Today’s PCs are locked up with Trusted Platform Module (TPM) devices so much so that modern Windows versions insist on having a recent TPM to even install. These have become so prevalent that even larger embedded boards now have TPM and, of course, if you are repurposing consumer hardware, you’ll have to deal with it, too. [Sigma Star] has just the primer for you. It explains what TPM does, how it applies to embedded devices, and where the pitfalls are.
The TPM is sometimes a chip or sometimes secure firmware that is difficult to tamper with. They provide secret storage and can store boot signatures to detect if something has changed how a computer starts up. The TPM can also “sign off” that the system configuration is the same to a remote entity. This allows, for example, a network to prevent a hacked or rogue computer from communicating with other computers.
Embedded systems, usually, aren’t like PCs. A weather station at a remote location may have strangers poking at it without anyone noticing. Also, that remote computer might be expected to be working for many more years than a typical laptop or desktop computer.
This leads to a variety of security concerns that TPM 2.0 attempts to mitigate. For example, it is unreasonable to think a typical attacker might connect a logic analyzer to your PC, but for an embedded system, it is easier to imagine. There is a session-based encryption to protect against someone simply snooping traffic off the communication bus. According to the post, not all implementations use this encryption, however.
Motherboard has a slot for TPM, but no board? We’ve seen people build their own TPM boards.
Title image by [] CC BY-SA-4.0
Bitlocker is probably the most notable example of a technology not using session encryption. Because of this, it is susceptible to bus sniffing attacks.
From the article “it is unreasonable to think a typical attacker might connect a logic analyzer to your PC” Indeed the article emphasizes how a “security feature” might be a big hindrance, as an example in re-purposing consumer hardware. I can’t help but think after this that a lack of session encryption can be a feature, rather than a bug.
One of the nicest feature of a TPM plugin is I believe it can maintain the keys between motherboard (within same TPM compatibility) and OS updates.
Changing your CPU or Motherboard or even flashing the bios on your motherboard invalidates your fTPM.
I’m not sure how much change a dTPM can stand but that alone is worth it.
All your windows hello, bitlocker, passkeys etc are gone the moment you sneeze at a fTPM.
I never understood this TPM stuff, it can’t protect against the usual vector (sales rep clicking on a fishy email link, crypto locker etc), it only protects against bootloader or firmware modification… Which literally no maleware ever targets.
What is it for really?
My simplistic understanding is it ties the storage media, the encryption of that media, and the mobo together. It supports UEFI too. From a information assurance perspective, it prevents easy hijacking of hard drives from systems and subsequent exploitation of that media on a different host computer without knowledge of the full bitlocker keys. It has no role to play in endpoint protection or preventing malware, it’s only involved in detecting significant change to the operating environment that suggests that the media may have been stolen or compromised.
I believe it’s very good at telling windows that you’ve changed your computer too much and therefore should buy a new license…
That isn’t exactly true, in that yes it can be a part of the chain to protect against those things, even if Windows does not avail itself of that by default.
For example, the tpm can ensure my bootloader of choice is the only one that can load. My bootloader can ensure my choice of kernel/os is the only one that can boot. I can lock down that OS so only executables of my choice can run.
I would not take the time to obtain some malware exe and sign it with my private key or add its hash to the allow list. Thus, it won’t run.
I can even hand the computer over to you and be mostly assured of this.
You can’t boot from usb to access the disk, so you can’t get at the OS files nor modify the system by adding malware to it.
You can’t transfer my computers boot disk to another computer and do anything with it, as half the encryption key to the drive is in the tpm.
It’s even a decent block to keep you from simply wiping the HD (which you can do putting it in another pc) and installing a fresh copy of windows. It won’t boot it, only a bootloader and kernel signed by me can be installed.
Recently I had ended the contract I had doing warranty repair work and since one of the companies we did was HP we had a bunch of little programs that you would boot into and one of them was for complete control of the TPM module where I could change it wipe it upgrade it. It was a real benefit that it turned out to work for every computer that I used it on and not just HP.
Regarding: “What is it for really?”
TPM combined with the end of Windows 10 ensures that (at least) millions of people are required to throw perfectly fine hardware onto the trashheap effectively forcing them to buy new hardware with only the promise of creating a safer system. So in short, TPM will ensure a short term boost of sales. And when everybody has bought this TPM supported hardware and sales decline they introduce a “better” TPM and everything starts all over again… keep repeating for max. profit.
Maybe people will be “required” to install Linux in the same manner? And for those not aware you can install Windows 11 in a VM providing a virtualized TPM. So, no not everyone is “forced” to buy new hardware.
