TPM GPIO fail: How bad OEM firmware ruins Intel TPM security

The article discusses a software attack that can set the PCRs of a TPM device to arbitrary values, allowing access to secrets such as disk encryption keys without physical manipulation of pins. By reassigning the reset pin to a GPIO block, the attacker can reset the device and derive new PCR values. This attack can be used against TPM FDE schemes like BitLocker, compromising encrypted data. Mitigating the attack requires updating boot firmware to prevent manipulation through GPIO pins. Additionally, the article explores attacking BootGuard’s measured mode and discusses Intel’s response to the vulnerabilities. Disclosure to Intel was made in February 2024, leading to a public disclosure date of June 1 to raise awareness and potentially address the issue.

https://mkukri.xyz/2024/06/01/tpm-gpio-fail.html

To top