Vulnerabilities in the TPM 2.0 reference implementation code

Trusted Platform Module (TPM) is a standard for a secure cryptoprocessor. TPMs come in different flavors: there are discrete chips, integrated TPMs, firmware-based TPMs, and virtual TPMs. They provide a number of cryptographic features, such as generation and secure storage of cryptographic keys, symmetric and asymmetric encryption/decryption, digital signature generation/verification, and random number generation. Typical use cases include attestation of the boot process integrity, storage of disk encryption keys, and digital rights management.

Notably, Windows 11 added the need for a TPM 2.0 as an installation requirement, which means that virtualization software that intend to support Windows 11 as a guest operating system must provide a virtual TPM. Indeed, nowadays VMware, Microsoft Hyper-V, VirtualBox, Qemu and Parallels Desktop provide such a piece of virtual hardware. On top of that, all the major cloud computing providers (Amazon AWS, Microsoft Azure, Google Cloud, Oracle Cloud Infrastructure) offer instances with virtual TPMs.

The Trusted Computing Group (TCG), a nonprofit organization, is in charge of publishing and maintaining the TPM standard. As such, they provide a reference implementation of the TPM 2.0 specification. While auditing this reference implementation code, we discovered two vulnerabilities in the handling of encrypted parameters: an out-of-bounds write and an out-of-bounds read, which were assigned CVE-2023-1017 and CVE-2023-1018, respectively. Given that the bugs originate from the reference implementation, these two vulnerabilities propagated across multiple code bases and ended up affecting a wide range of vendors, from chip manufacturers to virtualization solutions and cloud computing providers.

We’ll start this presentation by discussing how TPMs work, implementation details of the different virtual TPMs, and the internals of the protocol used to send TPM 2.0 commands. Then we’ll go over the specifics of the two vulnerabilities we discovered, covering the affected products as well as the possibilities for exploitation. Finally, we’ll conclude the talk with some highlights of the complex, industry-wide disclosure process we conducted, in which numerous parties were involved.

This talk proposal is about two vulnerabilities (CVE-2023-1017 and CVE-2023-1018) that I recently disclosed in the TPM 2.0 reference implementation code, which ended up affecting the firmware of hardware TPMs and virtual TPMs equally. See the abstract for more details.

About the Speaker