I am surprised nobody has released a low profile hypervisor which has the sole purpose of bootstrapping windows 11 with a vTPM. Too much work for too little gain Insuppose
Maybe not actually forced, but for many people what is barely an inconvenience for this community is insurmountable.
You can also just install Windows 11 without a TPM, with some minimal and automated tweaks. There’s no way in hell I ever enable that piece of insecure anti consumer crap on any of my machines.
Case in point: I managed to break into a company machine with the bitpixie exploit in 15 minutes. MS has fixed the exploit now, but it’s only a matter of time.
I suspect that the compatibility edge cases would be a real hassle. vTPM itself is widely supported by most hypervisors at this point(I think vmware gates it to ESX systems connected to vcenter servers; and hyper-v only offers it on the server version not the desktop variant; but if you are trying to run win11 on hardware that doesn’t meet its requirements you probably don’t care about either of those; and your odds of getting PCIe passthrough working are surprisingly good even on random consumer gear(though often not that good; in the futzing I did with the unscientific sample of hardware I was able to get my hands on easily the odds were excellent that at least something would PCIe passthrough just fine but, especially on laptops, certain passthrough arrangements would freak the system out and bring it down hard.
If you just wanted a virtual GPU windows VM that only supported USB devices of types that had a passthrough abstraction that was no problem. If you wanted just a dedicated GPU and one USB expansion card so that the wintendo could share a motherboard and CPU and RAM with other stuff; normally doable; but it was not a fiddling-free process and the closer you tried to get to passthrough of all NICs, webcam, USB controllers, etc. the higher the odds that you’d break something a user might expect.
What I would be very, very, curious to know is how MS, and others, would respond to nontrivial numbers of vTPMs. TPMs, behaviorally, aren’t super complex and prodution-ready vTPMs are available; but you can’t fake the embedded certs: not an issue if Google’s VM orchestration is using vTPMs that they expect to have Google-issued certs for boot attestation stuff; but ‘normal’ equipment is implicitly assumed to have a TPM with an embedded cert from one of the companies that makes TPMs, or Intel or AMD for fTPMs.
If your TPM use case is genuinely about your hardware proving things about its state to you; that’s one case: vTPMs with your own certs are fine; but if you are dealing with someone whose ‘trust’ in TPMs is substantially derived from the fact that the ones you can buy from TPM vendors follow TCG specs; they will probably be unimpressed if the EKcert chains to some self-signed thing that’s not on the list.
I don’t believe MS has said anything about their stance on things like “Hello” authentication or intune enrollment of devices with atypical platform certificates; but I suspect that anyone interested in DRM or anti-cheat is, whether implicitly or explicitly, expecting the (unsystematic; but fairly limited) list of roots you’ll find among people who actually ship TPMs to OEMs in some quantity; and will react poorly to oddballs.
TPM can be connected to the SMBus often found on the M2 Wifi connector,
so upgrading older hardware is not impossible.
But Windows 11’s minimum CPU requirement is a recipe for e-waste,
The good thing is that there’s no 32-Bit x86 version of Windows 11 anymore! Hurray! 🥳🎉
Back in the 2000s, when XP was still current, some of us programmers wanted to switch to 64-Bit programming (x86_64, not Itanium).
To overcome the increasing limitations of the 32-Bit world.
But Windows Vista and later kept providing x86 versions of Windows, which we had to continue to support. 😥
Unfortunately, if 32-Bit versions of appplications exist, it’s hard to justify the better 64-Bit applications at same time!
Which meant that we threw the towel and had to stay on 32-Bit land.
The problem of both x86 and x64 Windows also meant that development of 64-Bit drivers was slowed down.
Instead of making a switch to 64-Bit, manufacturers of hardware/software simply pointed to 32-Bit editions of Windows.
I’m glad Windows 10is dead. It deserves it. It killed Windows 7!
It’s simpler than that – Microsoft and the manufacturers wanted to drop their aging security liabilities.
The hardware is “perfectly fine” for you, but inconvenient for them to support.
Rufus and FLYOOBE take care of that problem and prevent eWaste. Hopefully M$ will learn from this mess and will ease off in Win12. Remember that every other Win O/S is a good one and we are the guinea pigs. What they need to do is stop this update problem of breaking things. However, the tech sector is seeing more corporate controls than ever. M$ wants every computer with an M$ account/cloud/Recall and HP and Epson rolled out firmware updates to block refilled or clone cartridges. The printer industry dynamic has flipped from cheap printers and expensive ink costs to overpriced printers and less expensive ink (ie. Eco Tanks).
