VBootkit vs. Bitlocker in TPM mode

One of the guys in our group, Robert Hensing has an interesting post about VBootkit and whether BitLocker in TPM offers any defense. Short answer: yes, it does. Slightly longer answer: The BitLocker guys anticiated this attack and the really long answer is in his post.

Chalk up another one for Vista :)

Comments

• Anonymous
  January 08, 2008
  PingBack from http://msdnrss.thecoderblogs.com/2008/01/09/vbootkit-vs-bitlocker-in-tpm-mode/

• Anonymous
  January 11, 2008
  Of course, what happens after that is that the BitLocker system goes into "recovery", meaning that it asks you to provide the recovery key. How many organisations have a plan to inspect a machine to see if it's had its MBR overwritten before they will provide the recovery key? How many organisations, faced with a panicked CEO, about to give a speech to a crowd, who sees a "please provide the recovery key" prompt, will tell the CEO to bring the machine in for checking?