[gtsteve]

I suppose in retrospect it shouldn't be surprising. I just thought it would be a lot harder than this. I imagined that the communication between the TPM chip and the CPU would be encrypted somehow; I should have verified that.

Does the TPM have a mechanism to lock out if the PIN is entered incorrectly? That sounds like a good move to me.

[tallanvor]

Yes. By default you get 3 or 5 chances and then you have to use the recovery key. In corporate environments the recovery key is often stored in AD or another location by default so it's retrievable by IT (whether because the user entered the wrong PIN or because they quite /were fired and you still need to be able to get data off the computer.