[bem94]

It's possible, but it is _a lot_ of work!

You'd basically be building a cryptographic module (industry standard term, with a lot of specs and requirements to go a long with it), which is no small undertaking in terms of correctness, never mind security. The "basic" cryptographic routines aren't easy either. You're talking ECC and some other symmetric primitives. Secure & efficient ECC implementation is an entire discipline on it's own.

I have reservations about the phrase "don't roll your own cryptography" for lots of reasons, but this would be taking rolling your own to the extreme. With all the associated risks.

Absolutely possible and a very cool project, but yeah, it's hard to understate the complexity / requirements of a full cryptographic module on top of the cryptographic primitives it needs to support. I actually really like that this person took an existing commercial TPM and could integrate it into their own PCB this way, I think that's a good compromise between building your own TPM with an Arduino, and having to pay lots of money for an out-of-the-box TPM.

[joerichey]

One reasonable way to do this could involve running the reference TPM2 simulator [0] on the Arduino. It's just a C library that already implements all the cryptographic routines and TPM2 commands. In fact, this is basically how TPM vendors implement their chips. They just generally have:

  - A lot more hardening against physical attacks
  - Cryptographic libraries optimized for their low-resource hardware
  - (sometimes) a vendor certificate for a primary TPM key, aka an "EK cert"

Certainly a TPM running on an Arduino wouldn't have the physical hardware properties of a "real" TPM. But you could probably get it into a state with similar software properties.

[0] https://github.com/microsoft/ms-tpm-20-ref

[2OEH8eoCRo0]

I'd use this over a real TPM so that I have more control over my PC.

[Nextgrid]

See my other comment: https://news.ycombinator.com/item?id=31293577

It really depends on what your threat model is and whether you intend to use the TPM to begin with. If not, you really don't care about the security of any cryptography as long as the output is valid enough to satisfy whatever application is using the TPM.

[nonrandomstring]

Creating an adversarial relationship between the user and vendor is a debasement of security principles. Now, Windows is the threat model and that's why "mandating" this was the wrong choice altogether. Microsoft could even have sold this as a feature. The fact that they chose instead to push it on users tells you everything you need to know about the future of users' relationship with their products. The perimeter of my security ends where Microsoft begins.

[GekkePrutser]

It could be interesting in terms of debugging and reverse engineering. Seeing what secrets apps are storing. Normally you don't have full view on what's in your TPM as an end user.

Of course it'll be hard to make it really secure but production use isn't the only place this could come in handy.

[daneel_w]

> "It's possible, but it is _a lot_ of work!"

How do you know it's _a lot_ of work? Correct me if I'm wrong, since you are implying you are familiar with this, but doesn't Windows 11 just want to verify that the device is available, likely with an echo facsimile along the lines of a version or self-test response? I don't believe any version of Windows requires full TPM functionality.