TPM
Contents
Full Title
Trusted Platform Module is a specific case of a Trusted Execution Environment.
Problem
Attestation of the security of a remote (User) device.
Solution
- Version 1 of the TPM was always instantiated in a hardware chip and there was a great deal of promotion of the concept of hardware protected security. This solution was complex for the user to control.
- Version 2 of the TPM may be implemented in software which was loaded into a Trusted Execution Environment which introduces complexity of implementation.
- The software for an fTPM: A Software-Only Implementation of a TPM Chip was created by David Wooten and Paul England at Microsoft. (2016-08-10-12)
- TPM on Android on GitHub
- The TPM supports SHA-1 which is now deprecated by NIST. Don't let that deprecation fool you, it is for security reasons. If you just want to randomize a tag, it is still generally ok.
Firmware TPM
Some purists do not believe that a Firmware solution is as good as a separate hardware chip, but most solution now depend on separate hardware circuitry within the CPU chip and firmware to drive it. In this case it is import to be sure that the CPU chip is trustworthy. Even big companies like AMD can get it wrong from time to time. A problem with the hardware random number generator in the Ryzen-based PCs running both Windows and Linux that does not seem fixable.[1]
How Bad are TPMs and How Good is the Apple T2 Chip?
The TPM (Trusted Platform Module) chip in your computer is perhaps a forgotten device. It often sits there not doing much, and never quite achieving its full potential. You bought the laptop because it had one, but you just can’t find a use for it. The chip itself is perhaps rather jealous of the Apple T2 chip and which does so much more, and where people actually buy the computer for the things it brings. Few people buy a computer because it has a TPM, but lots of people buy a Macbook and an iPhone because it is trusted to look after your sensitive data.
With a TPM we have moved from TPM 1.2 to TPM 2.0, and the device hosts a basic crypto-processor. This processor is not like the Apple T2 chip, and cannot really do much crypto at scale. In its modern form, it supports RSA and ECC key generation and also SHA-1/SHA-256 signatures, along with generating signatures:
Its main focus is to provide a trusted boot environment, and where it checks from registers that the boot process has not been interfered with. There are also two important key pairs on the device: EK (Endorsement Key) pair and SRK (Storage Root Key) pair. These are typically RSA key pairs.
The EK pair is used to identify the computer to its manufacturer, and there the computer signs a message with the private key stored in the TPM, and then the manufacturer checks this against a registered public key (and which is held on an Endorsement Key certificate):
This key pair is created when the computer is manufactured, and never changed. For the SRK, each user creates their own keys, and every new user will have a unique key pair. This key pair is typically used to protect the encryption key that is used to encrypt the disk drive. Normally the public key encrypts the AES key which has been used to encrypt the drive, and then only the private key can decrypt it:
But, TPM’s do not have a strong track recorded, and the ROCA (Return of the Coppersmith Attack) vulnerability identified that the private key could be derived from the public key, as the RSA prime numbers were generated using a weak method:
Weak prime number generator (RSALib) The attack focuses on Coppersmith method, and where the research team - through responsible disclosure - were able to… asecuritysite.com
In fact, the ROCA vulnerability nearly brought down the Estonia e-ID system, and where almost half of the private keys for citizens could be hacked. Luckily Estonia moved quickly, and implemented a mobile device-based system, and overcame the problems of ROCA.
So What Was The Problem With The Estonian ID System and TPMs? The march of time in cryptography often means that something which is secure now may not be secure in a few years time… medium.com
And, so to Apple. With their T2 chip, Apple has shown the world how to build a computer which takes security seriously. With the T2 we have a 256-bit AES key (UID) within a secure enclave processor, and which is used to encrypt the SSD storage. No-one can have access to this key, and it is burnt into the chip. There is also no way to enable JTAG access:
Along with this, the T2 uses the secure enclave to store its Touch ID and fingerprint data. This makes sure that intruders cannot get access to the user’s biometric information. A neat function in the enclave is that the microphone is always disabled whenever the lid is shut, and thus preserving the user’s privacy.
Conclusions Apple has generally shown how to build a secure computer. For Windows, there’s always a feeling that it is still trying to be compatible with all the computers from the past. Apple does not see this and sees security and trust as a core function of their systems. While they have slipped a bit recently, their T2 chip is a work-of-art compared with the lonely TPM chip.
References
- ↑ Kishalaya Kundu, Linus Torvalds suggests disabling AMD's "stupid" fTPM to solve a persistent stuttering issue Techspot (2023-08-01) https://www.techspot.com/news/99620-linus-torvalds-suggests-disabling-amd-tupid-ftpm-solve.html