3mdebFeb 2, 2024

Catch Tymoteusz Burak's talk on "Securing Embedded Systems with fTPM implemented as Trusted Application in TEE" at #FOSDEM24. Dive into enhancing embedded systems' security using TEE for implementing #fTPM. Learn from examples and available code. Feb 4th, 15:20-15:40 CET.

🔗 https://fosdem.org/2024/schedule/event/fosdem-2024-3097-securing-embedded-systems-with-ftpm-implemented-as-trusted-application-in-tee/

FOSDEM 2024 - Securing Embedded Systems with fTPM implemented as Trusted Application in TEE

madmaxJan 28, 2024
A friend of mine gets a "ftpm reset" prompt everytime she boots her dell laptop and from what I've checked online, it asks to either choose "yes" to reset ftpm or continue with previous data when choosing "no". And system starts without any issue when choosing "no", also there is no bitlocker enabled but saw a bunch of posts that had similar issues with Dell and one user disabled ftpm in bios altogether which stopped the prompt from appearing. Is this a good idea? #windows11 #dell #fTPM #amd
Sebin NyshkimAug 22, 2023

So, apparently the recent issues surrounding shoddy firmware #TPM implementations by #AMD and the subsequent disablement of #fTPM in the #Linux kernel are affecting #Intel systems as well somehow

The NUC I use as a little potato server can't find its TPM anymore because probing it errors out during boot

Looked into downgrading the Kernel to one minor version prior to 6.4.11 but that seems like way too much of a hassle on #Fedora

I'll just wait until they patch it again before trying to re-enable unlocking #LUKS via TPM

(Funnily enough, it still works on my AMD desktop?)

https://github.com/NixOS/nixpkgs/issues/250166

tpm_crb: probe of MSFT0101:00 failed with error 378 · Issue #250166 · NixOS/nixpkgs

Describe the bug I use tpm + luks, but recently when the kernel updating to 6.4.11, the tpm_crb can't find tpm devices. And, if I switch to old kernel like 6.1, it can't work too. Steps To Reproduc...

GitHub
deltatux Jul 31, 2023
#Linux creator @[email protected] has been increasingly frustrated over #AMD's #fTPM #hwrnd implementation, calling it "stupid" and "crud" and that it should only be used during boot-time & not during runtime.

Even though AMD has been trying to fix the stuttering issues when fTPM is enabled, the fixes & workarounds doesn't seem to have worked.

https://www.phoronix.com/news/Torvalds-fTPM-RNG-Woes
Linus Torvalds: "Let's Just Disable The Stupid [AMD] fTPM HWRND Thing"

Tarnkappe.infoMay 5, 2023
📬 faulTPM: Forscher knacken Bitlocker per Angriff auf AMD-TPM
#ITSicherheit #AMDRyzen #AMDSecurityProcessor #AMDTPM #Bitlockerknacken #BruteForce #FaultInjection #faulTPM #fTPM #RobertBuhren #ZenCPU https://tarnkappe.info/artikel/it-sicherheit/faultpm-forscher-knacken-bitlocker-per-angriff-auf-amd-tpm-274099.html
faulTPM: Forscher knacken Bitlocker per Angriff auf AMD-TPM

Dabei ließ sich die Bitlocker-Verschlüsselung auf AMD-Systemen nicht nur im Modus "TPM only" knacken, sondern auch mit zusätzlicher PIN.

Tarnkappe.info
Ted聊科技May 5, 2023

#科技速報

根據外媒《Tom’s Hardware》的一篇報導指出,近期有研究人員針對 AMD fTPM 進行破解,從而獲取 fTPM 內部的加密數據,這意味著任何依賴於 TPM 為基礎的安全應用或加密,如 BitLocker,都可能被攻擊者完全控制。

---
👉 網頁版:https://bit.ly/44zEW8X
---
#科技新聞 #新聞 #news #technews #tech #科技 #amd #FTPM #TPM

AMD fTPM 模組被發現存在嚴重漏洞,恐影響系統安全性 | 阿德說科技

根據外媒《Tom's Hardware》的一篇報導指出,近期有研究人員針對 AMD fTPM 進行破解,從而獲取 fTPM 內部的加密數據,這意味著任何依賴於 TPM 為基礎的安全應用或加密,如 BitLocker,都可能被攻擊者完全控制。

阿德說科技
Dennis "D.C." DietrichMay 3, 2023
"A new paper released by security researchers at the Technical University of Berlin reveals that #AMD's firmware-based Trusted Platform Module (#fTPM / #TPM) can be fully compromised via a voltage fault injection attack, thus allowing full access to the cryptographic data held inside the fTPM in an attack called '#faulTPM.' Ultimately this allows an attacker to fully compromise any application or encryption, like #BitLocker, that relies solely upon TPM-based security."
https://www.tomshardware.com/news/amd-tpm-hacked-faultpm
AMD TPM Exploit: faulTPM Attack Defeats BitLocker and TPM-Based Security (Updated)

Zen 2 and Zen 3 are vulnerable to voltage glitching.

Tom's Hardware
Jarkko SakkinenMar 23, 2023
Looking at https://github.com/keystone-enclave/linux-keystone-driver/tree/master/linux-keystone-driver and how much I need cut it and migrate arch/riscv to make something similar as tpm_ftpm_tee. #linux #kernel #tpm #ftpm #keystone #riscv #arm #trustzone #tee
linux-keystone-driver/linux-keystone-driver at master · keystone-enclave/linux-keystone-driver

Loadable Module for Keystone Enclave. Contribute to keystone-enclave/linux-keystone-driver development by creating an account on GitHub.

GitHub
heise online (inoffiziell)Jul 18, 2021
Für Windows 11 verlangt Microsoft ein Sicherheitsmodul vom Typ TPM 2.0. Die Module gibt es in drei Varianten und sie sind nicht bei jedem Computer aktiviert.
Trusted Platform Module 2.0 in Windows 11
Trusted Platform Module 2.0 in Windows 11

Für Windows 11 verlangt Microsoft ein Sicherheitsmodul vom Typ TPM 2.0. Die Module gibt es in drei Varianten und sie sind nicht bei jedem Computer aktiviert.

c't Magazin