Skip to content

Switching TPM Versions

Jump to bottom
Noah Bliss edited this page Jan 11, 2021 · 1 revision

If you end up switching from a TPM 1.2 to a TPM 2 module, you can, but have a few hoops to jump through with Mortar. Performing this upgrade should not render your system unbootable, it will just fail the TPM validation and automatic unlock step. The main steps you will need to take are:

  1. Remove any initramfs mortar files that are installed. There is a chance that they will just get overwritten by the other 3- script, but don't count on it!

You can figure out what files are where by looking at your distribution tree inside of the res directory. E.g. if I am on Debian, I can (from the mortar git directory) run ls -R res/debian/tpm1.2 and see that I need to remove /etc/initramfs-tools/hooks/mortar and /etc/initramfs-tools/local-top/mortar You can leave the kernel update hook (efi generator) since we'll use the same code regardless of TPM version.

  1. Run the new appropriate 3- script.

That should be it. Will update with more information if needed.

Clone this wiki locally