Trusted Computing Ecosystem
Trusted Platform Modules are secure hardware or firmware elements designed to improve platform integrity (Measured Boot combined with Remote Attestation), provide secure storage for cryptographic material like disk encryption keys or limit brute-force attacks against relatively short user passwords. While the physical TPM chips started to be shipped in new laptops since 2006 (TPM v1.2), the real adoption by the applications was limited. Only with the introduction of TPM specification v2.0 in 2015, the relevant development and adoption seem to be on the rise.
The project aims to study the TPM ecosystem as currently exists in deployed devices and software applications using it, establish the types of chips and their properties one can encounter, investigate the state of patching of known vulnerabilities like ROCA against Infineon’s TPM (CVE-2017-15361) or TPMFail against Intel’s fTPM (CVE-2019-11090) and STM’s TPM (CVE-2019-16863) and analyze a reliability of stored integrity measurements (PCRs) for remote attestation and disk encryption uses.
The research is performed by a joint cooperation between Red Hat Czech and CRoCS laboratory at Masaryk University.