pull down to refresh

BitLocker encryption broken in under 43 seconds with sub-$10 Raspberry Pi Picowww.tomshardware.com/pc-components/cpus/youtuber-breaks-bitlocker-encryption-in-less-than-43-seconds-with-sub-dollar10-raspberry-pi-pico
42 sats \ 0 comments \ @DEADBEEF 7 Feb 2024 privacy
To do this, the YouTuber took advantage of a design flaw found in many systems that feature a dedicated Trusted Platform Module, or TPM. For some configurations, Bitlocker relies on an external TPM to store critical information, such as the Platform Configuration Registers and Volume Master Key (some CPUs have this built-in). For external TPMs, the TPM key communications across an LPC bus with the CPU to send it the encryption keys required for decrypting the data on the drive.
Stacksmashing found that the communication lanes (LPC bus) between the CPU and external TPM are completely unencrypted on boot-up, enabling an attacker to sniff critical data as it moves between the two units, thus stealing the encryption keys.
write
preview
related posts