Two weeks ago, four South Korean researchers detailed two attacks on TPM chips that can allow an attacker to tamper with the boot-up process.
The attacks are possible thanks to power interrupts. Modern computers do not feed power to all their components allthe time and at the same time. They use special APIs to send power to a component only when it needs it to perform an operation, putting it in a suspended (sleep) state between use states. TPM chips support ACPI (Advanced Configuration and Power Interface), one of the tools operating systems use to control and optimize power consumption in peripherals. Researchers discovered two issues affecting the way TPMs enter and recover from these suspended power states, which allow an attacker to reset TPMs and then create a fake boot-up chain of trust for a targeted device. TLDR: Affected PC's will need BIOS firmware updates to fix these issues. https://www.bleepingcomputer.com/news/security/researchers-detail-two-new-attacks-on-tpm-chips/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ec176fc4-7ec9-4bde-9a5b-98b57f4e4816%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
