top of page
Search
Writer's picturewriterforlinux

How To Disable The TPM Under Linux

Freezing and black screens are some of the signs that the TPM (trusted platform module) isn't disabled.

That is, (to clarify) on a computer that originally had Windows installed to the HDD at the time of purchase.

Those two issues are the ones I'm aware of at the time of writing this article.


Here are a few examples of boot time errors that you could see on a Linux installation that took over a Windows 10 installation.


-kernel: tpm tpm0: TPM_LOC_STATE_x.requestAccess timed out

-kernel: tpm tpm0: A TPM error (257) occurred attempting get random

These errors occured repeatedly in the error log and at boot time from learning about this.

With Linux installed on a laptop or desktop that originally came with Windows 10 it could be difficult to disable the TPM if it isn't listed in the BIOS.


First check all section's of your BIOS to see if there is a way to disable the TPM. If you aren't able to find it look specifically under the 'Security' section of the BIOS. If you still find that disabling the TPM isn't an option in the BIOS, read on.


There are 2 steps to take in order to disable the TPM under Linux.


STEP 1-


Running the 'lsmod' command outputs modules on a Linux system.

1. Launch your terminal and run:

lsmod

2. Look through the list of modules to see if any of them have 'tmp' in the output.

3. Write down or copy and paste those modules and any description that is on the same line of each module.

4. To be certain with clarity run the command:

lsmod | grep -i tpm


STEP 2-


Create a /etc/modprobe.d/blacklist file.


Below is an example of a blacklist file I created using nano.

I frequently use nano as it just works.




1. Launch your terminal

2. Give your blacklist file a name something like blacklistTPM.

3. Copy and paste <or> type in the modules you wrote down into the new file.

4. Save and exit your text editor.

5. Reboot


Doing so should stop the error code at boot time and the functionality issues so you can enjoy your Linux installation.


This worked on a Asus Zenbook UX31VA made in 2016. And I suspect that this will work on other newer laptop's and desktop that have the UEFI BIOS.


A very special "thank you" and KUDOS to my Linux friend, osprey over on Linux.org. He's exceptionally good with Debian Linux and helped in this process of putting those modules in a blacklisted state.


IF you have not already, disable 'secure boot' and 'fast boot' in the BIOS as well. By doing so you should have less headaches with undesired booting issues on your Linux box.


As always, drive your Linux safe and have a great rest of the week.


Alex








255 views0 comments

Recent Posts

See All

Comments


Post: Blog2_Post
bottom of page