1. 28
  1. 2

    Very interesting story. What is missing in my opinion are mitigation strategies, especially for decrypting of the hard drive. Can anyone say something about that? Is Linux better in that regard?

    1. 4

      This article has a pretty detailed rundown of how it could have been prevented: https://trmm.net/tpm-sniffing/

      1. 3

        Set an alphanumeric password for BitLocker so it can’t be decrypted straight off the TPM. Email microsoft and politely ask them to use TPM 2.0 encryption.

        1. 2

          Encrypt traffic between your TPM and your CPU. This requires that your CPU have some internal, non-user-readable (only by e.g. EL3) key to use for encryption.