Difference between revisions of "Intel GM45 TPM device iTPM INTC0102"

From ThinkWiki
Jump to: navigation, search
m
 
(3 intermediate revisions by 2 users not shown)
Line 15: Line 15:
  
 
In recent [http://sourceforge.net/mailarchive/forum.php?thread_name=200811280943427180885&forum_name=tpmdd-devel discussion] on tpmdd-devel mailing list Seiji Munetoh [http://sourceforge.net/mailarchive/message.php?msg_name=f02dbbe70812012308n32dc9fd6hd1f04d3ef6e002b7%40mail.gmail.com suggested] a quick fix, and Colin Didier [https://www.grounation.org/index.php?post/2008/07/04/8-how-to-use-a-tpm-with-linux made] a [http://cybione.org/~cdidier/log/data/200812020841/itpm.diff patch] out of it.
 
In recent [http://sourceforge.net/mailarchive/forum.php?thread_name=200811280943427180885&forum_name=tpmdd-devel discussion] on tpmdd-devel mailing list Seiji Munetoh [http://sourceforge.net/mailarchive/message.php?msg_name=f02dbbe70812012308n32dc9fd6hd1f04d3ef6e002b7%40mail.gmail.com suggested] a quick fix, and Colin Didier [https://www.grounation.org/index.php?post/2008/07/04/8-how-to-use-a-tpm-with-linux made] a [http://cybione.org/~cdidier/log/data/200812020841/itpm.diff patch] out of it.
 +
 +
Note, however, that '''tpm_tis''' has to be compiled as a module and unloaded before suspend-to-disk, or it would freeze on wake-up. Suspend-to-ram seems to be OK, moreover if you unload '''tpm_tis''' before suspend-to-ram and modprobe in after resume -- then [http://sourceforge.net/projects/trousers trousers] daemon will refuse to restart. To get trousers run again, you have to either reboot or suspend-to-disk/wake-up.
 +
 +
==Notes==
 +
The above-mentioned patch was merged into the kernel 2.6.33, and INTC0102 Intel TPM device works out of the box with the vanilla kernel. The only caveat is that the module '''tpm_tis''' has to be loaded with options
 +
 +
modprobe tpm_tis interrupts=0 force=1 itpm=1
 +
 +
To make it happen automatically, you can create a file <tt>/etc/modprobe.d/tpm.conf</tt> containing
 +
 +
options tpm_tis interrupts=0 force=1 itpm=1
  
 
==Models==
 
==Models==
 
*{{X200}}
 
*{{X200}}
 +
*{{X301}}

Latest revision as of 21:26, 23 March 2010

INTC0102 Intel TPM device found in GM45 chipset is supposed to comply with TCG TPM 1.2 specifications, and thus be taken care of by tpm_tis kernel module. Unfortunately, it does not. After loading this module

modprobe tpm_tis interrupts=0 force=1

and mounting securityfs

mount -t securityfs none /sys/kernel/security

it is possible to read the files

/sys/kernel/security/tpm0/ascii_bios_measurements
/sys/kernel/security/tpm0/binary_bios_measurements

but no further communication with the TPM device seems to be possible.

In recent discussion on tpmdd-devel mailing list Seiji Munetoh suggested a quick fix, and Colin Didier made a patch out of it.

Note, however, that tpm_tis has to be compiled as a module and unloaded before suspend-to-disk, or it would freeze on wake-up. Suspend-to-ram seems to be OK, moreover if you unload tpm_tis before suspend-to-ram and modprobe in after resume -- then trousers daemon will refuse to restart. To get trousers run again, you have to either reboot or suspend-to-disk/wake-up.

Notes

The above-mentioned patch was merged into the kernel 2.6.33, and INTC0102 Intel TPM device works out of the box with the vanilla kernel. The only caveat is that the module tpm_tis has to be loaded with options

modprobe tpm_tis interrupts=0 force=1 itpm=1

To make it happen automatically, you can create a file /etc/modprobe.d/tpm.conf containing

options tpm_tis interrupts=0 force=1 itpm=1

Models