There is a bug in certain Infineon TPM firmware versions which results in RSA keys generated by the TPM being vulnerable to an attack that allows to recover the private half of the RSA key from just the public key. The researchers who found the vulnerability have published high-level information here: https://crocs.fi.muni.cz/public/papers/rsa_ccs17. Currently known exploits are computationally expensive; specifically, for RSA keys of bit size 2048, the researchers give an estimate of 140.8 CPU years to break a single key. Note that this figure might drop as more researchers look at the attack. At the current point in time, it means TPM-generated RSA keys can’t be broken at large scale, but targeted attacks are possible. To summarize: There exists a practical attack against TPM-generated RSA keys, but it doesn’t allow large-scale exploitation of Chrome OS devices.
Original Article Appeared 2/14/2018