public inbox for tpm2@lists.linux.dev
 help / color / mirror / Atom feed
From: joseph at zeronsoftn.com
To: tpm2@lists.01.org
Subject: [tpm2] Re: How can I prevent MITM attacks for unsealing?
Date: Mon, 03 Oct 2022 18:01:09 +0300	[thread overview]
Message-ID: <1664809269.501465062@f33.my.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 756 bytes --]


Hello,
Does anyone know about this issue?
https://github.com/jc-lab/securekit/blob/466abe16bfe4f28ef86db6bc72649214ab2e4b51/pkg/securekit-disk/opt/securekit/sbin/disk-init#L82-L86
Here's one example of sealing and unsealing.
This method seems (probably?) to prevent the sniffing attack, which was a vulnerability of Bitlocker in the past.
But isn't a MITM attack possible in the process of creating an encrypted session?
I am not familiar with the process of establishing a session,
However, it seems that MITM can be prevented only by using a session key encrypted with the EK of the TPM, or by signing the asymmetric key with the EK to derive the key, when creating a session.
Is MITM not considered in TPM? Or is there another way?
Regards,

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 1096 bytes --]

             reply	other threads:[~2022-10-03 15:01 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-03 15:01 joseph [this message]
  -- strict thread matches above, loose matches on Subject: below --
2022-10-24 17:36 [tpm2] Re: How can I prevent MITM attacks for unsealing? Roberts, William C
2022-10-24 17:32 Roberts, William C
2022-10-22  4:23 joseph
2022-10-21 17:42 Roberts, William C
2022-10-21 17:41 Roberts, William C
2022-10-10 15:07 joseph
2022-10-06 13:07 joseph
2022-10-03 15:56 Roberts, William C
2022-10-03 15:54 Roberts, William C
2021-08-10 13:34 Roberts, William C

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1664809269.501465062@f33.my.com \
    --to=tpm2@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox