Intel GM45 TPM device iTPM INTC0102

From ThinkWiki
Jump to: navigation, search

INTC0102 Intel TPM device found in GM45 chipset is supposed to comply with TCG TPM 1.2 specifications, and thus be taken care of by tpm_tis kernel module. Unfortunately, it does not. After loading this module

modprobe tpm_tis interrupts=0 force=1

and mounting securityfs

mount -t securityfs none /sys/kernel/security

it is possible to read the files

/sys/kernel/security/tpm0/ascii_bios_measurements
/sys/kernel/security/tpm0/binary_bios_measurements

but no further communication with the TPM device seems to be possible.

In recent discussion on tpmdd-devel mailing list Seiji Munetoh suggested a quick fix, and Colin Didier made a patch out of it.

Note, however, that tpm_tis has to be compiled as a module and unloaded before suspend-to-disk, or it would freeze on wake-up. Suspend-to-ram seems to be OK, moreover if you unload tpm_tis before suspend-to-ram and modprobe in after resume -- then trousers daemon will refuse to restart. To get trousers run again, you have to either reboot or suspend-to-disk/wake-up.

Notes

The above-mentioned patch was merged into the kernel 2.6.33, and INTC0102 Intel TPM device works out of the box with the vanilla kernel. The only caveat is that the module tpm_tis has to be loaded with options

modprobe tpm_tis interrupts=0 force=1 itpm=1

To make it happen automatically, you can create a file /etc/modprobe.d/tpm.conf containing

options tpm_tis interrupts=0 force=1 itpm=1

Models