Part 10/15:

To mitigate this, Roberts proposes employing a bind key—a symmetric secret object stored securely within the TPM, protected by a user-created password or PIN. When establishing a session, the host uses this bind key to authenticate the session, adding a layer of entropy that makes offline brute-force attacks significantly more difficult. This approach effectively associates the TPM session with a secret known only to the legitimate owner, preventing attackers from trivially replaying or forging TPM messages.