Someone wrote in [personal profile] mjg59 2013-05-08 07:31 am (UTC)

That I2C bus sounds ripe for interception.

Are those SHA1 updates of the PCRs protected somehow when traversing the bus between the CPU and TMP?

Cutting the bus and inserting your own microcontroller that captures valid updates and replays them sounds like it would be within reach for even a hobbyist, especially in the I2C case.

A successful replay attack would open the door to replacing the boot loader and doing all kinds of mischief...

/greger
(38 comments)

Post a comment in response:

If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.