I was reading about the ROCA attack, and how a lot of software is vulnerable. Apparently Bitlocker from Microsoft is also vulnerable, because it protects its keys with SRK of (ROCA vulnerable) TPM. But what I don't understand is how would an attacker get access to public part of SRK.
Let's suppose the following scenario - an attacker steals a Bitlocker protected laptop (Bitlocker using TPM only). How would he be able to break in? If he boots normally the disk can be decrypted, but he won't be able to log in and use it. If he will use a different bootloader so he won't need to log in, the TPM will throw some error and he can't decrypt the drive, right?
So my question is - how could an attacker in the scenario above get the public part of SRK? (to get access to the stolen data)
