How feasible is it for an attacker with physical access to a Windows 10 machine to be able to extract the clear text of its UEFI 'system password'? (By which I mean the password requested by UEFI on initiating boot up.)
I understand that it is unlikely to be brute-force guessable in a practical time frame because after 3 failed guesses a system reboot is required. The question is about whether there are more sophisticated means of attack that would reveal its clear text. (Various sites, such as https://1024kb.co.nz/biosefi-password-cracking-update/ claim to be able to do replace the password or to provide a master password - I am only interested in the clear text of the original password itself)
I understand that the UEFI system password is stored in NVRAM. If an attacker went to the trouble of decapping the chip containing the password would it be recoverable?
To be clear, this is not something I am trying to do. I want to find out whether it is theoretically possible that someone could do it to me.