2023-07-03, 14:15–14:50 (Europe/Paris), Amphitheater
Trusted Platform Module (TPM) is a standard for a secure cryptoprocessor. TPMs come in different flavors: there are discrete chips, integrated TPMs, firmware-based TPMs, and virtual TPMs. They provide a number of cryptographic features, such as generation and secure storage of cryptographic keys, symmetric and asymmetric encryption/decryption, digital signature generation/verification, and random number generation. Typical use cases include attestation of the boot process integrity, storage of disk encryption keys, and digital rights management.
The Trusted Computing Group (TCG), a nonprofit organization, is in charge of publishing and maintaining the TPM standard. As such, they provide a reference implementation of the TPM 2.0 specification. While auditing this reference implementation code, we discovered two vulnerabilities in the handling of encrypted parameters: an out-of-bounds write and an out-of-bounds read, which were assigned CVE-2023-1017 and CVE-2023-1018, respectively. Given that the bugs originate from the reference implementation, these two vulnerabilities propagated across multiple code bases and ended up affecting a wide range of vendors, from chip manufacturers to virtualization solutions and cloud computing providers. Among the impacted source trees we can mention the open source implementations of the TPM 2.0 standard published by Microsoft and IBM, as well as libtpms, an open source library providing software emulation of a Trusted Platform Module, which in turn is used by other free software projects, such as QEMU and VirtualBox, to provide a virtual TPM device for VMs.
We'll start this presentation by discussing how TPMs work, implementation details of the different virtual TPMs, and the internals of the protocol used to send TPM 2.0 commands. Then we'll go over the specifics of the two vulnerabilities we discovered, addressing the affected products as well as the possibilities for exploitation. Finally, we'll conclude the talk with some highlights of the complex, industry-wide disclosure process we conducted, in which numerous parties were involved.
Francisco Falcon is a security researcher and reverse engineer at Quarkslab. He is interested in anything involving reversing, vulnerability research and exploitation.
In the past, before joining Quarkslab, he worked at Core Security as an exploit writer.
He has been a speaker at security conferences such as REcon, Ekoparty, Hack.lu and Black Hat Europe.