On 3/5/2018 9:04 AM, Jason Gunthorpe wrote:
On Fri, Mar 02, 2018 at 10:04:54PM -0800, James Bottomley wrote:
By now, everybody knows we have a problem with the TPM2_RS_PW easy
button on TPM2 in that transactions on the TPM bus can be intercepted
and altered. The way to fix this is to use real sessions for HMAC
capabilities to ensure integrity and to use parameter and response
encryption to ensure confidentiality of the data flowing over the TPM
bus.
We have the same issue for TPM1 then right?
TPM 1.2 did not have the concept of plaintext password sessions. If
authorization was used, it was always with an HMAC.
