Practical PCR forgery: aka how I will decrypt your laptop

Discrete TPMs are tamper resistant physical devices containing a cryptographic coprocessor with on-chip secret storage and system state attestation functionality. While making the direct extraction of root key material using physical and electrical means rather difficult, when integrated into systems to provide secret storage, their nature of being external to the main processor opens up these systems to a different class of practical attacks.

Most well-known attacks against such systems target the bus between the processor and the TPM using passive sniffing and active interposer techniques (e.g. TPMGenie). In addition to discussing the continued effectiveness of well-known attacks, this talk will highlight a series of less well-known, but still highly practical attacks that focus on subverting the TPM’s knowledge of system state, either via physical means or by taking advantage of software mistakes.

These attacks include the recently disclosed “TPM GPIO fail” vulnerability that subverts the TPM’s knowledge of system state purely from software, allowing a software attacker in control of a system in any state to extract secrets sealed by “trusted” operating systems.