TPM

7 Articles

This Week In Security: TPM And BootGuard, Drones, And Coverups

May 12, 2023 by 17 Comments

Full disk encryption is the go-to solution for hardening a laptop against the worst-case scenario of physical access. One way that encryption can be managed is through a Trusted Platform Module (TPM), a chip on the motherboard that manages the disk encryption key, and only hands it over for boot after the user has authenticated. We’ve seen some clever tricks deployed against these discrete TPMs, like sniffing the data going over the physical traces. So in theory, an integrated TPM might be more secure. Such a technique does exist, going by the name fTPM, or firmware TPM. It uses a Trusted Execution Environment, a TEE, to store and run the TPM code. And there’s another clever attack against that concept (PDF).

It’s chip glitching via a voltage fault. This particular attack works against AMD processors, and the voltage fault is triggered by injecting commands into the Serial Voltage Identification Interface 2.0 (SVI2). Dropping the voltage momentarily to the AMD Secure Processor (AMD-SP) can cause a key verification step to succeed even against an untrusted key, bypassing the need for an AMD Root Key (ARK) signed board firmware. That’s not a simple process, and pulling it off takes about $200 of gear, and about 3 hours. This exposes the CPU-unique seed, the board NVRAM, and all the protected TPM objects.

So how bad is this in the real world? If your disk encryption only relies on an fTPM, it’s pretty bad. The attack exposes that key and breaks encryption. For something like BitLocker that can also use a PIN, it’s a bit better, though to really offer more resistance, that needs to be a really long PIN: a 10 digit PIN falls to a GPU in just 4 minutes, in this scenario where it can be attacked offline. There is an obscure way to enable an “enhanced PIN”, a password, which makes that offline attack impractical with a secure password.

And if hardware glitching a computer seems to complicated, why not just use the leaked MSI keys? Now to be fair, this only seems to allow a bypass of Intel’s BootGuard, but it’s still a blow. MSI suffered a ransomware-style breach in March, but rather than encrypt data, the attackers simply threatened to release the copied data to the world. MSI apparently refused to pay up, and source code and signing keys are now floating in the dark corners of the Internet. There have been suggestions that this leak impacts the entire line of Intel processors, but it seems likely that MSI only had their own signing keys to lose. But that’s plenty bad, given the lack of a revocation system or automatic update procedure for MSI firmware. Continue reading “This Week In Security: TPM And BootGuard, Drones, And Coverups”

The TPM module that Viktor designed, inserted into the motherboard

TPM Module Too Expensive? DIY Your Own Easily!

May 4, 2022 by 76 Comments

Since Windows 11 has announced its TPM module requirement, the prices for previously abundant and underappreciated TPM add-on boards for PC motherboards have skyrocketed. We’ve been getting chips and soldering them onto boards of our own design, instead – and [viktor]’s project is one more example of that. [Viktor] has checked online marketplace listings for a TPM module for his Gigabyte AORUS GAMING 3 motherboard, and found out they started at around 150EUR – which is almost as much as the motherboard itself costs. So, as any self-respecting hacker, he went the DIY way, and it went with hardly a hitch.

Following the schematic from the datasheet, he quickly made a simple KiCad layout, matching it to the pinout from his motherboard’s user manual, then ordered the boards from PCBWay and SLB9665 chips from eBay. After both arrived, [viktor] assembled the boards, and found one small mistake – he designed a module for 2.54mm pin headers, but his motherboard had 2.0mm headers. He wired up a small adapter to make his assembled V1.0 boards work, and Windows 11 installed without any TPM complaints. He shows that he’s designed a new, V1.1 version with an updated connector, too, and published its (untested but should work) design files for us on GitHub. These modules can vary, by manufacturer and motherboard series, but with each module published, a bunch of hackers can save money – and get a weekend project virtually guaranteed to work out.

Regardless of whether the goal of running Windows 11 is ultimately worthwhile, it has been achieved. With scalpers preying on people who just want to use their hardware with a new OS, rolling your own TPM PCB is a very attractive solution! Last time we covered a DIY TPM module for ASrock server motherboards, we had a vivid discussion in the comments, and if you’re looking to create your own TPM board, you could do worse than checking them out for advice and insights!

Build A TPM Module For Your Server

April 6, 2022 by 60 Comments

One of the big stories surrounding the announcement of Windows 11 was that it would require support for TPM 2.0, or Trusted Platform Module, to run. This takes the form of an on-board cryptographic processor, which Microsoft claims will help against malware, but which perhaps more importantly for Redmond, can be used to enforce DRM.  Part of the standard involves a hardware module, and [Zane] has built a couple of them for ASrock server motherboards.

The chip in question is the Infineon SLB9965, which with a bit of research was found to map more or less directly to the pins of the TPM socket on the motherboard. The interesting thing here lies in the background research it gives into TPMs, and furthermore the links to other resources dealing with the topic. The chances are that most readers needing a TPM will simply buy one, but all knowledge is useful when it comes to these things.

