How to check if your computer supports TPM 2.0 on Linux
July 8, 2021
One of the requirements for Windows 11 is the TPM 2.0 chip. I think it was thanks to Windows 11 that many users learned about the existence of the TPM.
This article will tell you how to find out in Linux if there is a TPM and what version is it.
TPM: Trusted Platform Module 2.0 – this chip is common on motherboards released after 2016.
TPM hardware provides a tamper-proof method for storing encryption keys on a computer. On Windows 11, 10, 8, and 7, TPM is usually required to enable and use encryption features such as BitLocker.
How to find out if there is TPM on a Linux computer
Relatively fresh (released after 2016) laptops and motherboards should already have a TPM chip soldered. To verify this for sure using sysfs, run the command:
[[ -d $(ls -d /sys/kernel/security/tpm* 2>/dev/null | head -1) ]] && echo "TPM available" || echo "TPM missing"
Starting with kernel 5.6, the version number can be viewed in the sysfs file:
As you can see in the screenshot, the test machine has a second version of TPM (this laptop was released in 2018).
All TPM devices must have /dev/tpm0, so another way is to check /dev/tpm0 or /dev/tpmrm0.
/dev/tpmrm0 is only available for TPM 2.0, but it was added in v4.12-rc1. If you have the second version, then the following command will display the corresponding message:
[ -c /dev/tpmrm0 ] && echo "TPM 2.0"
This command will print a message if you have version 1.2 or 2.0:
[ -c /dev/tpm0 ] && echo "TPM 1.2 or 2.0"
TPM can be disabled
If the previous commands show that you are missing a TPM, then this does not necessarily mean that the TPM is missing at all – it may just be disabled. Go to BIOS and look for settings with TPM in the name. If you find them, turn them on.
TPM setting is missing in BIOS, UEFI
Does it mean that if the TPM setting is missing in the BIOS, then the TPM is not installed? No, this is not so – the examples above, from which it follows that TPM 2.0 is installed in the test machine, were made on a laptop that does not mention TPM at all in the BIOS.
TPM software for Linux
On Linux, install the TrouSerS package to work with TPM. It comes with the tcsd utility.
How to check if kernel modules are loaded to work with TPM
To verify that the TPM kernel modules are loaded, run the following command:
lsmod | grep tpm
- How to change the default operating system in Arch Linux (for UEFI and systemd-boot) (66.7%)
- Updating the systemd-boot loader in /boot (66.7%)
- How to use Kali Linux to check web-sites (50%)
- How to run small Python code in Bash (50%)
- How to completely uninstall a package along with dependencies on Arch Linux (as well as BlackArch and Manjaro) (50%)
- How to install a web server (Apache, PHP, MySQL, phpMyAdmin) on Linux Mint, Ubuntu and Debian (RANDOM - 50%)