5 Replies Latest reply on Jun 14, 2016 9:51 AM by Intel Corporation

    How do we use TPM 2.0 in Linux?

    ziggydoran

      We have enabled TPM 2.0 in the BIOS. But how do we create and sign TPM 2.0 keys in Linux? Is there software that can do this?

       

      Thank you for any help.

        • 1. Re: How do we use TPM 2.0 in Linux?
          Intel Corporation
          This message was posted by Intel Corporation on behalf of

          Hello John,
           
          In order to further assist you with your inquiry about installing TPM 2.0 on your NUC, please provide the model of the NUC and the Linux flavor that you are using, so we can do a research of how to use the TPM under that configuration.
           
          Alberto
           

          • 2. Re: How do we use TPM 2.0 in Linux?
            ziggydoran

            Alberto - Thank you for offering to help us!  

             

            Here are the parameters;

            NUC5i5MYHE, Ubuntu 16.04, Intel's 01.org tpm2.0-tools.

            I was able to make a primary key, but I haven't had luck with a signing key yet...

             

            Instructions:
            sudo apt-get install tpm2-tools
            then
            sudo resourcemgr

             

            Intel's software that comes in Ubuntu by default: tpm2-tools in the package manager or online at https://github.com/01org/tpm2.0-tools

             

            I check the spec again, and I think this is the order; take ownership, then created a primary key, then a signing key - which is where I get stuck!

             

            OR can you recommend an alternative to Intel's tpm2.0-tools? 

            IBM has a tools for TPM 2.0 but I would really like to stay with an ALL Intel play / configuration.  

             

            We have the potential to sell 100's if not 1000's of 515MYHE NUCs this year - our product is an  End User Cloud Computing Device called RainDrop - a metaphor to the endpoint of Cloud Computing. Website is 90% complete  = Raindrop.systems

             

            Everything was working with the DC53427HYE with TMP 1.2 running on Ubuntu. 

            However the DC53427HYE is end of life..... so we are switching over to the 515MYHE. 

             

            CAN YOU HELP OR AT LEAST POINT ME IN THE RIGHT DIRECTION?!

            THANK YOU!

            • 3. Re: How do we use TPM 2.0 in Linux?
              Intel Corporation
              This message was posted by Intel Corporation on behalf of

              Hello John,
               
              In regards to your inquiry about using TPM 2.0 in Linux with the Intel® NUC5i5MYHE NUC, I just wanted to let you know that Intel does not test and validate Intel® NUC on Linux; however we know that a lot of NUC owners are using it successfully on many different Linux distros.
              So, at this point the best thing to do will be to access your Linux distro's website and forums at: http://ubuntuforums.org/ for peer assistance with this issue, they should be able to let you know how to use TPM 2.0.
               
              Also, there is one thing you can try, which is to remove the jumper from the NUC, you will get different options, look for the option that says reset passwords, and try the same steps again to use TPM 2.0, this is just to rule out any possible password problem with the signing key.
               
              Alberto
               

              • 4. Re: How do we use TPM 2.0 in Linux?
                ziggydoran

                Thank you Alberto for your feedback - will post our question at Ubuntu forums as suggested

                • 5. Re: How do we use TPM 2.0 in Linux?
                  Intel Corporation
                  This message was posted by Intel Corporation on behalf of

                  Hello John:
                   
                  Perfect, yes, that is the best thing to do in this case, they should be able to assist you with your inquiry.
                   
                  Any further assistance, please do not hesitate in contact us again.
                   
                  Alberto