| ▲ | patzentango 3 hours ago | ||||||||||||||||
I just digged into the exploit a little bit more and what it does it targets BitLocker in TPM only mode. That means that there is no preboot authentication or anything. What happens is secure boot validates the boot chain and the TPM gives out the encryption keys by itself. When you have physical access, it doesn't really make a difference. If there is a stick you can boot from and drop into an emergency shell or if you have to buy a $5 microcontroller and solder it to certain pins on the main board to sniff the TPM keys. What Microsoft is doing here in general they are selling something that is not secure. They are selling it as as full disk encryption but it's not. Someone who can flash a flash drive with an exploit and drop to a shell and use it to browse and copy files. Can also just buy that microcontroller and watch your YouTube with you How to solder. So the "exploit" isn't The problem here the problem is the false sense of security that Microsoft is selling. | |||||||||||||||||
| ▲ | gruez 3 hours ago | parent | next [-] | ||||||||||||||||
>If there is a stick you can boot from and drop into an emergency shell This won't work because the TPM will only give you the keys if you're booting an "approved" OS, specifically the PCR states that the encryption keys are bound to. >or if you have to buy a $5 microcontroller and solder it to certain pins on the main board to sniff the TPM keys. That only works with dTPMs. fTPMs aren't vulnerable to this, and are far more popular than dTPMs. | |||||||||||||||||
| |||||||||||||||||
| ▲ | 866-RON-0-FEZ an hour ago | parent | prev | next [-] | ||||||||||||||||
> What Microsoft is doing here in general they are selling something that is not secure. They are selling it as as full disk encryption but it's not. But you can configure Linux LUKS in the exact same way. This doesn't seem an attack on BitLocker so much as it is an attack on the secure boot chain. The value of PIN-less unlock is if your threat model is limited to the disk being disposed of or removed from the machine or otherwise separated from the TPM. Entering a PIN is inconvenient or impossible if more than one user regularly uses the device. Hence, control to validate access is transferred to a trusted OS component. | |||||||||||||||||
| ▲ | kro 3 hours ago | parent | prev | next [-] | ||||||||||||||||
Ubuntu also released TPM based FDE a few versions ago. I had these thoughts then and decided against using it. Typing my passphrase on boot is muscle memory and gives me simple security I can trust. Also can recover data without my mainboard. Maybe a hybrid (secureboot-TPM+phrase) slot for day to day to also prevent against evil maid attacks, and another slot with a backup passphrase would be acceptable. | |||||||||||||||||
| |||||||||||||||||
| ▲ | dataflow 3 hours ago | parent | prev [-] | ||||||||||||||||
They claim they have TPM + PIN exploit too, though how credible it is remains to be seen. https://deadeclipse666.blogspot.com/2026/05/were-doing-silen... | |||||||||||||||||