Defeating Microsoft’s Trusted Platform Module

This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard.

Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization. They received no test credentials, configuration details, or other information about the machine.

They were not only able to get into the BitLocker-encrypted computer, but then use the computer to get into the corporate network…

Continue reading Defeating Microsoft’s Trusted Platform Module

Why does Windows not enable TPM 2.0 parameter encryption to protect against bus sniffing of Bitlocker key?

Comes from Bitlocker, does additional authentication at startup with TPM device provide any extra security?
You can sniff the key right from the bus currently:

As the decryption happens automatically, if we can sniff the VMK as
its being … Continue reading Why does Windows not enable TPM 2.0 parameter encryption to protect against bus sniffing of Bitlocker key?