TPM module and Entropy

Good afternoon

I have bought a TPM module for the PcEngines APUs that are installed in the motherboard’s LPC interface and now correctly in the BIOS the interface to configure the TPM appears but doing tests in the IPFire, I see that it does not detect the TPM.

[root@ipfire ~]# /usr/sbin/rngd

Initalizing available sources

Failed to init entropy source 1: TPM RNG Device

Failed to init entropy source 2: Intel RDRAND Instruction RNG

[root@ipfire ~]#

But first of all a question, the TPM is a source of entropy, isn’t it?

Reading this article it seems so:

Is there anything to do to make it work properly?

Regards.

Goodnight everyone.

Good. Looking a bit I got this by creating in /dev/ a file called “tpm0”:

[root@ipfire ~]# rngd -l
Entropy sources that are available but disabled

4: NIST Network Entropy Beacon

Available and enabled entropy sources:

0: Hardware RNG Device

1: TPM RNG Device

[root@ipfire ~]#

Now both TPM and “Hardware RNG Device” are enabled but STOP appears in Status -> Entropy.

Before I don’t know what I have done (as a headless chicken) and I got it to be RUNNING, but Entropy was bad, very bad.

Regards.

I HAVE IT!!! (partly, I think)


https://fireinfo.ipfire.org/profile/db8a969fcbf0ce7f3454ab45faf7e642c0086b32

Running rngd -d told me that the file /dev/tpm0 was missing.

It was created using the script:

mknod -m 666 /dev/tpm0 c 1 9
chown root:root /dev/tpm0
rngd

And start working.

[root@ipfire ~]# cat /proc/sys/kernel/random/entropy_avail
3179
[root@ipfire ~]#

The problem is that if I restart the IPFire, the file /dev/tpm0 disappears and must be re-created by hand to make it work again.

Anyone know how to make it not disappear?.

Regards.

In the end, I found the solution. Sure there is some better, but it is the only thing that has occurred to me.

An rngd.sh is created with the following content in /root:

mknod -m 666 /dev/tpm0 c 1 9
chown root:root /dev/tpm0
rngd

Then, using fcrontab -e, the following is added at the end:

@reboot ( sleep 15 ; sh /root/rngd.sh )

After 15 seconds after startup, the script will be executed.

And that’s all.

Regards.

This is clear dangerous half knowledge!
mknod /dev/tpm0 c 1 9
Creates a devnode that points to the urandom driver not to the tpm module (the devicenode is not created because the IPFire kernel has no driver/support for tpm modules).

You seed the random generator with its own output wich is not random!!!

Too bad, I thought I had found gold!!!

Thanks Arne for information. A question. Can anything be done with the TPM module for APU2e4? Or is it a pretty ornament?.

Thanks again.

Regards.