hngopher.com

       [HN Gopher] TCG TPM2.0 implementations vulnerable to memory corr...
       ___________________________________________________________________
        
       TCG TPM2.0 implementations vulnerable to memory corruption
        
       Author : todsacerdoti
       Score  : 43 points
       Date   : 2023-02-28 20:31 UTC (2 hours ago)
        
 (HTM) web link (kb.cert.org)
 (TXT) w3m dump (kb.cert.org)
        
       | mcint wrote:
       | In a way, this is a nice balance for everyone (:P / /s / I'm
       | sorry to say). Corporate interests get "good effort" security,
       | almost something you could legal distinguish and prosecute for
       | bypassing. And hobbyist users get repeatable workarounds.
       | 
       | It's impressive in attempted scope. I imagine this doesn't affect
       | google's chromebook boot chain. It's really hard to coordinate
       | across vendors.
        
       | londons_explore wrote:
       | It took 4 years to notice a memory corruption bug in the
       | reference implementation of the main security solution deployed
       | in 1 billion+ computers...
        
         | encryptluks2 wrote:
         | [dead]
        
       | azalemeth wrote:
       | Interesting article if light on technical detail. I wonder how
       | long until this becomes used for either (a) DRM key extraction
       | (Good!) (b) horrible, semi-permanent rootkits, (c) for unwitting
       | fde key extraction scheme, or (d) to further push Microsoft's
       | uber-DRM-HSM Pluton even further.
        
         | cryptonector wrote:
         | Most TPM chips are unaffected. Those that are will get new
         | firmware. Virtual TPMs _are_ affected because those are
         | implemented using a TPM simulator based on the TCG code that
         | has this bug. In all cases any compromise should be of the
         | local host, not of other things unless those things are
         | accessed using keys stored on the affected TPM. In any affected
         | cases where the TPM can be replaced then the simplest recovery
         | method starts with replacing the TPM and rebuilding the host
         | then re-running any enrollment protocols that need to be re-
         | run, otherwise flashing a compromised TPM while running on a
         | system that can have been rootkitted is a problem.
        
       | WirelessGigabit wrote:
       | Hard to gage whether on Windows one has access to these APIs
       | without being an Administrator.
        
         | Cyph0n wrote:
         | I'm a total security noob, but I'd wager that privilege
         | escalation is a piece of cake relative to key extraction from a
         | TPM.
        
       ___________________________________________________________________
       (page generated 2023-02-28 23:00 UTC)