Microsoft to disable hardware encryption for BitLocker

[BachChain]

https://www.tomshardware.com/news/bitlocker-encrypts-self-encrypting-ssds,40504.html

 

 

In the continuing saga of "don't trust hardware manufacturers", Microsoft has announced that BitLocker will no longer by default utilise hardware encryption.

Quote

Here's the exact update Microsoft said it made in KB4516071:

Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change

 

Their reasoning is based on repeatedly finding that hardware implementations often have severe flaws, significantly harming security

Quote

"SwiftOnSecurity" called attention to this change on September 26. The pseudonymous Twitter user then reminded everyone of a November 2018 report that revealed security flaws, such as the use of master passwords set by manufacturers, of self-encrypting drives. That meant people who purchased SSDs that were supposed to help keep their data secure might as well have purchased a drive that didn't handle its own encryption instead. Those people were actually worse off than anticipated because Microsoft set up BitLocker to leave these self-encrypting drives to their own devices. This was supposed to help with performance--the drives could use their own hardware to encrypt their contents rather than using the CPU--without compromising the drive's security. Now it seems the company will no longer trust SSD manufacturers to keep their customers safe by themselves.

 

[dfsdfgfkjsefoiqzemnd]

This is a good move. 

 

I'm surprised they ended up doing it after all.  I figured it just wasn't going to happen.  As the article points out, we've known about these hardware encrypting issues for 10 months now. 

[DrMacintosh]

I'd have to say that this is a good thing. Apple has (or is very shortly going to) realized that hardware encryption/decryption runs significant risks. Apple uses the T2 Security chip to handle FileVault OTF encryption/decryption. This chip also talks to various sub-systems on the Logic board. If this chip fails for any reason, the machine ceases to operate.

 

This Louis Rossmann video explains how the T2 posses a significant risk to right to repair and serviceability of Macs. Any similar hardware used by a PC OEM can have similar ramifications. 

 

However going the software route posses an equally troubling suite of problems. Namely, the protection of decryption keys from local or remote attackers. 

 

It's a mixed bag but my instinct as a Mac owner is to say f*ck physical security chips that can brick my machine. 

[elfensky]

54 minutes ago, DrMacintosh said:

It's a mixed bag but my instinct as a Mac owner is to say f*ck physical security chips that can brick my machine. 

But we CARE about you. We brick your machine and completely destroy all and any ways for you to recover your data because we CARE about your privacy and security. After all, no1 can get the data if there is no data. /s

[dfsdfgfkjsefoiqzemnd]

43 minutes ago, ElfenSky said:

After all, no1 can get the data if there is no data.

Ah, the Seagate philosophy

 

Spoiler

 

[2DollaKoala]

2 hours ago, DrMacintosh said:

I'd have to say that this is a good thing. Apple has (or is very shortly going to) realized that hardware encryption/decryption runs significant risks. Apple uses the T2 Security chip to handle FileVault OTF encryption/decryption. This chip also talks to various sub-systems on the Logic board. If this chip fails for any reason, the machine ceases to operate.

 

This Louis Rossmann video explains how the T2 posses a significant risk to right to repair and serviceability of Macs. Any similar hardware used by a PC OEM can have similar ramifications. 

 

However going the software route posses an equally troubling suite of problems. Namely, the protection of decryption keys from local or remote attackers. 

 

It's a mixed bag but my instinct as a Mac owner is to say f*ck physical security chips that can brick my machine. 

To be fair, Apple has Time Machine. So if something did go wrong, you would be good so long as you have a backup drive, and that too can be encrypted very easily and is not dependent on the T2 chip.

[williamcll]

Could it be done over the GPU?

[2DollaKoala]

I noticed this when I set up my newest PC. I bought the TPM 2.0 module for my new board, popped it in, set up BitLocker, and went about my day. But then I needed to do a firmware update for my board... Oh, I'll need my recovery key for that because, oh it resets the software version of the TPM stuff. So I disabled that in the BIOS and the system immediately recognized the hardware TPM. Typed in that recovery key and boom, no trouble.

