As a follow-up to Full Disk Encryption for those moving from #Windows10, #openSUSE offers #FDE secured by TPM2 or FIDO2 for #BitLocker-like security. 
#10isEnough #EndofWindows10 #UpgradetoFreedom today! https://news.opensuse.org/2024/09/20/quickstart-fde-yast2/
I’ve updated my bitlocker attacks list https://github.com/Wack0/bitlocker-attacks
The main addition here is documentation of “break out in hives” (CVE-2024-20666, nice) and its variant (CVE-2025-21213).
The most interesting thing here is that it’s technically still not fixed - the fix was only applied to the PCA2023-signed bootmgr_ex, so without the KB5025885 mitigations applied (and other default settings which nobody ever changes), you’re still vulnerable without even needing a downgrade attack for bootmgr.
(If you’re using TPM-only bitlocker, you really should be using legacy integrity validation - that is, Allow Secure Boot for integrity validation policy DISABLED with PCRs 0,2,4,7,11 set - legacy integrity validation was never vulnerable to these issues in the first place! This would imply bitlocker potentially going into recovery more often with windows updates, but it’s a choice between that and currently broken bitlocker vulnerable to various boot-time software issues combined with downgrade attacks)
The main issue here is that starting from Windows 10 (th1), the systemdatadevice element was added to winload; if present the SYSTEM hive is loaded from this block device instead of the (bitlocker encrypted) OS partition.
Therefore, the first (easiest) exploitation method was to pull a SYSTEM hive from boot.wim, modify it to set SYSTEM\Setup!CmdLine to cmd.exe, and set up the WinRE boot entry to use it; booting WinRE would then pop a SYSTEM shell with bitlocker keys derived and in memory.
The original fix just removed the systemdatadevice support from winload, but (at least in some cases) the older revisions of winload (for the same major Windows version) would still boot Windows successfully; thus the second exploitation method: configure BCD to load winload from somewhere else (downgrade attack), booting the bitlocker-encrypted OS with custom SYSTEM hive taken from install.wim - it turned out that without winpe also set, this corrupted the SYSTEM hive on the bitlocker-encrypted OS partition; also the Win32 subsystem would fail to load, but native code execution would still work when setting SYSTEM\ControlSet001\Control\Session Manager!SetupExecute. Therefore, I took the old Native Shell codebase, ported it to AMD64, and modified it to acquire SeRestorePrivilege and open files with FILE_OPEN_FOR_BACKUP_INTENT (so permission checks would be ignored, so it’s possible to do the sethc trick at this point).
ExtractBitlockerKeys: extrae automáticamente claves de recuperación de Bitlocker de un dominio #bitlocker #herramientas #red_team #windows
https://www.hackplayers.com/2025/02/extractbitlockerkeys-extrae-de-dominio.html
Wobei man für das Szenario vermutlich Zugriff auf den Computer braucht. Also bei #Microsoft #BitLocker vermulich eher das Szenario: "normales" Benutzer-Konto vs. Administrator-Konto.
So wie es aussieht, werden Admins mit #Windows11 und Trusted Platform Modules noch viel Spaß haben.
Ein #Firmware Update der Firma #STM für ein #TPM in #Dell Laptops führte offenbar dazu, dass der Bestätigungsschlüssel (Endorsement Key) und das Zertifikat für diesen Schlüssel nicht mehr übereinstimmen. Als Folge davon funktioniert #Windows #Autopilot nicht mehr und das TPM muss mit allen bereits installierten Schlüsseln (z.B. #BitLocker) zurückgesetzt werden.
#Admin
https://patchtuesday.com/blog/0x80070490-tpm-attestation-timed-out-on-windows-11-24h2/
#Windows #BitLocker bug triggers warnings on devices with TPMs
Microsoft: Happy 2025. Here’s 161 Security Updates - Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities ... https://krebsonsecurity.com/2025/01/microsoft-happy-2025-heres-161-security-updates/ #microsoftpatchtuesdayjanuary2025 #microsoftaccess #latestwarnings #thecomingstorm #cve-2024-49142 #cve-2025-21186 #cve-2025-21210 #cve-2025-21298 #cve-2025-21311 #cve-2025-21333 #cve-2025-21334 #cve-2025-21335 #cve-2025-21366 #cve-2025-21395 #windowshyper-v #bitlocker
This Week in Security: IOCONTROL, (Location) Leaking Cars, and Passkeys - Claroty’s TEAM82 has a report on a new malware strain, what they’re calling IOCONT... - https://hackaday.com/2025/01/03/this-week-in-security-iocontrol-location-leaking-cars-and-passkeys/ #thisweekinsecurity #hackadaycolumns #doubleclickjack #securityhacks #bitlocker #news
@puppygirlhornypost2 @navi yeah, but that's a common problem based off #TechIlliteracy and lack of proper explaination!
Bonus points if #TPM bs prevents #DataRecovery.
It's 2024 and #Linux installers still ask for disabling #SecureBoot and #Bitlocker.
Bad news everyone: Only doing the easy 80% is not enough if Linux shall ever become a #mainstream OS.
I hope that when I reset it I can set up the damn thing WITHOUT Bitlocker, jeez.
I found so many Reddits with angry betrayed users hating on #Bitlocker as much as I have been tonight.
I did get an external drive last autumn, thank GOODNESS, though there are some things that will just be lost.
Like this giant year-long document-scanning catch-up project I'm in the middle of was way behind on backups so YAY. I'm no longer in the middle of it. Now back near the beginning. 
