Infineon security microcontroller flaw enabled extraction of TPM secret keys
it4sec.substack.com38 points by walterbell 20 hours ago
38 points by walterbell 20 hours ago
Previous discussion: https://news.ycombinator.com/item?id=41434500
Thanks!
EUCLEAK Side-Channel Attack on the YubiKey 5 Series - https://news.ycombinator.com/item?id=41434500 - Sept 2024 (278 comments)
Marking this one as dupe as it doesn't add any new info.
Good. Enough freedom has already been destroyed in the name of hostile "security".
I suspect many far-East "MCU break" services companies already knew of such things, but obviously would not want to publicise it.
Name one person who couldn’t do something on a retail Intel computer they owned, because it had a TPM
TPMs being widespread and accepted is a problem. It means that everyone has been put into a noose, but one that just hasn't yet been tightened. As evidence of what we're up against, Stallman saw it coming 25+ years ago, kept warning about it, and look what they did to him.
Relevant comment of mine 3.5 years ago: https://news.ycombinator.com/item?id=29859999
George Washington.
But seriously, that's an ignorant criterion. It's not a matter of arbitrary people being singled out, it's a society-wide noose being tightened ever so slowly.
Locked down boot chains were never fully asserted on amd64 because its market is for general purpose computers, and doing so would have obviously just caused people to choose alternative options. But remote attestation has no such escape hatch, and we can already see that dynamic starting to play out over in mobile land with "safety net".
it's a society-wide noose being tightened ever so slowly
This. Fortunately there was a huge resistance against WEI, but we must remain vigilant to them attempting to sneak in something similar in the future.