Setting up TPM2.0 for Trenchboot

na3904a4er · December 12, 2023, 1:28am

I am setting up Trenchboot in order that AEM works in my AMD machine with TPM2.0.
There are few documentations for setting up TPM2.0 in this forum and now I am not sure what to do next at all.

According to instructions in this thread, firstly AEM should be set up.
So I have installed tpm2-tools, tpm2-tss, tpm-abrmd, anti-evil-maid and their dependencies in dom0.

tpm2_clear
tpm_changeauth -c o
anti-evil-maid-tpm-setup -z

gives following error:

cat: /sys/class/tpm/tpm0/owned: No such file or directory
anti-evil-maid-tpm-setup: You must reset/clear your TPM chip first!

What is needed to get /sys/class/tpm/tpm0/owned with TPM2.0?

zaz · January 13, 2024, 2:01pm

Support for TPM 2.0 on Intel is very new. This is the state of AEM on TPM 2.0.

We do not have AEM for TPM 2.0 on AMD yet.

Raist · January 13, 2024, 4:57pm

from my understanding trenchboot isnt quite ready to go for real use? Maybe something has changed recently.

looks like this was updated 01/09/24 so maybe things have progressed recently. Might have to give it a go!

zaz · January 14, 2024, 10:52pm

See the second link. I do not believe it is implemented for AMD yet, but you could contact the developers about being a tester if you are interested in testing experimental software.

If you want security, do not install experimental software.