TPM GPIO fail: How bad OEM firmware ruins TPM security
2024-06-01 18:36
In this article I demonstrate a software only attack that allows an operating system to set the PCRs of a discrete TPM device to arbitrary values and unseal any secret that uses a PCR based sealing policy (such as disk encryption keys used by unattended unlock TPM FDE schemes).
It's not just Bitlocker, all linux TPM encryption is broken too
2024-02-15 23:08
We demonstrate a bypass of Linux TPM FDE using a "tweezer reset attack"
Techniques for parsing C declarators
2022-05-01 20:01
In this article I explain why parsing C declartors is rather difficult, and then describe a set of algorithms with different trade-offs to solve the problem.
CVE-2020-14372: Secure Boot bypass using GRUB2
2021-05-22 17:11
Bypassing (not so) Secure Boot with one "simple trick"