Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Retr0id 3 hours ago

Something I've never understood about TPM attestation, is what happens if you plug the TPM into a microcontroller and give it all the same measurements that it would normally receive during a normal boot? Would that let you spoof attestations?

g_p 2 hours ago | parent | next [-]

Yes, you should be able to. In essence, the state of the TPM is represented in the values of the PCRs (Platform Configuration Registers). Those are hash-extended through the boot process.

You can create a key or similar attribute which has an unlock policy based on those PCR values. If you play back the log of PCR write events from first principles (the log can be captured for debug purposes), you'll put the TPM into the same state and should be able to use anything protected by the respective policy.

For attestation, I presume you're thinking about sending an attested PCR quote - in that case, the TPM uses a non-extractable key to sign the current PCR states. As you can put the PCRs into the "correct" state, you'd be able to get a signed attestation the system is in that state.

pitched 2 hours ago | parent | prev [-]

TPM-only saves you against someone pulling your drive. Probably more than enough for a USB drive. Enable startup PIN if you’re worried about someone grabbing the whole laptop.

codedokode 2 hours ago | parent | next [-]

I think it does not make much sense to protect the USB drive, as you won't be able to access it from another computer which is what USB drives are for. It makes sense to protect interval drives, but it is unlikely that someone would remove the drives and leave an expensive laptop to the owner.

pitched an hour ago | parent [-]

I think of TPM-only more like a privacy lock than a deadbolt.

An encrypted external drive though works like a safe. Put things in there you want to keep safe but don’t need every day. Air gapped while not in use makes it even more safe.

2 hours ago | parent | prev | next [-]
[deleted]
Retr0id 2 hours ago | parent | prev | next [-]

I'm asking about TPM attestation in general, not Bitlocker

dlgeek an hour ago | parent [-]

Yes.

Some modern CPUs have moved the TPM inside the CPU itself. But traditionally, TPMs were attached via the LPC (low pin-count) bus, and you could absolutely sniff them or de-solder them and arbitrarily MiTM.

2 hours ago | parent | prev [-]
[deleted]