At the Black Hat DC conference a presenter showed how one manufacturer's Trusted Platform Module (TPM) could be physically compromised to gain access to the secrets stored inside. The attack shown requires physical possession of the PC and requires someone with specialized equipment, intimate knowledge of semiconductor design, and advanced skills. While this attack is certainly interesting, these methods are difficult to duplicate, and as such, pose a very low risk in practice. Furthermore, it is possible to configure BitLocker in a way that mitigates this unlikely attack. “BitLocker remains an effective solution to help safeguard personal and private data on mobile computers. Microsoft published guidance in Data Encryption Toolkit for Mobile PCs, that discusses the balance of security and usability and details that the most secure method to use BitLocker in hibernate mode and a TPM+PIN configuration. With advancements in Windows 7, users that’re worries about potential attacks such as this one should also enable the Allow enhanced PINs for startup group policy setting for their environment.” stated.
Download: Data Encryption Toolkit for Mobile PCs