TPM is not the holy way — Benoît Forgette
Date : 03 June 2022 à 11:00 — 15 min.
For some time now, computers embed secure chips. This chip, called the Trusted Platform Module (TPM), is used to generate and protect the secrets used by the computer, its best-known use being decryption at start-up. This security ensures that if a device is stolen and its hard drive accessed, an attacker cannot recover the contents of the drive while making the task as transparent as possible to the user. TPMs and the libraries that use them are fully trusted when given a secret. In this talk, I will outline various new ways to perform software attacks. Either non-invasive to extract the secrets from the TPM or invasive to gain privileged access to the host system without retrieving the secret stored in the TPM to decrypt the host's file system. All these techniques are based on emulating the operating system environment and intercepting the communication that should occur with the TPM. We have conducted this research with a tool that we are also publishing with the community to facilitate future research and help in the exploitation of these different attacks. (https://github.com/quarkslab/tpmee)