[Discussion] Consequences of losing TPM owner password

[alex-nitrokey]

The quite old keys.md draft does ask an interesting question:

Are there any consequences of an attacker controlling [the TPM owner] key?

As we have recently seen the new oem-factory-reset, I was wondering if it does any harm to leave the TPM owner password to the default.

I understand that this is definitely an issue if using the LUKS key on TPM, but what about the other stuff? Can an attacker access the OTP secret seed? Or anything else? Or can she only replace such information?

[tlaurion]

@alex-nitrokey :
Resetting TPM is required only to set the counter properly.

It is impossible to access secrets from the recovery console, measurements being extended before accessing the recovery shell, and secrets being wiped.

[alex-nitrokey]

I am not sure, if I made my question clear. What I wanted to know is, what are the consequences if an attacker would know the TPM password of my heads device? What could possibly go wrong? I could not find an information about this.

To my understanding she could not break the firmware verification which is ensured by the OTP secret during boot.

I am sorry, if you already answered this question. It is just that I did not understand you response.

[tlaurion]

@alex-nitrokey sorry for the late response.

The attacker would be able to reseal measurements. If those changed, the OTP would be different, same applying to HOTP verification using the same measurements. So you are right.

The TPM ownership passphrase is required only to set initial nvram. Look in code:
grep -rni tpm ./initrd

Your initial question (name of ticket) is what happens if loosing password. Then the consequences are different; since Disk Unlock Key passphrase requires the LUKS header to be sealed inside of tpm nvram. That would, if lost, be impossible to user. This is why I strongly suggest to minimize the number of passphrase and the reownershp suggests (defaults) to reusing USB security dongle Admin PIN for TPM ownership passphrase. (Since those two are required basically at the same moments for similar purposes and should be typed in safe environements, just like the Disk Recovery key passphrase).

Does that answer your losing/eavesdropping TPM password? If so please close the issue, else tag me again.

[alex-nitrokey]

That makes it very clear. Now I also see the confusion :) Thank you very much for the clarification!

[jtmoree-github-com]

@tlaurion Can the secrets be recovered if I have the TPM owner password? Can I extract data from the TPM? I'm thinking of the use case where I need to troubleshoot in the recovery shell. This also applies to OP question about attack vectors if the password is compromised.

[tlaurion]

@jtmoree-github-com The TPM is not keeping any state other of what is sealed into NV space under setting a default boot option and setting a Disk Unlock Key passphrase released from it, if measurements from TPM + passphrase is good.

Is the secrets can be recovered by the TPM owner passphrase?

@jtmoree-github-com
No. The owner passphrase is used to set presence, nothing else, as referred previously. This is used on TOTP/HOTP sealing. If more comments are needed there, please advise. I think the code says what it has to say.

Please ask questions on things you are not understanding.