 

So yeah, I don't see this as a bad thing since many PC's don't have a hardware TPM installed and it would still be nice for users to add that layer of security even though it might not be as good as it could be. That being said, I wish Windows 10 told me I was using the software version when I had the hardware one plugged in. RTFM on my part I guess. New boards have new crap. Who knew?

[Trik'Stari]

2 hours ago, Captain Chaos said:

This is a good move. 

 

I'm surprised they ended up doing it after all.  I figured it just wasn't going to happen.  As the article points out, we've known about these hardware encrypting issues for 10 months now. 

Maybe they were waiting for something to be concluded before making changes?

[2DollaKoala]

19 hours ago, Trik'Stari said:

Maybe they were waiting for something to be concluded before making changes?

Were they just waiting for enough manufacturers to implement TPM-S? Edit: built in firmware security without a TPM module?

Edited September 30, 2019 by 2DollaKoala

[Tenelia]

5 hours ago, DrMacintosh said:

I'd have to say that this is a good thing. Apple has (or is very shortly going to) realized that hardware encryption/decryption runs significant risks. Apple uses the T2 Security chip to handle FileVault OTF encryption/decryption. This chip also talks to various sub-systems on the Logic board. If this chip fails for any reason, the machine ceases to operate.

 

This Louis Rossmann video explains how the T2 posses a significant risk to right to repair and serviceability of Macs. Any similar hardware used by a PC OEM can have similar ramifications. 

-snip-

I've been helping to assemble hardware for custom servers for a decade now, and I often wonder if there's gonna be a better method than this. Allowing manufacturers without a deep security expertise to take charge of security is generally a bad idea. This is also why companies exist that build a PCIE or USB security chip implementation to do what Apple's T2 chip does. I cannot imagine the future going ahead if we continue taking security for granted. We already have zero trust in component manufacturers and major software companies, so I think black hats are gonna have a wild fun time in the next decade.

[LAwLz]

7 hours ago, DrMacintosh said:

It's a mixed bag but my instinct as a Mac owner is to say f*ck physical security chips that can brick my machine. 

That should not be your instinct. The T2 actually serves a very important purpose and is there for a reason. I think it's a good thing.

The problem with the T2 is that it seems like other components break often, and you can't change those components without also changing the T2. Everything related to how the T2 works, that your files becomes unrecoverable if it's damage, etc, that's how proper and secure encryption has to work.

 

 

6 hours ago, ElfenSky said:

But we CARE about you. We brick your machine and completely destroy all and any ways for you to recover your data because we CARE about your privacy and security. After all, no1 can get the data if there is no data. /s

I know you're being sarcastic, but you're actually right.

If there was an easy way for someone like Rossmann to get access to the data on a machine then it wouldn't be properly secured.

Just think about it for a minute. If some repair guy could access the encrypted data on your drive, then so could any thief who has stolen your laptop too.

 

 

4 hours ago, williamcll said:

Could it be done over the GPU?

Not with any speed benefit compared to CPU.

GPU is good at brute forcing the password on encrypted drives because it can guess a ton of passwords quickly. The same is not true for encrypting data with a specific password.

It could be done using AES-NI though, which is really fast and supported on most processors from the last ~7 years.

 

 

4 hours ago, 2DollaKoala said:

I noticed this when I set up my newest PC. I bought the TPM 2.0 module for my new board, popped it in, set up BitLocker, and went about my day. But then I needed to do a firmware update for my board... Oh, I'll need my recovery key for that because, oh it resets the software version of the TPM stuff. So I disabled that in the BIOS and the system immediately recognized the hardware TPM. Typed in that recovery key and boom, no trouble.

I'm not following you here. You disabled the TPM in BIOS, and then your computer recognized the TPM? I thought you said it was disabled.

What you experienced is not related to what is happening in this thread though. What's referenced in this thread is the news that a lot of self encrypting drives has security issues in the way the crypto engine and encryption worked on the drive itself. That is to say, it was not a problem related to Bitlocker. It was a problem where someone could remove a drive, bypass all the TPM and Bitlocker stuff, and still decrypt the drive. It was a flaw in something that the users never even encounter because users only interact with Bitlocker. These were flaws in the layers below that.

 

5 hours ago, 2DollaKoala said:

So yeah, I don't see this as a bad thing since many PC's don't have a hardware TPM installed and it would still be nice for users to add that layer of security even though it might not be as good as it could be. That being said, I wish Windows 10 told me I was using the software version when I had the hardware one plugged in. RTFM on my part I guess. New boards have new crap. Who knew?

This will not change the TPM requirement, or anything related to TPM really. This is just a change to where the encryption is done. The rest should stay the same.

 

4 hours ago, 2DollaKoala said:

Were they just waiting for enough manufacturers to implement TPM-S?

From what I know, TPM-S is just ASRock's branding on TPM. Other than the name on the box, it's the same as other TPMs.

[DrMacintosh]

55 minutes ago, LAwLz said:

Everything related to how the T2 works, that your files becomes unrecoverable if it's damage, etc, that's how proper and secure encryption has to work.

Be that as it may, I still view the resulting repair cost for a single sub-system failure that gets billed to the consumer doesn't seem fair. The T2 chip complicates something that should be a relatively easy repair. 

 

Then again, the latest MacBook Pro's have no individually repairable/replaceable components to begin with. The T2 can actually prevent certain board level repairs which is just not cool imo. 

[TechyBen]

1 hour ago, LAwLz said:

That should not be your instinct. The T2 actually serves a very important purpose and is there for a reason. I think it's a good thing.

The problem with the T2 is that it seems like other components break often, and you can't change those components without also changing the T2. Everything related to how the T2 works, that your files becomes unrecoverable if it's damage, etc, that's how proper and secure encryption has to work.

 

 

I know you're being sarcastic, but you're actually right.

If there was an easy way for someone like Rossmann to get access to the data on a machine then it wouldn't be properly secured.

Just think about it for a minute. If some repair guy could access the encrypted data on your drive, then so could any thief who has stolen your laptop too.

 

 

Not with any speed benefit compared to CPU.

GPU is good at brute forcing the password on encrypted drives because it can guess a ton of passwords quickly. The same is not true for encrypting data with a specific password.

It could be done using AES-NI though, which is really fast and supported on most processors from the last ~7 years.

 

 

I'm not following you here. You disabled the TPM in BIOS, and then your computer recognized the TPM? I thought you said it was disabled.

What you experienced is not related to what is happening in this thread though. What's referenced in this thread is the news that a lot of self encrypting drives has security issues in the way the crypto engine and encryption worked on the drive itself. That is to say, it was not a problem related to Bitlocker. It was a problem where someone could remove a drive, bypass all the TPM and Bitlocker stuff, and still decrypt the drive. It was a flaw in something that the users never even encounter because users only interact with Bitlocker. These were flaws in the layers below that.

 

This will not change the TPM requirement, or anything related to TPM really. This is just a change to where the encryption is done. The rest should stay the same.

 

From what I know, TPM-S is just ASRock's branding on TPM. Other than the name on the box, it's the same as other TPMs.

Not really. Rossman can have the customer *use* a login. However, if T2 goes the full Apple route, anything (a single keycap on that keyboard) breaking will delete your entire data of PC.

 

So yeah, balance is needed. You could kill my spinning HDD cables/connectors/chips, and I could put new boards on the HDD platters, and (theoretically, alignment be damned) type my password in, and get the data back. On my SSD, if my PC dies, I can plug the SSD into a new one, type my password, get my data.

 

Apple iMac? I'm stuffed! (I also for example have and SD card unencrypted on my phone for easy/quick/backup of non-personal/sensitive photos. So should I drop/break my phone, I don't lose EVERYTHING. I also have an encrypted folder internally for banking apps etc... so *balance!*)

[LAwLz]

45 minutes ago, DrMacintosh said:

Be that as it may, I still view the resulting repair cost for a single sub-system failure that gets billed to the consumer doesn't seem fair. The T2 chip complicates something that should be a relatively easy repair. 

