Fixing the TPM: Hardware Security Modules Done Right

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • InfluxDB - Collect and Analyze Billions of Data Points in Real Time
  • Onboard AI - Learn any GitHub repo in 59 seconds
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • TPMGenie

    TPM Genie is an I2C bus interposer for discrete Trusted Platform Modules

    Making an TPM genie isn’t that hard, and once we have that the Evil Maid can fairly easily unplug the discrete TPM, plug the Genie, and plug the TPM into the genie. And voilà, you can now sniff TPM signals in transit. Only works with discrete TPMs of course, but this attack is not out of this world.

    https://github.com/nccgroup/TPMGenie

  • tillitis-key1

    Board designs, FPGA verilog, firmware for TKey, the flexible and open USB security key 🔑

    Having a look at their documented threat model: https://github.com/tillitis/tillitis-key1/blob/main/doc/thre...

    I love this particular detail, listed under Assumptions:

    > The end user is not an attacker. The end user at least doesn't knowingly aid the attacker in attacks on their device.

    I love this, it's exactly what I want from a HSM device. However, sadly, most vendors today deploy TPMs in such a way that the end-user is an attacker (see: Google SafetyNet) - and the TKey is kinda incompatible with that, I suppose.

  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts