Not exactly surprising; unless you establish some type of shared secret between the TPM and CPU (e.g. by burning it into fuses in both devices, or through some signature scheme), the bus connecting the two will always be a problem…
I've thought about it but haven't checked too hard: can they not do a key exchange? In my existing research I've found no reason they can't, just that they don't.
I guess we only see the ones that don't in the news. Makes sense. I have yet to see one of these where the data is encrypted and they M'dITM to get it, but I'm sure it's happened.
Exactly this. Burning in a shared secret works; alternatively you could do something with private keys burned into each device, signed with some PKI scheme whose public keys are known to the other entity.
Notably both of these turn it into a 'microscope' problem, alternatively if the key leaks somewhere…
At the end of the day, if the system is to process the data, it needs to access it. (Homomorphic encryption nonwithstanding.)
I thought security chips put (extra?) metallization over top the logic to prevent the microscope problem. Do they not or can that still be defeated? I guess if you're careful enough you can strip off that extra layer
People are very creative in defeating those mechanisms. It's mostly a question of time. Also doesn't help if there's some side channel or software leak.
The only "truly" 'safe-ish' thing is active battery powered intrusion detection. It's done for high end HSMs… which easily sell for 5 or 6 digit prices.
