Are those SHA1 updates of the PCRs protected somehow when traversing the bus between the CPU and TMP?
Cutting the bus and inserting your own microcontroller that captures valid updates and replays them sounds like it would be within reach for even a hobbyist, especially in the I2C case.
A successful replay attack would open the door to replacing the boot loader and doing all kinds of mischief...
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
That I2C bus sounds ripe for interception.
Date: 2013-05-08 07:31 am (UTC)Cutting the bus and inserting your own microcontroller that captures valid updates and replays them sounds like it would be within reach for even a hobbyist, especially in the I2C case.
A successful replay attack would open the door to replacing the boot loader and doing all kinds of mischief...
/greger