Comment by bri3d

I'm glad we were able to move past "We don't know how that mechanism works, it could just be a totally separate gate that IS bypassable" and into the actual way the mechanism works!

> The article shows that the PIN-entangled key material can still be downloaded directly from the TPM.

Not exactly, the TPM has PolicyAuthValue(PIN), so the PIN also needs to be provided to the TPM to unseal the material, and the hardware anti-hammering should prevent brute forcing it this way. The blog post documents dumping the PIN-entangled key material by MITM-ing the TPM communication while a user enters the PIN; the entanglement is a belt-and-suspenders approach.