this post was submitted on 07 Feb 2024
737 points (97.7% liked)

Technology

59161 readers
1813 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] CyberSeeker@discuss.tchncs.de 141 points 9 months ago (3 children)

When using an external TPM. Which next to no one does.

[–] Shadow@lemmy.ca 117 points 9 months ago* (last edited 9 months ago) (3 children)

Watch the video. It just means external to the CPU, not an external device.

They demo the attack on a Lenovo laptop in the first minute of the video.

Edit: nm I just realized that was a 10 year old laptop and they're in all the modern procs. I'm a lot less impressed now.

Sounds like intel has external and amd internal with their ftpm?

[–] Lazarus@kbin.social 56 points 9 months ago

Many systems still use discrete tpms. Just because the CPU has a virtual tpm function doesn’t mean it’s used

[–] throws_lemy@lemmy.nz 31 points 9 months ago (1 children)

fTPM has a bug, don't know if it's fixed

https://www.techspot.com/news/93684-amd-promises-fix-ftpm-issue-causes-stuttering-freezes.html

Veracrypt also doesn't recommend using encryption that relies on TPMs

Some encryption programs use TPM to prevent attacks. Will VeraCrypt use it too? No. Those programs use TPM to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer, and the attacker needs you to use the computer after such an access. However, if any of these conditions is met, it is actually impossible to secure the computer (see below) and, therefore, you must stop using it (instead of relying on TPM).

If the attacker has administrator privileges, he can, for example, reset the TPM, capture the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer).

https://veracrypt.eu/en/FAQ.html

Let's assume the attackers were law enforcers

[–] __ghost__@lemmy.ml 9 points 9 months ago

This has been fixed for a while now

load more comments (1 replies)
[–] Toes@ani.social 18 points 9 months ago (1 children)

It's fairly common in business devices before 8th gen Intel.

load more comments (1 replies)
load more comments (1 replies)
[–] Overgrowngoblin@lemmy.world 109 points 9 months ago (1 children)

Hi this is BitLockPickingLawyer here and today we'll see how secure . . .

[–] neutron@thelemmy.club 12 points 9 months ago

A click out of one... two is binding...

[–] peopleproblems@lemmy.world 68 points 9 months ago (3 children)

Very end of the article explains you need access to the TPM communication hardware, which no longer occurs external to Intel and And cpus

[–] massive_bereavement@kbin.social 25 points 9 months ago (1 children)

To *newer Intel and AMD cpus and only certain models.

There's a lot of current hardware that uses embedded TPMs. It also depends on the communication path between the CPU and the module, but chances are it will be clear text and in some, via LPC.

load more comments (1 replies)
[–] SpaceMan9000@lemmy.world 12 points 9 months ago

Should be noted that if a password is asked to decrypt the drive it also doesn't work.

[–] amenotef@lemmy.world 11 points 9 months ago* (last edited 9 months ago)

So offline (external) bitlocker drives that are unlocked with the key only.

Or internal bitlocker drives that are unlocked with AMD fTPM are excluded from this exploit?

[–] tias@discuss.tchncs.de 67 points 9 months ago* (last edited 9 months ago) (2 children)

I thought the point of the TPM was that the keys would be kept internally to the TPM at all times and that any data lanes would only be used for transferring payload. Why are they sending keys between the TPM and the CPU?

[–] Squire1039@lemm.ee 42 points 9 months ago

There are some functions like that, like Passkey signing. For Bitlocker, the encryption/decryption key is transferred to the CPU (and RAM) in order for it to operate. The problem described here has been around for a while, but putting it on a key like that makes the attack method available to "everyone". There has been a solution for a while too: 1) put in pre-boot Bitlocker PIN, and 2) use integrated TPM like the article mentions.

[–] jet@hackertalks.com 18 points 9 months ago (1 children)

Because the CPU has to decrypt the bulk of the data coming from the disc. And it needs a key to do that. Unless we route all traffic through the TPM to decrypt the disc. The CPU needs a key to do that

[–] tias@discuss.tchncs.de 4 points 9 months ago (1 children)

Surely some smart key exchange algorithm could be used for that, e.g. the CPU provides a public key to the TPM and the TPM encrypts the symmetric disk key with that public key. Similar to how TLS works.

[–] xradeon@lemmy.one 8 points 9 months ago (5 children)

The private key would have to stored in clear text somewhere. Potentially if you had non volatile space on cpu that to store the private key, that might work. But if you’re going to do that, might as well just use an ftpm.

