Solution: Just encrypt it with a password.
Bit locker is a password controlled drive encryption. Am I being dumb or are you seriously saying that?
I guess they mean use the password as part of the encryption key, or encrypt the key with the password. Bitlocker doesn’t use the user’s password in that way, which is why it can boot an encrypted system without user interaction. That part always seemed very sketchy to me.
FYI: You can set it to require a PIN + TPM, or even just a password eg using manage-bde -on c: -password.
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde-on
When using an external TPM. Which next to no one does.
Watch the video. It just means external to the CPU, not an external device.
They demo the attack on a Lenovo laptop in the first minute of the video.
Edit: nm I just realized that was a 10 year old laptop and they’re in all the modern procs. I’m a lot less impressed now.
Sounds like intel has external and amd internal with their ftpm?
fTPM has a bug, don’t know if it’s fixed
https://www.techspot.com/news/93684-amd-promises-fix-ftpm-issue-causes-stuttering-freezes.html
Veracrypt also doesn’t recommend using encryption that relies on TPMs
Some encryption programs use TPM to prevent attacks. Will VeraCrypt use it too? No. Those programs use TPM to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer, and the attacker needs you to use the computer after such an access. However, if any of these conditions is met, it is actually impossible to secure the computer (see below) and, therefore, you must stop using it (instead of relying on TPM).
If the attacker has administrator privileges, he can, for example, reset the TPM, capture the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer).
https://veracrypt.eu/en/FAQ.html
Let’s assume the attackers were law enforcers
You’re being downvoted because this is a hardware problem and not Microsoft’s fault.
Just look at the Xbox one mod chip scene and you’ll see MS can do security perfectly well.
Not the Xbox One. The 360 had some wild mod chips back in the day, which actually required drilling into the CPU at a specific spot to cut some internal contacts. Basically, the 360 used a physical connection between two pins on the CPU for security. So the modchip required drilling into the CPU, to sever that connection and allow the modchip to inject its own code instead. That’s when MS (mostly) realized that relying on physical connections for security was a bad idea, because an end user has physical access to the device.
Yeah. I hate Microsoft as a company, and I hate how they inject advertising, inconsistent design, no good centralixed package manager (TBF, they’re fixing that with winget, but only kind of; not sure if there’s a way to add additional repositories), etc.
But they do have damn good security. After the OG Xbox became the legendary homebrew console that it did, Microsoft beefed up security massively with the Xbox 360’s software. What they didn’t do quite as well was beef up hardware security, although the last model of the Xbox 360 (Winchester) has yet to be hacked. The JTAG hack was patched with a firmware update, but then it was found that through a timed glitching attack, you could force memcmp to return true, and if the timing is off, you can reboot the console via glitcher chip or SMC if using RGH 3 and try again.
With the Xbox One, there was a priviledge escillation bug in Dev Mode that to this day has been pretty underutilized, but other than that, it’s been fairly rock solid. There is another point to why, though. Microsoft realised the power of homebrew, especially after Sony made the mistake of removing OtherOS from all PS3 models, and then it got hacked shortly after. So they included (sold you) a way to run UWP apps using a sandboxed environment called Dev Mode. This leaves less of a desire for hackers to attempt exploiting the console’s retail mode, since they have almost the same resources that games have (still weaker, though).
Finally, we can install Linux on your corporate pc or grab some RAM from it 😂😂😂
Say it with me now: LUUUUUKS
LUKS is still vulnerable to this attack if you enable autodecrypt using TPM. This attack is based on the vulnerability that the CPU and TPM communicates uses plain text. And it is a pretty common attack against TPM:
https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
SPI is a communication protocol for embedded systems and is extremely common amongst virtually all hardware. Due to its simplicity, there is no encryption option for SPI. Any encryption must be handled by the devices themselves. At the time of this writing BitLocker does not utilize any encrypted communication features of the TPM 2.0 standard, which means any data coming out of the TPM is coming out in plaintext, including the decryption key for Windows
And apparently Linux is not doing too hot on this regard either:
https://www.secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-targets
As we can see, parameter encryption simply isn’t used in practice, and except for safeboot none of the solutions enforce PIN/MFA by default.
However, this attack is not viable for device with firmware based solution, like fTPM, Microsoft Pluton, secure enclave etc. in these case TPM is part of the cpu, hence have no exposed pins to sniff their connection.
So if you don’t want people with physical access to your computer (a thief or a evil maiden) to access everything on your disk, don’t setup TPM auto decrypt.
CPU doesn’t have any secure storage, so it can’t encrypt or authenticate comms to the TPM. The on-CPU fTPMs are the solution, the CPU then has the secure storage.
I wondered why LUUUUUKS didnt use the TPM, why do i have to put my password in… this is absolutely why.
Edit: fixed spelling of LUUUUUKS
What exactly is the point of full disk encryption if the system auto-unlocks on boot?
