Protecting TPM Commands from Active Interposers
09-19, 13:45–14:15 (Europe/Stockholm), Main Room

TPM interactions over a physical bus (SPI, I2C, etc) can currently be protected against passive interposers with TPM sessions. However, this mechanism is vulnerable to attacks which can send/modify/drop packets going over the TPM bus.

As server designs in data centers become more modular, these types of attacks become increasingly simple for an attacker to pull off. With less than $30 of equipment, TPMs on modern servers can be compromised via bus interposer attacks. This talk will introduce the different variants of this style of attack and why you should care.

Additionally, we will look at how we can use a DICE-as-a-Service API in the CPU to bootstrap protocols to protect this channel in a way that can be verified by remote attesters.

See also: Slides (636.0 KB)

Jordan is a Software Engineer at Google, working on boot attestation for data center machines. Jordan works on firmware for Google's Titan Root of Trust chip and spends a lot of time thinking about root of trust APIs, key management, and on-machine security protocols.