= Trusted Protection Module

Gateworks has an optional TPM on some SBCs.

The below models can optionally have it loaded:
 * Malibu GW8901
 * Venice:
  * GW74xx-B
  * GW73xx-F 
  * GW72xx-F 
  * GW71xx-E

The boards can contain an onboard Microchip ATTPM20P-H6MA1-10 TPM connected to the SPI bus. 

This is compliant to the Trusted Computing Group (TCG) Trusted Platform Module (TPM) Version 2.0,
r116 Trusted Platform Module Library. See link here: [https://trustedcomputinggroup.org/ Link]

Cryptographic Support for:
 - HMAC
 - AES-128
 - SHA-1
 - SHA-256
 - ECC BN_P256, ECCNIST_P256
 -RSA 1024-2048 bit keys

It is controlled via generic TCG SPI Linux driver:
 *  drivers/char/tpm/tpm_tis_spi.c: CONFIG_TCG_TIS, CONFIG_TCG_TIS_SPI

TPM 2.0 provides direct access via /dev/tpm0 (with one client at a time), and can be accessed through the tpm2-abrmd resource manager daemon, or kernel-managed access via /dev/tpmrm0

The TPM device is at /dev/tpm0

The TPM tool set (over 100 different commands) can be installed with the following command:
{{{
apt install tpm2-tools tpm2-abrmd
}}}

Example tpm2-tools showing the properties:
{{{
root@jammy-malibu:~# tpm2_getcap properties-fixed
TPM2_PT_FAMILY_INDICATOR:
  raw: 0x322E3000
  value: "2.0"
TPM2_PT_LEVEL:
  raw: 0
TPM2_PT_REVISION:
  raw: 0x77
  value: 1.19
TPM2_PT_DAY_OF_YEAR:
  raw: 0x42
TPM2_PT_YEAR:
  raw: 0x7DE
TPM2_PT_MANUFACTURER:
  raw: 0x4D434850
  value: "MCHP"
TPM2_PT_VENDOR_STRING_1:
  raw: 0x0
  value: ""
  etc.....

}}}