TPM-FAIL
TPM-Fail Attack code & data (by VernamLab)
ms-tpm-20-ref
Reference implementation of the TCG Trusted Platform Module 2.0 specification. (by microsoft)
| TPM-FAIL | ms-tpm-20-ref | |
|---|---|---|
| 6 | 1 | |
| 119 | 322 | |
| 1.7% | 0.6% | |
| 0.0 | 2.9 | |
| about 1 year ago | 2 months ago | |
| Python | C | |
| - | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
TPM-FAIL
Posts with mentions or reviews of TPM-FAIL.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-05-07.
- Home Made TPM2.0 Module
- Windows 11 may not be as popular as Microsoft had hoped
- Using TPM 2.0 vulnerabilities to steal private VPN server keys (TPM-FAIL attack)
-
Good Things In Cybersecurity
TPM isn't necessarily a good thing. The user hands over total control to the manufacturer, and if Intel randomly decided to stop supporting Linux on the device you own, you would have no choice but to install Windows. There's also the huge issue of vulnerabilities in several TPM devices that make your computer less secure than without a TPM: most notably ROCA which existed for over 5 years, but also TPM-Fail (several instances of huge timing leakage), Bad Dream (loophole in TPM specification regarding sleep states) and leakage from the LPC bus connecting the TPM to the CPU. Security evaluations of TPMs don't seem to deliver what they promise, making it possible that there are even worse and more widespread weaknesses in currently used devices. Even if it worked as intended, TPM as a concept seems dystopian to me: this well-known controversial article explains some of the dangers.
- Would using two different SSDs alleviate any security problems with Dual Booting?
ms-tpm-20-ref
Posts with mentions or reviews of ms-tpm-20-ref.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-05-07.
-
Home Made TPM2.0 Module
It depends on how the TPM is being used by the OS and its apps. If it’s purely being used for the crypto key storage and crypto operations, then you can probably use something like the MS reference implementation [0]. If the OS requires attestation and endorsement, there is a manufacturer key pair that is embedded into the chip that you can use to attest and verify that the TPM you are interacting with is indeed from a particular manufacturer. That aspect would not be doable for an emulated DIY TPM.
[0] https://github.com/microsoft/ms-tpm-20-ref