[16] Starting with Windows Server 2012 and Windows 8, Microsoft has complemented BitLocker with the Microsoft Encrypted Hard Drive specification, which allows the cryptographic operations of BitLocker encryption to be offloaded to the storage device's hardware, for example, self-encrypting drives.
(Note that some non-malicious changes to the boot path may cause a Platform Configuration Register check to fail, and thereby generate a false warning.
This cryptographic secret is used to decrypt the Volume Master Key (VMK) and allow the bootup process to continue.
[44] However, TPM alone is not enough: All these attacks require physical access to the system and are thwarted by a secondary protector such as a USB flash drive or PIN code.
[49][50] According to Microsoft sources,[51] BitLocker does not contain an intentionally built-in backdoor, so there is no Microsoft-provided way for law enforcement to have guaranteed access to the data on a user's drive.
In 2006, the UK Home Office expressed concern over the lack of a backdoor and tried entering into talks with Microsoft to get one introduced.
[52] Microsoft developer and cryptographer Niels Ferguson denied the backdoor request and said, "over my dead body".
[53] Microsoft engineers have said that United States Federal Bureau of Investigation agents also put pressure on them in numerous meetings to add a backdoor, although no formal, written request was ever made; Microsoft engineers eventually suggested that agents should look for the hard copy of the encryption key that the BitLocker program suggests that its users make.
Stated by Netherlands-born cryptographer Auguste Kerckhoffs in the 19th century, the principle holds that a cryptosystem should be secure, even if everything about the system, except the encryption key, is public knowledge.
Since 2020, BitLocker's method and data structure is public knowledge due to reverse engineering; the Linux cryptsetup program is capable of reading and writing BitLocker-protected drives given the key.
[56] Dan Rosendorf's research shows that removing the Elephant Diffuser had an "undeniably negative impact" on the security of BitLocker encryption against a targeted attack.
[57] Microsoft later cited performance concerns, and noncompliance with the Federal Information Processing Standards (FIPS), to justify the diffuser's removal.
[58] Starting with Windows 10 version 1511, however, Microsoft added a new FIPS-compliant XTS-AES encryption algorithm to BitLocker.
[64] The flaw is the Return of Coppersmith's Attack or ROCA vulnerability which is in a code library developed by Infineon and had been in widespread use in security products such as smartcards and TPMs.