Yes, if the key isn't in the TPM then it can't be sniffed. Secure boot would need to be enabled to protect against the threat model bitlocker is only good for here. Alternatively using a PIN would mean the key is only exposed once the PIN is typed (still vulnerable to a hardware attack, but requires physical modification).
No comments yet.