APU2 TPM2 module

I have an APU2e5 with TPM2 module and it appears to be working however, it is listed as disabled based on the output of “rngd --list” Attempts to enable it using “rngd --include=tpm” return “enabling” but subsequent listing indicates it is still disabled.

At some point yesterday after messing around at the command line, it started to work and returned a solid 4k entropy status on the WUI. Unfortunately, I have no idea why it started working.

Any advice?

everything you typed in the console should be available under history command.


i have tpm active in apu4 after update v4.16.0.1 pcengine firmware

Thank you for the info. I used the history command to realize that I can’t explain why it worked one day but didn’t work after a reboot. My BIOS is currently coreboot 4.15.01.

Frustrating. I can’t enable the tpm, nor can I disable hwrng. I can issue the command, and the return message indicated that the service is “enabling” or “disabling”, however, a subsequent list of services indicates that there was no change.

Any other suggestions?

I am curious why you are trying to get higher entropy? What do you currently see?

This is what I see:


[root@ipfire ~] # firmware-update info
Board       : PC Engines apu4
HW Version  : 1.0
Serial      : 1486390
BIOS Version: v4.15.0.1 (11/23/2021)
[root@ipfire ~] # 


[root@ipfire ~] # rngd --list
Entropy sources that are available but disabled
1: TPM RNG Device (tpm)
5: NIST Network Entropy Beacon (nist)
Available and enabled entropy sources:
0: Hardware RNG Device (hwrng)
Available entropy sources that failed initalization:
2: Intel RDRAND Instruction RNG (rdrand)

EDIT: forgot to add I do not have the TPM board.

Have you checked that the tpm is present and enabled in Bios.

rngd shows always that there is a disbled tpm even if there is no hardware.

[root@orangepi-pc2 ~]# rngd --list
Entropy sources that are available but disabled
1: TPM RNG Device (tpm)
5: NIST Network Entropy Beacon (nist)
Available and enabled entropy sources:
Available entropy sources that failed initalization:
0: Hardware RNG Device (hwrng)
4: ARM v8.5 RNDR Instruction RNG (rndr)
[root@orangepi-pc2 ~]# 

The kernel will use tpm’s without additional software. (if it is enabled)

Don’t enable tpm in rngd. It prevent the kernel from using other features of the tpm. It is disabled by intention…

1 Like

Hi Jon and Arne,

The TPM is definitely available (and enabled?) in the BIOS. The SeaBIOS/coreboot BIOS only have very limited options regarding the TPM. There is no ability to enable or disable, it appears to be always enabled if present and detected. The only two things that can be done with the TPM via the BIOS is: clear keys/cache; and enable/disable SHA1 and/or SHA256.

To add a bit of additional detail. This APU2 documentation page lists the BIOS options regarding the TPM.


Hello Arne,

Question. Within the WUI, under the entropy, if rngd is not running, what process does the WUI refer to? The WUI under “Hardware Support” indicates “Random Number Generator Daemon” with status of either “stopped” or “running”. I had assumed that the process was rngd.