Difference between revisions of "Intel GM45 TPM device iTPM INTC0102"
(â†Created page with 'INTC0102 Intel TPM device found in GM45 chipset is supposed to comply to TCG TPM 1.2 specifications, and thus be taken care of by '''tpm_tis''' kernel module. Unfortunatel...') |
m |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | INTC0102 Intel TPM device found in GM45 chipset is supposed to comply | + | INTC0102 Intel TPM device found in GM45 chipset is supposed to comply with TCG TPM 1.2 specifications, and thus be taken care of by '''tpm_tis''' kernel module. Unfortunately, it does not. After loading this module |
modprobe tpm_tis interrupts=0 force=1 | modprobe tpm_tis interrupts=0 force=1 | ||
Line 12: | Line 12: | ||
/sys/kernel/security/tpm0/binary_bios_measurements | /sys/kernel/security/tpm0/binary_bios_measurements | ||
− | but | + | but no further communication with the TPM device seems to be possible. |
In recent [http://sourceforge.net/mailarchive/forum.php?thread_name=200811280943427180885&forum_name=tpmdd-devel discussion] on tpmdd-devel mailing list Seiji Munetoh [http://sourceforge.net/mailarchive/message.php?msg_name=f02dbbe70812012308n32dc9fd6hd1f04d3ef6e002b7%40mail.gmail.com suggested] a quick fix, and Colin Didier [https://www.grounation.org/index.php?post/2008/07/04/8-how-to-use-a-tpm-with-linux made] a [http://cybione.org/~cdidier/log/data/200812020841/itpm.diff patch] out of it. | In recent [http://sourceforge.net/mailarchive/forum.php?thread_name=200811280943427180885&forum_name=tpmdd-devel discussion] on tpmdd-devel mailing list Seiji Munetoh [http://sourceforge.net/mailarchive/message.php?msg_name=f02dbbe70812012308n32dc9fd6hd1f04d3ef6e002b7%40mail.gmail.com suggested] a quick fix, and Colin Didier [https://www.grounation.org/index.php?post/2008/07/04/8-how-to-use-a-tpm-with-linux made] a [http://cybione.org/~cdidier/log/data/200812020841/itpm.diff patch] out of it. | ||
− | + | Note, however, that '''tpm_tis''' has to be compiled as a module and unloaded before suspend-to-disk, or it would freeze on wake-up. Suspend-to-ram seems to be OK, moreover if you unload '''tpm_tis''' before suspend-to-ram and modprobe in after resume -- then [http://sourceforge.net/projects/trousers trousers] daemon will refuse to restart. To get trousers run again, you have to either reboot or suspend-to-disk/wake-up. | |
+ | |||
+ | ==Notes== | ||
+ | The above-mentioned patch was merged into the kernel 2.6.33, and INTC0102 Intel TPM device works out of the box with the vanilla kernel. The only caveat is that the module '''tpm_tis''' has to be loaded with options | ||
+ | |||
+ | modprobe tpm_tis interrupts=0 force=1 itpm=1 | ||
+ | |||
+ | To make it happen automatically, you can create a file <tt>/etc/modprobe.d/tpm.conf</tt> containing | ||
+ | |||
+ | options tpm_tis interrupts=0 force=1 itpm=1 | ||
==Models== | ==Models== | ||
*{{X200}} | *{{X200}} | ||
+ | *{{X301}} |
Latest revision as of 21:26, 23 March 2010
INTC0102 Intel TPM device found in GM45 chipset is supposed to comply with TCG TPM 1.2 specifications, and thus be taken care of by tpm_tis kernel module. Unfortunately, it does not. After loading this module
modprobe tpm_tis interrupts=0 force=1
and mounting securityfs
mount -t securityfs none /sys/kernel/security
it is possible to read the files
/sys/kernel/security/tpm0/ascii_bios_measurements /sys/kernel/security/tpm0/binary_bios_measurements
but no further communication with the TPM device seems to be possible.
In recent discussion on tpmdd-devel mailing list Seiji Munetoh suggested a quick fix, and Colin Didier made a patch out of it.
Note, however, that tpm_tis has to be compiled as a module and unloaded before suspend-to-disk, or it would freeze on wake-up. Suspend-to-ram seems to be OK, moreover if you unload tpm_tis before suspend-to-ram and modprobe in after resume -- then trousers daemon will refuse to restart. To get trousers run again, you have to either reboot or suspend-to-disk/wake-up.
Notes
The above-mentioned patch was merged into the kernel 2.6.33, and INTC0102 Intel TPM device works out of the box with the vanilla kernel. The only caveat is that the module tpm_tis has to be loaded with options
modprobe tpm_tis interrupts=0 force=1 itpm=1
To make it happen automatically, you can create a file /etc/modprobe.d/tpm.conf containing
options tpm_tis interrupts=0 force=1 itpm=1