• caglararli@hotmail.com
  • 05386281520

How can Bitlocker do this?

Çağlar Arlı      -    7 Views

How can Bitlocker do this?

Im about to upgrade my CPU that has TPM in it. Bitlocker is TPM+PIN+Keyfile. Now, naturally when upgrading CPU I will suspend Bitlocker, shutdown, change CPU and reboot. OK, I can understand that since plaintext key is/was stored in hdd, it can actually decrypt the secrets and boot the computer to Windows (exactly this one time). But, how the hell...?

  1. How can or can the new CPU/TPM cryptographically include the keyfile in the re-encrypting the Bitlocker secrets during this reboot? It has not seen that keyfile now, since bitlocker was suspended and no keyfile inserted.

  2. How can or can the CPU/TPM include the old PIN used to protect its secrets/Bitlocker during this reboot? It has not seen that PIN now, since bitlocker was suspended and no PIN entered + old CPU/TPM is no longer attached to computer.

I would understand if changing a component in the Bitlocker encryption would require old components to be present at the time new components are setup, so that they could be included in the new setup, for example, that you would need to boot the system once without those components ("Bitlocker suspended") but then it would ask those components to include them when re-encrypting Bitlocker secrets, or for example it would require two reboots to complete this (first without anything and second with the old keyfile etc.). But this is apparently not the case. Its one reboot and all is working again. How is this possible? When Bitlocker is suspended, only a plaintext encryption/decryption key is putted to hdd, nothing else. The secrets inside TPM nor the keyfile are putted there - and how the hell the keyfile could be, since Windows does not have access to it anymore (only Bitlocker decryption key is kept in memory after boot). But somehow Bitlocker can still include them when encrypting the Bitlocker secrets.

Please explain this to me in plain english.