I have been researching on this hack for hours upon hours, and something just doesn't add up. Earlier reports were of him cracking the SLE 66 CL which is embedded in the TPM but is NOT the TPM itself. The chips he has been using are cheap ones from China. The issue at hand is that Infineon is a German company, just a little different from your run-of-the-mill Chinese company. When you sum these things up, you can't really surmise that he has in fact cracked the Infineon TPM. So what if he has hacked a similar chip? You can't just go around saying that you have cracked a top-of-the-line Infineon. Every chip is NOT created equally. On the flip side, there is an easy way for him to prove me wrong. Every Infineon TPM comes with an Endorsement Key, basically an RSA secret key. The purpose of this key is that it should be kept secret and never realized off the chip, not to software, not to any other board component. Infineon TPMs come with X.509 certificates issued by Infineon. If Tarnovsky has truly hacked this one out, he should be able to extract and publish the private part of the Endorsement Key along with Infineon's certificate on that key. All that he has to do is show that he has these TWO pieces of data. But is he up for it?
VS
http://hardware.slashdot.org/comments.pl?sid=1543104&cid=31077696
I've been reading about this hack for days, but something seems fishy. Some of the earlier reports [computerworld.com] had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself. This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China. Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China. Putting this together, it's not clear to me that he has truly hacked an Infineon TPM. He may have hacked a similar chip and he assumes that the same attack would work on TPM. However, there is a way for him to easily prove that he has done what he said. Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK. This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone. And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon. If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key. The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.
$100 says that this is damage control from Infineon by challenging Tarnovsky to something that they know, for whatever reason, he is unable to accomplish?
Dinosaurs aren't extinct. They've just learned to hide in the trees.