Microsoft Corporation
Fuse based replay protection with dynamic fuse usage and countermeasures for fuse voltage cut attacks

Abstract:

A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.