Re: [RFC 0/2] add integrity and security to TPM2 transactions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/5/2018 9:04 AM, Jason Gunthorpe wrote:
On Fri, Mar 02, 2018 at 10:04:54PM -0800, James Bottomley wrote:
By now, everybody knows we have a problem with the TPM2_RS_PW easy
button on TPM2 in that transactions on the TPM bus can be intercepted
and altered.  The way to fix this is to use real sessions for HMAC
capabilities to ensure integrity and to use parameter and response
encryption to ensure confidentiality of the data flowing over the TPM
bus.

We have the same issue for TPM1 then right?

TPM 1.2 did not have the concept of plaintext password sessions. If authorization was used, it was always with an HMAC.




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux