• CyberSeeker
    link
    fedilink
    English
    arrow-up
    158
    arrow-down
    15
    ·
    11 months ago

    When using an external TPM. Which next to no one does.

    • Shadow@lemmy.ca
      link
      fedilink
      English
      arrow-up
      118
      arrow-down
      1
      ·
      edit-2
      11 months ago

      Watch the video. It just means external to the CPU, not an external device.

      They demo the attack on a Lenovo laptop in the first minute of the video.

      Edit: nm I just realized that was a 10 year old laptop and they’re in all the modern procs. I’m a lot less impressed now.

      Sounds like intel has external and amd internal with their ftpm?

      • Lazarus@kbin.social
        link
        fedilink
        arrow-up
        56
        ·
        11 months ago

        Many systems still use discrete tpms. Just because the CPU has a virtual tpm function doesn’t mean it’s used

      • Lee Duna@lemmy.nzOP
        link
        fedilink
        English
        arrow-up
        32
        arrow-down
        1
        ·
        11 months ago

        fTPM has a bug, don’t know if it’s fixed

        https://www.techspot.com/news/93684-amd-promises-fix-ftpm-issue-causes-stuttering-freezes.html

        Veracrypt also doesn’t recommend using encryption that relies on TPMs

        Some encryption programs use TPM to prevent attacks. Will VeraCrypt use it too? No. Those programs use TPM to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer, and the attacker needs you to use the computer after such an access. However, if any of these conditions is met, it is actually impossible to secure the computer (see below) and, therefore, you must stop using it (instead of relying on TPM).

        If the attacker has administrator privileges, he can, for example, reset the TPM, capture the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer).

        https://veracrypt.eu/en/FAQ.html

        Let’s assume the attackers were law enforcers

    • Shurimal@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      The MSI mini-PC-s for office/business use have separate TPM modules on their mobos. I wouldn’t be surprised if other mfg-s do this too.