Using a TPM module
What is a TPM or Trusted Platform Module?¶
TPM stands for Trusted Platform Module. It's a hardware-based security feature built into computers or IoT devices to ensure data protection, encryption, and secure boot processes. TPM securely stores cryptographic keys, passwords, and certificates, safeguarding them from unauthorized access. It enhances system security by enabling features like disk encryption, secure authentication, and remote attestation.
How is it configured for the agent?¶
The TPM needs to be configured when doing the bootstrap process.
$ sudo qbee-agent bootstrap -h
Usage: qbee-agent [global options] <command> [options] [<command> [options] ...]
Options:
-k, --bootstrap-key BOOTSTRAP_KEY Set the bootstrap key found in the user profile. [required]
--disable-remote-access Disable remote access. [optional]
--device-name DEVICE_NAME Custom device name to use. [optional]
-t, --tpm-device TPM_DEVICE TPM device to use (e.g. /dev/tpm0). [optional]
--proxy-host PROXY_HOST HTTP proxy host to use. [optional]
--proxy-port PROXY_PORT HTTP proxy port to use. [optional]
--proxy-user PROXY_USER HTTP proxy username. [optional]
--proxy-password PROXY_PASSWORD HTTP proxy password. [optional]
There is a flag -t
available that can define where the TPM resides -t /dev/tpm0
.
If you want to rebootstrap a device to test this you need to follow this method . Please note that only agent versions > 2024.xx support this.