Microsoft ha spiegato il processo di decrittografia BitLocker basato su chiave USB e TPM su questo articolo.
Processo chiave USB:
The steps in the illustrated sequence are as follows:
1- The operating system starts and prompts the user to insert a USB device that contains the USB key. 2- The VMK is decrypted with the key on the USB device.
3- The encrypted FVEK is read from the volume and the decrypted VMK is used to decrypt it.
4- Disk sectors are decrypted with the FVEK as they are accessed.
5- Plaintext data is provided to applications and processes.
Processo di inizializzazione del TPM:
The steps in the illustrated sequence are as follows:
1- The BIOS starts and initializes the TPM. Trusted/measured components interact with the TPM to store component measurements in the TPM's Platform Configuration Registers (PCRs).
2- If the PCR values match the expected values, the TPM uses the storage root key (SRK) to decrypt the volume master key (VMK).
3- The encrypted FVEK is read from the volume and the decrypted VMK is used to decrypt it.
4- Disk sectors are decrypted with the FVEK as they are accessed.
5- Plaintext data is provided to applications and processes.
In Windows 8 e 8.1, BitLocker ha una nuova funzionalità che consente all'utente di utilizzare solo un PIN per decrittografare i dati. Ma come funziona la decrittografia basata su Only-PIN? in cui le funzionalità TPM e USB-key sono entrambe disabilitate e utilizziamo solo un PIN simile a una password per decrittografare i dati del volume. Decodifica VMK, FVEK come altri metodi o decodifica i dati direttamente?