TPM on Centos 7

Support for security such as Firewalls and securing linux
Post Reply
gbernaldo
Posts: 1
Joined: 2018/07/16 14:39:21

TPM on Centos 7

Post by gbernaldo » 2018/07/16 14:49:18

Hi, good afternoon

I've installed Centos 7 on a Dell PowerEdge T330 (which has the TPM 1.2 coprocessor) and I'd like to know where to start enciphering the partitions where all my data will be saved.

First of all, the TPM Module is enabled in the BIOS and I've followed some web sites about how to enable TPM module in Linux and it seems to be working propertly. Because when I type tpm_version I get the next result:

TPM 1.2 Version Info:
Chip Version: 1.2.5.81
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: WEC
Vendor Specific data: 0201
TPM Version: XXXXXXXX
Manufacturer Info: XXXXXXXX

The thing is, right now, I don't know how to encrypt the partitions and I don't know where to go to learn more. I tried to look for it on google, but nothing (or at lease nothing related to Centos 7) Please, could anyone point me to the right direction?

Thanks in advance!
Guille

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: TPM on Centos 7

Post by hunter86_bg » 2018/07/17 18:34:23

I'm not sure that I met a working solution for CentOS 7.
Another solution would be to use LUKs with Network bound encryption (Clevis & Tang).

tomkep
Posts: 38
Joined: 2018/04/25 13:30:50

Re: TPM on Centos 7

Post by tomkep » 2018/09/14 06:31:36

Clevis-tpm unfortunately seems to require TPM 2.0.

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: TPM on Centos 7

Post by hunter86_bg » 2018/09/16 00:27:04

Clevis & Tang do not require TPM , just http traffic allowed. Clevis + TPM would be greater, but as you mentioned it's a no go.

cramermb
Posts: 1
Joined: 2019/04/08 18:51:17

Re: TPM on Centos 7

Post by cramermb » 2020/01/31 14:30:13

In case any one else finds this post, CentOS 7.7 does indeed support TPM 1.2. (as well as 2.0)

The daemon needs to be started:
systemctl enable tcsd
systemctl start tcsd

Should also install the tools:
yum install tpm-tools

Post Reply