English Community

ThinkPad NotebooksThinkPad: T400 / T500 and newer T series Laptops
All Forum Topics
Options

18 Posts

01-21-2019

US

54 Signins

487 Page Views

  • Posts: 18
  • Registered: ‎01-21-2019
  • Location: US
  • Views: 487
  • Message 1 of 5

TPM Physical Security

2019-07-29, 17:14 PM

Hello,

 

Do ThinkPad laptops have any form of physical security in place for the TPM? Specifically, something that would prevent someone from intercepting Bitlocker encryption keys as demonstrated by this vulneralbility.

 

A preboot PIN would mitigate the aforementioned vulneralbility, but we would like to avoid that option if at all possible. Our computers are mostly T480s and P1 laptops.

 

Is it possible to configure the "chassis intrusion" BIOS setting to wipe the TPM if it gets triggered? 

 

 

Thanks!

Reply
Options

6570 Posts

10-29-2009

NC

17672 Signins

162539 Page Views

  • Posts: 6570
  • Registered: ‎10-29-2009
  • Location: NC
  • Views: 162539
  • Message 2 of 5

Re: TPM Physical Security

2019-07-29, 19:47 PM

Chassis Intrusion is designed to prevent this kind of vulnerability, or any other hardware sniffing that requires physical access to the system board.  While it won't clear the TPM, if an intrusion is detected, it will require entering the supervisor password before the machine is able to boot.  For this particular case, the machine would not be able to boot to the point where the TPM releases the key.  So the attack is prevented.

 

Reply
Options

18 Posts

01-21-2019

US

54 Signins

487 Page Views

  • Posts: 18
  • Registered: ‎01-21-2019
  • Location: US
  • Views: 487
  • Message 3 of 5

Re: TPM Physical Security

2019-07-31, 14:58 PM

Thank you for the feedback.

 

Where is the supervisor password physically stored? How is the hardware that stores the supervisor password secured?

 

Our main concern with relying on chassis intrusion to secure the TPM hardware is that it is entirely dependent on the security of the supervisor password, which a knowledgable person could bypass. If the supervisor password is bypassed or otherwise compromised then an attacker could disable chassis intrusion in the BIOS and continue the boot process. If chassis intrusion wiped the TPM then this wouldn't be the case, which is why we were hoping there is a way to achieve this. 

 

Chassis intrusion seems like a decent supplemental counter measure, where at the very least would slow down a serious attacker.

Reply
Options

6570 Posts

10-29-2009

NC

17672 Signins

162539 Page Views

  • Posts: 6570
  • Registered: ‎10-29-2009
  • Location: NC
  • Views: 162539
  • Message 4 of 5

Re: TPM Physical Security

2019-07-31, 16:22 PM

Supervisor password is stored and authenticated in hardware.  If wrong guess is made 3 times, further guesses can't be made until the system is power-cycled.  In addition to this, you can also enable the BIOS setting about "Password Count Exceeded Error" which means the system is completely locked down after 3 bad guesses, until the correct password is entered, you can't even boot the system.  If there are ways to bypass the supervisor password, I don't know them.  I guess it could be done by physically replacing EEPROM chip, but this would cause TPM PCR measurements to change such that BitLocker would prompt for recovery.

 

I'm a little bit surprised that you have these concerns, but are OK with single-factor (TPM) authentication for your encryption, which even Microsoft warns provides the lowest level of data protection.  Most security-oriented customers use BitLocker + PIN as a minimum, and a lot of them have moved on to 3rd-party encryption which has user-based preboot authentication including challenge/response and remote wipe capability.

Reply
Options

18 Posts

01-21-2019

US

54 Signins

487 Page Views

  • Posts: 18
  • Registered: ‎01-21-2019
  • Location: US
  • Views: 487
  • Message 5 of 5

Re: TPM Physical Security

2019-08-08, 14:46 PM

Thank you for the additional info.

 

Do newer Lenovo laptops, specifically the T480s and P1 laptops, physically secure the EEPROM pins and/or chip itself? 

 

The EEPROM doesn't necessarily need to be physically replaced in order to bypass a supervisor password, because the existing EEPROM could potentially be reprogrammed using specialized tools that directly connect to the pins on the EEPROM chip itself. I haven't had an opportunity to investigate and confirm whether or not this still holds true, hence my line of questions. This is obviously an edge case, but would still be useful to know.

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete