* [tpm2] Is the tpm2_create command safe against sniffing attacks?
@ 2021-07-30 23:02 Joseph Lee
0 siblings, 0 replies; 2+ messages in thread
From: Joseph Lee @ 2021-07-30 23:02 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 75 bytes --]
Hello,
https://tpm2-software.github.io/2020/04/13/Disk-Encryption.html
[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 1120 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* [tpm2] Is the tpm2_create command safe against sniffing attacks?
@ 2021-07-30 23:09 Joseph Lee
0 siblings, 0 replies; 2+ messages in thread
From: Joseph Lee @ 2021-07-30 23:09 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 988 bytes --]
Hello,
https://pulsesecurity.co.nz/articles/TPM-sniffing
In this article, can see that communication with the TPM is vulnerable
to sniffing if not careful.
https://tpm2-software.github.io/2020/04/13/Disk-Encryption.html
Is the disk encryption described in tpm2-software's blog safe against
these attacks?
tpm2_createprimary -Q -C o -c prim.ctx
dd if=/dev/urandom bs=1 count=32 status=none | tpm2_create -Q -g sha256
-u seal.pub -r seal.priv -i- -C prim.ctx
tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c
seal.ctx
tpm2_evictcontrol -C o -c seal.ctx 0x81010001
My question is:
1. Is there a tool in linux that can sniff communication with the
current system's TPM?
2. How to encrypt communications if the methods described above are
not secure?
It seems that encryption is possible through
tpm2_startauthsession , but I do not know how to apply it to tpm2_create
(The -S option simply did not work.)
Thank you.
[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 4276 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-07-30 23:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-30 23:02 [tpm2] Is the tpm2_create command safe against sniffing attacks? Joseph Lee
2021-07-30 23:09 Joseph Lee
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.