From owner-freebsd-questions@freebsd.org  Tue Aug  3 16:34:49 2021
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 670CF63BE6B
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Tue,  3 Aug 2021 16:34:49 +0000 (UTC)
 (envelope-from tomek@cedro.info)
Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com
 [IPv6:2a00:1450:4864:20::433])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4GfL7X5WXwz3H1R
 for <freebsd-questions@freebsd.org>; Tue,  3 Aug 2021 16:34:48 +0000 (UTC)
 (envelope-from tomek@cedro.info)
Received: by mail-wr1-x433.google.com with SMTP id p5so25997976wro.7
 for <freebsd-questions@freebsd.org>; Tue, 03 Aug 2021 09:34:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google;
 h=mime-version:from:date:message-id:subject:to;
 bh=YX8xEy4Q5twW8LVHlW90/VGqZDGXhbBu/HQma7HxCPY=;
 b=EtW7qI/KIkmuIaCPuCKLr0V6fM2OXkg0gYPo9jXCJtmZ0T/dfnmW8tnhUkCelABbua
 DGOeTm9OVgcJ9/zdirJHXP0uCSTH3khcjdnP15ulrk+BpU3wUi0YNToj/J2WaBjVvAPv
 VPqytLaIblSgHhbtOUXrNz49fx6Lahuv9Z77eQQpgXnFxPXsbrbmc1ooceHaG7nN1pp8
 O8EJdkDJlVm1HwQwLgDTmqYhkBuQx/fqFBgi5iJcoStMmB2K+JxmRfu3VYxlfr5uwh5K
 a6if8w2W44Bi0YvtXBeIrj+NVnnD3mjzflCD/ZoUO2ZgLkBwvljuMsg+IzBzFOgTDjBZ
 UzPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=YX8xEy4Q5twW8LVHlW90/VGqZDGXhbBu/HQma7HxCPY=;
 b=YlYZPfEqsHdVJOBzHfzgWz3v9vqLe23g9iYc3L6d8cPqoGrLqHMURb75cKkjb0LmNn
 lJROtPrYcHsFFm/YByS+Ekz0AGQOY5wbjrPA/Sze+f35u61n5b4kkq6XYyYyydH5agFT
 l5t0nxZb14aw7AMaFqH28wAf4tiMvP8/3AKcOdnh4qtaCZi7Uj1NA7BuzMjBZig2Rda1
 FKEeb6L+tHYriwlgZI8w4VcqCYAjch8FjToElKmU333sO7YGyuyscvhseukWTgpf0RTT
 yiWX75fsnQ+xF8gqA7FqBNXNmhDCHwj1Wxm3u1gdHtlChTbS6CktTHsqwz45uOVAw154
 l70A==
X-Gm-Message-State: AOAM531J764u5Z2DZkVkGxt4FRKRiS8KkQlarX2qSlH4b2bUre1kUDgn
 5/Qxf00Wje7DSMxu7N18JJTtCFujFVjpzxeczr510KFanGva+g==
X-Google-Smtp-Source: ABdhPJy8gDU3qRxdYNKiJmlodTiR1Nx9cDbfGeuFM//oMqoQRZuGpMVASHgeBrR4LbyF2/yDL5y00qh4WioPLICwt0I=
X-Received: by 2002:a5d:658a:: with SMTP id q10mr3148455wru.343.1628008482565; 
 Tue, 03 Aug 2021 09:34:42 -0700 (PDT)
MIME-Version: 1.0
From: Tomasz CEDRO <tomek@cedro.info>
Date: Tue, 3 Aug 2021 18:34:29 +0200
Message-ID: <CAM8r67Cw0ifd8=Xp1pLC9386WkqWPq4ysWSTG3cEccKyaaUJjw@mail.gmail.com>
Subject: tpm / dislocker-fuse / bitleaker
To: freebsd-ports <freebsd-ports@freebsd.org>, 
 FreeBSD Questions Mailing List <freebsd-questions@freebsd.org>,
 freebsd-security@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 4GfL7X5WXwz3H1R
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=cedro.info header.s=google header.b="EtW7qI/K";
 dmarc=none;
 spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when
 checking 2a00:1450:4864:20::433) smtp.mailfrom=tomek@cedro.info
X-Spamd-Result: default: False [-1.32 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 DMARC_NA(0.00)[cedro.info]; NEURAL_SPAM_SHORT(0.98)[0.985];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[cedro.info:+];
 RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::433:from];
 R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2021 16:34:49 -0000

Hello world :-)

I just read interesting article on how to sniff SPI based TPM in order
to extract BitLocker keys. If someone uses GlobalProtect VPN this
gives access to the corporate network using on-disk certificates with
no login. This trick seems to be more and more popular, so its worth
checking if your company is vulnerable.

https://pulsesecurity.co.nz/articles/TPM-sniffing

https://translate.google.com/translate?sl=pl&tl=en&u=https://sekurak.pl/od-skradzionego-laptopa-do-firmowej-sieci/

There are two nice BitLocker utilities that would be nice to have on
FreeBSD. Please consider adding if anyone has a free moment :-)

dislocker-fuse: https://github.com/Aorimn/dislocker

bitleaker: https://github.com/kkamagui/bitleaker

Best regards :-)
Tomek

-- 
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info