Skip to content

Using a TPM module

What is a TPM or Trusted Platform Module?

TPM stands for Trusted Platform Module. It's a hardware-based security feature built into computers or IoT devices to ensure data protection, encryption, and secure boot processes. TPM securely stores cryptographic keys, passwords, and certificates, safeguarding them from unauthorized access. It enhances system security by enabling features like disk encryption, secure authentication, and remote attestation.

How is it configured for the agent?

The TPM needs to be configured when doing the bootstrap process. 

$ sudo qbee-agent bootstrap -h
Usage: qbee-agent [global options] <command> [options] [<command> [options] ...]

Options:
  -k, --bootstrap-key BOOTSTRAP_KEY    Set the bootstrap key found in the user profile.  [required]  
      --disable-remote-access          Disable remote access.                            [optional]  
      --device-name DEVICE_NAME        Custom device name to use.                        [optional]  
  -t, --tpm-device TPM_DEVICE          TPM device to use (e.g. /dev/tpm0).               [optional]  
      --proxy-host PROXY_HOST          HTTP proxy host to use.                           [optional]  
      --proxy-port PROXY_PORT          HTTP proxy port to use.                           [optional]  
      --proxy-user PROXY_USER          HTTP proxy username.                              [optional]  
      --proxy-password PROXY_PASSWORD  HTTP proxy password.                              [optional]

There is a flag -t available that can define where the TPM resides -t /dev/tpm0.

If you want to rebootstrap a device to test this you need to follow this method . Please note that only agent versions > 2024.xx support this.