Recovery from firmware vulnerabilities in TPM.pdf

1、Recovery from Vulnerabilities in TPM FirmwareEnhancing the TPM API for forward securityJeff Andersen,Staff Software Engineer,GoogleRecovery from Vulnerabilities in TPM FirmwareSecurity and Data ProtectionMost code has bugs:we fix the ones we can find before release,but there may be hidden onesThere

2、is a lot of code running on modern machines,from voltage regulators,to BIOS,up to userlandDont ever release bugs is not a strategySoftware bugs give us job securityStep 1:Release best-effort softwareStep 2:Find bugs and fix themStep 3:Roll out fixesStep 4:Verify the fixes have been appliedStep 5:Got

3、o step 1Critical capability:recoveryMutable code/configuration is measured before it runsMeasurements are stored in the TPMs memoryRemotely verifying softwareKernelBIOSUserspaceFlashFile systemAppAppAppMeasurementsTPMTPM:Trusted Platform ModuleMutable code/configuration is measured before it runsMea

4、surements are stored in the TPMs memoryThe TPM emits cryptographic proof of the measurements to a relying partyKernelBIOSUserspaceAppAppAppMeasurementsTPMRemote VerifierAttestationPolicyFlashFile systemTPM:Trusted Platform ModuleRemotely verifying softwareAttestations are signed with a key held by t

5、he TPMThe TPM must keep this key secretIf a bug causes the TPM to leak this secret,attestation and recovery dont workThe TPM must keep a secretKernelBIOSUserspaceAppAppAppMeasurementsTPMFlashFile systemTPM:Trusted Platform ModuleOne definition of TCB:the amount of code you need to blindy trust not t

6、o have bad bugsThe smaller the betterTrusted Computing BaseKernelBIOSUserspaceAppAppAppTPMOut of TCBIn TCBPlatform-dependentFlashFile systemTPM:Trusted Platform ModuleRecovery is not possible for bad bugsthat cause the TPM to leak its secretsOne definition of TCB:the amount of code you need to blind