gpg and TPM

mailinglisten at mailinglisten at
Fri May 14 18:47:48 CEST 2021

Am 14.05.21 um 08:46 schrieb Raja Saha:
> Hi,
> I was reading about Debian UEFI and secure boot. If tpm isn't secured
> at boot, will that make tpm less secure than key pair where user puts a
> strong password?

Technically, secure boot and TPM are 2 different things.
You can use secure boot without TPM.

If you want to use a TPM protected gpg key, you must *not* set a TPM
owner password! When you set a TPM owner password, the GnuPG command
keytotpm will not work! I think this is not a big deal, because the TPM
protected key has its own password when you create it.
Maybe in the future we can set a TPM owner password and use GnuPG with
TPM protected keys, but now you can´t set a TPM password and use GnuPG
with it, unfortunately. But I think, this is not a real risk. First the
gpg key has its  own password and second, an attacker is never able to
retrieve the they key from the TPM.


More information about the Gnupg-users mailing list