Again, that's a problem because of other components not being replaceable without an entire board swap. It's not a problem because of the T2.

You're putting the blame on the wrong thing here.

 

47 minutes ago, DrMacintosh said:

Then again, the latest MacBook Pro's have no individually repairable/replaceable components to begin with. The T2 can actually prevent certain board level repairs which is just not cool imo. 

Prevent certain board level repairs such as?

 

 

14 minutes ago, TechyBen said:

Not really. Rossman can have the customer *use* a login. However, if T2 goes the full Apple route, anything (a single keycap on that keyboard) breaking will delete your entire data of PC.

No that is not true. A single keycap does not delete the entire data of the PC. As long as the T2 and SSD are not broken, nothing is deleted. The problem is that component failures in a Mac requires you to swap out the logic board, which means you swap out the T2 chip. That is when problems occur.

The blame is on non-modular design of parts which requires the T2 chip to be swapped. The T2 chip is not to blame.

 

 

18 minutes ago, TechyBen said:

So yeah, balance is needed. You could kill my spinning HDD cables/connectors/chips, and I could put new boards on the HDD platters, and (theoretically, alignment be damned) type my password in, and get the data back. On my SSD, if my PC dies, I can plug the SSD into a new one, type my password, get my data.

No you can't if you use a TPM. A TPM ties the decryption key to the module.

The reason why YOU can put your drive into another computer is because everything on your computer is in clear text and anyone, including thieves, can access it, even without your password (if you're referring to your Windows password).

You can swap components left and right because you do not have any security, which is bad.

 

20 minutes ago, TechyBen said:

Apple iMac? I'm stuffed! (I also for example have and SD card unencrypted on my phone for easy/quick/backup of non-personal/sensitive photos. So should I drop/break my phone, I don't lose EVERYTHING. I also have an encrypted folder internally for banking apps etc... so *balance!*)

Good thing MacOS offers this balance too. Remember, FDE is an optional feature in MacOS which you have to actively enable. If you don't enable it then you can swap drives however much you like, even on Macs with the T2 chip.

[TechyBen]

Just now, LAwLz said:

Again, that's a problem because of other components not being replaceable without an entire board swap. It's not a problem because of the T2.

You're putting the blame on the wrong thing here.

 

IIRC the T2 is doing serial number checks. So no, it's preventing repair (Rossman can do board level, but any chip with serial numbers will thus fail).

Quote

Prevent certain board level repairs such as?

 

No that is not true. A single keycap does not delete the entire data of the PC.

Hyperbole. But removing a keyboard (single butterfly clip broken = entire laptop disassembly for the current models) but how long before the keyboard gets a serial number to match to the T2 chip? Fingerprint scanner or hacking of the keyboard to intercept passwords is possible. Where will Apple draw the line in preventing "hacks"?

Quote

As long as the T2 and SSD are not broken, nothing is deleted.

On a truecrypt/veracrypt drive, you only need the pass (or passfile if using something longer/2factor whatever)... any hardware *other* than the data it's self can be recovered. It's all in software.

Quote

The problem is that component failures in a Mac requires you to swap out the logic board, hen you can swap drives however much you like, even on Macs with the T2 chip.

No they don't.

Quote

which means you swap out the T2 chip. That is when problems occur.

The blame is on non-modular design of parts which requires the T2 chip to be swapped. The T2 chip is not to blame.

 

You could solder on new SSD chips. But without programming access, they would be working, but unbooted. This kinda makes things unrepairable by design, not by limits on the physics or mechanics doing repairs. It's close to DRM.

Quote

No you can't if you use a TPM. A TPM ties the decryption key to the module.

