TPM Genie: Interposer Attacks Against the Trusted Platform Module Serial Bus
TPM Genie is a serial bus interposer which has been designed to aid in the security research of Trusted Platform Module hardware. The tool demonstrates that a man-in-the-middle on the TPM serial bus can undermine many of the stated purposes of the TPM such as measured boot, remote attestation, sealed storage, and the hardware random number generator.
Through TPM Genie we also reveal that an interposer device can trigger a variety of parsing errors in the host-side driver software that is responsible for communicating with the TPM. Here, we show that many TPM driver implementations are extremely fragile and are affected by numerous memory corruption vulnerabilities.
Combined, these flaws allow an attacker to circumvent many of the security assurances provided by a TPM, thus compromising the trusted boot process for a large number of TPM-enabled computing platforms.
Check out the tool repository on GitHub, here.