All encryption is end-to-end, if you’re not picky about the ends. config TCG_TPM2_HMAC bool “Use HMAC and encrypted transactions on the TPM bus” default n select CRYPTO_ECDH select CRYPTO_LIB_AESCFB select CRYPTO_LIB_SHA256 select CRYPTO_LIB_UTILS help Setting this causes us to deploy a scheme which uses request and response HMACs in addition to encryption for communicating with the TPM to prevent or detect bus snooping and interposer attacks (see tpm-security.rst). Saying Y here adds some encryption overhead to all kernel to TPM transactions. Last year, I came agross a Linux kernel feature called TCG_TPM2_HMAC. It claims to detect or prevent active and passive interposer attackers. That’s one of my sleeper agent activation phrases, so I dug in.

via: https://infosec.exchange/@DomainTools/115464731224174624

Web review of Ervin

Sectigo, a global leader in digital certificates and automated Certificate Lifecycle Management (CLM), today announced that the CA/Browser (CA/B) Forum ballot it endorsed to reduce the maximum validity term of SSL/TLS certificates to 47 days by 2029 has passed. This groundbreaking move to shorten digital certificate lifespans seeks to enhance online security, drive automation in certificate management, and ready systems for quantum computing challenges by improving crypto agility