• Shadow
      link
      fedilink
      English
      105
      edit-2
      4 months ago

      Watch the video. It just means external to the CPU, not an external device.

      They demo the attack on a Lenovo laptop in the first minute of the video.

      Edit: nm I just realized that was a 10 year old laptop and they’re in all the modern procs. I’m a lot less impressed now.

      Sounds like intel has external and amd internal with their ftpm?

      • Lazarus
        link
        fedilink
        524 months ago

        Many systems still use discrete tpms. Just because the CPU has a virtual tpm function doesn’t mean it’s used

      • Lee DunaOP
        link
        English
        284 months ago

        fTPM has a bug, don’t know if it’s fixed

        https://www.techspot.com/news/93684-amd-promises-fix-ftpm-issue-causes-stuttering-freezes.html

        Veracrypt also doesn’t recommend using encryption that relies on TPMs

        Some encryption programs use TPM to prevent attacks. Will VeraCrypt use it too? No. Those programs use TPM to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer, and the attacker needs you to use the computer after such an access. However, if any of these conditions is met, it is actually impossible to secure the computer (see below) and, therefore, you must stop using it (instead of relying on TPM).

        If the attacker has administrator privileges, he can, for example, reset the TPM, capture the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer).

        https://veracrypt.eu/en/FAQ.html

        Let’s assume the attackers were law enforcers

    • Toes♀
      link
      fedilink
      English
      154 months ago

      It’s fairly common in business devices before 8th gen Intel.

    • Shurimal
      cake
      link
      fedilink
      14 months ago

      The MSI mini-PC-s for office/business use have separate TPM modules on their mobos. I wouldn’t be surprised if other mfg-s do this too.

  • @[email protected]
    link
    fedilink
    English
    58
    edit-2
    4 months ago

    I thought the point of the TPM was that the keys would be kept internally to the TPM at all times and that any data lanes would only be used for transferring payload. Why are they sending keys between the TPM and the CPU?

    • @[email protected]
      link
      fedilink
      English
      334 months ago

      There are some functions like that, like Passkey signing. For Bitlocker, the encryption/decryption key is transferred to the CPU (and RAM) in order for it to operate. The problem described here has been around for a while, but putting it on a key like that makes the attack method available to “everyone”. There has been a solution for a while too: 1) put in pre-boot Bitlocker PIN, and 2) use integrated TPM like the article mentions.

    • @[email protected]
      link
      fedilink
      English
      144 months ago

      Because the CPU has to decrypt the bulk of the data coming from the disc. And it needs a key to do that. Unless we route all traffic through the TPM to decrypt the disc. The CPU needs a key to do that

      • @[email protected]
        link
        fedilink
        English
        24 months ago

        Surely some smart key exchange algorithm could be used for that, e.g. the CPU provides a public key to the TPM and the TPM encrypts the symmetric disk key with that public key. Similar to how TLS works.

        • @[email protected]
          link
          fedilink
          English
          74 months ago

          The private key would have to stored in clear text somewhere. Potentially if you had non volatile space on cpu that to store the private key, that might work. But if you’re going to do that, might as well just use an ftpm.

          • @[email protected]
            link
            fedilink
            English
            14 months ago

            Why not store it directly in the TPM, if that’s the device that will do that initial decryption?

            • @[email protected]
              link
              fedilink
              English
              14 months ago

              You can’t do that since vulnerability is the connection between the TPM and the CPU, you need to encrypt that path.

              • @[email protected]
                link
                fedilink
                English
                24 months ago

                Pretty sure they meant if you need to keep a persistent public/private pair you can keep them in the tpm and initiate the exchange from there

                • @[email protected]
                  link
                  fedilink
                  English
                  14 months ago

                  That’s correct. I’m guessing if it hasn’t been implemented yet, then there is some technical roadblock I’m currently missing.

              • @[email protected]
                link
                fedilink
                English
                24 months ago

                The TPM comes out from the factory with a private key stored in it. The CPU has the public key.

                You turn on the laptop for the first time, and the communication between the CPU and the TPM is encrypted from the start.

                That’s what I’m referring to. Can’t this be done? I’m guessing it’s not that easy because I’m sure computer designers have already considered this idea.

          • @[email protected]
            link
            fedilink
            English
            14 months ago

            Right and not to mention pairing the cpu and tpm for key exchange to avoid mitm attacks…

            • @[email protected]
              link
              fedilink
              English
              14 months ago

              What do you mean by that? Generate a new private/public key pair every time you setup a new TPM? Or when you boot the system or something?

