> Is there an attack vector that doesn't require privileged access or physical access to the machine without bitlocker/tpm?

In the past, RDMA over Firewire used to be such an attack vector, see the Inception tool that could unlock Windows machines reliably. Presently, there seem to be openly described solutions for using an FPGA hooked up to the TPM to grab keys from the wire. Both types of attacks require physical access and somewhat specialized tools, but AFAIK both work even when Bitlocker and TPM is present.

I don't understand why anyone who actually cares about security uses Bitlocker, and not one of the systems that ask for a password before booting Windows. The latter reduces the attack surface by such a large amount, it's a no-brainer.

> I don't understand why anyone who actually cares about security uses Bitlocker, and not one of the systems that ask for a password before booting Windows.

Bitlocker also supports using a password at boot.

If I'm understanding correctly, did the RDMA attack work because it was able to probe arbitrary memory-mapped registers on request?

And for the TPM attack, is the FPGA able to initiate it? or would this have to be some kind of hardware implant? the latter isn't a big deal - plenty of ways to bug a machine given invasive physical access - the former would be a serious TPM breach akin to GrayKey.

also I'm a little clueless, but my secure laptop has a Bitlocker boot password, with autologin disabled even during updates iirc. does that not mitigate?

I think if you have Bitlocker set up with a boot password, and you are careful to shut down when you're not using the computer, then you're probably fine. But in my experience most people use Bitlocker just with the Windows login prompt.

As I understand it, the FPGA is able to initiate the TPM key extraction, yes. So it's not a sniffer that has to wait for the user to input the password.

https://pulsesecurity.co.nz/articles/TPM-sniffing