Vulnerability Research

TPM2 Key Trust: where did Keylime go wrong

In my previous blog post , I explained how a verifier can get a signing key that it trusts is on a TPM for attestation (part 2 of the other post in the making). I have been contributing to a specific implementation of remote attestation for Linux, called Keylime . As part of the effort on porting the agent to Rust, I was looking into how the process works, and as part of that I identified a vulnerability in how Keylime deals with the TPM2 that breaks the Chain of Trust in two different places.
6 min read