Comment by pinum
10 hours ago
Thanks, I was familiar with encryption but not with bitlocker.
So this only affects a particular mode of bitlocker in which the drive is automatically decrypted on boot without the user providing any secret. Meaning the key is basically stored in plaintext on-device, albeit in a convoluted way.
To me it seems intuitive that such a mode isn't secure. It's a bit like protecting your door with an unpickable unbreakable lock, but then putting the key in a lockbox on the wall with a flimsy padlock that can be raked or cut off in seconds.
It seems roughly equivalent to not encrypting the drive at all so it doesn't seem surprising that there's a way to bypass it.
The point is that the lockbox is the TPM that, on paper, is supposed to be unbreakable. In practice, sometimes it can still be broken with physical attacks (like side channel analysis or fault injection, or even simply snooping the communication between the TPM and the rest of the system with a logic level analyzer), despite that it should be designed to be hard to break even with such attacks.
If the TPM is properly designed and manufactured, and the software relying on it is again properly designed and implemented, then it would be perfectly secure. The problem is more the difference between the theory and the real world; the flimsy lockbox analogy doesn't hold.
I don't think any of the attacks being discussed are actually attacks on the TPM's own threat model.
I think they're attacks on Windows' measured boot approach.
the vast majority of TPMs today live inside the CPU (fTPM). you can't physically attack them
I gave three ways in which encrypting a disk using a TPM provides advantages over encrypting the disk using a secret password.
Encrypting the disk using a secret password provides advantages over encrypting the disk using a public password.
Encrypting the disk using a public password again provides advantages over not encrypting the disk (such as being able to securely "delete" data by removing the data encryption key).
I agree with your core point that attempting to use measured boot and secure boot to control whether the disk can be decrypted is full of holes. But if you want the computer to have an encrypted drive and to be able to boot up without a network or human intervention, what are your options really?