Librem13v2 TPM doesn't seem to be secure against ROCA

I just generated a key on-chip and pasted it into, and it says the key is weak.

Do the TPM chips in Librem13v2 not have the updated firmware?

Steps to reproduce (on Debian)

$ tpm_version 
X;�)�  TPM 1.2 Version Info:
  Chip Version:
  Spec Level:          2
  Errata Revision:     3
  TPM Vendor ID:       IFX
  Vendor Specific data: 04280077 0074706d 3631ffff ff
  TPM Version:         01010000
  Manufacturer Info:   49465800
$ sudo apt install simple-tpm-pk11
$ mkdir ~/.simple-tpm-pk11
$ stpm-keygen -b 2048 -o ~/.simple-tpm-pk11/my.key
$ echo "key my.key" > ~/.simple-tpm-pk11/config
$ ssh-keygen -D /usr/lib/x86_64-linux-gnu/
ssh-rsa AAAAaae[…]

Then I pasted the key into, and it says “Subject to ROCA vulnerability, insecure”.

Disclaimer: I’m the author of simple-tpm-pk11.


@kakaroto it should be possible to flash new TPM firmware with your coreboot script right?
This seems important to verify for Heads

We are looking into updating the TPM firmware, however note that the impact of ROCA against something like Heads is far less than something like Yubikeys.

With a vulnerable Yubikey 4 an attacker could figure out the user’s private GPG key based on the public key they posted to a public key server.

With something like Heads, the process whereby a user could use ROCA vulnerabilities to defeat tamper-evident boot is certainly theoretically possible but if you think through how to do it practically, the attack is complicated and requires pretty specific targeting.

That said, it’s still important to patch this, not just for further assurance for Heads, but for users who want to use the TPM for other purposes.


@Kyle_Rankin: If you have a vulnerable Yubikey 4, you can replace it. Simply send it to Yubico and you will get a new one without any issues. In case of a soldered TPM, that should be a bit more complicated.

Just wondering why you use the vulnerable TPMs from Infineon? So hopefully a firmware upgrade will be possible.

Might be possible to flash/update the TPM firmware with this?

I don’t have a system with a TPM to check :frowning:


Very likely that is the utility, yes. But it also requires the firmware itself, and as I understand it only Purism can provide that firmware.

I tried getting an updated firmware for an ASUS motherboard directly from Infineon, and at least Infineon’s story in that case is that they actually don’t have it, that it’s made by ASUS (presumably from an SDK supplied by Infineon).

Damn that really sucks, do you think the firmware is actually going to be different depending on the motherboard? Perhaps we can get different firmware from different vendors and diff them to see if there is much difference, maybe something already out there is close enough? Or perhaps the changes are simple enough we can update it.

It’s been something like a year since ROCA was announced. When can we expect Purism to patch this vulnerability?