2024-09-03 –, Main Room
Discrete TPMs are tamper resistant physical devices containing a cryptographic coprocessor with on-chip secret storage and system state attestation functionality. While making the direct extraction of root key material using physical and electrical means rather difficult, when integrated into systems to provide secret storage, their nature of being external to the main processor opens up these systems to a different class of practical attacks.
Most well-known attacks against such systems target the bus between the processor and the TPM using passive sniffing and active interposer techniques (e.g. TPMGenie). In addition to discussing the continued effectiveness of well-known attacks, this talk will highlight a series of less well-known, but still highly practical attacks that focus on subverting the TPM’s knowledge of system state, either via physical means or by taking advantage of software mistakes.
These attacks include the recently disclosed “TPM GPIO fail” vulnerability that subverts the TPM’s knowledge of system state purely from software, allowing a software attacker in control of a system in any state to extract secrets sealed by “trusted” operating systems.
Mate is a software engineer passionate about building a more secure and reliable computing experience by bringing free and open source to the lowest levels of the software stack.
He has been a contributor to the coreboot project for the last few years, working on retrofitting coreboot to various pieces of existing hardware.
He is currently a maintainer of the bootloader stack and UEFI Secure Boot support in a major Linux distribution.