vulnerability TPM-fail - LetsTrust-TPMs are not affected!
Welcome back!
no I´m not dead, \o/ ,
but the vulnerability ---TPM-fail--- need my highest attention today.
The good news: LetsTrust-TPMs are not affected!
But I'm not a friend of “hiding” information:
The SLB9670 that we used on our PCBs has the same certification levels on Common Criteria EAL4+ and FIPS 140-2 as the fTPM from Intel and the ST33 from STM.
If I get new information of the Chip on our LetsTrust-TPMs, I'll post an update here.
UPDATE: Quote from http://tpm.fail/tpmfail.pdf
Bye for now
Paul
UPDATE: Reference: tpm.fail
Reference: zdnet.com
CVE-2019-11090 and impacts Intel's Platform Trust Technology (PTT).
CVE-2019-16863 and impacts the ST33 TPM chip made by STMicroelectronics.
no I´m not dead, \o/ ,
but the vulnerability ---TPM-fail--- need my highest attention today.
The good news: LetsTrust-TPMs are not affected!
But I'm not a friend of “hiding” information:
The SLB9670 that we used on our PCBs has the same certification levels on Common Criteria EAL4+ and FIPS 140-2 as the fTPM from Intel and the ST33 from STM.
If I get new information of the Chip on our LetsTrust-TPMs, I'll post an update here.
UPDATE: Quote from http://tpm.fail/tpmfail.pdf
Our analysis reveals that Intel fTPM and the dedicated TPM
manufactured by STMicroelectronics leak information about
the secret nonce in elliptic curve signature schemes, which
can lead to efficient recovery of the private key. As discussed
in Section 6, we also observe non-constant-time behavior by
the TPM manufactured by Infineon which does not appear
to expose an exploitable vulnerability.
Bye for now
Paul
UPDATE: Reference: tpm.fail
Reference: zdnet.com
CVE-2019-11090 and impacts Intel's Platform Trust Technology (PTT).
CVE-2019-16863 and impacts the ST33 TPM chip made by STMicroelectronics.
Trackbacks
No Trackbacks
The author does not allow comments to this entry
Comments
Display comments as Linear | Threaded