Linux 6.10 Adding TPM Bus Encryption & Integrity Protection

Written by Michael Larabel in Hardware on 10 May 2024 at 10:34 AM EDT. 8 Comments
Linux 6.10 is introducing support for Trusted Platform Module (TPM2) encryption and integrity protections to prevent active/passive interposers from compromising them. This follows a recent security demonstration of TPM key recovery from Microsoft Windows BitLocker being demonstrated. TPM sniffing attacks have also been demonstrated against Linux systems too, thus the additional protections be made with Linux 6.10 to better secure TPM2 modules.

The TPM device driver changes were already mailed into Linus Torvalds for the Linux 6.10 merge window. The Linux 6.9 stable kernel is expected on Sunday and thus in turn the opening of the v6.10 merge window.

The TPM device driver code is rolling out Trusted Platform Module bus encryption and integrity protection. The key-pair on the TPM side is generated from a null random seed on a per-power-on basis of the system. These additional protections are deemed necessary for the physical security of the system given the recent TPM bus interposer attacks that have been demonstrated.

TPM module

More details on this Linux TPM encryption and integrity protection via the v6.10 pull request. More background information on the protections is also available from the prior patch series.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week