Regarding the TPM: "error from TPM: Not Supported"

atton · August 9, 2024, 7:12am

I have tried on many systems using RSA keys from 2048bit upwards. To place a gpg key into the tpm using Gpg4win on windows and linux. Tried various versions, various devices, building from source, emulated tpm’s and real tpm’s. All with the consistent result of the following error.
“gpg: error from TPM: Not Supported”

Is there a reason why this error might happen?

bernhard · August 9, 2024, 7:29am

Hi @atton

so you have probably followed 20210315-using-tpm-with-gnupg-2.3 ? Or a different howto?

Which step is failing and do the various diagnostic messages tell you anything more? (Look into seveal -v s and the --debug options when calling gpg.)

I’d try asking on the mailinglist gnupg-users@ next as there are more technical people reading.

Best,
Bernhard

atton · August 9, 2024, 12:05pm

I send a message of to the mailing list not entirely sure if it worked or not. But I am far from familiar with such systems. I also tried applying the debug flags in question without effect gpg rejected them. As for the tutorial I followed that would indeed be the one you hot linked by Mr Bottomley.

As for more exact details upon entering the keytotpm command.
The result is always the same underlying error across platforms. “gpg: error from TPM: Not Supported”

bernhard · August 9, 2024, 12:22pm

To send an email to gnupg-users@ you must first be subscribed to the mailinglist and you have to avoid sending HTML in your emails.

On the GNU/Linux system which you are using for tests, which version of GnuPG are you using? (There was a defect before 2.4.4.)

There are many ways to get more diagnostic messages from GnuPG. Adding one or up to three “-v-” flags should work almost everywhere, but you may also activate the logging on components, like gpg-agent.

atton · August 9, 2024, 12:45pm

I sent off a message to said address along with registration. The physical system uses 2.5.1 and the vm with a virtual tpm uses 2.4.5. Both have exactly the same effect and the verbose flag is much the same entirely without effect once the keytotpm function is used. That being said you can simulate the environment in question using a qemu vm with a virtual tpm.

bernhard · August 12, 2024, 7:37am

I sent off a message to said address along with registration.

Good. I think going to gnupg-users@ or later to gnupg-devel@ is the next best step to get feedback.

Another approach would be to check the source code and see where the message comes from.