I have a Librem Mini v2 and I installed PopOS a while back. I have had an issue with the TPM not present and am confused after reading a few threads, articles on this.
I need some clarification on the TPM, and why the Mini doesnt seem to allow me to reset the TPM. I did a factory reset, refresh tpm, refresh hotp, but still no TPM.
Can someone point me to some reading material or explain why I cannot get the Librem mini to log in normally using PopOS? Every time I log in, I do so by bypassing the security features.
Do you have Coreboot/SeaBIOS or PureBoot/Heads installed?
The Librem Mini does not have a TPM chip. Purism uses software to emulate the functionality of a TPM chip in PureBoot. If you have PureBoot, you might want to reflash your Mini to use standard Coreboot.
Thanks for your reply. Is there any reading material on this software function of a TPM? I am simply curious to learn more. I have the Pureboot/HEADS bios. Unless Pureboot/HEADS is somehow a compromise in security I probably wonât reflash to Coreboot. Unless there benefits and hardly any security compromises at least. I am open to learning more if you donât mind sharing some info on the two or the differences, etc.
okay, thanks. I assume the above mentioned is accurate though? Purism uses software to emulate the function of a TPM? Can you disclose more info about this if possible?
well, I had Pureos installed by default when the Mini was shipped. I got it home and I played around with it. There were some things I didnât care for, nothing major just customization, appearance biases, so I went and installed PopOs. Ever since then I have had to go into boot options to load PopOs in the Pureboot menu, which I think bypasses the anti tampering mechanism?
Could you help me get it so its running like yours? I do like PureOs, I havenât changed the OS on the 14 I got. I use either VMâs or boot live with persistence for various needs. On the Mini though, that is basically my new home computer. I havenât used the gaming machine I bought, I should sell it cause its a huge power hog. And I simply donât game that much.
Not exactly - Since the Mini doesnât have a TPM to measure each stage of the boot process, Pureboot âmeasuresâ the entire firmware flash by reading/hashing it at boot. Itâs not as good as having a TPM, but itâs better than nothing.
only if you choose the âforce unsafe bootâ option. Simply selecting an option from the boot menu is not bypassing any checks. Though, you should set it as the default option (which requires the LK to re-sign) so using the menu is not necessary
Iâm running a custom build of coreboot+Tianocore on mine (working on getting UEFI Secure Boot working), so likely not what youâre looking for
