[bpye]

> Am I missing something? My disk is encrypted. If they take it apart, they need my password to crack the encryption.

You’re not protected from an evil maid attack. An attacker with physical access could make your device boot their own payload to capture your encryption key and install a rootkit.

[ndriscoll]

I—like most people—don't have a maid. Is Tom Cruise going to break into my house to add a keylogger to my computer without me noticing? If anyone is breaking in, my threat model is worrying about me or my family getting killed, not someone installing an evil bootloader.

Most market segmentation is just to screw customers (e.g. ECC support), but measured boot is one that really only needs to be on enterprise server or workstation-class hardware, and actually causes issues by existing in mass market hardware.

[account42]

If your threat model includes evil maid attacks a TMP will not save you. They can just install a physical keylogger and then do whatever they want. The only threat model that a TPM helps with is where the owner of the computer is considered the threat by someone else.

[AnthonyMouse]

So what happens when they use their physical access to turn off secure boot or just replace the component/device with one that looks the same, prompts for your password and sends it to them?

[nuker]

You get a prompt to enter Bitlocker recovery key if you turn off Secure boot in BIOS.

[AnthonyMouse]

That's Windows doing that, which they've just compromised and then configured to display only the normal login prompt but send your credentials to the attacker.

They can also decrypt your hard drive by doing the same thing without modifying the original machine by just stealing it and leaving you a compromised one of the same model to also steal your password.

[nuker]

If evil maid attack, and you see this prompt, you a) re-enable secure boot, if did not work b) throw away the device.

In any case data stays secure.

Edit: Hmm, you have a point, how do I know secure boot was disabled in the first place? Anyway, still works for servers and unattended reboots.

[KAMSPioneer]

No, GP is misinterpreting Windows's message. It prompts for a recovery key because the TPM is bound to, among other things, Secure Boot == enabled. When Secure Boot is disabled, the TPM notices that and refuses to release the key, that's how you know to reënable Secure Boot or throw away your device.

The fact that Windows is compromised does not make it capable of extracting secrets from the TPM, though maybe a naïve user can be convinced to enter the recovery key anyway...

[AnthonyMouse]

> When Secure Boot is disabled, the TPM notices that and refuses to release the key, that's how you know to reënable Secure Boot or throw away your device.

But the attacker isn't trying to get the key from the TPM right now, they're trying to get the credentials from the user. It's the same thing that happens with full disk encryption and no TPM. They can't read what's on the device without the secret but they can alter it.

So they alter it to boot a compromised Windows install -- not the original one -- and prompt for your credentials, which they then capture and use to unlock the original install.

They don't need secure boot to be turned on in order to do that, the original Windows install is never booted with it turned off and they can turn it back on later after they've captured your password. Or even leave it turned on but have it boot the second, compromised Windows install to capture your credentials with secure boot enabled.

How suspicious are you going to be if you enter your credentials and the next thing that happens is that Windows reboots "for updates" (into the original install instead of the compromised one)?

[Ferret7446]

There is no password. The machine will fail to boot and decrypt you hard drive.

[AnthonyMouse]

Either you're entering something into the machine to authenticate yourself or they can just copy or modify your files without authenticating to begin with.

If they just want your password they don't need to decrypt your hard drive, they can format it and install a rootkit that steals your password as soon as you try to login.

[jasomill]

So don't turn off secure boot. Replace the target machine with an identical decoy machine set up to capture whatever credentials are required to log in to the machine once BitLocker auto-unlocks, then use these to log in to Windows on the original machine and steal any encrypted data accessible by the user who logs in.

This would be more difficult to pull off in the presence of non-password security like a hardware token, as you'd need to forward the actual login UI to the decoy machine, but still not terribly difficult if the login UI will display on an externally-connected monitor and accept input from an externally-connected keyboard and pointing device, and the hardware security device connects via an external interface like USB.

[izacus]

You're now just making up more and more ridiculous nonsense to beat a wrong point.