Chromebook U2F ECDSA vulnerability
https://sites.google.com/a/chromium.org/dev/chromium-os/u2f-ecdsa-vulnerability [sites.google.com]
2019-09-12 16:29
tags:
auth
bugfix
crypto
hardware
security
We discovered a vulnerability in the H1 security chip firmware concerning ECDSA signature generation. The firmware code used incompatible transfer instructions when passing a critical secret value to the cryptographic hardware block, resulting in generating secret values of a specific structure and having a significant loss of entropy in the secret value (64 bits instead of 256 bits). We confirmed that the incorrect generation of the secret value allows it to be recovered, which in turn allows the the underlying ECC private key to be obtained. Thus, attackers that have a single pair of signature and signed data can effectively compute the private key, breaking any functionality or protocols that use the key pair in question.
Experimental feature, with an annoying fix. If it had been for real, quite messy.
source: green
Chromebook TPM firmware vulnerability: technical documentation
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update [sites.google.com]
2017-10-11 16:35
tags:
bugfix
crypto
hardware
security
There is a bug in certain Infineon TPM firmware versions which results in RSA keys generated by the TPM being vulnerable to attacks. The currently known exploits are computationally expensive though, i.e. TPM-generated RSA keys can’t be broken at large scale, but targeted attacks are possible. To summarize: There exists a practical attack against TPM-generated RSA keys, but it doesn’t allow large-scale exploitation of Chrome OS devices.
Installing the TPM firmware update requires a hardware reset of the TPM chip. This means that all data held by the TPM will be discarded. This includes disk encryption keys, implying all user data stored locally on the device will be lost. Thus, you need to carefully backup any important data before you install the update.
source: green