Questions tagged [tpm]
A TPM (Trusted Platform Module) is a security coprocessor found on many PCs
43
questions
0
votes
1
answer
15
views
GPG Key to TPM. error from TPM: Card error
When following instructions on how to import a GPG key to a TPM, I get the following error: gpg: error from TPM: Card error.
$ gpg --edit-key <key ID>
gpg (GnuPG) 2.4.5; Copyright (C) 2024 g10 ...
0
votes
0
answers
19
views
autoconf error in trying to run TPM2.0 simulator on M1 Mac
I'm trying to run a TPM2.0 simulator on macOS Sonoma (14.2.1) using Official TPM 2.0 Reference Implementation (by Microsoft) and it seems to be failing at generating a make file for executing. This is ...
0
votes
0
answers
14
views
Ubuntu 23.11 + TPM Full Disk Encryption + Esxi/VMWare
Has anyone gotten TPM + FDE working on a VM in ESXi?
I got through the installation but after reboot the system would not start, a screen comes up with /EndEntire and then the following errors:
When ...
0
votes
2
answers
285
views
How and when is `/sys/kernel/security/tpm0/binary_bios_measurements` exposed?
Currently, I try to understand how a measured boot is working and what components log what in which pcr of a tpm2.
I have a test-setup with uefi-secure boot enabled and a tpm2 attached in a kvm ...
0
votes
0
answers
143
views
How do I test Network Manager PKCS11 usage?
I am trying to access a wifi network which is 802.1x protected with a certificate and the private key is stored in a TPM2.
When I try to connect to the network using Network Manager, I get the error ...
2
votes
1
answer
992
views
How must I configure Debian or Ubuntu to ensure there's a chain of trust from TPM to Login?
TPMs are supposed to solve a chicken and egg problem of where to store unencrypted disk encryption keys such that someone can't simply pop another hard drive in the machine, boot a different OS and ...
1
vote
0
answers
235
views
Why can TPM2.0 sealing objects created under password-protected primary keys be loaded and used elsewhere without that password?
I have been investigating using the TPM2.0 for secure persistence of secrets using the tpm2-tools. It seems sealing objects are the way to go for this kind of thing.
I am hoping someone here might be ...
1
vote
0
answers
89
views
LUKS: Use TPM to make password hash function resistant to parallellized cracking
In order to do that, I think it's possible to make the password hash dependent on the TPM: that way, an attacker would need to invoke the TPM for every password hash, limiting the speed of password ...
0
votes
1
answer
308
views
I Have LUKS Enabled And Integrated With TPM 2. How To Hide Passphrase Screen?
System: Fedora 37, Gnome 43
I enabled LUKS encryption on setup and enabled auto-decrypt via TPM 2 with following an article from Fedora Magazine. Auto-decrypt works but while it decrypts, it shows the ...
3
votes
1
answer
1k
views
cryptsetup ignoring unknown option 'tpm2-device'
I have been trying to get LUKS disk encryption with TPM2 working on an HP EliteBook 850 G8 running Kali Linux 2022.3. However, I am struggling to get TPM2 disk decryption added to Initramfs.
Steps I ...
2
votes
0
answers
816
views
Clevis auto decrypt not wokring ( Kali 2022.2 + LUKS + TPM2 + Clevis )
I cannot figure out how to get clevis to auto-decrypt my root partition on boot.
What I want
I want to use the TPM2 chip on my kali PC to have an encrypted disk that self-decrypt on boot. The main ...
2
votes
1
answer
1k
views
What is a TPM2 "object context"?
The man page for tpm2_load has the following example:
To load an object you first must create an object under a primary object. So the first step is to create the primary object.
tpm2_createprimary -...
4
votes
1
answer
4k
views
Ubuntu 20.04 clevis-luks setup auto unlocking not working
I have an Ubuntu 20.04 machine setup that I am trying to configure for disk encryption. I am trying to setup auto unlock, but my configuration has not worked so far, and I am always prompted for a ...
1
vote
0
answers
2k
views
How to verify that a key is loaded on a TPM 2.0 device
Situation:
I'm learning how to use some of the basic commands in the tpm2-tools software package because I have to develop some high-level test cases to verify a TPM is handling keys per customer ...
0
votes
1
answer
453
views
Where are TPM 2.0 selftest messages logged?
Hopefully, this is a simple question regarding hardware I'm just now learning how to use: the TPM.
My laptop has a TPM 2.0, and I need to become familiar with some basic functionality offered by the ...