iTPMSupport

Summary

Contemporary Lenovo and Dell laptops include a newer TPM chip (iTPM) which is not well supported by Linux.

The fundamental problem is that iTPM doesn't set the TPM_STS_DATA_EXPECT status bit when sending it a burst of data and the current kernel module considers that a failure. And there is a secondary problem that the Thinkpads have the chip in an ACPI configuration that, while standard, eludes the kernel's autoprobing.

Release Note

iTPM-based laptops are supported

Rationale

Enterprise customers already relying on the TPM chip cannot move to newer laptops with the new iTPM chip because it is not supported by Linux.

Design

If the patches make the kernel that Lucid ships with, there's nothing Ubuntu needs to do specifically. If they do not, Ubuntu should consider carrying these patches in its kernel.

Implementation

Code Changes

David Smith has done a lot of work in this area. There are two kernel patches involved. The first one has been merged into the mm tree. The second one is being reworked.

Test/Demo Plan

If the feature is working, an iTPM-based laptop (e.g. Lenovo T400, X301) running the Trousers software will successfully detect the TPM chip (i.e. tpm_version will return something)

Unresolved issues

The second patch is still to be rewritten, submitted and accepted by the Kernel subsystem maintainer

BoF agenda and discussion

Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.

CategorySpec

iTPMSupport (last edited 2009-11-05 18:46:41 by 216-239-45-4)