[–] jet@hackertalks.com 2 points 9 months ago

Right and not to mention pairing the cpu and tpm for key exchange to avoid mitm attacks...

[–] laughterlaughter@lemmy.world 2 points 9 months ago (4 children)

Why not store it directly in the TPM, if that's the device that will do that initial decryption?

load more comments (4 replies)
load more comments (3 replies)
[–] fmstrat@lemmy.nowsci.com 31 points 9 months ago (2 children)

Say it with me now: LUUUUUKS

[–] baseless_discourse@mander.xyz 36 points 9 months ago* (last edited 9 months ago) (1 children)

LUKS is still vulnerable to this attack if you enable autodecrypt using TPM. This attack is based on the vulnerability that the CPU and TPM communicates uses plain text. And it is a pretty common attack against TPM:

https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network

SPI is a communication protocol for embedded systems and is extremely common amongst virtually all hardware. Due to its simplicity, there is no encryption option for SPI. Any encryption must be handled by the devices themselves. At the time of this writing BitLocker does not utilize any encrypted communication features of the TPM 2.0 standard, which means any data coming out of the TPM is coming out in plaintext, including the decryption key for Windows

And apparently Linux is not doing too hot on this regard either:

https://www.secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-targets

As we can see, parameter encryption simply isn't used in practice, and except for safeboot none of the solutions enforce PIN/MFA by default.

However, this attack is not viable for device with firmware based solution, like fTPM, Microsoft Pluton, secure enclave etc. in these case TPM is part of the cpu, hence have no exposed pins to sniff their connection.


So if you don't want people with physical access to your computer (a thief or a evil maiden) to access everything on your disk, don't setup TPM auto decrypt.

[–] phoenixz@lemmy.ca 14 points 9 months ago (2 children)

CPU communicates with TPM in plaintext

Because of course

[–] Eufalconimorph@discuss.tchncs.de 7 points 9 months ago (1 children)

CPU doesn't have any secure storage, so it can't encrypt or authenticate comms to the TPM. The on-CPU fTPMs are the solution, the CPU then has the secure storage.

load more comments (1 replies)
load more comments (1 replies)
[–] HelloHotel@lemm.ee 14 points 9 months ago* (last edited 9 months ago) (2 children)

I wondered why LUUUUUKS didnt use the TPM, why do i have to put my password in... this is absolutely why.

Edit: fixed spelling of LUUUUUKS

[–] cooopsspace@infosec.pub 4 points 9 months ago* (last edited 9 months ago)

Also yes you can, I wouldn't recommend it though. Maybe in addition to your password though.

Wait until you see Dracut and Tang.

[–] mlaga97@lemmy.mlaga97.space 3 points 9 months ago (1 children)

What exactly is the point of full disk encryption if the system auto-unlocks on boot?

load more comments (1 replies)
[–] chairman@feddit.nl 30 points 9 months ago (4 children)

Question: if I have an bitlocker encrypted SSD in a modern computer with embedded TPM, can I move this SSD to an old computer with external TPM to sniff the cod this way? Be gentle. I am dumb. Thanks.

[–] SleepingTower@lemmy.world 22 points 9 months ago (1 children)

"Sniff the cod" This is a typo right? I don't know any better, but I had a good laugh.

[–] chairman@feddit.nl 10 points 9 months ago

What about the salmon and the halibut? :-D

[–] jmfwnsfw@lemmynsfw.com 19 points 9 months ago

Not unless you entered your recovery code to unlock it on the old computer with the external tpm.

[–] Bitflip@lemmy.ml 6 points 9 months ago (1 children)

Nope. As soon as you move the disk to your second system/TPM, you lose any ability to decrypt it at all.

[–] baseless_discourse@mander.xyz 9 points 9 months ago (3 children)
load more comments (3 replies)
[–] Neon@lemmy.world 4 points 9 months ago

The Key is stored on the Internal TPM. Only it can unlock the SSD.

[–] massive_bereavement@kbin.social 11 points 9 months ago
[–] Petter1@lemm.ee 11 points 9 months ago

Finally, we can install Linux on your corporate pc or grab some RAM from it 😂😂😂

[–] Rooter@lemmy.world 3 points 9 months ago

Lol, Tom's hardware is allowed on lemmy? It's like the fox news of the tech world.

Clickbait as usual.

load more comments
view more: next ›