Hacker News new | past | comments | ask | show | jobs | submit login

You can combine it all in a chip like the Apple T2 and then you would have to somehow probe the silicon, which is of course impossible. (Until you discover that the chip has some critical, unfixable software vulnerability like the T2)

You can also pair the chip and the CPU at the factory or on initial powerup and have them communicate encrypted from thereon. This is a bit like the iPhone 13 display having some FaceID chip on it where a replacement with a wholly new display will leave FaceID non-functioning.




probing silicon is just hard and expensive, not impossible! - though those might be similar enough for most purposes


Machines cost tens of millions or more, renting time on them at least hundreds of thousands.


If this is what it takes to hack the TPM, the market for these machines will get bigger. That causes the price to drop.

People will find a way. In the end, if a target gets big enough, someone will do it.


I thought FIBs usually cost under $500k?


> You can combine it all in a chip like the Apple T2 and then you would have to somehow probe the silicon

For the T2, at least macOS uses a key derived from useryou need both chip control _and_ user password to get in)

Windows does not, relying instead on TPM only in a default BitLocker configuration. (with a PIN option via Group Policy, not part of the regular flow)

As of why that's bad: https://msrc.microsoft.com/update-guide/vulnerability/CVE-20...


It is difficult to probe but not at all impossible. However, you can sometimes extract keys by monitoring the chip power supply current over a large number of crypto operations. Much easier than probing the chip internals.

https://scholar.google.com/scholar?as_q=%22Differential+Powe...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: