Intel's Platform Trust Technology on Ubuntu 18.04

Question

I have an Intel NUC (NUC8i7BEH), which includes Platform Trust Technology instead of a dedicated TPM 2.0 chip.

I was reading this other Ask Ubuntu post about using a TPM 2.0 chip, and am trying to gain access to the TPM features on an Ubuntu 18.04.2 LTS Server installation. I'm unable to find the proper kernel module to load in order to do so, however.

FWIW, Ubuntu is installed in UEFI mode, and it's running in Secure Boot mode.

When booting I see this in the logs:

berto@nuc:~$ dmesg | grep -i tpm
[    0.000000] ACPI: TPM2 0x000000007B1C10F0 000034 (v04 INTEL  NUC8i7BE 00000038 AMI  00000000)
[    1.214149] tpm tpm0: A TPM error (378) occurred get tpm pcr allocation
[    2.649754] ima: No TPM chip found, activating TPM-bypass! (rc=-19)

Is Intel PTT supported under Ubuntu? And, if so, how can I enable it?

Thank you!

score 0 · Answer 1 · answered Feb 14 '19 at 14:00

I received help from a wonderful Netzien who helped me decipher A TPM error (378) in the dmesg logs above. In hex 378 = 0x17A, which I was able to track down in the kernel source code. The kernel in Ubuntu 18.04 does not support this TPM command, but Ubuntu 18.10 with kernel 4.18.0 does! I see /dev/tpm0 in Ubuntu 18.10. :)

bibble235 · Answer 2 · 2019-07-10T08:13:04.780

0

When using 18.04, if you enable the FIFO spi interface in the kernel CONFIG_TCG_TIS_SPI (not as a module) it does work. I also included the patch from here. Don't forget to disable secure boot or sign your image.

edited Jul 10 '19 at 08:13

answered Jul 07 '19 at 20:54

bibble235

467

Intel's Platform Trust Technology on Ubuntu 18.04

2 Answers2