For my work I (have to) use the Trusted Platform Module (TPM). This is a certain type of crypto chip located on a computer’s mainboard. Some people claim it’s a wicked piece of hardware, created by the government, Bill Gates, the music industry, etc. to overtake one’s computer (yepp, you can find stuff like this in the internet). I say it’s a technology you can use for good or for bad purposes. But I don’t want to argue about this here actually I simply need one to work with.

Up to now I have always built my own TPM-enabled kernel that also included the IBM IMA patch. Yesterday I found out that if you need the TPM only everything gets much easier. Simply load the kernel modules and start the tcsd (the trusted computing deamon that provides access to the TPM) and you’re done.

First login as root

> sudo -s

and install Trousers and the TPM Tools:

> apt-get install tpm-tools trousers

Head to the directory where the Kernel modules are located /lib/modules/2.x.y-z-generic/kernel/drivers/char/tpm, there you’ll find the modules you need:

> ls -la /lib/modules/2.x.y-z-generic/kernel/drivers/char/tpm
-rw-r–r–  1 root root 16240 2008-11-21 00:46 tpm_atmel.ko
-rw-r–r–  1 root root 18204 2008-11-21 00:46 tpm_bios.ko
-rw-r–r–  1 root root 23532 2008-11-21 00:46 tpm_infineon.ko
-rw-r–r–  1 root root 29440 2008-11-21 00:46 tpm.ko
-rw-r–r–  1 root root 17700 2008-11-21 00:46 tpm_nsc.ko
-rw-r–r–  1 root root 25452 2008-11-21 00:46 tpm_tis.ko

For my machine it was sufficient to load tpm_tis.ko.

> modprobe tpm_tis.ko

Now you should “see” the TPM (tpm0) in /sys/class/misc/ and be able to print the PCRs

> cat /sys/class/misc/tpm0/device/pcrs
PCR-00: xx 82 F8 37 D6 83 21 56 ff F7 FB 94 25 D8 7A 38 47 57 BF 83
PCR-01: yy 93 6D 55 81 BE 16 99 ff 88 DA D1 D9 B5 67 53 54 A7 41 71
PCR-02: zz DE 58 4D CE F0 3F 6A ff AC 1A 24 0A 83 58 93 89 6F 21 8D
PCR-03: aa 3F 78 0F 11 A4 B4 99 ff FC AA 80 CD 6E 39 57 C3 3B 22 75
PCR-04: bb 0B 67 73 D3 6F B5 AD ff 11 F5 43 C5 DA 92 C9 D4 69 E4 33
(and so on)

If tpm_tis doesn’t work on your machine, simply use trial and error for finding the right module. You can’t damage stuff. Btw: if you like to load the Kernel module automatically, edit /etc/modules and add “tpm_tis” to the list of modules.

If you’ve got the right module loaded, start the tcsd. Notice: unlike to other distributions you can’t invoke the tcsd in Ubuntu by

> /etc/init.d/tcsd start

You need to type

> tcsd

If you like some debugging info, add -f:

> tcsd -f

Now you’re ready to go:

> tpm_version
TPM 1.2 Version Info:
Chip Version:        1.2.11.5
Spec Level:          2
Errata Revision:     0
TPM Vendor ID:       ATML
TPM Version:         01010000
Manufacturer Info:   41544d4c

Now you can take ownership of your TPM:

> tpm_takeownership
Enter owner password: OWNERPASS
Confirm password: OWNERPASS
Enter SRK password: SRKPASS
Confirm password: SRKPASS

Done.

__________

By the way: If you find typing or grammar errors, you can keep them.