IOMMU Bitlocker Recovery Keys

[l4rm4nd]

Hi @ufrisk ,

many thanks for this very cool project.

I'm conducting a security analysis of a locked Windows 10/11 workstation. It's an HP EliteBook 650 G9 model.

The disk is full-encrypted using Bitlocker. However, no PBA is enabled and I have full access to the BIOS. So once the workstation is booted up, I am seeing the regular Windows lock screen.

I've started disabling security features within the BIOS such as:

• Disabling Virtualization Based BIOS Protection
• Trusted Execution Technology (TXT)
• Virtualization Technology (VTx);
  • I've enabled this later on again when reading through the issues here on GitHub
• Virtualization Technology (VTd)
• DMA Protection

However, as soon as I disable TXT and VTd, I am greeted by the Bitlocker Recovery Key screen. TXT must be disabled in order to gain access to the VTd checkbox for disabling.

Am I correct that the DMA attack via Squirrle PCI will not work then?

I would likely have to conduct others attacks such as:

• TPM sniffing
• Airstrike Attack
• Rogue DC

[ufrisk]

I think you only have to disabled the VT-d, but I'm unsure about the "DMA Protection" as well.

Usually bitlocker is not tripped if doing this, but it depends on how it's configured and the computer model.