Symptoms
A BitLocker-protected computer may be vulnerable to Direct Memory Access (DMA) attacks when the computer is powered-on or in the Standby power state, including when the desktop is locked.
BitLocker with TPM-only authentication allows for a computer to enter the power-on state without any Pre-boot authentication. Therefore, an attacker may be able to perform DMA attacks.
In these configurations, an attacker may be able to search for BitLocker encryption keys in system memory by spoofing the SBP-2 hardware ID by using an attacking device that is plugged into a 1394 port.
This article applies to the following systems: Systems that are left powered-on. Systems that are left in the standby power state. Systems that use the TPM-only BitLocker protector.
Resolution
1394 Physical DMA
Industry standard 1394 controllers (OHCI compliant) provide functionality that allows for access to system memory. This functionality is provided as a performance improvement. It enables large amounts of data to transfer directly between a 1394 device and system memory, bypassing CPU and software. By default, 1394 Physical DMA is disabled in all versions of Windows.There are two options to enable 1394 Physical DMA: An administrator enables 1394 Kernel Debugging. Someone with physical access to the computer connects a 1394 storage device that complies with the SBP-2 specification1394 DMA Threats to BitLocker
BitLocker system integrity checks protect against unauthorized Kernel Debugging status changes. However, an attacker can connect an attacking device into a 1394 port, and then spoof an SBP-2 hardware ID. When Windows detects SBP-2 hardware ID, it loads the SBP-2 driver (sbp2port.sys), and then instructs the driver to allow for the SBP-2 device to perform DMA. This enables an attacker to gain access to system memory and search for BitLocker encryption keys.