Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why? It means you'll only get one shot at the attack, but nothing here is intrinsically prevented by using a TPM PIN (or even a non-TPM password, the attack doesn't depend on TPM-based Bitlocker in any way other than if the target machine is powered off or your first attempt fails)


I wouldn't underestimate that a PIN prevents this attack on machines that are powered off.

You can then go further up the chain with a UEFI settings password and no usb booting. If the password is hard to decrypt, then that's a pretty good approach.

Then there's custom Secure Boot certificates that replaces the ones from MS. It'll work for Linux, not sure about BitLocker. But my Surface tablet doesn't even support custom sb certs.


It might make it super hard to do an a laptop where you can't usually force reset easily from the power button.

Having said that a number of laptops can still be opened without being powered-off if you do it carefully.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: