News BitLocker key sniffing is still possible on modern Windows 11 laptops with discrete TPM modules

[Admin]

A new report has confirmed that BitLocker key sniffing can still be accomplished on Windows 11 laptops featuring the latest TPM 2.0 standard.

BitLocker key sniffing is still possible on modern Windows 11 laptops with discrete TPM modules : Read more

 

[Sleepy_Hollowed]

I've only read a hand of these, and they seem to focus on the LPC data bus, which is fine but it is also not quite what's out there on newer systems.

That being said, this is good to know since it's often overlooked and the set of standards for the TPM external devices have not been updated in a while as far as communication goes, due to cost.

I know it might be super expensive, but having something similar to pcie x1 to connect these would be much better, since it's been done before but now that NICs and Audio is mostly integrated on the board, why not?

 

[Dylan Shekter]

I've only read a hand of these, and they seem to focus on the LPC data bus, which is fine but it is also not quite what's out there on newer systems.

That being said, this is good to know since it's often overlooked and the set of standards for the TPM external devices have not been updated in a while as far as communication goes, due to cost.

I know it might be super expensive, but having something similar to pcie x1 to connect these would be much better, since it's been done before but now that NICs and Audio is mostly integrated on the board, why not?

Pcie can still be sniffed. It seems that the real solution is secure board design. Running the traces on the innermost layers to mitigate emission is step 1. ICs are harder to probe than test pads, but still probable, so using a fine pitch bga with a glob top to prevent snaking mag wires would go a long way.

 

[TJ Hooker]

You don't need to change the CPU-TPM communication channel to address this issue. The mitigation is already known and documented: configure bitlocker to require a pre-boot PIN.

https://learn.microsoft.com/en-us/w...cker/countermeasures#attacker-countermeasures

Another option would be for Bitlocker to be updated to use TPM "parameter encryption", which results in the disk encryption key being sent from the TPM to the CPU in encrypted form, rather than clear text.

And of course, if you're not using a discrete TPM, you don't need ro worry about bus sniffing in the first place.