Skip to content

TPM Provider

The TPM provider derives a 32-byte secret using a TPM 2.0 HMAC key that is hardware-bound to the machine's Trusted Platform Module.

Type: tpm

Requirements

  • A TPM 2.0 device accessible at /dev/tpmrm0 or /dev/tpm0
  • Linux only (uses the Linux TPM resource manager)
  • Build without -tags notpm

How It Works

Enrollment

  1. Opens the TPM device (/dev/tpmrm0 preferred, falls back to /dev/tpm0)
  2. Creates the Storage Root Key (SRK) under the owner hierarchy — deterministic from a fixed template
  3. Creates an HMAC-SHA256 key under the SRK (key material generated by the TPM)
  4. Generates a random 32-byte salt
  5. Builds a deterministic challenge: SHA256(salt || "cryptkey-tpm-challenge")
  6. The TPM computes HMAC-SHA256(challenge) using the hardware-bound key
  7. HKDF derives the secret: HKDF-SHA256(hmac_output, salt, "cryptkey-tpm-provider") → 32 bytes
  8. The HMAC key's public and private blobs (SRK-wrapped) and salt are stored in the profile
  9. The HMAC output is wiped from memory

Derivation

  1. Opens the TPM device and recreates the SRK
  2. Loads the stored HMAC key blobs under the SRK
  3. Rebuilds the same challenge from the stored salt
  4. The TPM recomputes the same HMAC — producing an identical result
  5. The same HKDF derivation reproduces the 32-byte secret

Usage

# Interactive TUI
cryptkey init
# Select "tpm" from the menu

# Non-interactive
cryptkey init --no-tui \
  --add tpm:local \
  --add passphrase:backup

# Derive — must run on the same machine with the same TPM
cryptkey derive

Stored Parameters

Parameter Description
salt Hex-encoded 32-byte salt (used in challenge and HKDF)
hmac_public Hex-encoded TPM public key blob (SRK-wrapped)
hmac_private Hex-encoded TPM private key blob (SRK-wrapped)

Security Notes

  • The HMAC key never leaves the TPM — the private blob is encrypted by the SRK and can only be loaded on the same TPM
  • No user interaction required (no PIN, no touch) — the secret is derived silently
  • The SRK is deterministic: the same TPM always produces the same SRK from the standard template
  • If the TPM is cleared or the machine is replaced, the key blobs become unusable
  • Since derivation is non-interactive, consider pairing with interactive providers and setting the threshold accordingly

When to Use

The TPM provider is ideal when:

  • You want a hardware-bound factor that ties the profile to a specific machine
  • You want a non-interactive provider for automated or scripted derivation
  • You're combining it with interactive providers (passphrase, FIDO2) for multi-factor protection

Limitations

  • Linux only — uses the Linux TPM resource manager interface
  • Machine-bound — the secret cannot be recovered on a different machine
  • Non-interactive — no user verification; anyone with access to the machine and the profile can derive from this provider
  • Build tag — excluded with -tags notpm