Attack on the TPM chip without physical access: data stored on the system at risk

Attack on the TPM chip without physical access: data stored on the system at risk

Microsoft insists on requiring the presence of chip TPM and its enablement to proceed with the installation of Windows 11. Yet, several researchers have separately demonstrated effective techniques for overcome protection offered by the TPM and even access the contents of a storage drive protected with BitLocker.

The latest update on the topic comes from an expert who reported a critical security issue to Intel in February 2024 and who today began providing some technical details. Differently than others attack methodsthe researcher managed to make his way and access the cryptographic keys managed by the TPM chip, without having to physically access the internal components of the device.

Outdated firmware can expose the TPM chip to attack risks

On the platforms Intelthe discrete TPM devices, i.e. separate and distinct chips, are connected to the PCH (Platform Controller Hub) via bus such as LPC or eSPI. The Platform Controller Hub is a type of chipset, first introduced by Intel in 2009, which is integrated into the processor and mainly deals with communication with the GPU and RAM memory.

Furthermore, PCH manages the Input/Output (I/O) functions between the processor and motherboard, replacing some of the functions of the old Northbridge.

The LPC and eSPI buses have a pin that controls the reset state of the devices. Normally this pin is controlled by the hardware and activated only when the system reboots. Many pins available on the PCH, however, can be put to multiple uses, and the software can select the function assigned to each pin. The block GPIO (General Purpose Input Output) gives the software direct control of the state of each pin.

Using this functionality, explains the researcher, an attacker can intervene on the value of the GPIO pin and simulate a hardware reset request, causing the restoration of the TPM status.

This type of aggression allows for reset values PCR (Platform Configuration Registers) of the TPM: from here to compromise of cryptographic systems such as BitLocker the step is short.

The fixes already exist but have not been applied by all manufacturers

To mitigate the attack described, Intel introduced a feature at the PCH level that allows the firmware to lock the GPIO pin configuration. However, it appears that this feature has not been properly implemented by all OEMs, and may require additional firmware updates to become effective.

Well-implemented firmware can prevent any subsequently loaded software (e.g. bootloaders and operating system kernels) from exploiting the vulnerability in question. Intel says its guidance is intended for BIOS developers (accessible only via NDA, i.e. after signing a confidentiality agreement) includes practical instructions for activating the security measure.

Unfortunately, however, the expert has not yet come across “in the real world” a single device that correctly implements the lock intended by Intel.

We suggest keeping an eye on this technical analysis because the researcher has stated that he plans to release vulnerability detection software soon. Download links for the verification utility will be shared publicly.

Leave a Reply

Your email address will not be published. Required fields are marked *