> What is there to gain "cracking" the TPM itself, if you can get the keys fine by sniffing?
Sniffing requires the TPM be unlocked first. If you can't get it unlocked (poor wording, but it will do), no amount if sniffing is going to get you anywhere. They sort of acknowledge that here:
> Don’t want to be vulnerable to this? Enable additional pre-boot authentication.
If they really could just extract keys from a TPM without if being unlocked there would be little point in having a TPM at all. "Little point in having a TPM at all" would be big news, and the reason many of use read the article is because the headline implied it was describing a way to do just that.
In reality the TPM remains perfectly capable of keeping it's secrets secret until someone with the right credentials comes along, and proves they have them to the TPM itself. But in the scenario described the only "credentials" required to make Bitlocker unlock the TPM was was someone pressing the on switch.
So it doesn't sound like someone extracted the keys from the TPM to me. Once the software has unlocked it and asked it to send the keys, they will exist in multiple locations. The LPC bus is one, but they will also end up in RAM, or for that matter intercept the keying material when it is sent via the SATA bus to the drives.
Sniffing requires the TPM be unlocked first. If you can't get it unlocked (poor wording, but it will do), no amount if sniffing is going to get you anywhere. They sort of acknowledge that here:
> Don’t want to be vulnerable to this? Enable additional pre-boot authentication.
If they really could just extract keys from a TPM without if being unlocked there would be little point in having a TPM at all. "Little point in having a TPM at all" would be big news, and the reason many of use read the article is because the headline implied it was describing a way to do just that.
In reality the TPM remains perfectly capable of keeping it's secrets secret until someone with the right credentials comes along, and proves they have them to the TPM itself. But in the scenario described the only "credentials" required to make Bitlocker unlock the TPM was was someone pressing the on switch.
So it doesn't sound like someone extracted the keys from the TPM to me. Once the software has unlocked it and asked it to send the keys, they will exist in multiple locations. The LPC bus is one, but they will also end up in RAM, or for that matter intercept the keying material when it is sent via the SATA bus to the drives.