Documenting the proposal for TPM 2.0 security in the face of bus interposer attacks
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Tue Nov 20 23:12:22 UTC 2018
On Tue, Nov 20, 2018 at 09:23:01AM -0800, James Bottomley wrote:
> On Tue, 2018-11-20 at 13:10 +0200, Jarkko Sakkinen wrote:
> [...]
> > This is basically rewrite of TPM genie paper with extras. just
> > shorten it to include the proposed architecture and point to the TPM
> > Genie paper (which is not in the references at all ATM).
>
> I really don't think so. The paper only gives details of bound
> authorization sessions for TPM 2.0 which suffer from no to weak entropy
> problems. The reason for using salted ones in the document, which
> aren't mentioned at all in the genie paper, is so we have a high
> entropy cryptographically unguessable HMAC and encryption key.
Point taken.
I will re-read the paper with care as soon as I have time and give
better feedback.
> Only if you have some type of security seal, which most laptops don't
> have.
Agreed went over the top on this one.
/Jarkko
More information about the Linux-security-module-archive
mailing list