[gruez]

>If there is a stick you can boot from and drop into an emergency shell

This won't work because the TPM will only give you the keys if you're booting an "approved" OS, specifically the PCR states that the encryption keys are bound to.

>or if you have to buy a $5 microcontroller and solder it to certain pins on the main board to sniff the TPM keys.

That only works with dTPMs. fTPMs aren't vulnerable to this, and are far more popular than dTPMs.

[bootsmann]

fTPMs also have similar issues. The real takeaway is that if your threat model includes actors capable of executing attacks against BitLocker you need to put a password/pin on it in addition to the TPM.

https://arxiv.org/pdf/2304.14717

[patzentango]

I was talking about the signed recovery shell the article is talking about. Sadly most business laptops still use dtpms. Also if they use ftpms you can simply use a ram scraper. The attack surface is huge either way.