Most modern computers and laptops released after 2016 already have a built-in TPM chip. TPM (Trusted Platform Module) is a special chip used as secure storage for encryption keys, passwords, and certificates. TPM can be used for various security apps such as key vault, secure boot, random number generation, etc. Let’s see how to check if a device has a TPM chip in Linux.
On Linux, you can use the sysfs tool to check for a TPM:
[[ -d $(ls -d /sys/kernel/security/tpm* 2>/dev/null | head -1) ]] && echo "TPM available" || echo "TPM missing"
You can also get useful information via dmesg:
# dmesg |grep -i tpm
Starting with Linux kernel version 5.6, the TPM version number (1.2 or 2.0) can be obtained from the sysfs file:
You can also check for TPM by looking at /dev/tpm0 or /dev/tpmrm0 devices.
If the computer has a TPM 2.0 chip installed, then the /dev/tpmrm0 device must be present:
[ -c /dev/tpmrm0 ] && echo "TPM 2.0"
[ -c /dev/tpm0 ] && echo "TPM 1.2 or 2.0"
If the previous commands showed that the TPM chip is missing, check if it is enabled in the BIOS/UEFI. If your hardware supports TPM but doesn’t show up, it might need to be enabled in your BIOS settings.
You can use the tcsd tool from the TrouSerS package to work with TPM on Linux distros.
To check that Linux has TPM kernel modules loaded, run:
lsmod | grep tpm
tpm_crb 20480 0
tpm_tis 16384 0
tpm_tis_core 28672 1 tpp_tis
tpm 90112 3 tpp_tis,tpp_crb,tpm_tis_core
rng_core 16384 1 tpm