How to check if your computer supports TPM 2.0 on Linux

One of the requirements for Windows 11 is the TPM 2.0 chip. I think it was thanks to Windows 11 that many users learned about the existence of the TPM.

This article will tell you how to find out in Linux if there is a TPM and what version is it.

TPM: Trusted Platform Module 2.0 – this chip is common on motherboards released after 2016.

TPM hardware provides a tamper-proof method for storing encryption keys on a computer. On Windows 11, 10, 8, and 7, TPM is usually required to enable and use encryption features such as BitLocker.

How to find out if there is TPM on a Linux computer

Relatively fresh (released after 2016) laptops and motherboards should already have a TPM chip soldered. To verify this for sure using sysfs, run the command:

[[ -d $(ls -d /sys/kernel/security/tpm* 2>/dev/null | head -1) ]] && echo "TPM available" || echo "TPM missing"

Starting with kernel 5.6, the version number can be viewed in the sysfs file:

cat /sys/class/tpm/tpm*/tpm_version_major

As you can see in the screenshot, the test machine has a second version of TPM (this laptop was released in 2018).

All TPM devices must have /dev/tpm0, so another way is to check /dev/tpm0 or /dev/tpmrm0.

/dev/tpmrm0 is only available for TPM 2.0, but it was added in v4.12-rc1. If you have the second version, then the following command will display the corresponding message:

[ -c /dev/tpmrm0 ] && echo "TPM 2.0"

This command will print a message if you have version 1.2 or 2.0:

[ -c /dev/tpm0 ] && echo "TPM 1.2 or 2.0"

TPM can be disabled

If the previous commands show that you are missing a TPM, then this does not necessarily mean that the TPM is missing at all – it may just be disabled. Go to BIOS and look for settings with TPM in the name. If you find them, turn them on.

TPM setting is missing in BIOS, UEFI

Does it mean that if the TPM setting is missing in the BIOS, then the TPM is not installed? No, this is not so – the examples above, from which it follows that TPM 2.0 is installed in the test machine, were made on a laptop that does not mention TPM at all in the BIOS.

TPM software for Linux

On Linux, install the TrouSerS package to work with TPM. It comes with the tcsd utility.

How to check if kernel modules are loaded to work with TPM

To verify that the TPM kernel modules are loaded, run the following command:

lsmod | grep tpm

Leave Your Observation

Your email address will not be published. Required fields are marked *