No big deal here. This attack looks like it's using a crusty old TPM 1.2 laptop, so encrypted parameters to the TPM aren't supported. Even with Win11 and TPM2.0 (required for Win11), encrypted parameters to the TPM would just slow down an attacker.
You need to use pre-boot auth, like a PIN. Obviously, the TPM needs to have some kind of authentication to release the key, not just the default mode where Windows just needs to request it. This is all outlined in MS documentation: https://learn.microsoft.com/en-us/windows/security/operating...
TPM is insecure against physical attacks by design: https://gist.github.com/osy/45e612345376a65c56d0678834535166
The only secure implementation is called D-RTM which requires a level of chip, OEM, and OS support that's not done in practice.
Nothing new. This attack is demonstrated here many times and the Microsoft docs discuss a similar attack using self encrypting drives. The counter measure is to use a virtual TPM built into the CPU or to use TPM+PIN (which is standard practice for security).
Does Microsoft Pluton [1] help here? I noticed at least some recent ThinkPad AMD models support it.
[1] https://learn.microsoft.com/en-us/windows/security/hardware-...
This is particularly interesting considering that TrueCrypt recommended migration to BitLocker as the main option for Windows: https://truecrypt.sourceforge.net/
IIRC Apple's version of TPM (Secure Enclave) should be immune to such attacks (since it's on the SoC, but I'm not sure whether the communication is encrypted or not), and the main data encryption method for GNU/Linux (LUKS) does not utilize TPM by default (might depend on distro though).
EDIT: I believe that the method in the video only works for volumes that aren't password/PIN-protected.
Worth noting that modern AMD CPUs incorporate the TPM functionality in the CPU itself, not sure about Intel.
Didn't know! After TC vanished with recommendation to use BL I had kept few files in direct Windows storage protected by BL. The more sensitive ones I still kept in Vera. Here my natural scepticism protected me lol.
Guess turning on pre boot pw is next thing to do.
I predict that this will necessitate an upgrade to TPM 3.0 with a key exchange handshake mitigation along with it being a requirement to upgrade to Windows 12. That’s fine though because it will help with economic growth and all the relevant companies’ bottom lines.
To decrypt a drive with a TPM-only key you just need to turn on the PC. So what's the big deal here?
It's disappointing that TPM-only is the default for Bitlocker, but you can just use something else (pin/password, key file, ...).
This presumably applies to any FDE utilizing TPM, not just BitLocker.
Modern systems don't have a dedicated TPM, so it's a lot harder to read the settings off the chip, as it is part of the CPU.
Then I believe modern TPM communication is encrypted.
On too of that you want your laptop to support physical tampering resistance, which prevents both this (outdated) chip attack and freezing the RAM. When you then boot the laptop the master password is required. I would prefer it to throw off the PCR but hey, it works too.
I do wonder if you have 8GB of soldered RAM and 8GB on a stick, Windows keeps the key in the soldered part to increase difficulty stealing?
I'm lead to believe the TPM is a firmware TPM and not a hardware one. Is this correct?
Very interesting video. For those who can't watch, he creates a PCB with a RPi Pico and some data pins which can sniff the BitLocker key as it's sent from the TPM chip back to the CPU. I was surprised to see that this was sent in plaintext, so although his board probably will only work for that particular motherboard, the method would be sound for other computers as well.
I'll leave the comments about MS requiring TPM chips for Win11 to others.