Re: Bypassing BitLocker in TPM-only (basic) mode...?

You can boot with a CD/DVD/bootable device - but since the contents of the
hard drive are encrypted (all but a small startup stub) it doesn't do you
any good anyway.

"groffg" <> wrote in message
news:...
>
> Anyone had any experience bypassing BitLocker (basic mode) using the
> recovery console (i.e., booting to the Windows DVD or rescue CD)? Based
> on the documentation, seems like it would work (provided BIOS is
> configured to boot to CD/DVD drive before the HDD).
>
> Having said that, would M$ allow such an obvious attack vector? I don't
> have a machine w/ a TPM right now, so I can't test this myself. Anyone
> tried this out?

But I thought the Windows recovery CD/DVD was "bitlocker compatible,"
meaning that if you boot to the CD/DVD, and bitlocker is detected, then
it would allow you to authenticate first (which would happen
transparently in the event you were using basic mode/TPM).


Richard G. Harper;1221716 Wrote:
> You can boot with a CD/DVD/bootable device - but since the contents of
> the
> hard drive are encrypted (all but a small startup stub) it doesn't do
> you
> any good anyway.
>
> "groffg" <> wrote in message
> news:...
> >
> > Anyone had any experience bypassing BitLocker (basic mode) using the
> > recovery console (i.e., booting to the Windows DVD or rescue CD)?
> Based
> > on the documentation, seems like it would work (provided BIOS is
> > configured to boot to CD/DVD drive before the HDD).
> >
> > Having said that, would M$ allow such an obvious attack vector? I
> don't
> > have a machine w/ a TPM right now, so I can't test this myself.
> Anyone
> > tried this out?


--
groffg
Posted via http://www.vistaheads.com

groffg wrote:

> But I thought the Windows recovery CD/DVD was "bitlocker compatible,"
> meaning that if you boot to the CD/DVD, and bitlocker is detected, then
> it would allow you to authenticate first (which would happen
> transparently in the event you were using basic mode/TPM).

No, that doesn't work as you expect it. If not boot from your HDD the boot
code is different and therefore the TPM is blocked.
Bitlocker volumes can be access from the Vista installation environment
AFAIR only by entering the Bitlocker recovery key (the "numerical monster")
or by providing a saved key on an usb drive.

Robert

Ahh, makes sense. Thank you Robert.

Robert Kochem;1227468 Wrote:
> groffg wrote:
>
> > But I thought the Windows recovery CD/DVD was "bitlocker
> compatible,"
> > meaning that if you boot to the CD/DVD, and bitlocker is detected,
> then
> > it would allow you to authenticate first (which would happen
> > transparently in the event you were using basic mode/TPM).
>
> No, that doesn't work as you expect it. If not boot from your HDD the
> boot
> code is different and therefore the TPM is blocked.
> Bitlocker volumes can be access from the Vista installation
> environment
> AFAIR only by entering the Bitlocker recovery key (the "numerical
> monster")
> or by providing a saved key on an usb drive.
>
> Robert


--
groffg
Posted via http://www.vistaheads.com