BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico — key can be sniffed when using an external TPM

Custom Raspberry Pi Pico designed to hack TPM
(Image credit: YouTube - stacksmashing)

Bitlocker is one of the most easily accessible encryption solutions available today, being a built-in feature of Windows 10 Pro and Windows 11 Pro that's designed to secure your data from prying eyes. However, YouTuber stacksmashing demonstrated a colossal security flaw with Bitlocker that allowed him to bypass Windows Bitlocker in less than a minute with a cheap sub-$10 Raspberry Pi Pico, thus gaining access to the encryption keys that can unlock protected data. After creating the device, the exploit only took 43 seconds to steal the master key.

To do this, the YouTuber took advantage of a known design flaw found in many systems that feature a dedicated Trusted Platform Module, or TPM. For some configurations, Bitlocker relies on an external TPM to store critical information, such as the Platform Configuration Registers and Volume Master Key (some CPUs have this built-in). For external TPMs, the TPM key communications across an LPC bus with the CPU to send it the encryption keys required for decrypting the data on the drive.

Stacksmashing found that the communication lanes (LPC bus) between the CPU and external TPM are completely unencrypted on boot-up, enabling an attacker to sniff critical data as it moves between the two units, thus stealing the encryption keys. You can see his method in the video below. 

With this in mind, the YouTuber decided to test an attack on a ten-year-old laptop with Bitlocker encryption. His specific laptop's LPC bus is readable through an unpopulated connector on the motherboard, located right next to one of the laptop's M.2 ports. This same type of attack can be used on newer motherboards that leverage an external TPM, but these typically require more legwork to intercept the bus traffic.

To read data off the connector, the YouTuber created a cheap Raspberry Pi Pico device that could connect to the unsecured connector just by making contact with the metal pads protruding from itself. The Pico was programmed to read the raw 1s and 0s off from the TPM,  granting access to the Volume Master Key stored on the module.

Stacksmashing's work demonstrates that Windows Bitlocker, as well as external TPMs, aren't as safe as many think because the data lanes between the TPM and CPU are unencrypted. The good news is that this attack method, which has been known for some time, is relegated to discrete TPMs. If you have a CPU with a built-in TPM, like the ones in modern Intel and AMD CPUs, you should be safe from this security flaw since all TPM communication occurs within the CPU itself. 

Aaron Klotz
Contributing Writer

Aaron Klotz is a contributing writer for Tom’s Hardware, covering news related to computer hardware such as CPUs, and graphics cards.

  • Alvar "Miles" Udell
    Makes me think of this article for some reason...

    https://www.tomshardware.com/news/where-to-buy-tpm-2.0-for-windows-11
    Reply
  • hotaru251
    what was MS's reason for requiring TPM for win11 again? kek
    Reply
  • USAFRet
    hotaru251 said:
    what was MS's reason for requiring TPM for win11 again? kek
    Security. Which was not necessarily a bad idea.

    Security is always a cat and mouse thing.
    Just like the various versions of SSL/TLS.

    Each side ups their game.
    Reply
  • digitalgriffin
    The fTPM in AMD CPUs is buggy though. It causes lag spikes in games. And the AGESA updates didn't fix it.
    Reply
  • Suurin_
    digitalgriffin said:
    The fTPM in AMD CPUs is buggy though. It causes lag spikes in games. And the AGESA updates didn't fix it.
    Is that really still an issue? My 5950X on a Dark Hero motherboard with latest BIOS/Firmware update has not exhibited any of these lag spikes since an update in late 2021. I remember hearing about that at the beginning of that year and waited to pick up my motherboard and CPU at that time. The issue was manifesting early on but was fixed later in the year and now I have no lag spikes on my hardware.
    Reply
  • Kamen Rider Blade
    Or maybe we don't use TPM and find a different way.
    Reply
  • garydgregory
    Wrong word at the end of the post: "regulated to" -> "relegated to".
    Reply
  • voyteck
    hotaru251 said:
    what was MS's reason for requiring TPM for win11 again? kek

    Well, they required at least ix-8xxx CPUs, and...

    The good news is that this flaw appears to be an issue regulated to discrete TPMs. If you have a CPU with a built-in TPM, like the ones in modern Intel and AMD CPUs, you should be safe from this security flaw since all TPM communication occurs within the CPU itself.
    Reply
  • dehjomz
    What if the attacker steals a hard disk or usb or nvme drive encrypted by bitlocker, and plugs it into the system with the compromised external TPM.

    Can the attacker get the encryption key and the data?
    Reply
  • ingtar33
    digitalgriffin said:
    The fTPM in AMD CPUs is buggy though. It causes lag spikes in games. And the AGESA updates didn't fix it.
    maybe on zen 2 or earlier... and even then i think this issue was patched out during the pandemic. I am currently on a zen3 and never observed this issue.
    Reply