Techly NewsGet the app

Get the latest tech news

TPM GPIO fail: How bad OEM firmware ruins Intel TPM security


In this article I demonstrate a software only attack that allows an operating system to set the PCRs of a discrete TPM device to arbitrary values and unseal any secret that uses a PCR based sealing policy (such as disk encryption keys used by unattended unlock TPM FDE schemes).

This then allows the same software that did the GPIO write operation to derive any desired PCR values similar to the hardware attack, but this time without any physical access to pins on the mainbaord. For one time disk decryption, the tweezer attack is just as effective, and is arguably faster to execute then overwriting the platform's flash. This claim is justified by the statement the NDA-only BIOS writer's guide supposedly includes guidance for OEMs on how and when to set the GPIO lock bits.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Intel

Intel

Photo of fail

fail

Photo of tpm gpio

tpm gpio

Related news:

News photo

Boeing's Starliner Lifts Off, Intel Makes Deal With Apollo | Bloomberg Technology

News photo

Intel Xeon 6766E/6780E Sierra Forest vs. Ampere Altra Performance & Power Efficiency

News photo

Intel gets $11B from Apollo for joint venture at Irish chip fab

« Tokyo takes on Tinder by developing its own dating app it hopes will arrest population decline
Dealt turns retailers into service providers and proves that pivots sometimes work »