Home page logo

dailydave logo Dailydave mailing list archives

Re: CSI 2008 Redux
From: Matthijs Koot <matthijs () koot biz>
Date: Wed, 26 Nov 2008 13:52:24 +0100

Hi RB,

RB wrote:
Leaving the trust issue alone, I find it entirely regrettable that so
many seem to have blindly swallowed the "Right to Read" hype and
simply assume TPM chips are evil insilicate.  I detest DRM & Big
Brother as much as your garden-variety Libertarian, but while trying
to solve the very difficult physical presence security problem a
couple of years ago, I decided to try to examine them for what they
are.  Needless to say, I was surprised: although TPM chips certainly
could provide the building blocks to do what we all fear, they're
generally quite benign, more analogous to an integrated smartcard than
an evil overlord's rootkit.

You mention that you were looking at TPM "while trying to solve the
(...) physical presence security problem". Although you didn't claim
that TPMs provide any solution there, I'd like to emphasize (for other
readers) that according to the TCG-specs, TPM is not designed to protect
itself against non-"simple" hardware attacks:

"The commands that the trusted process sends to the TPM are the normal
TPM commands with a modifier that indicates that the trusted process
initiated the command. The TPM accepts the command as coming from the
trusted process merely due to the fact that the modifier is set. The TPM
itself is not responsible how the signal is asserted; only that it
honors the assertions. The TPM cannot verify the validity of the
modifier. (...) The assumption is that to spoof the modifier to the TPM
requires more than just a simple hardware attack but would require
expertise and possibly special hardware."
(source: page 86 of the "Design Principles", TCG TPM Specification
Version 1.2 Revision 103)

So 1) being able to manipulate the (locality) modifier is bad, and
2) TPM only provides modest protection against attacker's with physical
access. The TCG-people confirm this: TPM is intended to protect against
software-based threats (which it may not do very effectively, as
Joanna's post suggested, as long as integrity checks can only be done at

association.  It is _just_ a [presumed] secure cryptography facility
that supports a wide variety of functionality.

Although you didn't claim the opposite, it may be useful to mention that
the TPM does not directly expose an interface to its encryption
capabilities: TPM does not (yet?) give us general-purpose
hardware-accelerated encryption. I'm not sure about hashing and signing.

Btw, it is interesting to see TPM being discussed so gentle and
reasonable on this list. Perhaps everyone's anticipating TPM to become a
new fun target for pentesting :)

The book "A Practical Guide to Trusted Computing" (David Challener et
al., 2008) makes a nice read.

Dailydave mailing list
Dailydave () lists immunitysec com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]