On 06/03/20 19:39, Rich Freeman wrote: > On Fri, Mar 6, 2020 at 2:07 PM Wols Lists <antli...@youngman.org.uk> wrote: >> >> On 06/03/20 13:48, Rich Freeman wrote: >>> If you fall into this camp you need to still update your firmware to >>> address the non-TPM-user and to avoid making it trivial for software >>> to steal your keys/etc. However, you need to be aware that you are no >>> longer secure against physical theft of your device. Somebody who >>> steals your laptop with passwordless encryption might be able to break >>> the encryption on your device. >> >> It's worse that that, he's dead, Jim! >> >> The summary on LWN is an easy read. Somebody who steals your Intel >> laptop WILL be able to break the encryption on your device. >> >> tl;dr summary - the microcode that *boots* the cpu has been compromised. >> So even while it is setting up tpm and all that malarkey, malware can be >> stealing keys etc. > > They don't detail the effort required. If the firmware is patched it > sounds like it still requires tinkering with hardware.
By then it's TOO LATE. The firmware is signed for security, AND LOADED AT BOOT. But if the boot process is compromised, the attacker simply doesn't load the patched firmware. > However, there > really isn't nothing you said that doesn't agree with what I said. > > Whether they "WILL" be able to break the encryption on your device > depends a lot on the details and the knowledge of the attacker. Hence > the reason I said "might." In any case, might is good enough to not > rely on a broken security feature. > >> Which means that Intel's master signing key will soon be cracked and >> compromised. > > Yes, but keep in mind the signing keys have nothing to do with disk > encryption. It is for remote attestation. Hence my Netflix comment. > Signing keys have EVERYTHING to do with whether you can trust the CPU. If you can't trust the CPU, then it can simply read the disk encryption credentials without any reference to whether it SHOULD read them. If the system doesn't *require* manual intervention at boot to provide "something the user knows", then it's game over - your hard drive is wide open to the attacker. And it only takes ONE person to crack that master key ONCE, and EVERYBODY is up shit creek. At the end of the day, it's a "tree of trust". And once the root key is compromised, you can NOT trust ANY key that was secured by said root key. And given that it's Intel's master key, anything that relies on the security of the CPU has just been shafted. The ONLY systems that are safe are those that have a separate TPM chip, because you no longer rely on the CPU's integrity. Cheers, Wol
