Skip to content

vulnerability TPM-fail - LetsTrust-TPMs are not affected!

Welcome back!

no I´m not dead, \o/ ,
but the vulnerability ---TPM-fail--- need my highest attention today.

The good news: LetsTrust-TPMs are not affected!

But I'm not a friend of “hiding” information:

The SLB9670 that we used on our PCBs has the same certification levels on Common Criteria EAL4+ and FIPS 140-2 as the fTPM from Intel and the ST33 from STM.

If I get new information of the Chip on our LetsTrust-TPMs, I'll post an update here.

UPDATE: Quote from http://tpm.fail/tpmfail.pdf

Our analysis reveals that Intel fTPM and the dedicated TPM
manufactured by STMicroelectronics leak information about
the secret nonce in elliptic curve signature schemes, which
can lead to efficient recovery of the private key. As discussed
in Section 6, we also observe non-constant-time behavior by
the TPM manufactured by Infineon which does not appear
to expose an exploitable vulnerability.




Bye for now

Paul

UPDATE: Reference: tpm.fail

Reference: zdnet.com

CVE-2019-11090 and impacts Intel's Platform Trust Technology (PTT).
CVE-2019-16863 and impacts the ST33 TPM chip made by STMicroelectronics.
Categories: TPM

Trackbacks

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

The author does not allow comments to this entry