Our successful timing analysis of two certified Trusted Platform Modules (TPM) is now available.

Together with researchers from WPI and UCSD, we discovered timing leakages on Intel firmware-based TPM (fTPM) as well as in STMicroelectronics' TPM chip. Both exhibit secret-dependent execution times during cryptographic signature generation, which can be exploited to recover secret signature keys from the TPMs. Fixes are now available.

The results will be presented at Real World Crypto in January 2020 in New York, NY and at Usenix Security 2020 in Boston, MA.

Official attack website with the academic paper and further information: