Greetings, shiny question of the day - if the Librem TPMs use Infineon chips, does any point of the Pureboot process rely on the security of the ECDSA of the Infineon cryptographic library that led to the recent Yubikey clone attack in a way that we should be concerned?
The Libremkey/Nitrokey I’m assuming is unaffected as they don’t rely on Infineon chips/code:
FWIW the Yubikey side channel attack requires physical possession of the key, very high level of technical expertise, and $10,000+ in specialized equipment. I imagine any related exploits on the Nitrokey would require similar.
Can only speak for myself, but I keep all of my yubi/nitro security keys on a key-ring, which rarely leaves my immediate possession.
While I’m definitely not thrilled to learn about the vulnerability after having spent several hundred dollars on Yubikeys and NitroUSB keys over the years, the logistics required for a successful attack probably make it quite remote for most of us.
Yes definitely agree on that and am not concerned either on the Yubikey side, not to mention the added challenge of managing to melt the case off and then make a new case. Also its hampered by needing to know the pin if you use one, which I do.
The question here though is in regards to their suggestion that the timing attack should work against Infineon TPMs, I’m thinking in an evil maid scenario. My understanding is that given the TPM is “easier” to tamper with directly undetected as an evil maid this is a more serious and widespread issue for TPMs in secureboot configurations than the news has let on. However, I would also think this is a non-issue for Pureboot as there is no secret on the TPM to steal - that is on the Librem key. Which of course is the whole point of the laptop authenticating its state to you. I’m hoping someone with deeper expertise than I can confirm that though.
Just right! This is the main point, concerning Purism products.
But I feel so sorry for the millions Yubico customers, who can now throw away their damn cryptokey…
Or switch from ecdsa to rsa as it was the ecdsa related signing that was compromised in theory.
But also if your key is off your person for that long it should be assumed compromised.
Also successful phishing of creds is a pre-requisite as is over $10k in equipment…
Not exactly something that falls into everyones threat model.