As far as I am aware, to the OS, PTT, and fTPM are indistinguishable from TPM2.0. What I am curious about, are the physical security differences between the different TPM providers. A dedicated TPM2 module is susceptible to probing of the data lines to extract the encryption keys, so I wonder if PTT and fTPM are more secure in this respcet since, as far as I understand, they reside within the CPU. What other possible security vulnerabilities are there for these different TPM types?
Asked
Active
Viewed 238 times
2
-
1Does this answer your question? What really is the difference between firmware TPM and a discrete one and should it be trusted more? – ARGYROU MINAS Jun 05 '23 at 12:22
-
This question is quite similar to, and possibly a duplicate of, https://security.stackexchange.com/questions/243842/what-really-is-the-difference-between-firmware-tpm-and-a-discrete-one-and-should I also have an answer posted there. – ARGYROU MINAS Jun 05 '23 at 12:24
1 Answers
0
Firstly, sensitive data can be protected against probing of the data lines via TPM password or policy sessions. The critical parts of the communication will then be encrypted.
This answer is very relevant for your question.
In summary, discrete TPMs are built to protect against attacks with physical access. Mainly, we are talking about side channel attacks (measuring current, electromagnetic radiation etc.) to exfiltrate secrets from within the TPM and fault attacks (shooting laser, electromagnetic radiation, introducing clock/current glitches etc. into the chip to make it behave in an unintended way).
Typically, discrete TPMs are certified. That alone is not a guarantee for security. However, it ensures that certain requirements are met verifiably. Therefore it is evidence at least some level of security.
Additionally, the isolation between host system and TPM is greater for discrete TPMs. That might reduce the risk of successful software attacks (e.g. exfiltrating secrets from within a TPM by a compromised host).
MemAllox
- 581
- 2
- 8