Llibrem Mini TPM

I have a Librem Mini v2 and I installed PopOS a while back. I have had an issue with the TPM not present and am confused after reading a few threads, articles on this.

I need some clarification on the TPM, and why the Mini doesnt seem to allow me to reset the TPM. I did a factory reset, refresh tpm, refresh hotp, but still no TPM.

Can someone point me to some reading material or explain why I cannot get the Librem mini to log in normally using PopOS? Every time I log in, I do so by bypassing the security features.

Do you have Coreboot/SeaBIOS or PureBoot/Heads installed?

The Librem Mini does not have a TPM chip. Purism uses software to emulate the functionality of a TPM chip in PureBoot. If you have PureBoot, you might want to reflash your Mini to use standard Coreboot.

1 Like

The Librem Mini v1/v2 do not have a TPM (discrete nor firmware)

what exactly do you mean here? I’m running Pop-OS! 21.10 on one of my Mini v2s here and I certainly am not bypassing any security features to log in

Thanks for your reply. Is there any reading material on this software function of a TPM? I am simply curious to learn more. I have the Pureboot/HEADS bios. Unless Pureboot/HEADS is somehow a compromise in security I probably won’t reflash to Coreboot. Unless there benefits and hardly any security compromises at least. I am open to learning more if you don’t mind sharing some info on the two or the differences, etc.

okay, thanks. I assume the above mentioned is accurate though? Purism uses software to emulate the function of a TPM? Can you disclose more info about this if possible?

well, I had Pureos installed by default when the Mini was shipped. I got it home and I played around with it. There were some things I didn’t care for, nothing major just customization, appearance biases, so I went and installed PopOs. Ever since then I have had to go into boot options to load PopOs in the Pureboot menu, which I think bypasses the anti tampering mechanism?

Could you help me get it so its running like yours? I do like PureOs, I haven’t changed the OS on the 14 I got. I use either VM’s or boot live with persistence for various needs. On the Mini though, that is basically my new home computer. I haven’t used the gaming machine I bought, I should sell it cause its a huge power hog. And I simply don’t game that much.

I appreciate the help guys.

Not exactly - Since the Mini doesn’t have a TPM to measure each stage of the boot process, Pureboot “measures” the entire firmware flash by reading/hashing it at boot. It’s not as good as having a TPM, but it’s better than nothing.

only if you choose the ‘force unsafe boot’ option. Simply selecting an option from the boot menu is not bypassing any checks. Though, you should set it as the default option (which requires the LK to re-sign) so using the menu is not necessary

I’m running a custom build of coreboot+Tianocore on mine (working on getting UEFI Secure Boot working), so likely not what you’re looking for :wink: