frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

TPM on Embedded Systems: Pitfalls and Caveats to Watch Out For

https://sigma-star.at/blog/2026/01/tpm-on-embedded-systems-pitfalls-and-caveats/
20•Deeg9rie9usi•2d ago

Comments

dfajgljsldkjag•1h ago
It is wild that session encryption is not enabled by default on these chips. I feel like most vendors just slap a tpm on the board and think they are safe without actually configuring it properly. The article is right that physical access usually means game over anyway so it seems like a lot of effort for a small gain.
derekerdmann•1h ago
If I remember correctly it's up to the client program to set up the session, not something to do with the vendor's implementation. It's conceptually similar to how an HTTPS client performs a TLS handshake after opening a socket before it can work with plain HTTP content.
bangaladore•1h ago
It doesn't help that the TPM spec is so full of optional features (and the N spec versions), so it's often annoying to find out what the vendor even supports without signing an NDA + some.

TPMs work great when you have a mountain of supporting libraries to abstract them from you. Unfortunately, that's often not the case in the embedded world.

RedShift1•43m ago
Even on desktop it's terrible, I wanted to protect some private keys of a Java application but there is no way to talk to a TPM using Java so handsandshouldersup gesture.
bangaladore•1h ago
In many industries, once someone has physical access to a device, all bets are off. And when used correctly, TPMs can provide tons of value even when not encrypting the bus.
amluto•1h ago
> The key difference in threat models is that the device manufacturer often needs to protect their intellectual property (firmware, algorithms, and data) from the end-user or third parties, whereas on a PC, the end-user is the one protecting their assets.

I would love to see more focus on device manufacturers protecting the user instead of trying to protect themselves.

Prime example where the TPM could be fantastic: embedded devices that are centrally coordinated. For example, networking equipment. Imagine if all UniFi devices performed a measured boot and attested to their PCR values before the controller would provision them. This could give a very strong degree of security, even on untrusted networks and even if devices have been previously connected and provisioned by someone else. (Yes, there’s a window when you connect a device where someone else can provision it first.

But instead companies seem to obsess about protecting their IP even when there is almost no commercial harm to them when someone inevitably recovers the decrypted firmware image.

ValdikSS•1h ago
Sigma-star does many very high quality embedded blog posts, and touches not popular and hardly discussed topics pretty in-depth.
pregnenolone•56m ago
They’re useful for attestation, boot measurement, and maybe passkeys, but I wouldn't trust them to securely handle FDE keys for several reasons. Not only do you have to trust the TPM manufacturer – and there are many – but they also have a bad track record (look up Chris Tarnovsky’s presentation about breaking TPM 1.x chips). While parameter encryption has been phased out or not used in the first place, what's even worse is that cryptsetup stores the key in plaintext within the TPM, and this vulnerability remains unaddressed to this day.

https://arxiv.org/abs/2304.14717

https://github.com/systemd/systemd/issues/37386

https://github.com/systemd/systemd/pull/27502

Avamander•13m ago
Root-of-trust measurement (RTM) isn't foolproof either.

https://www.usenix.org/system/files/conference/usenixsecurit...

jhallenworld•33m ago
Do you really need a TPM if you have something like ARM TrustZone?
ValdikSS•16m ago
Sure, why not? You have a reference implementation for both TrustZone OP-TEE (from Microsoft!) and in-Linux-kernel. No need to code anything, everything is already there, tested and ready to work.

https://github.com/OP-TEE/optee_ftpm

Or you mean dedicated TPM?

jhallenworld•12m ago
I mean a separate chip.
ValdikSS•2m ago
Well, you have much more control of lower-level boot process on ARM chips, and each of the SoC manufacturers have their own implementation of Trusted Boot which relies on the cryptography and secrets inside the SoC rather than TPM as in x86/UEFI boot process.

In context of trusted boot — not much. If your specific application doesn't require TPM 2.0 advanced features, like separate NVRAM and different locality levels, then it's not worth to use dedicated chip.

However if you want something like PIN brute force protection with a cooldown on a separate chip, dTPM will do that. This is more or less exactly why Apple, Google and other major players have separate chip for most sensitive stuff—to prevent security bypasses when the attacker gained code execution (or some kind of reset) on the application processor.

zorgmonkey•2m ago
Their have been many vulnerabilities in TrustZone implementations and both Google and Apple now use separate secure element chips. In Apple's case they put the secure element as part of their main SoC, but on devices where that wasn't designed in house like Intel they had the T2 Security Chip. On all Pixel devices I'm pretty sure the Titan has been a separate chip (at least since they started including it at all).

So yes incorporating a separate secure element\TPM chip into a design is probably more secure, but ultimately the right call will always depend on your threat model.

