Researchers Detail Two New Attacks on TPM Chips

[jonbrown...@gmail.com]

Two weeks ago, four South Korean researchers detailed two attacks on TPM chips that can allow an attacker to tamper with the boot-up process.

The attacks are possible thanks to power interrupts.

Modern computers do not feed power to all their components allthe time and at the same time. They use special APIs to send power to a component only when it needs it to perform an operation, putting it in a suspended (sleep) state between use states.

TPM chips support ACPI (Advanced Configuration and Power Interface), one of the tools operating systems use to control and optimize power consumption in peripherals.

Researchers discovered two issues affecting the way TPMs enter and recover from these suspended power states, which allow an attacker to reset TPMs and then create a fake boot-up chain of trust for a targeted device.

TLDR: Affected PC's will need BIOS firmware updates to fix these issues.

https://www.bleepingcomputer.com/news/security/researchers-detail-two-new-attacks-on-tpm-chips/

[Tai...@gmx.com]

No surprise there - TPM's are a proprietary "security" gimmick probably
invented for DRM.

One doesn't really need them if you use coreboot with an embedded kernel
or with grub and kernel code signing and of course write-lock the flash
chip.

Raptor Engineering/Raptor Computing System's FlexVER is something worth
looking in to - pretty much an advanced and much-better-than-TPM
security device that is owner controlled.