LetsTrust | Einträge für März 2023

TCG TPM2.0 implementations vulnerable to memory corruption

Geschrieben von Paul Kissinger am Mittwoch, 1. März 2023

Hello everybody,

TLDR:
LetsTrust-TPMs are NOT effected.

Long Story Long:

on 28.02.2023 the CVE-2023-1017 and CVE-2023-1018 came out https://kb.cert.org/vuls/id/782720.

The SLB9670 from Infineon is soldered on LetsTrust-TPMs:
And here is Infineon's statement:

https://kb.cert.org/vuls/id/782720#Infineon%20Technologies%20AG

Bye for now!

Paul

Seitenleiste

Step 1: Get LetsTrust-TPM

Link to the shop

Step 1.1: Or Get LetsTrust-TPM2Go

Link to the shop

Step 2: Choose your platform

For LetsTrust-TPM: Raspberry Pi OS: Please follow these blogpost for your Raspberry Pi 0-5B+, \o/.
Or you could patch your distribution by yourself and follow the instructions on this blogpost.

For LetsTrust-TPM2Go: follow this blogpost.

Step 3: Software and Links

LetsTrust on Github: LetsTrust on github

LetsTrust-TPM2Go on Github: LetsTrust-TPM2Go on github

TPM2 Software Stack Github:
TPM2-Software

Keylime.dev TPM's made easy:
keylime.dev

Baremetal-Stack WolfTPM on Github:
WolfTPM from wolfssl
Hint: For WolfTPM you don't need the device tree overlay!

AWS IoT greengrass with TPM
using a TPM for endpoint device security:

ELTT2 from Infineon:
Embedded Linux TPM Toolbox 2

TPM Simulator with your Browser:
google.github.io/tpm-js/

Linux Magazine:
Security with the Trusted Platform Module, from Matthew Garrett .

Schematic & Component placement

Schematic V2.0
PCB placement V2.0

Schematic V2.2
PCB placement V2.2.cs0
PCB placement V2.2.cs1

Verwaltung des Blogs

https://letstrust.de/archives/17-GDPR-DSVGO.html