|
|
|
|
|
|
by p_l
870 days ago
|
|
|
TPM 2.0 supports encrypted sessions, which block this kind of attack (TPM 2.0 is wholly different beast than TPM 1.x series). I do not recall if cryptsetup's TPM2 support sets up encrypted session, but for BitLocker just setting it to require PIN breaks this attack (the PIN is used as part of TPM policy preventing automatic decryption). Additionally, some laptops at the very least attempt to erase TPM on case open. |
|
|
Such measures should protect against backdooring attempts (by the visible physical damage to the case) but they won't prevent an attacker from reading the secret key.