I'm not suggesting which is better or worse. Or which Apple should use. However, if it's a hardware key, that's fine. But preventing *repairs* due to an encryption key, is DRM, not protecting encryption (you could delete the key and reboot the Mac, instead of bricking the mac for example, which would allow repairs, and protect data, but no, Apple brick the mac instead!).

Quote

The reason why YOU can put your drive into another computer is because everything on your computer is in clear text and anyone, including thieves, can access it, even without your password (if you're referring to your Windows password).

You can swap components left and right because you do not have any security, which is bad.

 

Good thing MacOS offers this balance too. Remember, FDE is an optional feature in MacOS which you have to actively enable. If you don't enable it t

Point, reading comprehension "whoosh". I said when using veracrypt. Thus it's *not plaintext*. It's also not hardware key dependent. But that's another point. I've no problem with Apple giving the choice, or forcing, hardware keys for data. But hardware keys for Displays/SSDs access (to format/Reset) or general repairs (cpu/GPU etc) kinda starts to go down a strange rabbit hole I'm not sure we want as consumers.

 

Chips are *so cheap* at this point Apple could put the entire data structure and access in it's own separate trusted system, and allow the rest of the Mac complete swap outs, and still keep security... oh wait, they do this with the iPhones!!!  So don't say it can't be done.

 

Quote

Good thing MacOS offers this balance too. Remember, FDE is an optional feature in MacOS which you have to actively enable. If you don't enable it then you can swap drives however much you like, even on Macs with the T2 chip.

Yep. But that don't stop the T2 checking serial numbers to the screens and stopping those being swapped out.

[Doobeedoo]

Well good though, better not to have false sense of security if the thing doesn't work. On the other hand, hey don't trust hardware, trust software rather hah. 

[vorticalbox]

5 minutes ago, Doobeedoo said:

Well good though, better not to have false sense of security if the thing doesn't work. On the other hand, hey don't trust hardware, trust software rather hah. 

normaly I would say trust hardware over software but when it comes to encryption not so much.

a hardware vulnerability is basically impossible to fix, take for example by passing the boot loader to root phones. Though some are fixable via microcode update.

[RichardR]

I'm still not sure what view I take on encryption, especially with something like a TPM.

That said, I'm absolutely for removing support/disabling defective hardware solutions like this!

 

Having whole drive hardware encryption easily available to everyone seems a reasonable idea, but then if a broken solution is used then this gives a false sense of security.

If however it's trickier to encrypt the whole drive, then perhaps a pragmatic view can be taken. Does my archive of holiday photos all taken in public(ish) places I've been need to be encrypted - generally no. Any that do -> don't put in the archive!

Leaving these memories and sentimental items freely available and easy to backup and recover makes perfect sense.

 

Does my password manager database need to be encrypted -YES! and it is!

So I might loose my database if the encryption breaks or keys are lost. This is a pain, but crucially I can recover it all by regaining access to all my accounts for various things.

[LAwLz]

5 hours ago, TechyBen said:

IIRC the T2 is doing serial number checks. So no, it's preventing repair (Rossman can do board level, but any chip with serial numbers will thus fail).

Not sure what you mean by "serial number checks". Can you elaborate?

 

5 hours ago, TechyBen said:

Hyperbole. But removing a keyboard (single butterfly clip broken = entire laptop disassembly for the current models) but how long before the keyboard gets a serial number to match to the T2 chip? Fingerprint scanner or hacking of the keyboard to intercept passwords is possible. Where will Apple draw the line in preventing "hacks"?

Again, not sure what you mean when you reference serial numbers. Do you mean the T2 chip check serial numbers of individual components and then breaks if it detects a non-authorized serial or something along those lines?

 

5 hours ago, TechyBen said:

On a truecrypt/veracrypt drive, you only need the pass (or passfile if using something longer/2factor whatever)... any hardware *other* than the data it's self can be recovered. It's all in software.

