How to Check if Your Linux Device Supports TPM 2.0? / Linux / How to Check if Your Linux Device Supports TPM 2.0?

Most modern computers and laptops released after 2016 already have a built-in TPM chip. TPM (Trusted Platform Module) is a special chip used as secure storage for encryption keys, passwords, and certificates. TPM can be used for various security apps such as key vault, secure boot, random number generation, etc. Let’s see how to check if a device has a TPM chip in Linux.

On Linux, you can use the sysfs tool to check for a TPM:

[[ -d $(ls -d /sys/kernel/security/tpm* 2>/dev/null | head -1) ]] && echo "TPM available" || echo "TPM missing"

You can also get useful information via dmesg:

# dmesg |grep -i tpm

dmesg get tpm devices

Starting with Linux kernel version 5.6, the TPM version number (1.2 or 2.0) can be obtained from the sysfs file:

cat /sys/class/tpm/tpm*/tpm_version_major

You can also check for TPM by looking at /dev/tpm0 or /dev/tpmrm0 devices.

/dev/tpm0 device in linux, check for TPM 2.0

If the computer has a TPM 2.0 chip installed, then the /dev/tpmrm0 device must be present:

[ -c /dev/tpmrm0 ] && echo "TPM 2.0"
[ -c /dev/tpm0 ] && echo "TPM 1.2 or 2.0"

If the previous commands showed that the TPM chip is missing, check if it is enabled in the BIOS/UEFI. If your hardware supports TPM but doesn’t show up, it might need to be enabled in your BIOS settings.

BIOS TPM 2.0 Device Found

You can use the tcsd tool from the TrouSerS package to work with TPM on Linux distros.

To check that Linux has TPM kernel modules loaded, run:

lsmod | grep tpm

tpm_crb 20480 0
tpm_tis 16384 0
tpm_tis_core 28672 1 tpp_tis
tpm 90112 3 tpp_tis,tpp_crb,tpm_tis_core
rng_core 16384 1 tpm

Leave a Reply

Your email address will not be published. Required fields are marked *