagram or Pinterest
And as always if you have any questions please feel free to use the comments section below.
Thank you! 
Paolo Fabio Zaino's Blog 
Immensely helpful, thanks, but I really wanted you to go further and show us how to turn off the TPM chip, reclaim our machines and be able to boot systems such as Fedora 26 which ceased to work when my motherboard was unnecessarily upgraded by engineers under warranty [real problem the power supply]. So my beautifully functional fedora 26 system no longer booots, a bare DVD or fresh ISO on a USB fail to boot…..
LikeLiked by 1 person
Hi, glad you enjoyed the post, thanks.
To turn off your TPM chip you need to access your system BIOS (so reboot your system and use your specific key combination to access the BIOS, usually either f2, f10, del, space key etc.) and find the option to turn off your TPM chip. Option name and location changes a lot depending on the BIOS manufacturer.
About the rest of your comment, it sounds more likely your issue is being caused by Secure Boot, not the TPM chip itself, but without more info and details I really cannot say. However, if it’s being caused by Secure Boot, then you can simply disable Secure Boot and try again.
Hope this helps, thanks,
– Paolo
LikeLike
Pingback: A Windows Power User Configures Linux Mint Cinnamon 18.3 on an Acer Laptop (Long Version) | Ray Woodcock's Latest
Pingback: TPM module | Paolo Fabio Zaino's Blog
Have there been any followups to this article about how to actually use the TPM chip? Thanks!
LikeLiked by 1 person
Hi, thanks for reading,
I haven’t published more articles on the TPM subject because it didn’t get a lot of attention to be honest, you’re basically the only one who asked.
What are you interested into? How to use the TPM chip in your code or with other services?
Cheers,
LikeLike
Thanks for the reply. I didn’t have anything specific in mind. Just wanted to explore different possibilities with the chip. I’m guessing I’d be interested in using services to start with and then get into programming the chip. I have 1.2 on my laptop, but mostly just interested in reading about your experience of how you use the chip so 2.0 would be fine as well. Thanks for the posts. Quite enjoyable!
LikeLiked by 1 person
Ok, I’ll try to add more articles on the TPM…
LikeLike
I would like to Second Jonny Mako’s request regarding more content on TPM… The content you have provided so far has been top notch, would like to see more.
LikeLiked by 1 person
Hi Servermancer,
Thank you very much for your comment and feedback. The more comments I get from people asking for certain articles the more I’ll keep writing on the same subject 🙂
So, I can confirm I started to add material for TPM2 and then will add more info about how to use them via CLI and other potential usages via certain services.
I am sorry for the slow rate, but I am usually very busy at work so there is only a little time left for this blog. Thanks for everyone’s patience! 🙂
Best regards!
LikeLike
***PLEASE PLEASE PLEASE QUICKLY COMPLETE FULL INSTRUCTIONS HOW TO USE TPM 1.2 SECURITY OPTIONS WHICH YOU STARTED. THANK YOU! GREAT WORK! (using qubes os on purism laptop) but no way to know how to make best use of tpm 1.2
LikeLike
Guys,
I understand your needs, but please show some support as well for this blog!
Here is how to:
To push for a specific argument for articles please make a donation or purchase something from my shop OR if you can’t afford both, then please share my articles, specifically the ones you want me to write more about. This blog shows me stats for clicked articles, so no worries I can track what is being clicked.
Now to you the action and thank you very much for reading and supporting this blog 🙂
LikeLike
Liked the content in blog which is straight forward and to the point. Waiting for next blog to make the series complete 😀.
LikeLiked by 1 person
Thanks,
Hopefully soon the next article will be ready! 🙂
LikeLike
Pingback: Linux: Configure and use your TPM 2.0 module on Linux | Paolo Fabio Zaino's Blog
Pingback: Linux: What can I do with a Trusted Platform Module (TPM)? | Paolo Fabio Zaino's Blog