              • @[email protected]
                link
                fedilink
                English
                1
                edit-2
                4 months ago

                On each connection. Or boot. Whenever you need

                Edit: to be clear, this would still be vulnerable to mitm attacks without a user entered password on top but at least you can’t just read the secrets from the bus. E2: And having a password wouldn’t be fully secure without such a scheme neither

  • peopleproblems
    link
    fedilink
    English
    494 months ago

    Very end of the article explains you need access to the TPM communication hardware, which no longer occurs external to Intel and And cpus

    • massive_bereavement
      link
      fedilink
      204 months ago

      To *newer Intel and AMD cpus and only certain models.

      There’s a lot of current hardware that uses embedded TPMs. It also depends on the communication path between the CPU and the module, but chances are it will be clear text and in some, via LPC.

    • @[email protected]
      link
      fedilink
      English
      10
      edit-2
      4 months ago

      So offline (external) bitlocker drives that are unlocked with the key only.

      Or internal bitlocker drives that are unlocked with AMD fTPM are excluded from this exploit?

    • @[email protected]
      link
      fedilink
      English
      94 months ago

      Should be noted that if a password is asked to decrypt the drive it also doesn’t work.

  • @[email protected]
    link
    fedilink
    English
    304 months ago

    Question: if I have an bitlocker encrypted SSD in a modern computer with embedded TPM, can I move this SSD to an old computer with external TPM to sniff the cod this way? Be gentle. I am dumb. Thanks.

    • @[email protected]
      link
      fedilink
      English
      224 months ago

      “Sniff the cod” This is a typo right? I don’t know any better, but I had a good laugh.

    • @[email protected]
      link
      fedilink
      English
      194 months ago

      Not unless you entered your recovery code to unlock it on the old computer with the external tpm.

    • @[email protected]
      link
      fedilink
      English
      64 months ago

      Nope. As soon as you move the disk to your second system/TPM, you lose any ability to decrypt it at all.

          • @[email protected]
            link
            fedilink
            English
            24 months ago

            For LUKS user set the key; for bitlocker, I believe the key is automatically uploaded to either your Microsoft account or you system admin’s account.

            • @[email protected]
              link
              fedilink
              English
              24 months ago

              Sure LUKS will do what you tell it. Bitlocker will do what it wants and just use the TPM unless you jump through a bunch of group policy edits and such. But you are correct, I had forgotten it does give you the option to backup the key to a txt file during the installation or initial encryption process :)

    • @[email protected]
      link
      fedilink
      English
      36
      edit-2
      4 months ago

      LUKS is still vulnerable to this attack if you enable autodecrypt using TPM. This attack is based on the vulnerability that the CPU and TPM communicates uses plain text. And it is a pretty common attack against TPM:

      https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network

      SPI is a communication protocol for embedded systems and is extremely common amongst virtually all hardware. Due to its simplicity, there is no encryption option for SPI. Any encryption must be handled by the devices themselves. At the time of this writing BitLocker does not utilize any encrypted communication features of the TPM 2.0 standard, which means any data coming out of the TPM is coming out in plaintext, including the decryption key for Windows

      And apparently Linux is not doing too hot on this regard either:

      https://www.secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-targets

      As we can see, parameter encryption simply isn’t used in practice, and except for safeboot none of the solutions enforce PIN/MFA by default.

      However, this attack is not viable for device with firmware based solution, like fTPM, Microsoft Pluton, secure enclave etc. in these case TPM is part of the cpu, hence have no exposed pins to sniff their connection.


      So if you don’t want people with physical access to your computer (a thief or a evil maiden) to access everything on your disk, don’t setup TPM auto decrypt.

        • @[email protected]
          link
          fedilink
          English
          74 months ago

          CPU doesn’t have any secure storage, so it can’t encrypt or authenticate comms to the TPM. The on-CPU fTPMs are the solution, the CPU then has the secure storage.

          • @[email protected]
            link
            fedilink
            English
            24 months ago

            That make sense, CPU has no place to store private keys, since that is the functionality of TPM…

            Unless there is a firmware solution, which defeats the purpose of a standalone tpm.

    • @[email protected]
      link
      fedilink
      English
      15
      edit-2
      4 months ago

      I wondered why LUUUUUKS didnt use the TPM, why do i have to put my password in… this is absolutely why.

      Edit: fixed spelling of LUUUUUKS

      • @[email protected]
        link
        fedilink
        English
        4
        edit-2
        4 months ago

        Also yes you can, I wouldn’t recommend it though. Maybe in addition to your password though.

        Wait until you see Dracut and Tang.

  • @[email protected]
    link
    fedilink
    English
    94 months ago

    Finally, we can install Linux on your corporate pc or grab some RAM from it 😂😂😂

  • @[email protected]
    link
    fedilink
    English
    34 months ago

    Lol, Tom’s hardware is allowed on lemmy? It’s like the fox news of the tech world.

    Clickbait as usual.

    • BaroqueInMind
      link
      fedilink
      294 months ago

      Bit locker is a password controlled drive encryption. Am I being dumb or are you seriously saying that?

      • @[email protected]
        link
        fedilink
        English
        23
        edit-2
        4 months ago

        I guess they mean use the password as part of the encryption key, or encrypt the key with the password. Bitlocker doesn’t use the user’s password in that way, which is why it can boot an encrypted system without user interaction. That part always seemed very sketchy to me.

          • @[email protected]
            link
            fedilink
            English
            34 months ago

            Thanks, that sounds really useful. I’m guessing it won’t work unless you’re local admin though.

            • @d3Xt3r
              link
              English
              44 months ago

              Yep, you’ll need local admin of course.

              • @[email protected]
                link
                fedilink
                English
                1
                edit-2
                4 months ago

                Which kind of makes it useless in many corporate environments where it’s most needed, since the users won’t be able to set their own password.

                • @d3Xt3r
                  link
                  English
                  44 months ago

                  I mean, if it’s a corporate device then it’s really a policy IT should be setting - this can be easily be done via a GPO or Intune policy, where an elevated script can prompt the end-user for a password.

    • Shadow
      link
      fedilink
      English
      294 months ago

      You’re being downvoted because this is a hardware problem and not Microsoft’s fault.

      Just look at the Xbox one mod chip scene and you’ll see MS can do security perfectly well.

      • Refurbished Refurbisher
        link
        fedilink
        English
        44 months ago

        Yeah. I hate Microsoft as a company, and I hate how they inject advertising, inconsistent design, no good centralixed package manager (TBF, they’re fixing that with winget, but only kind of; not sure if there’s a way to add additional repositories), etc.

        But they do have damn good security. After the OG Xbox became the legendary homebrew console that it did, Microsoft beefed up security massively with the Xbox 360’s software. What they didn’t do quite as well was beef up hardware security, although the last model of the Xbox 360 (Winchester) has yet to be hacked. The JTAG hack was patched with a firmware update, but then it was found that through a timed glitching attack, you could force memcmp to return true, and if the timing is off, you can reboot the console via glitcher chip or SMC if using RGH 3 and try again.

        With the Xbox One, there was a priviledge escillation bug in Dev Mode that to this day has been pretty underutilized, but other than that, it’s been fairly rock solid. There is another point to why, though. Microsoft realised the power of homebrew, especially after Sony made the mistake of removing OtherOS from all PS3 models, and then it got hacked shortly after. So they included (sold you) a way to run UWP apps using a sandboxed environment called Dev Mode. This leaves less of a desire for hackers to attempt exploiting the console’s retail mode, since they have almost the same resources that games have (still weaker, though).

        • Shadow
          link
          fedilink
          English
          64 months ago

          Nope. Never. It’s pretty impressive.

          • m-p{3}
            link
            fedilink
            English
            24 months ago

            IIRC AMD is inplementing it in their Ryzen 6000 CPUs.

        • @[email protected]
          link
          fedilink
          English
          64 months ago

          Not the Xbox One. The 360 had some wild mod chips back in the day, which actually required drilling into the CPU at a specific spot to cut some internal contacts. Basically, the 360 used a physical connection between two pins on the CPU for security. So the modchip required drilling into the CPU, to sever that connection and allow the modchip to inject its own code instead. That’s when MS (mostly) realized that relying on physical connections for security was a bad idea, because an end user has physical access to the device.

    • Lee DunaOP
      link
      English
      10
      edit-2
      4 months ago

      You are not really wrong, TPM was designed by Trusted Computing Group consisting of big tech companies like M$, IBM, AMD, Intel, Cisco and HP.