TPM 2.0 offers Parameter Encryption capability and HMAC sessions as measures against
Examples in wolfTPM demonstrate how to enable Parameter Encryption
There is also Keygen , Key import and Key loading examples with Parameter Encryption
Last week we discussed the Dolos Group story about a stolen laptop with TPM
If Parameter Encryption and HMAC session have been used, this story would have developed
Hope this helps.
Founder of TPM.dev
From: Joseph Lee (ZeronsoftN) <joseph(a)zeronsoftn.com>
Sent: Saturday, July 31, 2021 2:09 AM
To: tpm2(a)lists.01.org <tpm2(a)lists.01.org>
Subject: [tpm2] Is the tpm2_create command safe against sniffing attacks?
In this article, can see that communication with the TPM is vulnerable to sniffing if not
Is the disk encryption described in tpm2-software's blog safe against these attacks?
1. tpm2_createprimary -Q -C o -c prim.ctx
2. dd if=/dev/urandom bs=1 count=32 status=none | tpm2_create -Q -g sha256 -u seal.pub
-r seal.priv -i- -C prim.ctx
3. tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c seal.ctx
4. tpm2_evictcontrol -C o -c seal.ctx 0x81010001
My question is:
1. Is there a tool in linux that can sniff communication with the current system's
2. How to encrypt communications if the methods described above are not secure?
It seems that encryption is possible through tpm2_startauthsession , but I do not
know how to apply it to tpm2_create . (The -S option simply did not work.)