So I just watched some presentations by Christopher Tarnovsky, who among other things managed to break the Infineon TPM used in the Xbox 360. Obviously this is a very capable and clever person with expensive equipment, but I was quite shocked when he said that once he figured out how to break the chip, it’s a relatively cheap and easy job to break the chip (listen from 44:05 in the video linked below). The TPM he broke was EAL5 certified and according to him the ST Electronic ones are even easier to break (bad for Ledger I guess). I wonder if maybe it’s not so easy for actors with resources (forensic companies, law enforcement, etc.) to break secure elements?
Given that the presentation is more than 10 years old and I don’t have a very deep understanding of secure elements, I’m wondering what more knowledgeable people on this board think about this?
