Is the TOTP calculation done in the TPM, or on the host? If it's done on the host, wouldn't you be able to read out the persistent secret value just by compromising the host, without compromising the firmware? That means you could turn a transient attack (such as on a partially stateless system) into a persistent attack.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2015-07-06 06:03 pm (UTC)