TPM instruction

Hopefully this is best place to post this, since the answers are probably with the people who view this.

I am trying to sort out TPM on a librem13v3. Most of the documentation I find on the web is several years old and really technical. For example

Is there anywhere the Purism has up to date instructions for setting up TPM?
Is this beyond a fairly competent user?
Should I just battle my way through trail and error (which is brutal on a machine you use everyday)?

There is talk of expanding the wiki and this as well as the coreboot building instructions, which are in a fairly length post in the forum, would be really useful for those of us interested in learning/using this stuff from a user point of view.

Any feed back would be appreciated.

6 Likes

What I did was to press ESCape at boot and then “t” to enter the TPM configuration menu. The menu said that the TPM was already configured, but did I want to change the owner (or something similar). It may be that your TPM is already configured and you don’t need to do anything at this time.

Thanks for responding.
My laptop very likely came setup but I installed a different distro and I believe I need to reset some things related to that. Purism support told me they are working on software to make things more user friendly. Part of my quesiton is also to try and understand how all of this works, at least from a quasi-wanna-be-capable user point of view. I can only imagine how difficult getting these pieces working into a stable solution to get rolled out to user land.

1 Like

The user might not need to do anything, but it would be useful for the user to be able to find out, from Purism documentation (or from other documentation linked to by Puri.sm):

  • how, from the BIOS TPM menu that you mentioned, to find out the “owner” and the public part of whichever certificate is currently “configured” in the TPM;
  • how to generate a private key for use with the TPM;
  • how to use the TPM to verify the next stage in the boot chain, to achieve the first stage of trusted boot.

Based on Kyle Rankin’s post on 28 February 2018, I guess that the plan is to provide that information ASAP.

Until that happens, any pointers to where drafts of that information can be found would be welcome.

1 Like

I have managed to get to know TPM from the article I linked earlier in this thread but it is from 2012. I assume things have changed or been updated? Can anyone point me in the right direction for linking Grub or TrustedGrub and TPM and my LUKS install? Ideally I would like to get the Librem key and heads going too but for now using the TPM chip in some meaningful way would be satisfying.
Do new Librem laptops come all set up with TPM and the installed OS?
Any help would be appreciated…

I found this

which looks doable when I find time. If anybody else is looking and tries this, I would love to hear how it goes.

2 Likes

I have been working on this since I got my 13 last month. While I have not been 100% focused on it, it is interesting to see how TPM might work, I find that I keep running into walls along the way, I have never done much with TPM prior to this.

The GRUB boot loader that is available also does not want to compile for me. Not sure if it is something to do with the latest version of GCC or an error in the make file. I do not really have the time at the moment to debug it. The issue has been open since September but there is not much activity from the developer on GitHub. But if anyone gets it going I would like to know what they did as well.

If I get some time over the holidays I might dig into the code. Seems like it might be a fun project that could use someone to maintain it.