Hacker News new | ask | show | jobs
by GTP 28 days ago
The point is that the lockbox is the TPM that, on paper, is supposed to be unbreakable. In practice, sometimes it can still be broken with physical attacks (like side channel analysis or fault injection, or even simply snooping the communication between the TPM and the rest of the system with a logic level analyzer), despite that it should be designed to be hard to break even with such attacks.

If the TPM is properly designed and manufactured, and the software relying on it is again properly designed and implemented, then it would be perfectly secure. The problem is more the difference between the theory and the real world; the flimsy lockbox analogy doesn't hold.
2 comments
Borealid 28 days ago
I don't think any of the attacks being discussed are actually attacks on the TPM's own threat model.

I think they're attacks on Windows' measured boot approach.

link
GTP 27 days ago
Indeed, which shows that the TPM isn't a fimsly lockbox.
link
aiscoming 28 days ago
the vast majority of TPMs today live inside the CPU (fTPM). you can't physically attack them
link
GTP 27 days ago
The mere fact of having them inside the CPU could make attacks harder, but doesn't rule them out.
link