Do look into “Flyby” /”Flyoobe” installation systems. They bypass all that and install the identical server version provided there is minimal hardware available. Worked on 3 out of 4 of my machines (#4 was a boat-anchor Pavilion 7 from 2009), though I eventually put another of those into Linux Mint XFCE.
https://github.com/builtbybel/FlyOOBE (Not connected with them at all)
How differs this from the 80s or 90s, exactly?
Back in the 90s my 286 PC could run Windows 3.1x in Standard-Mode just fine,
but I could not install then-new Windows 95 on it because it required i386 instructions set a 32-Bit Protected Mode/V86.
But it I do complain? No! I’ve kept Windows 3.1x on it and accepted reality.
I simply used a different PC if I needed Windows 95 to run certain applications.
Outside of professional environments (datacenters, civil infrastructure, billion-dollar businesses), TPM does one functional thing: makes it nearly impossible for you to acquire any of your data if your computer dies greatly incentivizing the usage of a cloud-based backup solution, thereby coercing average users into mindlessly uploading their private data to a cloud where it can then be scraped and sold for profit. It was no coincidence that OneDrive and Recall magically appeared as “features” the same time as TPM was also required – it was planned. They got the idea from cell phones, if you’re wondering.
OneDrive and Recall have nothing to do with TPM.
OneDrive was around in the era of Windows Vista and isn’t dependent on any hardware security features.
It can be used for backup when Bitlocker or full disk encryption are enabled, but those are not enabled by default. So yes, you can lose all your data if you enable full disk encryption.
Microsoft can’t sell user data from OneDrive. That is, quite literally, illegal. I can understand the argument that Microsoft pressures users into a subscription ( who has less than 5gb of data? ) but let’s not waste time pretending Microsoft would risk putting themselves in that legal position.
Recall is dependent on Neural Processing Units ( NPUs ), which are entirely unrelated to TPM. Recall does require that full disk encryption ( or Bitlocker ) be enabled for security so it is dependent on the TPM in that way.
Bitlocker is enabled by default, even on a local account on home edition, on windows 11 now.
To assume the biggest companies in the world are afraid to break the law is pure folly. All they have to do is bury an arbitration clause on page 50 of the eula and you then have no legal right to sue them for anything. And even if you do manage to get any law suit, they’ll lock it up in litigation for 5 to 10 years, making billions from the infraction during that time, just to be fined a couple million, if anything at all. Let’s face facts: there aren’t much in the way of laws for the biggest companies. Everything is legal for a price. Also in line with the TPM discussion, it is also a fingerprinting technology. If you ever login to M$ systems with a tpm active, they know THAT computer is tied to THAT account forever after. Its a back door into your system. Its not for your security, it’s for theirs
Passkey technology uses a TPM. Other “roots” are possible but TPM is the primary.
I did an article about extracting Bitlocker keys and decrypting a disk using a logic analyzer https://lucasteske.dev/2024/01/tpm2-bitlocker-keys – its sad that its so easy to break disk encryption on windows because they dont think physical access is an attack vector :(
(PS: I already did this attack during a physical pentest on a company, very succesfully, so physical SHOULD be an attack vector)
One reason industry is behind TPM is that it helps support digital rights management (https://www.schneier.com/blog/archives/2008/05/tpm_to_end_pira.html, https://ieeexplore.ieee.org/document/5283799). Just as printers and scanners now can sense attempts to copy currency at a firmware level, TPM can help make a PC that cannot be modified to pirate media.
Whether that is a good thing or not depends on ones point of view. Personally, I was dismayed when Amazon removed already-purchased copies of 1984 from users’ Kindles. Big brother is watching you.
I don’t want to defend Amazon, but they did refund any money spent on 1984, and I don’t know if they could instead have just compensate the publisher who didn’t give permission to distribute the ebook in the first place -certainly that would have been better for the consumer.
I’m a bit dismayed the comments here are mostly about Windows and not the embedded space at all. I suppose few hardware hackers have run into TPM issues yet, and everyone has an opinion on TPM and encryption in PCs, so the thread was doomed to get sidetracked.
You want a pretty good idea how to secure communications with a TPM look at the stuff they added to the 6.10 kernel. It looks like about as good as you can get without running a self test on every boot.
I wish they’d go back to the good old days, where my backups where not encrypted and i could actually browse the folder.
You never had visit of a burglar that stole your external HDD/USB drive or smartphone, right?
I tell you, it’s not fun. It’s not about lost pictures or save files of some games, but about stolen identity.
There are mean guys out there that know no respect and honour.
They take advantage of every bit they can, break in at daylight..
I’d rather that be my choice than a corporation’s for me.