I'm exploring the security of Bitlocker when combined with TPM and secure boot (and no password for Bitlocker or BIOS), and am struggling with something -
Does/How does Windows protect the early boot process?
For example - Lets say a computer with the bitlocker encrypted drive is stolen, but the thief does not know login credentials to get into Windows. What, if any, protections are in place to prevent the thief making changes to the early boot environment to allow the theif to add/change a password/get a shell without requiring a valid login?
Possibly begging the question, but is the early boot process signed/measured in such a way as to prevent this attack vector, and if so, how?
Bonus if anyone can advise of a way to actually bypass the Bitlocker/TPM protection/chain without using the Bitlocker recovery key. (I believe there is/theoretically was a mechanism to abuse the Windows upgrade process to bypass this protection, but I've no idea how this would be implemented or how hard - or if there are simpler ways)
To clarify elements of my post:
At this link, Microsoft says "The TPM-only authentication mode is easiest to deploy, manage, and use. It might also be more appropriate for computers that are unattended or must restart while unattended. However, the TPM-only mode offers the least amount of data protection. If parts of your organization have data that is considered highly sensitive on mobile computers, consider deploying BitLocker with multifactor authentication on those computers." - I am trying to quantify this risk.
When I say "early boot process", I'm talking about when Windows takes over booting, but before the main OS has been loaded (ie the stub/initial bit which loads the Bitlocker driver and other early processes which are found on the non-encrypted partition which bitlocker drives have - and then hands off to the main boot)