Re: [tpm2] Question about SPI encryption

Re: [tpm2] Question about SPI encryption

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 1712 bytes --]

ESAPI makes it easy to implement this, and the tools have limited support for encrypted sessions and
default to hmac sessions for commands when a password is used.

Bill

> -----Original Message-----
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Tadeusz Struk
> Sent: Wednesday, August 14, 2019 3:04 PM
> To: Gallagher, James <james.gallagher(a)uky.edu>; tpm2(a)lists.01.org
> Subject: Re: [tpm2] Question about SPI encryption
> 
> Hello James,
> On 8/14/19 11:56 AM, Gallagher, James wrote:
> > Hello,
> > Supposing I was using a TPM that is connected to its host device via the SPI bus,
> would it be possible to encrypt all communication over that bus. I recently read
> the TPMgeany papers, linked here: https://github.com/nccgroup/TPMGenie in
> which a man-in-the-middle attack could be used to spoof packets to and from the
> TPM.
> > I was curious if The ESAPI, SAPI or something else could be used to
> > encrypt communication over the SPI bus to mitigate these vulnerabilities.
> 
> There is nothing it the TPM software stack that will allow all communication to be
> encrypted, however some commands support sensitive parameters in requests
> and/or responses to be encrypted using a TPM session key. Have a look at
> section 21. "Session-based encryption" of the spec[1] This will prevent sniffing
> TPM communication. An HMAC session can be used to prevent packet spoofing.
> 
> [1] https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-
> 2.0-Part-1-Architecture-01.38.pdf
> --
> Tadeusz
> 
> 
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org
> https://lists.01.org/mailman/listinfo/tpm2

Re: [tpm2] Question about SPI encryption

[Tadeusz Struk]

[-- Attachment #1: Type: text/plain, Size: 1060 bytes --]

Hello James,
On 8/14/19 11:56 AM, Gallagher, James wrote:
> Hello,
> Supposing I was using a TPM that is connected to its host device via the SPI bus, would it be possible to encrypt all communication over that bus. I recently read the TPMgeany papers, linked here: https://github.com/nccgroup/TPMGenie in which a man-in-the-middle attack could be used to spoof packets to and from the TPM.
> I was curious if The ESAPI, SAPI or something else could be used to encrypt communication over the SPI bus to mitigate these vulnerabilities. 

There is nothing it the TPM software stack that will allow all communication to be encrypted,
however some commands support sensitive parameters in requests and/or responses to be encrypted
using a TPM session key. Have a look at section 21. "Session-based encryption" of the spec[1]
This will prevent sniffing TPM communication. An HMAC session can be used to prevent packet spoofing.

[1] https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf
-- 
Tadeusz

[tpm2] Question about SPI encryption

[Gallagher, James]

[-- Attachment #1: Type: text/plain, Size: 519 bytes --]

Hello,
Supposing I was using a TPM that is connected to its host device via the SPI bus, would it be possible to encrypt all communication over that bus. I recently read the TPMgeany papers, linked here: https://github.com/nccgroup/TPMGenie in which a man-in-the-middle attack could be used to spoof packets to and from the TPM.
I was curious if The ESAPI, SAPI or something else could be used to encrypt communication over the SPI bus to mitigate these vulnerabilities.

Thank you for your time,
James Gallagher

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 1463 bytes --]