[matsz]

This is particularly interesting considering that TrueCrypt recommended migration to BitLocker as the main option for Windows: https://truecrypt.sourceforge.net/

IIRC Apple's version of TPM (Secure Enclave) should be immune to such attacks (since it's on the SoC, but I'm not sure whether the communication is encrypted or not), and the main data encryption method for GNU/Linux (LUKS) does not utilize TPM by default (might depend on distro though).

EDIT: I believe that the method in the video only works for volumes that aren't password/PIN-protected.

[dist-epoch]

If you worry about someone sniffing your hardware buses, you should also worry about them intercepting your keyboard connection when you type the TrueCrypt password.

[Dylan16807]

The problem is that they can sniff the bus at their convenience after grabbing the hardware and running. No need to hide a keylogger.

[0cf8612b2e1e]

Does seem laughably easy to intercept the keyboard connection.

[p_l]

TPM 2.0 supports encrypted sessions, which block this kind of attack (TPM 2.0 is wholly different beast than TPM 1.x series).

I do not recall if cryptsetup's TPM2 support sets up encrypted session, but for BitLocker just setting it to require PIN breaks this attack (the PIN is used as part of TPM policy preventing automatic decryption).

Additionally, some laptops at the very least attempt to erase TPM on case open.

[jeroenhd]

I think the "on case open" bypass was shown quite well in this video (the picture of the Surface device with a hole drilled in the back).

Such measures should protect against backdooring attempts (by the visible physical damage to the case) but they won't prevent an attacker from reading the secret key.