Yes, and the way Veracrypt does it means someone can take the drive out, plug it into another machine and brute force it. Veracrypt puts 100% of the security on the passcode, which is not something feasible for everyday consumers. People want something like a 4-10 digit/character PIN/passcode. They do not want to type in 20-30 characters whenever they start their computer. Therefore, you need something which prevents brute force attacks. How do you do that? By tying the decryption to the specific laptop, and then put in a safeguard which prevents too many attempts in a certain time window.

This is how Bitlocker works too.

 

5 hours ago, TechyBen said:

No they don't.

They don't, what?

 

5 hours ago, TechyBen said:

You could solder on new SSD chips. But without programming access, they would be working, but unbooted. This kinda makes things unrepairable by design, not by limits on the physics or mechanics doing repairs. It's close to DRM.

What do you mean? I don't understand what you mean by "without programming access", and I don't understand why you think the T2 would prevent booting from a new SSD if it were put in.

 

5 hours ago, TechyBen said:

I'm not suggesting which is better or worse. Or which Apple should use. However, if it's a hardware key, that's fine. But preventing *repairs* due to an encryption key, is DRM, not protecting encryption (you could delete the key and reboot the Mac, instead of bricking the mac for example, which would allow repairs, and protect data, but no, Apple brick the mac instead!).

Maybe I have missed something, but can you please explain how the T2 chip prevents repairs?

Are you saying the T2 monitors the serial number of components and if it detects a new one it just bricks the entire machine? I find that hard to believe.

 

5 hours ago, TechyBen said:

Yep. But that don't stop the T2 checking serial numbers to the screens and stopping those being swapped out.

Can you please link me to a source which proves that the T2 checks the serial number of things like the screen, and then that it breaks something if it detects a new serial? I can't find anything of the sorts.

[LAwLz]

4 hours ago, vorticalbox said:

normaly I would say trust hardware over software but when it comes to encryption not so much.

a hardware vulnerability is basically impossible to fix, take for example by passing the boot loader to root phones. Though some are fixable via microcode update.

If you can't trust hardware, why do you trust the hardware which executes the software?

You can't categorize things like "software is X and hardware is Y" in these types of systems. Even the secure enclave for example, which is a hardware chip, also runs its own OS. So is that hardware or software? Well, it's both. I assume that the "software encryption" Microsoft will implement will use AES-NI, which is dedicated logics on the processor. So is that hardware or software? The news article says it's software, but it's hardware accelerated on the CPU.

And some things can not be done in hardware and some things can't be done in software. For example you can not protect against brute force attacks without both special hardware and software in place (such as a TPM).

[yolosnail]

16 hours ago, DrMacintosh said:

It's a mixed bag but my instinct as a Mac owner is to say f*ck physical security chips that can brick my machine. 

Don't delay, lose your data today!

 

I think it's a question of security vs convenience, and for most people convenience will always win.

 

Does the average person need their data to be securely encrypted on their device? Probably not.

 

I am of the opinion that hardware encryption should be optional, unless there is a way for the owner to decrypt the data in the event that the hardware encryption failed.

Would it be that difficult for Apple to offer an external device that contains a T2 chip that can 'back up' the encryption keys on the internal T2 chip which can then be stored in a secure location?

[jagdtigger]

34 minutes ago, yolosnail said:

I think it's a question of security vs convenience

This isnt about security. All the encryption is done inside the chip without the help of external stuff. So why the serial number checks? Its just another attempt to prevent 3rd party repairs.

[yolosnail]

2 minutes ago, jagdtigger said:

This isnt about security. All the encryption is done inside the chip without the help of external stuff. So why the serial number checks? Its just another attempt to prevent 3rd party repairs.

There is no way to justify Apple doing that, I was just talking about the encryption side of the T2 chip in relation to user data

[jagdtigger]

2 minutes ago, yolosnail said:

There is no way to justify Apple doing that, I was just talking about the encryption side of the T2 chip in relation to user data

There isnt a reason i can think of to have a separate chip for encryption in non-business stuff. SW based encryption is pretty good nowadays and more than enough to secure your device. No-one will bother to try and crack the encryption, its just doesnt worth the time and resources. They just wipe the device and sell it...