How to mitigate ROCA TPM vulnerability?
Published at April 17, 2019 ·
9 min read
ROCA vulnerability was discovered (October 2017) in a software library, RSALib, provided by Infineon Technologies. That library is also used in TPM modules. When this vulnerability is present, a pair of prime numbers used for generating RSA keys is chosen from a small subset of all available prime numbers. This results in a great loss of entropy. Details and exact numbers can be found here.
Discovering whether TPM is vulnerable All vulnerable keys have the same structure....