TPM-Fail: Now what?


Responsive image Trusted Platform Modules (TPMs)[1] are used in many (billions? of) desktop/embedded devices, mobile phones and tablets.

  • ▪ TPMs replace hardware security modules (HSM) and smart cards
  • ▪ TPMs create a chain of trust - e.g. via programmable configuration registers (PCRs)
  • ▪ TPMs protect sealed keys - only avail. to processor if system is healthy
  • ▪ TPMs enable "strong" device identity - private/public key pairs stored in TPM
Now it looks like Trusted Platform Modules (TPMs) aren't so trustworthy after all.
A team of researchers discovered that they could quite easily extract private keys supposedly protected by TPMs made by Intel and STMicroelectronics via so called timing attacks, which they described as TPM-Fail[3].

What are the relevant CVEs and responses from chip manufacturers[3]?

  • ▪ CVE-2019-11090 for Intel fTPM vulnerabilitiesl[4]
    • Response: INTEL-SA-00241[5]
  • ▪ CVE-2019-16863 for STMicroelectronics TPM chipl[6]
    • Response: Information on ST's TPM firmware update[7]