12.4 C
New York
Sunday, October 26, 2025

A Look at faulTPM’s Deepest Secrets


A recent paper, “faulTPM: Exposing AMDfTPMs‘ Deepest Secrets”, explores the impact of a Voltage Fault Injection (FI) vulnerability that compromised the AMD Secure Processor, which hosts the firmware-based TPM (fTPM) and its secrets. The attack targets AMD Ryzen CPUs (Zen 2 and 3), with Zen 1 likely also vulnerable.

The Voltage FI attack leverages the Serial Voltage Identification Interface 2.0 (SVI2) bus, enabling the AMD SoC to update supply voltages dynamically. Spring-loaded pins were used forpacket injection on SVI2. Interestingly, these packets allow an attacker to trick the power management of the device to induce a fault on itself. This fault bypasses firmware signature verification, which in turn allows loading of arbitrary code.

Spring-loaded pins are also used at Keysight to perform Voltage FI, available as our Keysight DS1322A Glitch Amplifier Needle. It enables rapid identification of vulnerable PCB lines and allows the remote control to various power planes when attached to an XY table.

Researchers reverse-engineered the fTPM nonvolatile storage and instrumented the original fTPM binary to understand key derivation and chip unique secret usage. The chip’s unique secret is crucial for cryptographic derivations. The researchers execute an attack code that extracts the secret and exfiltrates it via the SPI bus. Based on further reverse engineering, the researchers are able to derive all platform secrets. One demonstrated impact is the weakening of BitLocker’s full disk encryption.

Traditional discrete TPMs (dTPMs) are based on secure ICs with protections against faults and side channels. However, fTPMs may lack these protections. Intel published the introduction of FI countermeasures in their TEE equivalent, which were tested by Keysight’s Device Security Lab.

Since the FI vulnerability is in the ROM, mitigation is difficult. Various FI countermeasures are known, and the paper offers additional security recommendations for FDE and TPM implementations. More countermeasures can be found in the whitepaper Secure Application Programming in the Presence of Side Channel Attacks.

Keysight recommends all development teams update their threat models according to the findings of Hans Niklas Jacob et al, and their recommendation. The paper authors calculate the hardware cost at around $195. This means that it’s within most attackers’ scope and capabilities.

If you have questions or want to test the security of your development, reach out to us at [email protected].



Source link

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay Connected

0FansLike
0FollowersFollow
0FollowersFollow
0SubscribersSubscribe
- Advertisement -spot_img

CATEGORIES & TAGS

- Advertisement -spot_img

LATEST COMMENTS

Most Popular

WhatsApp