Type: `tpm`

▶ Watch on YouTube (opens in a new tab)

Note
The tpm device type is supported for both containers and virtual machines (VMs).
Hotplugging is supported only for containers, not for VMs.

TPM (Trusted Platform Module) devices enable access to a TPM emulator.

They can:

Validate the boot process to ensure integrity.
Securely generate and store encryption keys.

LXD uses a software TPM that supports TPM 2.0:

For containers:
Used mainly for sealing certificates, with keys stored outside the container.
For virtual machines:
Supports both certificate sealing and boot validation. Enables full disk encryption (e.g., Windows BitLocker).

Device Options

tpm devices support the following options:

`path`

Description: Path inside the container
Key: path
Type: string
Required: Yes (for containers)
Example: /dev/tpm0

`pathrm`

Description: Resource manager path inside the container
Key: pathrm
Type: string
Required: Yes (for containers)
Example: /dev/tpmrm0

Configuration Examples

Add a tpm device to a container:

lxc config device add <instance_name> <device_name> tpm path=<path_on_instance> pathrm=<resource_manager_path>

Add a tpm device to a virtual machine:

lxc config device add <instance_name> <device_name> tpm

See Configure devices for more information.

Cluster member configuration Btrfs - btrfs

Type: tpm

Device Options

path

pathrm

Configuration Examples

Type: `tpm`

`path`

`pathrm`