Yes! During boot. We’re starting to converge.
My understanding is that the system knows the password at boot, therefore the snoop knows it, if not at the first attempt, it can remember what password was used on the first genuine boot up for the second snoop try.
What I’m envisioning is roughly the equivalent of a key logger on the tunnel.
Uh. What’s EFI?
EFI or UEFI is the up-and-coming replacement for the BIOS. It’s essentially flash memory on the mainboard with a bootloader on it. My 5 year old ASUS motherboard has both BIOS and UEFI. I can turn off UEFI or bypass it, and I do, but many systems nowadays have UEFI BIOS built in.
What does this facilitate? Well, it’s faster than BIOS. It’s also less precarious to flash upgrades. And if your hard drive ever goes tango-uniform, the UEFI can utilize your system and boot into a stripped-down Linux OS to get you online for troubleshooting. It’s not feature-rich, but it works.
The problem with Win8’s Secure Boot is that it locks down the UEFI chip. You are locked out of your own BIOS. In the past, manufacturers would flash your BIOS chip with a proprietary bootloader, and you’d be hamstrung on what settings could be changed. With the UEFI, they can load whatever they want into the BIOS and lock you out of it altogether. That’s what Secure Boot does. Thus, it eliminates your ability to wipe the disk and install Linux or use GRUB to dual-boot. Think about that: if you want to use your machine for something OTHER than Windows, you can’t. That pisses me off, personally.
So that’s really the convergence here. UEFI + TPM being taken over means you have no control or rights to the hardware you own. That’s why the Germans are pissed. I can’t blame them.