this post was submitted on 30 May 2024
19 points (100.0% liked)

Cybersecurity

5841 readers
164 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
 

The article says the following:

Linux 6.10 is introducing support for Trusted Platform Module (TPM2) encryption and integrity protections to prevent active/passive interposers from compromising them. This follows a recent security demonstration of TPM key recovery from Microsoft Windows BitLocker being demonstrated. TPM sniffing attacks have also been demonstrated against Linux systems too, thus the additional protections be made with Linux 6.10 to better secure TPM2 modules.

I'm a little confused with this article. Is it talking about implementing TPM parameter encryption? If so, does this mean that the TPM bus prior to kernel v6.10 was unencrypted? Will this kernel feature still require a patch to be made to software like systemd-cryptenroll? Are the sniffing attacks that it's talking about examples of MITM attacks like this? Does windows encrypt the TPM bus?


you are viewing a single comment's thread
view the rest of the comments
[–] thequantumcog 2 points 6 months ago* (last edited 6 months ago) (2 children)

AFAIK Windows is also prone to this. TPM bus is not encrypted on Windows too and you can break into bitlocker protected laptop. Video Source

[–] [email protected] 1 points 6 months ago (1 children)

TPM bus is not encrypted on Windows too and you can break into bitlocker protected laptop.

By chance, do you have an official source from Microsoft that states that? I was unable to find any official documentation to clarify that when I looked.

Video Source

This video that you linked is the same video that I linked close to the end of my post.

[–] thequantumcog 2 points 6 months ago* (last edited 6 months ago)

Lol! Didn't check the source. I remembered watching this video a month ago, So I linked it.

After researching more this is the information I found.

This type of attack is only possible with external TPM without PIN protection. (Not a problem for fairly new CPUs with integrated TPM ~5 year old.) This method of breaking into bitlocker isn't new. A hijaker demonstrated it back in 2013

Source.

So, the Linux kernel feature will improve TPM security for older computers