alt Hacker NewsSniffing the TPM's been available for quite some time, actually - and quite cheap!
https://pulsesecurity.co.nz/articles/TPM-sniffing
The best way would be to arguably keep the key completely off the TPM and use remote attestation. There's some preboot products out there like WinMagic SecureDoc* that use a little Linux partition, spin up just enough to get a network connection up to a remote server, provide authentication services, and then send the Bitlocker key down, unlock the partition, and chainload onwards to Windows.
* I acquired an enterprise device on eBay and was VERY surprised to find this product on it as the preboot protector. Zero way to crack in from my end, so I applaud it. There's even some MFA solutions they offer around this! https://winmagic.com/en/solutions/mfa-windows-login/
Something I've never understood about TPM attestation, is what happens if you plug the TPM into a microcontroller and give it all the same measurements that it would normally receive during a normal boot? Would that let you spoof attestations?