Leaking Intel ME/TPM keys from fuse bits

Details: New secret-spilling hole in Intel CPUs sends company patching (again) | Ars Technica

A few more details here: https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-intel-processors-used-in-laptops-cars-and-other-devices/

In a “10 minutes with a laptop” class attack, you can apparently extract the core processor key that is used to access the rest of the keys the processor uses for things like the software TPM down in the management engine - which allows you to then decrypt things like the BitLocker disk encryption keys. It allows a bypass of the stuff that’s intended to protect data at rest, on a powered down machine. Though even the hardware TPMs aren’t really designed to tolerate sustained physical attacks, this doesn’t require physically damaging things like the TPM chip, and can be done in about 10 minutes, vs “I have a well equipped silicon RE lab.”

Apparently the paranoid types haven’t been relying on Intel’s management engine for root of trust for a while, and that sounds rather wise…