Attacks on bus encryption

[mateoconlechuga]

It seems that in TPM 2.0 a call to TPM2_StartAuthSession() is able to start a decrypt/encrypt session. However, the caller forwards all the key generation material to the TPM in plaintext, and then uses the nonceTPM to generate an identical session key that is shared between the TPM and the caller.

What prevents a man in the middle (e.g. TPMGenie) from listening on the bus, creating an identical session key, and using it to decrypt encrypted traffic that is sent over the TPM bus? Ideally now they can also spoof HMACs because the key is also derived from the session key.

Am I missing something?

[jeremyncc]

I suggest you take a look at the proposed patch for the Linux kernel:

• http://kernsec.org/pipermail/linux-security-module-archive/2018-November/009835.html
• https://patchwork.kernel.org/cover/10651779/