5

I have been reading about TPM for months and one thing seems to be odd. I noticed that TPM firmware can be updated in certain brands. Like "Lenovo" or this link which links a bunch of brands. Now from what I have read TPM is supposed to be hardcoded and on-chip, but when it has firmware updates like that, it partially makes me suspicious about the security that is advertised it would provide.

I know that TPM being updatable sometimes can help with fixing problems for customers like if there is a vulnerability, but that also means that malicious actors can also tamper with the device hardware and the TPM chip. Now they only need to "update" the TPM firmware and the hardware firmware for the attack to work.

Does TPM being updatable increase the attack surface?

schroeder
  • 123,438
  • 55
  • 284
  • 319
JackBixuis
  • 109
  • 5
  • 1
    Those "firmware TPM" are no real TPM they are just an emulation of an TPM and of course they are not as secure as a real physical TPM. – Robert Jul 08 '21 at 20:36

1 Answers1

4

The firmware are digitally signed and verified by TPM CPU microcode the firmware inside the microprocessor, which is hardwired.

Firmware are generally signed by private keys of the vendor. Public keys are hardwired into the hardware registers of TPM. So, only digitally verified firmware can be executed in TPM.

But, tampering a device is possible once you have physical possession. Although TPM has measures for that for e.g. lockout/shutdown. As of now, I do know of any such attacks on TPM 2.0.

You can also verify if the TPM is tampered or not. For this, TPM chips are shipped with a unique key hardwired into the TPM known as Endorsement key. EK certificate can be used to verify that TPM hardware is genuine.

So, even if a firmware update increases an attack surface, all the mitigation for that is already implemented in TPM.

saurabh
  • 723
  • 1
  • 4
  • 12
  • Thank you so much @saurabh for taking the time to explain that to me. I honestly didn't know it was possible for the end users to verify the TPM chips. So are you saying that if I buy a new laptop and I am not sure if any hardware inside it has been tampered with I can simply use EK certification that the chip and the firmware is genuine? Would you mind explain how this can be done by me? an End-user? Thank you. – JackBixuis Jul 08 '21 at 16:21
  • 1
    Linux: https://tpm2-software.github.io/2020/06/12/Remote-Attestation-With-tpm2-tools.html windows: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation#verification-of-tpm-device-for-attestation. For linux its not easy you should know some basics. – saurabh Jul 08 '21 at 17:33
  • Thank you @saurabh . – JackBixuis Jul 08 '21 at 20:16