tpm genie
play

TPM Genie Attacking the Hardware Root of Trust For Less Than $50 - PowerPoint PPT Presentation

Mar 10, 2024 •855 likes •1.41k views

TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone @uffeux Principal Consultant @ NCC Group Focus on hardware and embedded systems security Previously: 10 years product security @

  1. TPM Genie Attacking the Hardware Root of Trust For Less Than $50

  2. Introduction Jeremy Boone @uffeux • Principal Consultant @ NCC Group • Focus on hardware and embedded systems security • Previously: 10 years product security @ BlackBerry & Motorola Mobility

  3. Agenda 1. Overview of Trusted Platform Module 2. Threat Model & Attack Surface 3. Bug Hunting 4. Interposer Design & Build 5. Demo 6. Conclusions 3

  4. The Trusted Platform Module

  5. What is a TPM? • A crypto-processor • Trusted Computing Group (TCG) consortium • Multiple versions: TPM v1.2 and v2.0 • Used practically everywhere • Servers, laptops, desktops, IoT devices, … • Over 2 billion computers use a TPM (allegedly) • The U.S. Army and DoD require that every new PC has one

  6. Functions of a TPM • Command-Response protocol w/ 100+ ordinals • Hardware random number generation • Secure (aka on-chip) generation of cryptographic keys • … plus many other crypto primitives • Primary use in “Trusted Computing” applications: • Measured Boot • Remote Attestation • Sealed Storage

  7. TPM Functions – Measured Boot • Each boot stage is hashed (measured) by previous stage • BIOS, MBR, UEFI, kernel command line … • Hashes extended into 160-bit Platform Configuration Registers (PCRs) • PCR is a shielded memory space within TPM chip. • PCR[i].new := HASH( PCR[i].old || new_data ) • Chain of trust: Code shouldn’t be executed until it’s been measured. • PCR set can be audited at any point to inspect measurements. • Intel Trusted eXecution Technology (TXT)

  8. TPM Functions – Remote Attestation • Prove to authorized remote party that platform is in a specific state. • The basic idea: • Remote party sends nonce to TPM • TPM generates a Quote: • Quote = sign( PCR[n..m] + nonce ) • TPM returns Quote to remote party • Remote party verifies Quote and decides if it can trust host • Next steps are application specific • Ex: Hand over some kind of secret, such as DRM key

  9. TPM Functions – Sealed Storage • Protects a secret stored in the TPM’s non -volatile memory • Ex: Bitlocker or dm-crypt keys • Binds the secret to a specific PCR set • cipher_txt = tpm_seal( plain_text, PCRs, [password, locality] ) • plain_txt = tpm_unseal( cipher_text, PCRs, [password, locality] ) • The secret can only be released when the system is in the correct state

  10. Attack Surface / Threat Model

  11. Discrete TPM • Manufacturers claim secure type of TPM • Tamper “resistant” against invasive silicon, fault injection and side channel attacks • Enter Chris Tarnovsky to prove everyone wrong • But… invasive attacks cost $$$ • I wanted an attack that works in 5 mins for < $50 • Threat Model – Those with physical access • Rogue data center employee • Supply chain interdiction attacks (NSA ANT-style implant) • Evil Maid scenario

  12. Discrete TPM Risks • Often on a daughter card • Connected to main board via a header • Communicate with host via serial bus: I2C, SPI, LPC • Exposes serial bus to tampering • A MITM on the bus can sniff/modify traffic • Non- invasive attacks via an “interposer” device • No need to cut traces or desolder TPM

  13. TPM Headers

  14. Uhhh …

  15. Serial Bus Interposer

  16. Hunting For Bugs

  17. Target Enumeration & Selection • Operating Systems: • Linux kernel: Hardware RNG, integrity subsystem • Plus other kernels that implement TPM drivers • Pre-kernel environments (Bootloader, Legacy BIOS, UEFI): • tboot, coreboot, GRUB, Tianocore EDK2, +more • Userspace stuff: • TrouSerS, OpenSSL TPM Engine, +more

