TPM-FAIL Vulnerabilities Impact TPM Chips In Desktops, Laptops, Servers

An anonymous reader writes: A team of academics has disclosed today two vulnerabilities known collectively as TPM-FAIL that could allow an attacker to retrieve cryptographic keys stored inside TPMs. The first vulnerability is CVE-2019-11090 and impacts Intel's Platform Trust Technology (PTT). Intel PTT is Intel's fTPM software-based TPM solution and is widely used on servers, desktops, and laptops, being supported on all Intel CPUs released since 2013, starting with the Haswell generation. The second is CVE-2019-16863 and impacts the ST33 TPM chip made by STMicroelectronics. This chip is incredibly popular and is used on a wide array of devices ranging from networking equipment to cloud servers, being one of the few chips that received a CommonCriteria (CC) EAL 4+ classification — which implies it comes with built-in protection against side-channel attacks like the ones discovered by the research team. Unlike most TPM attacks, these ones were deemed practical. A local adversary can recover the ECDSA key from Intel fTPM in 4-20 minutes depending on the access level. We even show that these attacks can be performed remotely on fast networks, by recovering the authentication key of a virtual private network (VPN) server in 5 hours.

Ditch Intel

[Gravis Zero]

Seriously, if you have been hanging on in hopes that things would get better, please consider this the last straw. Intel has never had a focus on security but rather simply on selling more of their product.

Re:

[Chromal]

Given how many of the published architectural vulnerabilities impact major processor designs/implementations even in non-x86 architectures, including ARM and IBM Power, and how Spectre afflicted AMD processors too, I'm not sure buying another product will resolve all the potential issues. Having said that, I wonder how closely things were scrutinized after Intel sourced their architecture from a nation-state whose priorities often seem to conflict utterly with those of the liberal democratic west and the Un

Re:

[Fly Swatter]

That wasn't the only surprise last July.

Your linked article is not from that time period, not even this decade:

Originally published April 9, 2007

Re:

[Chromal]

Oh, so the security problems disappeared because the architectural shifts, in your opinion, occurred too long ago? How's that magical thinking work again?

Re:

[fintux]

If you were buying a car and you had two options: one with a flat tire, and one with three flat tires and engine failure, would you consider based on this information the options equal, as clearly they both have flaws?

Re:

[Chromal]

I would consider neither vehicle operational in the described state. Assuming I was seeking an operational vehicle to purchase, I would pass both over. I'm not really interested in discussing whether or not Spectre/Meltdown/etc are truly analogous to a flat tire (vs a cracked windshield or failed emissions test), but I think it's debatable.

Re:

[fintux]

I think you're deliberately missing the point...

Useful?

[bill_mcgonigle]

Hrm, I wonder if I can attack MY phone to get MY Signal key out of the TPM so that I can move to another device without meeting all my friends in person to stay secure. The recent Qualcomm attack had access to it (so the NSA did too) and I would at least like to.

Too bad it wasn't in Trusted Platform Sub-systems

[kimgkimg]

...then we could have been reading about it in the TPS Reports.

Re:

[sconeu]

Yeah... if you could just use the new cover sheet, that would be great....

TPM is popular?

[Austerity Empowers]

I saw this as primarily being forced onto people whether they wanted it or not, and was further compromised by the general TPM spec, but also the "China TPM" which was the probably compromised big-brother TPM. China compelled manufacturers to offer it, nobody actually bought it that I am aware of. TPM is very much a mixed blessing, on one hand *potentially* offering increased platform security (barring above), but on the other hand was primarily driven by corporate interests with the goal of locking down the PC similar to the Apple ecosystem, wherein one pays to physically possess hardware, but not actually own.

That it has exploits is probably a blessing in disguise. There is a good problem that needs to be solved here, but the players trying to solve it aren't particularly interested in anything other than locking people out: owners or hackers alike.

Re:TPM is popular?

[geek]

TPM is mandatory in anything even remotely regulated. It's great technology that up until now has been very trustworthy and reliable. I can't think of a single business that doesn't leverage it along with bitlocker for windows devices.

Re:

[gtall]

Not up to now has it been very trustworthy. Presumably these bugs were present when the TPMs were shipped. STMicroelectronics makes the ST33 TPM was at least shipping since 2013.

Re:

[Austerity Empowers]

Yes, it is being pushed onto people by their employers, by Microsoft, by various software companies, etc. That doesn't make it popular. I can understand corporate needs, and my company laptop is not my own so I get little say about it.

But for something to be "popular" I would consider it to be a thing actively sought after by the rank and file. Most people have no idea what this is, and while their machines probably have one, they probably would elect not to have one if they could do so freely.

Re:

[geek]

If you want to encrypt your drive with windows on it then you're using bitlocker and if you use bitlocker you're nuts to not use TPM, in newer versions of windows 10 I believe its even required and also protects the Windows Hello biometrics.