Show HN: ChartGPU – WebGPU-powered charting library (1M points at 60fps)

https://github.com/ChartGPU/ChartGPU
215•huntergemmer•2h ago•79 comments

SmartOS

https://docs.smartos.org/
78•ofrzeta•2h ago•24 comments

JPEG XL Demo Page

https://tildeweb.nl/~michiel/jxl/
44•roywashere•1h ago•22 comments

PicoPCMCIA – a PCMCIA development board for retro-computing enthusiasts

https://www.yyzkevin.com/picopcmcia/
32•rbanffy•1h ago•7 comments

Skip Is Now Free and Open Source

https://skip.dev/blog/skip-is-free/
40•dayanruben•2h ago•3 comments

Nested Code Fences in Markdown

https://susam.net/nested-code-fences.html
121•todsacerdoti•4h ago•28 comments

Tell HN: Bending Spoons laid off almost everybody at Vimeo yesterday

122•Daemon404•1h ago•55 comments

Autonomous (YC F25) is hiring – AI-native financial advisor at 0% advisory fees

https://atg.science/
1•dkobran•45m ago

EU–INC – A new pan-European legal entity

https://www.eu-inc.org/
575•tilt•6h ago•543 comments

Anthropic's original take home assignment open sourced

https://github.com/anthropics/original_performance_takehome
553•myahio•14h ago•273 comments

RTS for Agents

https://www.getagentcraft.com/
69•summoned•4d ago•28 comments

TPM on Embedded Systems: Pitfalls and Caveats to Watch Out For

https://sigma-star.at/blog/2026/01/tpm-on-embedded-systems-pitfalls-and-caveats/
20•Deeg9rie9usi•2d ago•14 comments

What Is a PC Compatible?

https://codon.org.uk/~mjg59/blog/p/what-is-a-pc-compatible/
69•edward•5d ago•24 comments

EmuDevz: A game about developing emulators

https://afska.github.io/emudevz/
146•ingve•3d ago•34 comments

Without benchmarking LLMs, you're likely overpaying

https://karllorey.com/posts/without-benchmarking-llms-youre-overpaying
76•lorey•22h ago•46 comments

Show HN: yolo-cage – AI coding agents that can't exfiltrate secrets

https://github.com/borenstein/yolo-cage
22•borenstein•2h ago•41 comments

Can you slim macOS down?

https://eclecticlight.co/2026/01/21/can-you-slim-macos-down/
37•ingve•9h ago•64 comments

Ireland wants to give its cops spyware, ability to crack encrypted messages

https://www.theregister.com/2026/01/21/ireland_wants_to_give_police/
130•jjgreen•3h ago•54 comments

Batmobile: 10-20x Faster CUDA Kernels for Equivariant Graph Neural Networks

https://elliotarledge.com/blog/batmobile
67•ipnon•3d ago•10 comments

I Made Zig Compute 33M Satellite Positions in 3 Seconds. No GPU Required

https://atempleton.bearblog.dev/i-made-zig-compute-33-million-satellite-positions-in-3-seconds-no...
73•signa11•7h ago•10 comments

Vibecoding #2

https://matklad.github.io/2026/01/20/vibecoding-2.html
113•ibobev•5h ago•79 comments

Beowulf's opening "What" is no interjection

https://www.poetryfoundation.org/poetry-news/69208/new-research-opening-line-of-beowulf-is-not-wh...
4•gsf_emergency_6•2d ago•0 comments

RSS.Social – the latest and best from small sites across the web

https://rss.social/
187•Curiositry•15h ago•44 comments

A 26,000-year astronomical monument hidden in plain sight (2019)

https://longnow.org/ideas/the-26000-year-astronomical-monument-hidden-in-plain-sight/
543•mkmk•23h ago•106 comments

SETI@home is in hiberation

https://setiathome.berkeley.edu/
208•keepamovin•7h ago•106 comments

An Unfolding Scientific Revolution in Cosmology

https://economicsfromthetopdown.com/2026/01/15/an-unfolding-scientific-revolution-in-cosmology/
16•empiko•5d ago•3 comments

200 MB RAM FreeBSD desktop

https://vermaden.wordpress.com/2026/01/18/200-mb-ram-freebsd-desktop/
156•vermaden•3d ago•153 comments

Swedish Alecta has sold off an estimated $8B of US Treasury Bonds

https://www.di.se/nyheter/di-avslojar-alecta-har-dumpat-amerikanska-statspapper/
23•madspindel•4h ago•4 comments

Finding Matrices that you can multiply wrong, right

https://www.hgreer.com/BadMatrixMultiply/
23•aebtebeten•5d ago•2 comments

The super-slow conversion of the U.S. to metric (2025)

https://www.thefabricator.com/thefabricator/blog/testingmeasuring/the-super-slow-conversion-of-th...
100•itvision•6h ago•234 comments