The article says the following:
Linux 6.10 is introducing support for Trusted Platform Module (TPM2) encryption and integrity protections to prevent active/passive interposers from compromising them. This follows a recent security demonstration of TPM key recovery from Microsoft Windows BitLocker being demonstrated. TPM sniffing attacks have also been demonstrated against Linux systems too, thus the additional protections be made with Linux 6.10 to better secure TPM2 modules.
I’m a little confused with this article. Is it talking about implementing TPM parameter encryption? If so, does this mean that the TPM bus prior to kernel v6.10 was unencrypted? Will this kernel feature still require a patch to be made to software like systemd-cryptenroll? Are the sniffing attacks that it’s talking about examples of MITM attacks like this? Does windows encrypt the TPM bus?
This is the best summary I could come up with:
Linux 6.10 is introducing support for Trusted Platform Module (TPM2) encryption and integrity protections to prevent active/passive interposers from compromising them.
The TPM device driver changes were already mailed into Linus Torvalds for the Linux 6.10 merge window.
The Linux 6.9 stable kernel is expected on Sunday and thus in turn the opening of the v6.10 merge window.
The TPM device driver code is rolling out Trusted Platform Module bus encryption and integrity protection.
The key-pair on the TPM side is generated from a null random seed on a per-power-on basis of the system.
These additional protections are deemed necessary for the physical security of the system given the recent TPM bus interposer attacks that have been demonstrated.
The original article contains 188 words, the summary contains 118 words. Saved 37%. I’m a bot and I’m open source!