It was just a matter of time until flaws are published. The entire bitlocker / TPM concept from M$ is a joke and they don't take it serious themselves. M$ is completely responsible since they certify the hardware as 'bitlocker suitable' and people who trust in the Bitlocker/TPM concept are screwed.
I have pointed on senselessness when it has been announced for w8 already. First of all one must not confuse the official purpose: UEFI secure boot does NOT prevent that malware can be installed or modifications of the bootloader are done. It ensures the integrity of it and only then it boots. Secure boot is no feature to prevent malware, nor to protect personal data. It's also not here to exclude devices to boot.... If there would be just the system partition allowed to boot you simply could have access to that device from another OS. To prevent that you have to encrypt it by 3rd party solutions, it's not the original purpose of secure boot either way. Other things: UEFI has been announced as requirement to realize GPT boot. That's BS. To boot from GPT can be realized with a 'legacy' BIOS as well. It has been introduced to make people stick to their OS, but resistance was strong... A simple correlation: What has malware that has been installed and the freedom to run another OS in common? A change of the installation / system contents! What is a established measure to have control? To sign a condition that is considered as normal and safe and by changing signature a change is detected. It's no wonder that 'security' and freedom are always co-affected. What would be the solution? The user determines his own idea of normal condition and signs THAT on his own.
Perhaps the best thing is not to use Bitlocker at all and use a 3rd party solution. Sorry. But to Me, UEFI is a useless piece of crap. Yup. Another gimmick designed to discourage people from switching OSes.
That's what happen when you use NSA-approved / developed software like BitLocker and VeraCrypt. Use TrueCrypt 7.1a instead.
Hmmm...one important reason to migrate to Linux was for me the encryption of partitions / volumes. Already the default way offered by the installer can be considered as safe. If you're a freak you can make your own..Linux comes with anything to make your custom encryption (cryptsetup), setup of LUKS and LVM...with custom key lengths and own custom parameters..
I only use BitLocker on a SanDisk flash drive that I store all my crypto passwords on. Naturally I have a crypto PW printout in the 90 minute gun safe too. I have not experienced any problems yet.. knock knock