From owner-freebsd-security@freebsd.org Tue Aug 3 16:34:49 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6662D63BEB2 for ; Tue, 3 Aug 2021 16:34:49 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GfL7X5Svqz3Gyq for ; Tue, 3 Aug 2021 16:34:48 +0000 (UTC) (envelope-from tomek@cedro.info) Received: by mail-wr1-x42c.google.com with SMTP id c16so25957916wrp.13 for ; Tue, 03 Aug 2021 09:34:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; h=mime-version:from:date:message-id:subject:to; bh=YX8xEy4Q5twW8LVHlW90/VGqZDGXhbBu/HQma7HxCPY=; b=EtW7qI/KIkmuIaCPuCKLr0V6fM2OXkg0gYPo9jXCJtmZ0T/dfnmW8tnhUkCelABbua DGOeTm9OVgcJ9/zdirJHXP0uCSTH3khcjdnP15ulrk+BpU3wUi0YNToj/J2WaBjVvAPv VPqytLaIblSgHhbtOUXrNz49fx6Lahuv9Z77eQQpgXnFxPXsbrbmc1ooceHaG7nN1pp8 O8EJdkDJlVm1HwQwLgDTmqYhkBuQx/fqFBgi5iJcoStMmB2K+JxmRfu3VYxlfr5uwh5K a6if8w2W44Bi0YvtXBeIrj+NVnnD3mjzflCD/ZoUO2ZgLkBwvljuMsg+IzBzFOgTDjBZ UzPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=YX8xEy4Q5twW8LVHlW90/VGqZDGXhbBu/HQma7HxCPY=; b=YuSQn3ZNzZFrp3UUDXq8gZDo/JqjEo8mvk1DdDxG1B3yhdq0gTrbHTHgG24+8TFZj/ UONP4D6gIVZhLJwLsWcTNAhOYEeRd+AQlhVSTyFcQi0IhHDQ/tGNfLB6kpPFLv03o5/c itVskHRRUxFW+rbLsKw967n8bX3Xd4TQD5V1Brm05cuYCOlFHjgeJ0jORAgeaswPBh2W 1gvD6CypBc54j2f8k/hedpKE0/rreO6zGr/vxn4R8EJ25TJCBT2zN9L7yC34XSXJxONx Ti04wDB5fiWDegaZJS/2N9ASm/iHaJYgSpphdDC6IYmf9mvRHGtU5XOmx9P9JSusNOm7 +rVA== X-Gm-Message-State: AOAM532UApaLuGXSsG8mrR4Xn/DET6xW/3vnlKsVp+oa+kyknk+amqer 1PvYKZPH4LIN2dsrgifHmswxrydjKn9i/PxcFTtdLQ== X-Google-Smtp-Source: ABdhPJy8gDU3qRxdYNKiJmlodTiR1Nx9cDbfGeuFM//oMqoQRZuGpMVASHgeBrR4LbyF2/yDL5y00qh4WioPLICwt0I= X-Received: by 2002:a5d:658a:: with SMTP id q10mr3148455wru.343.1628008482565; Tue, 03 Aug 2021 09:34:42 -0700 (PDT) MIME-Version: 1.0 From: Tomasz CEDRO Date: Tue, 3 Aug 2021 18:34:29 +0200 Message-ID: Subject: tpm / dislocker-fuse / bitleaker To: freebsd-ports , FreeBSD Questions Mailing List , freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4GfL7X5Svqz3Gyq X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cedro.info header.s=google header.b="EtW7qI/K"; dmarc=none; spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when checking 2a00:1450:4864:20::42c) smtp.mailfrom=tomek@cedro.info X-Spamd-Result: default: False [-1.32 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[cedro.info]; NEURAL_SPAM_SHORT(0.98)[0.985]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[cedro.info:+]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::42c:from]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-security]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Aug 2021 16:34:49 -0000 Hello world :-) I just read interesting article on how to sniff SPI based TPM in order to extract BitLocker keys. If someone uses GlobalProtect VPN this gives access to the corporate network using on-disk certificates with no login. This trick seems to be more and more popular, so its worth checking if your company is vulnerable. https://pulsesecurity.co.nz/articles/TPM-sniffing https://translate.google.com/translate?sl=pl&tl=en&u=https://sekurak.pl/od-skradzionego-laptopa-do-firmowej-sieci/ There are two nice BitLocker utilities that would be nice to have on FreeBSD. Please consider adding if anyone has a free moment :-) dislocker-fuse: https://github.com/Aorimn/dislocker bitleaker: https://github.com/kkamagui/bitleaker Best regards :-) Tomek -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info