  18. Linux Kernel TPM Driver Architecture

  19. Kernel Code Review int tpm_get_random( u32 chip_num, u8 *out, size_t max) { struct tpm_chip *chip; struct tpm_cmd_t tpm_cmd; u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA); ... tpm_cmd.header.in = tpm_getrandom_header; tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes); err = tpm_transmit_cmd( chip, &tpm_cmd, TPM_GETRANDOM_RESULT_SIZE + num_bytes ); ... recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); memcpy(out, tpm_cmd.params.getrandom_out.rng_data, recd); ... }

  20. Kernel Code Review int tpm_get_random( u32 chip_num, u8 *out, size_t max ) { struct tpm_chip *chip; struct tpm_cmd_t tpm_cmd; u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA) ; ... tpm_cmd.header.in = tpm_getrandom_header; tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes); err = tpm_transmit_cmd( chip, &tpm_cmd, TPM_GETRANDOM_RESULT_SIZE + num_bytes ); ... recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); memcpy(out, tpm_cmd.params.getrandom_out.rng_data, recd); ... }

  21. Kernel Code Review int tpm_get_random( u32 chip_num, u8 *out, size_t max) { struct tpm_chip *chip; struct tpm_cmd_t tpm_cmd; u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA); ... tpm_cmd.header.in = tpm_getrandom_header; tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes); err = tpm_transmit_cmd( chip, &tpm_cmd, TPM_GETRANDOM_RESULT_SIZE + num_bytes ); ... recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); memcpy(out, tpm_cmd.params.getrandom_out.rng_data, recd); ... }

  22. Kernel Code Review int tpm_get_random( u32 chip_num, u8 *out, size_t max) { struct tpm_chip *chip; struct tpm_cmd_t tpm_cmd; u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA); ... tpm_cmd.header.in = tpm_getrandom_header; tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes); err = tpm_transmit_cmd( chip, &tpm_cmd, TPM_GETRANDOM_RESULT_SIZE + num_bytes ); ... recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); memcpy(out, tpm_cmd.params.getrandom_out.rng_data, recd); ... }

  23. Kernel Code Review int tpm_get_random( u32 chip_num, u8 *out, size_t max) { struct tpm_chip *chip; struct tpm_cmd_t tpm_cmd; u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA); ... tpm_cmd.header.in = tpm_getrandom_header; tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes); err = tpm_transmit_cmd( chip, &tpm_cmd, TPM_GETRANDOM_RESULT_SIZE + num_bytes ); ... recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); memcpy(out, tpm_cmd.params.getrandom_out.rng_data, recd); ... }

  24. Kernel Code Review int tpm_get_random( u32 chip_num, u8 *out, size_t max) { struct tpm_chip *chip; struct tpm_cmd_t tpm_cmd; u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA); ... tpm_cmd.header.in = tpm_getrandom_header; tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes); err = tpm_transmit_cmd( chip, &tpm_cmd, TPM_GETRANDOM_RESULT_SIZE + num_bytes ); ... recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); memcpy(out, tpm_cmd.params.getrandom_out.rng_data, recd); ... }

  25. The Results • Many memory corruption issues: • Linux Kernel: 6 • U-Boot: 2 • Coreboot: 1 • tboot: 13 • Tianocore EDK2: 10 • Root cause: Fragile response payload parsing • Some bugs are specific to a TPM chipset vendor (lowest driver layer) • Other bugs affect the generic TPM command/response interface • Both TPM v1.2 and v2.0 • PCR Read, Get Random, Seal, Unseal, NV Read, Get Capability

  26. At the Packet Level: Request 00 C1 00 00 00 0E 00 00 00 46 00 00 00 10 +---+ +---------+ +---------+ +---------+ tag length ordinal size_req +---------------------------+ +---------+ header body tpm_cmd.header.in = tpm_getrandom_header ; tpm_cmd.params.getrandom_in.num_bytes = cpu_to_be32(num_bytes) ; tpm_transmit_cmd( chip, &tpm_cmd, TPM_GETRANDOM_RESULT_SIZE + num_bytes );

  27. At the Packet Level: Response 00 C4 00 00 00 1E 00 00 00 00 00 00 00 10 EF F8 2C 6A ... +---+ +---------+ +---------+ +---------+ +-----------...+ tag length ret code data_len rng_data +---------------------------+ +-----------------------...+ header body tpm_transmit_cmd(chip, &tpm_cmd, 0x1A); recd = be32_to_cpu( tpm_cmd.params.getrandom_out.rng_data_len ); memcpy(dest, tpm_cmd.params.getrandom_out.rng_data , recd);