You're harping on "popular" without giving a single reason why it wouldn't be. It adds security to your system, despite this bug. I get it's edgy these days to hate on things but holy crap man let it go.

Re:

[HiThere]

Were I to encrypt my drive, I certainly wouldn't use bitlocker. I would want to own and control the decryption key.

Encrypt a drive with TrueCrypt?

[Futurepower(R)]

What do you think of TrueCrypt? [sourceforge.net]

TrueCrypt is not secure?

[Futurepower(R)]

That web page says "TrueCrypt is not secure".

But who says that?

Re:

[Austerity Empowers]

1) Obviously I don't care about windows "Hello" or whatever that is. That can fuck right off.
2) I don't want Windows in general, at all. I want Microsoft out of my life, and do not want to enable them to decide which hardware I can remove them from.
3) I don't need Bitlocker outside of work stuff, and for work stuff I want my computer to demand a pass phrase in my head. That seems to work quite well and keeps me in the loop. Again what my employer wants I can't argue about, but when it comes to *my* hardware

Re:

[DamnOregonian]

What I do want is a trust chain from the hardware through the OS that I can audit and maintain

Oh- you want a TPM.
Your beef seems to be with what certain operating systems and applications do with the TPM, not the TPM itself.
In linux, at least, you have full control over what can, or cannot access the TPM.

Re:TPM is popular?

[Jaime2]

TPM adds a bit of convenience. If TPM wasn't a thing, then all of my laptop users would have to carry a flash drive with the drive encryption key in order to boot. Since a laptop thief wouldn't get the key (unless the user violated procedure), it would work just fine.

The whole idea of "the sensitive stuff is on your computer, but it's in a safe place that no one could ever get to" has always been a bit of a sales job. The truth is that TPM storage is "good enough for most people". There will be windows of time where vulnerabilities like this are active in the wild, but responsible vendors will eventually provide a patch and responsible organizations will either apply the patch or switch equipment.

Re:

[AmiMoJo]

That's just one of the many things tPM is used for, and not even the most common.

TPM can protect keys by performing crypto functions in behalf of the CPU. That way the key doesn't need to be stored in RAM where it could be compromised. The TPM can even verify the code asking for the key to be used first, so malware can't use it.

Re:

[Anonymous Coward]

TPM is unnecessary for bitlocker. boot-up passphrases are superior because they ensure that a user of the machine is available at boot-time to initiate needed updates. Without the passphrase, the computer could boot in nefarious hands with a remote exploit enabled, and the bad men could use the exploit to bypass the encryption by just using the OS to get data on the drive. WDE only works if the disk remains encrypted until a human unlocks it.

Re:

[DamnOregonian]

boot-up passphrases are superior

They are in fact not, because the TPM has dictionary attach prevention mechanisms built into the hardware (or virtualized hardware)
Whereas, a BitLocker encrypted volume does not, and you're free to throw as much resources at that passphrase as you like.

Re:

[arglebargle_xiv]

It's never been trustworthy or reliable, it's original goal, and ongoing mission, is to enable DRM. I've worked with various TPMs over the years and I don't think I've ever seen something so unsuited to general-purpose crypto use as a TPM, it's sole design goal was for DRM use, and if you try and use it for anything else you're faced with endless hurdles to get anything done.

Almost its only real use now is for Bitlocker, and for that you don't need a TPM, you just need the most basic bit of PIN-protected f

Re:

[arglebargle_xiv]

Oops, forgot to insert the reference for the mention of Intel's security-hole-ridden rubbish [threatpost.com], with 77 vulnerabilities disclosed in one single recent advisory. That's as bad as Adobe Flash, but in a security engine not a media player.

Re:

[richi]

To be fair, it's a rollup patch, fixing bugs in, "Intel CSME, Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL)," according to that Threatpost article.

Re:

[Mensock]

My company recently switched from a server-based (SEE) to TPM-based (Bitlocker) disk encryption. Every PC needed a current version TPM chip to encrypt the hard drives. The main advantage of TPM is being able to reboot the PC without having to log into the disk encryption each time. Some Windows updates require five to ten reboots to complete.

Re:

[account_deleted]

Comment removed based on user account deletion

Common Criteria does not imply side channel analys

[mclearn]

I am a certified CC evaluator.

In no way does CC automatically imply resistance to side channel analysis. CC is a framework that permits manufacturers to make certain security-relevant claims. Evaluators then use a structured approach to determine whether those claims are accurate. If the product claims resistance to side channel analysis, then the work to get *assurance* of that claim will only be as good as the evaluator.

In short, existence of a Common Criteria certificate means nothing unless you read the claims and determine the rigour employed by the evaluator to arrive at their conclusions. Even then, such conclusions are based on a *single* iteration of the product under very specific deployment configurations and considerations.

NSA

[AHuxley]

Inside by design.