TPM interactions over a physical bus (SPI, I2C, etc) can currently be protected against passive interposers with TPM sessions. However, this mechanism is vulnerable to attacks which can send/modify/drop packets going over the TPM bus.

As server designs in data centers become more modular, these types of attacks become increasingly simple for an attacker to pull off. With less than $30 of equipment, TPMs on modern servers can be compromised via bus interposer attacks. This talk will introduce the different variants of this style of attack and why you should care.

Additionally, we will look at how we can use a DICE-as-a-Service API in the CPU to bootstrap protocols to protect this channel in a way that can be verified by remote attesters.