Question Could a discrete TPM module contain viruses?

nuttedman

Reputable
Dec 11, 2017
13
0
4,510
0
Hi,

I just bought a TPM2.0 for my motherboard - it was the only one in stock and was open box (could potentially have been used in the worst case scenario) so I was just wondering, could a used dTPM contain viruses loaded on by the previous user or am I just being too pedantic?

TIA
 

USAFRet

Titan
Moderator
Mar 16, 2013
149,572
9,841
175,890
23,388
Hi,

I just bought a TPM2.0 for my motherboard - it was the only one in stock and was open box (could potentially have been used in the worst case scenario) so I was just wondering, could a used dTPM contain viruses loaded on by the previous user or am I just being too pedantic?

TIA
Given that it is a chip, that contains software, that could run at power up...it is "possible". Anything is possible.

However...highly unlikely. Near 0%.
On the order of - "I bought a used keyboard. Could the firmware or hardware contain a keylogger?" Well, yes. But....
 
Reactions: drea.drechsler

nuttedman

Reputable
Dec 11, 2017
13
0
4,510
0
Given that it is a chip, that contains software, that could run at power up...it is "possible". Anything is possible.

However...highly unlikely. Near 0%.
On the order of - "I bought a used keyboard. Could the firmware or hardware contain a keylogger?" Well, yes. But....
I bought this off a trusted retailer from my country so it's not from some knock-off seller on eBay, it puts things into a better perspective for me- thank you for that!
 
I bought this off a trusted retailer from my country so it's not from some knock-off seller on eBay, it puts things into a better perspective for me- thank you for that!
Modern CPU's have built in TPM's...AMD calls it fTPM, Intel calls it PTT. Look for the settings in your BIOS to enable them.

I'm not security smart enough to know if there is any possible way to compromise a TPM module. But there's zero reason to take any chance when you can simply enable a fully functional TPM already included in your CPU.

If there is any way to "hack" them, I'd have to imagine one or more of the countries trying to compromise western computers to undermine our economies will have figured out how.
 
Last edited:

nuttedman

Reputable
Dec 11, 2017
13
0
4,510
0
Modern CPU's have built in TPM's...AMD calls it fTPM, Intel calls it PTT. Look for the settings in your BIOS to enable them.

I'm not security smart enough to know if there is any possible way to compromise a TPM module. But there's zero reason to take any chance when you can simply enable a fully functional TPM already included in your CPU.

If there is any way to "hack" them, I'd have to imagine one or more of the countries trying to compromise western computers to undermine our economies will have figured out how.
I would definitely use fTPM over taking any chances normally but for some reason it causes random stuttering, there's a whole forum on LTT so I unfortunately have to wait for it to get patched but cheers!
 

ASK THE COMMUNITY

TRENDING THREADS