  28. At the Packet Level: Response 00 C4 00 00 00 1E 00 00 00 00 00 00 FF FF AA AA AA AA ... +---+ +---------+ +---------+ +---------+ +-----------...+ tag length ret code data_len rng_data +---------------------------+ +-----------------------...+ header body tpm_transmit_cmd(chip, &tpm_cmd, 0x1A); recd = be32_to_cpu(tpm_cmd.params.getrandom_out.rng_data_len); memcpy(dest, tpm_cmd.params.getrandom_out.rng_data, recd);

  29. Didn’t The TCG Anticipate This?

  30. Authorization Sessions • HMAC • Appended to command and response packets. • Defense against payload tampering. • Guarantees Integrity : Packet hasn’t been tampered with. • Guarantees Authenticity: By knowledge of shared secret . • Parameter Encryption • Guarantees Confidentiality: Can transmit secrets on the bus w/o exposure. • Rolling Nonces • Prevent replay attacks.

Recommend

Using GENIE Combating Loneliness Inquiry https://genie.soton.ac.uk Anne Kennedy and Anne

Using GENIE Combating Loneliness Inquiry https://genie.soton.ac.uk Anne Kennedy and Anne

Using GENIE Combating Loneliness Inquiry https://genie.soton.ac.uk Anne Kennedy and Anne Rogers The team behind GENIE at Southampton University NIHR CLAHRC Wessex GENIE Online Intervention Steps Map personal community of support in

873 views • 27 slides
GENIE Systematic Errors GENIE Systematic Errors GENIE Systematic Errors Hugh Gallagher, Tufts

GENIE Systematic Errors GENIE Systematic Errors GENIE Systematic Errors Hugh Gallagher, Tufts

GENIE Systematic Errors GENIE Systematic Errors GENIE Systematic Errors Hugh Gallagher, Tufts University July 11, 2016 - NUTUNE 16, U. Liverpool OUTLINE 1) History/Context 2) Neutrino-Nucleon Interaction Modeling Free nucleon cross

905 views • 43 slides
Directions Most interaction is between Dorky Computer Scientist, the Genie and the crowd. Dialogue

Directions Most interaction is between Dorky Computer Scientist, the Genie and the crowd. Dialogue

Characters : 1. Computer Science GeniusMark 2. Computer Science Genie (or just Genie)GWA Overview : After the Dorky Computer Scientist summons the Power Agile Genie (with the help of the crowd) he is granted three wishes. As a first wish,

195 views • 8 slides
GENIE Status Gabriel N. Perdue Simulations for Neutrinos 30 January 2017 Overview Recent

GENIE Status Gabriel N. Perdue Simulations for Neutrinos 30 January 2017 Overview Recent

GENIE Status Gabriel N. Perdue Simulations for Neutrinos 30 January 2017 Overview Recent release: GENIE 2.12.2 Planned releases: - GENIE 3.0 - GENIE 4.0 2 Gabriel Perdue | GENIE news | Simulations for Neutrinos 30 January 2017 GENIE

397 views • 13 slides
Introducing 2) Develop skills to utilize the online GENIE GENIE checklist and become familiar

Introducing 2) Develop skills to utilize the online GENIE GENIE checklist and become familiar

3/18/2014 The Guide for Effective Nutrition Interventions and Education Learning Objectives 1) Explain the process used in developing and validating the Guide for Effective Nutrition Interventions and Education (GENIE). Introducing 2) Develop

500 views • 10 slides
First look at new GENIE syst CAFs LBL meeting 30 Jul 2018 Chris Backhouse University

First look at new GENIE syst CAFs LBL meeting 30 Jul 2018 Chris Backhouse University

First look at new GENIE syst CAFs LBL meeting 30 Jul 2018 Chris Backhouse University College London Introduction Using example file /dune/data/users/marshalc/CAF FHC.root Weights now readable in CAFAna as dune.genie wgt[][]

442 views • 11 slides
GENIE update a personal view Steve Dytman, Univ. of Pittsburgh NusTec 11 December, 2018

GENIE update a personal view Steve Dytman, Univ. of Pittsburgh NusTec 11 December, 2018

