> "BitLocker uses the TCG Reset Attack Mitigation, also known as MOR bit (Memory... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

bangaladore on Dec 30, 2024 | parent | context | favorite | on: Dumping Memory to Bypass BitLocker on Windows 11

> "BitLocker uses the TCG Reset Attack Mitigation, also known as MOR bit (Memory Overwrite Request), before extracting keys into memory."

(Edit: No this is a UEFI request to clear memory. Below is incorrect.)

I don't think this is what the commenter was mentioning. I think this essentially makes it only possible to extract the key from the TPM once and then the TPM needs to be powered off and back on to get it again.

The TPM has no control over whats in the system memory, so if they key is in system memory, no TPM mitigations are going to help.

UEFI firmware must support clearing the keys from RAM.

mjg59 on Dec 30, 2024 [–]

This is exactly what I was mentioning. Despite being a TCG spec, it's implemented in firmware and has no hard requirement on a TPM at all.

bangaladore on Dec 30, 2024 | [–]

Okay, thanks for the correction.

The naming there is definitely confusing. Particularly as it sounds like a key attribute bit.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact