Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TPM Manufacturers list is incomplete #665

Open
ncornwell opened this issue Jan 14, 2025 · 2 comments
Open

TPM Manufacturers list is incomplete #665

ncornwell opened this issue Jan 14, 2025 · 2 comments

Comments

@ncornwell
Copy link

Describe the issue

When verifying a TPM attestation with a Microsoft TPM we received this error:
Could not match TPM manufacturer "id:4D534654" (TPM)

The TPM vendors list is incomplete and an updated list is here:
https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-Vendor-ID-Registry-Family-1.2-and-2.0-Version-1.07-Revision-0.02_pub.pdf

Reproduction Steps

Verify an attestation from an unsupported TPM manufacturer.

Expected behavior

Verification does not throw an error from registered TPM manufacturers.

Code Samples + WebAuthn Options and Responses

Dependencies

  • OS: Windows (Any Version)
  • Browser: Any
  • Authenticator: TPM 2.0 PC with Windows Hello/Security

SimpleWebAuthn Libraries

$ npm list --depth=0 | grep @simplewebauthn
├── @simplewebauthn/[email protected]
# ...

Additional context

Missing items from tpm constants

SimpleWebAuthn/packages/server/src/registration/verifications/tpm/constants.ts

Line 104 in cfd2400

export const TPM_MANUFACTURERS: { [key: string]: ManufacturerInfo } = { 

  'id:414E5400': {
    name: 'Ant Group',
    id: 'ANT',
  },

  'id:464C5953': {
    name: 'Flyslice Technologies',
    id: 'FLYS',
  },

  'id:474F4F47': {
    name: 'Google',
    id: 'GOOG',
  },

  'id:48504500': {
    name: 'HPE',
    id: 'HPE',
  },

  'id:48504900': {
    name: 'HPI',
    id: 'HPI',
  },

  'id:48495349': {
    name: 'Huawei',
    id: 'HISI',
  },

  'id:4D534654': {
    name: 'Microsoft',
    id: 'MSFT',
  },

  'id:4E534700': {
    name: 'NSING',
    id: 'NSG',
  },

  'id:5345414C': {
    name: 'Wisekey',
    id: 'SEAL',
  },
@MasterKale
Copy link
Owner

Hello @ncornwell, thanks for reporting this, and for updating to a recent TPM spec I can reference to update the list of manufacturer IDs. This is straight-forward enough, I'll try to get this fixed this week.

BTW might the response with that new ID be something generated by the upcoming Windows Hello passkey changes?

@ncornwell
Copy link
Author

Yes it certainly could be from Windows Hello changes, I don't typically see users using microsoft TPMs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ncornwell @MasterKale