|
|
|
|
|
|
by miki123211
670 days ago
|
|
|
This is why solutions like Bitlocker with a good TPM or FileVault are so important. They can essentially guarantee that the disk encryption key will only be released from the security module if the computer is running a fully-trusted and signed OS. Even if you take the drive out of the machine, the data on that drive is completely useless to you. Incidentally, this is also what makes short PINs secure; the TPM contents are unreadable, even to a skilled attacker, so if the TPM is guaranteeed to wipe itself after 10 tries, even a 4-digit PIN is secure enough. |
|
|
Depends how "skilled". Nation-state level? Most definitely not. "IC break" services in China? Maybe. AFAIK TPMs are based on similar secure-processor designs as the chips in payment cards and other smartcards, and even those with enough determination and $$$, or the right equipment, will get you through.
Here's an old but quite thorough discussion of the techniques involved: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf