back to article Don't trust the Trusted Platform Module – it may leak your VPN server's private key (depending on your configuration)

Trusted Platform Modules, specialized processors or firmware that protect the cryptographic keys used to secure operating systems, are not entirely trustworthy. Boffins from the Worcester Polytechnic Institute and University of California, San Diego, in the US, and the University of Lübeck in Germany, have found that TPMs …

  1. Richard Boyce

    Intel "hardware"

    When you need monthly security patches for "hardware", something is very, very wrong.

    1. Captain Scarlet Silver badge

      Re: Intel "hardware"

      Well how else will they sell upgrades?

  2. Anonymous Coward
    Anonymous Coward

    Or right if you work for some intelligence agency

    IMHO none of this is accidental

    1. TeeCee Gold badge

      Re: Or right if you work for some intelligence agency

      Nice hat. Is that real tinfoil?

    2. Michael Wojcik Silver badge

      Re: Or right if you work for some intelligence agency

      You're multiplying entities needlessly. It's difficult to do constant-time big-number arithmetic correctly, and the dangers of timing side attacks for ECC were not well-documented until relatively recently. Thus it's probable that most or all of these attacks are accidental.

      While well-resourced actors are likely capable of subverting the TPM development process at various OEMs, and certainly wouldn't have any qualms about doing so, these are odd backdoors to choose. They'd be better off backdooring the CPRNG, which is undetectable if done correctly. (Or putting in backdoored ECC curves, except there are users who know to insist on using standard ones.)

      And as long as those actors know existing implementations are flawed, there's no reason for them to intervene and risk discovery.

  3. Bendacious


    "Boffins from the Worcester Polytechnic Institute and University of California, San Diego, in the US, and the University of Lübeck in Germany". These men and women are doing valuable, difficult, extremely boring work and they deserve respect. This must be weeks and months of grinding away at work that is difficult in terms of the maths and physics and mind-boggling in terms of the amount of trial and error that must be involved. I'm glad that these people exist and that someone pays their tiny academic salary.

    1. Michael Wojcik Silver badge

      Re: Boffins

      Hey - the folks from Whoopie Tech get to work in beautiful Worcester, Massachusetts. (Municipal motto: "Somewhat nicer than Lowell!")

      In all seriousness, I agree that it's always good to see people doing the work. (This sort of thing is pretty fun work, in my book, but that doesn't make it less important.) But I don't know that salaries at Worcester Polytechnicl are "tiny", exactly; online sources differ, but it looks like professors average around $110K, which suggests full professors in particular earn a comfortable salary. Cost of housing around Worcester isn't great but isn't as bad as Boston.

      Of course graduate students are basically on subsistence pay, even with assistantships and fellowships, but that's true for all US universities.

  4. Christian Berger

    What did you expect?

    After all the Trusted Computing Initiative was not about protecting user data but about protecting business models. If it was about making computers safer they would lobby for the elimination of scripting languages in browsers, and the elimination of "Service Mode" features and "security enclaves".

    1. JohnFen

      Re: What did you expect?

      This. I don't trust TPM because TPM is most often used to restrict my use of my own machines.

  5. AConcernedCitizen

    Not very creative marketing naming.

    Since they bothered with both naming this vulnerability and designing a logo for people to use in their security presentations, couldn't they have come up with a more creative and marketable name for this vulnerability to put on their CV?

    Perhaps naming it by including something spooky like Vaultghost or a backronym like TROVE (TPM recovery of VPN ECDSA)? They both seem more natural sounding and far more marketable than "TPM-FAIL".

  6. J. Cook Silver badge


    Fell out of chair from laughing so hard at the irony.

    In all seriousness, the only reason, IIRC, the TPM module was even designed in was to placate the Recording Ass. of America and the Motion Picture Ass. of America over their War on Piracy(tm).

    1. Anonymous Coward
      Anonymous Coward

      Are you sure you're not mistaking Trusted Platform Module for Trusted Execution Enviroment which is part of pretty much every modern processor?

      Most modern browser-based DRM schemes are based around using the hidden Trusted Execution Enviroment registers for key exchange/decryption etc. rather than the observable regular CPU registers.

      TPMs are still pretty rare in the average user's computer and would probably not make sense to use TPMs for DRM unless companies started shipping TPMs by default with the motherboard even though they can be used for such.

      1. JohnFen

        "TPMs are still pretty rare in the average user's computer "

        I believe this depends on how old the computer is. I'm not certain, but my understanding is that most new machines include a TPM chip on the motherboard. Interestingly, the documentation and salesfolks with at least one manufacturer (Dell) asserts that they don't -- but they do. If you care one way or another, it's probably best to ignore what the companies say and test for its presence yourself.

        1. This post has been deleted by its author

        2. Anonymous Coward
          Anonymous Coward

          Could you be more specific on which models/types of Dell computers/motherboards you're talking about here?

          From what I've read they've become common on laptop (brands) often used by corporations.

          1. JohnFen

            I don't actually remember which Dell models they were for certain, but I think Inspiron was one. This was a few years ago, though. In my quick search to nail this down, it appears that nearly all current Dell models include TPM 2.0.

            1. Michael Wojcik Silver badge

              Was that a hardware TPM, a firmware TPM bundled with the CPU and chipset, or a software emulated TPM? Windows, for example, may claim a "TPM" is present when it's just a software emulation.

              In short, it may not be Dell that's doing this, and when they say a model doesn't include a TPM, they may mean it doesn't include a true hardware TPM. That's the only sort of TPM I'd bother using for my own purposes (and, yes, they're useful), so the distinction is relevant.

      2. J. Cook Silver badge

        It's possible, although I seem to recall both RIAA and MPAA both pushing for a TPM in every computer.

        Part of it was that they were also pushing for end to end encryption of full 1080P video streams from storage to display back when computers barely had enough video horsepower to handle an unencrypted stream.

        I could be mis-remembering, though- I've slept since them.

  7. Alistair
    Black Helicopters

    I see irony here

    TPM meets Timing and LatticeAttacks's.....

    /walks off whistling Dixe.....

    expected shortly ===>

  8. Claptrap314 Silver badge

    What is this garbage?

    Algorithms timing attacks have been public knowledge for what? Two decades? These modules were not fit for purpose when they were sold.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like