Network access with 802.1x certificat stored in TPMv2

f33l · October 1, 2025, 8:23am

Hello,

In my company, LAN access is controlled with 802.1x and machine certificate stored in TPMv2.
Does Qubes OS support this configuration ?
I do not see any vTPM support in sys-net …

Thanks

unman · October 1, 2025, 1:45pm

I do not think that sys-net will have access to TPM, but dom0 will.
You could,I think, read the certificates from TPM and copy them to
sys-net on startup, then configure the connection to access them locally.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

f33l · October 2, 2025, 7:00am

Yes, but it is not the same level of security.
If the certificates is unprotected inside the untrusted sys-net filesystem, …

Does xen hypervisor offer virtualisation of TPM to other qubes ?

MellowPoison · October 2, 2025, 7:08am

github.com/QubesOS/qubes-issues

Pass-Through /dev/tpm0 to appVMs

opened 10:12PM - 23 Oct 18 UTC

dylangerdaly

C: other security P: default

### Qubes OS version: R4.0 ### Affected component(s): TPM / do…m0 --- ### Steps to reproduce the behavior: N/A ### Expected behavior: Ability to pass through the TPM to appVM's ### Actual behavior: N/A ### General notes: I'd like to be able to use my TPM for SSH, GPG, HMAC Operations etc, is it possible to pass /dev/tpm0 to an appVM? Parameter Encryption should solve not trusting the appVM, even dom0? --- ### Related issues:

f33l · October 3, 2025, 9:08am

Any chance to have this feature in a next qubesOS release ?