-
-
tillitis-key1
Board designs, FPGA verilog, firmware for TKey, the flexible and open USB security key 🔑
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Making an TPM genie isn’t that hard, and once we have that the Evil Maid can fairly easily unplug the discrete TPM, plug the Genie, and plug the TPM into the genie. And voilà, you can now sniff TPM signals in transit. Only works with discrete TPMs of course, but this attack is not out of this world.
https://github.com/nccgroup/TPMGenie
Having a look at their documented threat model: https://github.com/tillitis/tillitis-key1/blob/main/doc/thre...
I love this particular detail, listed under Assumptions:
> The end user is not an attacker. The end user at least doesn't knowingly aid the attacker in attacks on their device.
I love this, it's exactly what I want from a HSM device. However, sadly, most vendors today deploy TPMs in such a way that the end-user is an attacker (see: Google SafetyNet) - and the TKey is kinda incompatible with that, I suppose.