Decorative Cryptography
4 months ago
- #Cryptography
- #TPM
- #Security
- The article discusses the TCG_TPM2_HMAC feature in the Linux kernel, which aims to prevent or detect bus snooping and interposer attacks on TPM communications.
- It highlights the threat model involving adversaries who can access the TPM bus, either passively (snooping) or actively (modifying data).
- The feature uses HMAC and encrypted transactions to secure TPM communications, but it has limitations, such as not protecting against tampering with firmware or bootloader measurements.
- The article points out the high overhead of using asymmetric crypto for common operations like PCR extensions and randomness generation.
- A critical flaw is identified: the kernel trusts the Null Primary Key without proper verification, inverting the chain of trust and making it vulnerable to attacks.
- The author emphasizes that applied cryptography alone cannot solve security problems without proper key management and warns against 'decorative cryptography' that provides a false sense of security.
- Lessons include the importance of directional chains of trust, the need for explainable security features, and the necessity of integrated roots of trust like Caliptra for defending against physical interposer adversaries.