GENIE update a personal view Steve Dytman, Univ. of Pittsburgh NusTec 11 December, 2018 group changes v3 + reweighting model advances, plans electron scattering v4 GENIE group changes FNAL After contributing many

616 views • 24 slides
rSMILE, an interface to the Bayesian Network package GeNIe/SMILE Roman Klinger, Christoph M.

rSMILE, an interface to the Bayesian Network package GeNIe/SMILE Roman Klinger, Christoph M.

rSMILE, an interface to the Bayesian Network package GeNIe/SMILE Roman Klinger, Christoph M. Friedrich { klinger,friedrich } @scai.fraunhofer.de July 9, 2009 Outline Bayesian Networks Existing Implementations GeNIe/SMILE rSMILE Applications

642 views • 17 slides
The Genie in the Bottle Implementing and Sustaining Lean Pg 1 What Well Cover Introduction

The Genie in the Bottle Implementing and Sustaining Lean Pg 1 What Well Cover Introduction

The Genie in the Bottle Implementing and Sustaining Lean Pg 1 What Well Cover Introduction 1. The Definition of True North 2. Key Philosophies Successful Lean Organizations 3. Quick review of the Toyota House 4. Discussion

1.37k views • 92 slides
The Genie is out of the bottle: DNA testing and the end of donor anonymity DNA testing is on the

The Genie is out of the bottle: DNA testing and the end of donor anonymity DNA testing is on the

The Genie is out of the bottle: DNA testing and the end of donor anonymity DNA testing is on the rise www.varta.org.au N=312 Ancestry DNA tests how do they work? 3 main types 1. Y-DNA 2. mtDNA 3. Autosomal www.varta.org.au Autosomal

811 views • 18 slides
Genie Distributed Systems Synthesis and Verification Marc Rosen EN.600.667: Advanced Distributed

Genie Distributed Systems Synthesis and Verification Marc Rosen EN.600.667: Advanced Distributed

Genie Distributed Systems Synthesis and Verification Marc Rosen EN.600.667: Advanced Distributed Systems and Networks May 1, 2017 1 / 35 Outline Introduction Problem Statement Prior Art Demo How does it work? Code Generation How does it

504 views • 35 slides
GENIE: Valida,on and Tuning status report Julia Yarba,

GENIE: Valida,on and Tuning status report Julia Yarba,

GENIE: Valida,on and Tuning status report Julia Yarba, FNAL Simula,on for Neutrinos mee,ng Jan.30, 2016 GENE Valida,on and Tuning

369 views • 16 slides
FFPSA Implementation Efforts in LA County LA County DCFS Kym Renner &amp; Genie Chough FFPSA

FFPSA Implementation Efforts in LA County LA County DCFS Kym Renner &amp; Genie Chough FFPSA

FFPSA Implementation Efforts in LA County LA County DCFS Kym Renner &amp; Genie Chough FFPSA Convening CWDS Training Center Riverside, CA November 20, 2019 Highlights Introductions LA County Governance Structure &amp;

574 views • 10 slides
Learning Genie Staff Training 1 Welcome! Loved by thousands of teachers and directors, 40+ lab

Learning Genie Staff Training 1 Welcome! Loved by thousands of teachers and directors, 40+ lab

Learning Genie Staff Training 1 Welcome! Loved by thousands of teachers and directors, 40+ lab school partners, 200+ school districts /agencies 2 8:00-8:10am Introduction 8:10am-9:30am Training Session I (Mobile Devices) Portfolios Daily

695 views • 23 slides
The Genie Is Out of the Bottle Richard E. Ya Deau, MD FACS, FACHCE (HON) 23andme Your genetic

The Genie Is Out of the Bottle Richard E. Ya Deau, MD FACS, FACHCE (HON) 23andme Your genetic

The Genie Is Out of the Bottle Richard E. Ya Deau, MD FACS, FACHCE (HON) 23andme Your genetic data Participatory Research Richard YaDeau Richard YaDeau Genes vs. Environment 60-80 % Attributable to Genetics The heritability of AD

300 views • 7 slides
The Genie Is Out of the Bottle Richard E. Ya Deau MD, FACS, ACHCE (HON) 23andme Your genetic

The Genie Is Out of the Bottle Richard E. Ya Deau MD, FACS, ACHCE (HON) 23andme Your genetic

