hngopher.com

       [HN Gopher] TPM Sniffing
       ___________________________________________________________________
        
       TPM Sniffing
        
       Author : amenghra
       Score  : 21 points
       Date   : 2021-11-17 21:10 UTC (1 hours ago)
        
 (HTM) web link (blog.scrt.ch)
 (TXT) w3m dump (blog.scrt.ch)
        
       | rasz wrote:
       | I smelled trouble the second I read "low transmission speed" and
       | "25Mhz" in same sentence :) At that point picture of 30cm leads
       | was a given.
       | 
       | "I mean it's low speed interface, Michael. How fast could it go?
       | 25MHz?"
        
       | gnabgib wrote:
       | This isn't a trivial task (attaching probes to chip legs, or
       | board connectors), and it's a good write-up, but sniffing seems
       | like a poor word choice. This isn't picking up the data via
       | covertly via existing attached components, or through some kind
       | of software exploit - this is literally reading traveling
       | messages which is nigh impossible to defend against aka "Reading
       | data from the TPM"
       | 
       | Short of a physically sealed path from the chip to all components
       | that benefit from its knowledge (impossible on a desktop?), that
       | can only be destructively accessed (triggering an alarm; like
       | case-open switches) - I don't see how this can be defended
       | against.
        
         | opencl wrote:
         | TPM 2.0 allows communications over the bus to be encrypted
         | specifically to prevent this attack, though Windows apparently
         | does not actually use this feature[0].
         | 
         | Newer CPUs (since about 5 years ago) have the TPM embedded in
         | the CPU. Intel calls this PTT and AMD calls it fTPM.
         | 
         | [0] https://pulsesecurity.co.nz/articles/TPM-sniffing
        
         | stefan_ wrote:
         | You can combine it all in a chip like the Apple T2 and then you
         | would have to somehow probe the silicon, which is of course
         | impossible. (Until you discover that the chip has some
         | critical, unfixable software vulnerability like the T2)
         | 
         | You can also pair the chip and the CPU at the factory or on
         | initial powerup and have them communicate encrypted from
         | thereon. This is a bit like the iPhone 13 display having some
         | FaceID chip on it where a replacement with a wholly new display
         | will leave FaceID non-functioning.
        
           | XMPPwocky wrote:
           | probing silicon is just hard and expensive, not impossible! -
           | though those might be similar enough for most purposes
        
       | opwieurposiu wrote:
       | You can buy very small test clips for hooking on to TSSOP pins.
       | They are kind of expensive and quite delicate, but come in handy
       | if you do not want to solder on tiny wires.
       | 
       | https://www.ebay.com/itm/182107308498
        
       | artificialLimbs wrote:
       | You should be careful about running software on your production
       | domain controller.
       | 
       | Great write up.
        
       | Gys wrote:
       | > TL;DR: we reproduced Denis Andzakovic's proof-of-concept
       | showing that it is possible to read and write data from a
       | BitLocker-protected device (for instance, a stolen laptop) by
       | sniffing the TPM key from the LCP bus.
        
       ___________________________________________________________________
       (page generated 2021-11-17 23:00 UTC)