Hello,

Does anyone know about this issue?

https://github.com/jc-lab/securekit/blob/466abe16bfe4f28ef86db6bc72649214ab2e4b51/pkg/securekit-disk/opt/securekit/sbin/disk-init#L82-L86

Here's one example of sealing and unsealing.
This method seems (probably?) to prevent the sniffing attack, which was a vulnerability of Bitlocker in the past.

But isn't a MITM attack possible in the process of creating an encrypted session?

I am not familiar with the process of establishing a session,
However, it seems that MITM can be prevented only by using a session key encrypted with the EK of the TPM, or by signing the asymmetric key with the EK to derive the key, when creating a session.

Is MITM not considered in TPM? Or is there another way?

Regards,