Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
kotaKat 3 hours ago

Sniffing the TPM's been available for quite some time, actually - and quite cheap!

https://pulsesecurity.co.nz/articles/TPM-sniffing

The best way would be to arguably keep the key completely off the TPM and use remote attestation. There's some preboot products out there like WinMagic SecureDoc* that use a little Linux partition, spin up just enough to get a network connection up to a remote server, provide authentication services, and then send the Bitlocker key down, unlock the partition, and chainload onwards to Windows.

* I acquired an enterprise device on eBay and was VERY surprised to find this product on it as the preboot protector. Zero way to crack in from my end, so I applaud it. There's even some MFA solutions they offer around this! https://winmagic.com/en/solutions/mfa-windows-login/

Retr0id 3 hours ago | parent [-]

Something I've never understood about TPM attestation, is what happens if you plug the TPM into a microcontroller and give it all the same measurements that it would normally receive during a normal boot? Would that let you spoof attestations?

g_p 2 hours ago | parent | next [-]

Yes, you should be able to. In essence, the state of the TPM is represented in the values of the PCRs (Platform Configuration Registers). Those are hash-extended through the boot process.

You can create a key or similar attribute which has an unlock policy based on those PCR values. If you play back the log of PCR write events from first principles (the log can be captured for debug purposes), you'll put the TPM into the same state and should be able to use anything protected by the respective policy.

For attestation, I presume you're thinking about sending an attested PCR quote - in that case, the TPM uses a non-extractable key to sign the current PCR states. As you can put the PCRs into the "correct" state, you'd be able to get a signed attestation the system is in that state.

pitched 2 hours ago | parent | prev [-]

TPM-only saves you against someone pulling your drive. Probably more than enough for a USB drive. Enable startup PIN if you’re worried about someone grabbing the whole laptop.

codedokode 2 hours ago | parent | next [-]

I think it does not make much sense to protect the USB drive, as you won't be able to access it from another computer which is what USB drives are for. It makes sense to protect interval drives, but it is unlikely that someone would remove the drives and leave an expensive laptop to the owner.

pitched an hour ago | parent [-]

I think of TPM-only more like a privacy lock than a deadbolt.

An encrypted external drive though works like a safe. Put things in there you want to keep safe but don’t need every day. Air gapped while not in use makes it even more safe.

2 hours ago | parent | prev | next [-]
[deleted]
Retr0id 2 hours ago | parent | prev | next [-]

I'm asking about TPM attestation in general, not Bitlocker

dlgeek an hour ago | parent [-]

Yes.

Some modern CPUs have moved the TPM inside the CPU itself. But traditionally, TPMs were attached via the LPC (low pin-count) bus, and you could absolutely sniff them or de-solder them and arbitrarily MiTM.

2 hours ago | parent | prev [-]
[deleted]