Documenting the proposal for TPM 2.0 security in the face of bus interposer attacks
Ken Goldman
kgold at linux.ibm.com
Mon Dec 10 16:33:04 UTC 2018
On 11/19/2018 12:34 PM, James Bottomley wrote:
> 2. At some point in time the attacker could reset the TPM, clearing
> the PCRs and then send down their own measurements which would
> effectively overwrite the boot time measurements the TPM has
> already done.
> [snip]
> However, the second can only really be detected by relying
> on some sort of mechanism for protection which would change over TPM
> reset.
FYI: TPM 2.0 has a resetCount that can be used to detect, but not
protect against, this attack.
> Every TPM comes shipped with a couple of X.509 certificates for the
> primary endorsement key. This document assumes that the Elliptic
> Curve version of the certificate exists at 01C00002, but will work
> equally well with the RSA certificate (at 01C00001).
A nit. The RSA cert is at 01c00002. The ECC cert is at 01c0000a.
More information about the Linux-security-module-archive
mailing list