(securityonline.info)

658 points transpute | 1 comments | 06 May 23 17:39 UTC | HN request time: 0.221s | source

Show context

dathinab ◴[06 May 23 19:28 UTC] No.35844589[source]▶

I don't understand how such keys can leak?

Hasn't intel heard about locking keys in hardware, e.g. like with hardware security key modules similar but faster/flexibler then a TPM. Surly one of the main developers of TPM does understand that concept.... right? /s

replies(4): >>35844629 #>>35844632 #>>35844776 #>>35844793 #

pmontra ◴[06 May 23 19:31 UTC] No.35844629[source]▶

>>35844589 #

People know keys, people eventually leak keys. It always happened.

replies(1): >>35845018 #

mynameisvlad ◴[06 May 23 20:18 UTC] No.35845018[source]▶

>>35844629 #

The point is that you can't leak a key from a HSM.

replies(1): >>35846627 #

1. josefx ◴[07 May 23 00:20 UTC] No.35846627[source]▶

>>35845018 #

On the one hand that is the goal, on the other hand the applicable standard seems to be FIPS 140, which counts products with a flawless security history like OpenSSL amongst its long time adherents. In other words there is a non zero chance that the modules will just spit out the key if you even look at them funny.

↑

Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security