The Genie Is Out of the Bottle Richard E. Ya Deau MD, FACS, ACHCE (HON) 23andme Your genetic data Participatory Research Richard YaDeau Richard YaDeau Genes vs. Environment 60-80 % Attributable to Genetics The heritability of AD

252 views • 7 slides
SPICE Street Names Bliss Black Mamba Bombay Blue Fake Weed Genie Zohai

SPICE Street Names Bliss Black Mamba Bombay Blue Fake Weed Genie Zohai

SPICE Street Names Bliss Black Mamba Bombay Blue Fake Weed Genie Zohai Judgment Day Tai High Mojo WHAT TO LOOK FOR? Signs &amp; Symptoms PSYCHOLOGICAL: PHYSICAL: Hallucinations &amp; delusions

143 views • 13 slides
Mytholo logy of AI Chry rysta tal Ball lls, Genie ies and Deit itie ies Victor Alexiev

Mytholo logy of AI Chry rysta tal Ball lls, Genie ies and Deit itie ies Victor Alexiev

B e t t e r F u t u r e s , T o g e t h e r Mytholo logy of AI Chry rysta tal Ball lls, Genie ies and Deit itie ies Victor Alexiev Black Swans and Black Elephants +65 9815 1543 victor@innovator.sg iRAHSs, 18 July 2017 What is is AI

884 views • 73 slides
Practical and Project Work in Computer Science Education Funded by Chalmers Genie - Program

Practical and Project Work in Computer Science Education Funded by Chalmers Genie - Program

Practical and Project Work in Computer Science Education Funded by Chalmers Genie - Program Chalmers | Gothenburg University Regina Hebig, Niklas Broberg, Richard Berntsson Svensson Regina Hebig, WIRE Workshop 2020 Motivation 1: Yearly

211 views • 10 slides
GArSoft Update: Hits and Tracks Tom Junk HPGTPC Meeting July 13, 2018 Two Zooms on a GENIE veCC

GArSoft Update: Hits and Tracks Tom Junk HPGTPC Meeting July 13, 2018 Two Zooms on a GENIE veCC

GArSoft Update: Hits and Tracks Tom Junk HPGTPC Meeting July 13, 2018 Two Zooms on a GENIE veCC Event in the Middle of the Detector Hit-finder is a simple threshold algorithm Hits are located at the pad (y,z) locations, and arrival time

702 views • 14 slides
Honda Flux in GENIE Wanwei Wu, Robert Hatcher, Tingjun Yang LArSoft Coordinate Meeting Tuesday,

Honda Flux in GENIE Wanwei Wu, Robert Hatcher, Tingjun Yang LArSoft Coordinate Meeting Tuesday,

Honda Flux in GENIE Wanwei Wu, Robert Hatcher, Tingjun Yang LArSoft Coordinate Meeting Tuesday, 11 Sept 2018 You Inst Logo Content I. Overview II. Honda atmospheric neutrino flux file - Atmospheric neutrino: zenith angle distribution -

503 views • 24 slides
Instructional Guides and HoverCam Solo 8 Videos Susan Eason, San Jacinto College The Magic Lamp

Instructional Guides and HoverCam Solo 8 Videos Susan Eason, San Jacinto College The Magic Lamp

Instructional Guides and HoverCam Solo 8 Videos Susan Eason, San Jacinto College The Magic Lamp The Magic Lamp You and your team have just found a lamp. You rub it, and surprise! A genie appears. The genie grants you three wishes. You are

320 views • 15 slides
MongoDB: A New Genie in the LAMP (Stack) Kristina Chodorow kristina@mongodb.org a

MongoDB: A New Genie in the LAMP (Stack) Kristina Chodorow kristina@mongodb.org a

MongoDB: A New Genie in the LAMP (Stack) Kristina Chodorow kristina@mongodb.org a retrospective SQL invented now 1974 2010 SQL invented now 1974 2010 SQL invented now 1974 2010 1979 SQL invented now 1974 2010 1979 SQL

2.16k views • 157 slides
grow...... May they see me as patient and understanding, for then they will be more willing to

grow...... May they see me as patient and understanding, for then they will be more willing to

&quot;May the Children in My Care&quot; a poem by Genie Graveline May the children in my care learn so much more from me than what is contained in books...... May I teach them by example that it's all right to make mistakes, for that is how we

497 views • 17 slides

More recommend