First-Ever TPM Sniffing Attack Extracts LUKS Keys from Industrial Linux Devices

While hardware hackers have long demonstrated the ability to extract BitLocker keys by eavesdropping on Windows systems, a new frontier in Trusted Platform Module (TPM) sniffing has just been breached. A recent cybersecurity report from cybersecurity firm Cyloq reveals a critical hardware vulnerability in industrial embedded Linux devices, demonstrating how attackers can physically extract full disk encryption keys in plain text.

The target of this research is the ARM-based Moxa UC-1222A Secure Edition industrial computer. The flaw, which has been acknowledged by the vendor and assigned CVE-2026-0714, exposes the device’s LUKS (Linux Unified Key Setup) decryption key directly over the motherboard’s circuitry.

Historically, TPM bus sniffing has been a thorn in the side of Microsoft’s BitLocker encryption. However, the researchers set out to prove that Linux-based industrial systems are equally at risk if their hardware implementations lack robust cryptographic transit protections.

“While TPM bus sniffing attacks against Windows systems with BitLocker are well documented, less research has focused on non-BitLocker targets such as embedded Linux devices using LUKS,” the report states.

The Moxa UC-1200A series is heavily utilized in industrial environments. According to the vendor’s description noted in the report, the platform is “designed for embedded data-acquisition applications” and serves as a “reliable and secure gateway for data acquisition and processing at field sites as well as a useful communications platform for many other large-scale deployments”. Despite being marketed as a hardened and secure device, its physical boot process contained a fatal flaw.

The core of the vulnerability lies in how the System on Chip (SoC) communicates with the discrete TPM 2.0 chip during the boot sequence. While the TPM correctly enforces authorization via Platform Configuration Register (PCR) policies, the delivery of the secret is entirely unprotected.

The researchers discovered that “the Moxa UC-1222A Secure Edition releases its full LUKS device decryption key in plaintext during boot via a TPM2_NV_Read operation bound to PCR policy”.

Because the key is transmitted without any transit encryption over the Serial Peripheral Interface (SPI), an attacker with physical access to the device can simply attach a logic analyzer to the correct pins and watch the key scroll by. “By passively monitoring the SPI bus between the SoC and the discrete TPM 2.0 device, the LUKS decryption key can be recovered and used to decrypt the encrypted storage,” the researchers detailed.

This specific attack vector represents a novel milestone in hardware security research. The report highlights that “this is the first publicly documented TPM sniffing attack where TPM2_NV_Read has been the mechanism releasing the key”.

The Trusted Computing Group (TCG) actually provides architectural guidance to prevent these exact passive monitoring attacks, known as “parameter encryption through authorization sessions”.

To secure the SPI bus, systems must use encrypted sessions—such as unbound, bound, salted, or salted and bound sessions—to protect sensitive command and response parameters in transit.

However, implementing these sessions in headless, automated boot environments poses a challenge. “For bootups where the user does not enter a PIN, and no high-entropy authValue is available, bound sessions do not provide meaningful protection,” the analysis explains. Instead, developers must rely on salted sessions, which use asymmetric cryptography to securely exchange a shared session key without a pre-existing secret, despite the tradeoff of a slightly slower bootup time.