Our weekly security roundup has been keeping an eye on the use of TPMs for a while, and has even shown us some ways that people have used to bypass the modules.

This Week In Security: Fail2RCE, TPM Sniffing, Fishy Leaks, And Decompiling

July 30, 2021 by 10 Comments

Fail2ban is a great tool for dynamically blocking IP addresses that show bad behavior, like making repeated login attempts. It was just announced that a vulnerability could allow an attacker to take over a machine by being blocked by Fail2ban. The problem is in the mail-whois action, where an email is sent to the administrator containing the whois information. Whois information is potentially attacker controlled data, and Fail2ban doesn’t properly sterilize the input before piping it into the mail binary. Mailutils has a feature that uses the tilde key as an escape sequence, allowing commands to be run while composing a message. Fail2ban doesn’t sanitize those tilde commands, so malicious whois data can trivially run commands on the system. Whois is one of the old-school unix protocols that runs in the clear, so a MItM attack makes this particularly easy. If you use Fail2ban, make sure to update to 0.10.7 or 0.11.3, or purge any use of mail-whois from your active configs. Continue reading “This Week In Security: Fail2RCE, TPM Sniffing, Fishy Leaks, And Decompiling”

Mount Sopris

Design A Microcontroller With Security In Mind

December 15, 2017 by 22 Comments

There are many parts to building a secure networked device, and the entire industry is still learning how to do it right. Resources are especially constrained for low-cost microcontroller devices. Would it be easier to build more secure devices if microcontrollers had security hardware built-in? That is the investigation of Project Sopris by Microsoft Research.

The researchers customized the MediaTek MT7687, a chip roughly comparable to the hacker darling ESP32. The most significant addition was a security subsystem. It performs tasks notoriously difficult to do correctly in software, such as random number generation and security key storage. It forms the core of what they called the “hardware-based secure root of trust.”

Doing these tasks in a security-specific module solves many problems. If a key is not stored in memory, a memory dump can’t compromise what isn’t there. Performing encryption/decryption in task-specific hardware makes it more difficult to execute successful side-channel attacks against them. Keeping things small keeps the cost down and also eases verifying correctness of the code.

But the security module can also be viewed from a less-favorable perspective. Its description resembles a scaled-down version of the Trusted Platform Module. As a self-contained module running its own code, it resembles the Intel Management Engine, which is currently under close scrutiny.

Will we welcome Project Sopris as a time-saving toolkit for building secure networked devices? Or will we become suspicious of hidden vulnerabilities? The researchers could open-source their work to ease these concerns, but value of their work will ultimately depend on the fast-moving field of networked device security.

Do you know of other efforts to add hardware-assisted security to microcontrollers? Comment below or let us know via the tip line!

[via Wired]

Image of Mount Sopris, namesake of the project, by [Hogs555] (CC-BY 4.0)

 

Remote PC Power Control Thwarts Button Pushers

December 19, 2015 by 21 Comments

Pervasive connectivity is a mixed blessing at best, especially when it creates the expectation that we’ll always have access to everything we need. When what you need is on your work or home PC, there are plenty of options for remotely accessing files using your phone. But if your roomie or the cleaning crew powers the machine down, you’ve got a problem – unless you’ve got a way to remotely power the machine back up.

[Ahmad Khattab]’s hack required getting up close and personal with his PC’s motherboard. A Particle Photon steals power from the always-on 3.3 volt line of the vacant Trusted Platform Module connector on his machine. Outputs from the Photon are connected to the motherboard’s power switch connection and a smartphone app drives the outputs and turns the machine on and off. As [Ahmad] admits, there are plenty of ways to attack this problem, including Wake-on-LAN. But there’s something to be said for the hardware approach, especially when a Photon can be had for $20.

Astute readers will note that we recently covered a very similar project using a Particle Core. Be sure to check that one out for a little more detail on using Particle’s cloud, and for some ideas on powering the module if your motherboard lacks a TPM port. In the meantime, enjoy [Ahmad]’s video.

Continue reading “Remote PC Power Control Thwarts Button Pushers”

TPM Crytography Cracked

February 9, 2010 by 36 Comments

Trusted Platform Module based cryptography protects your secrets as well as your government’s secrets.  Well, it used to. [Christopher Tarnovsky] figured out how to defeat the hardware by spying on its communications. This requires physical access so it’s not quite as bad as it sounds, but this does reach beyond TPM to many of the security chips made by Infineon.  This includes peripheral security chips for Xbox 360 and some chips used in cell phones and satellite TV.

[Christopher] revealed his hack during his presentation at Black Hat 2010. The method is wicked-hard, involving removal of the chip’s case and top layer, then tapping into a data bus to get at unencrypted data. The chip still has some tricks up its sleeve and includes firmware traps that keep a look out for this type of attack, shutting down if it’s detected. Infineon commented that they knew this was possible but regard it as a low threat due to the high skill level necessary for success.

[Thanks Greg]