Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

Stealing the Bitlocker key from a TPM

In this blogpost astralvx will describe the physical hardware attack to capture a Bitlocker key in transit across the SPI bus. All information here is in the public domain in one form or another and not proprietary. We shall discuss the details of Bitlocker, boot flow from pre-boot to OS, an introduction to TPM 2.0 and SPI bus, soldering onto the legs, logic analyzers, how to analyze the SPI stream, using the extracted VMK to decrypt a Bitlocker protected volume, and lastly some mitigations. Stealing the Bitlocker key from a TPM