Please note, though, that's imperative to then go for a BitLocker TPM+PIN config... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cwerling on May 2, 2023 \| parent \| context \| favorite \| on: faulTPM: Exposing AMD fTPMs' Deepest Secrets Please note, though, that's imperative to then go for a BitLocker TPM+PIN configuration at least. A standalone (discrete) TPM with TPM-only protectors can be attacked by bus sniffing, a hardware attack much simpler than ours. [1] The beauty of a discrete TPM is its anti-hammering protection, making a numerical PIN a very effective security measure (akin to a SIM/SmartCard). [1] https://www.sciencedirect.com/science/article/pii/S089812211...

als0 on May 2, 2023 [–]

Bus sniffing can be mitigated by encrypting communications using the TPM's in-built parameter encryption capabilities.

cryptonector on May 2, 2023 | [–]

Yes, this. Bitlocker could absolutely do this.

There's still other active attacks resulting from the BMC and BIOS and parts of the OS not also doing the encrypted session thing.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact