> Can you even get the secret from the TPM in recovery mode?

Given that you can (relatively trivially) sniff the TPM communication to obtain the key [1], yes it should be possible. Can't verify it though as I've long ago switched to Mac for my primary driver and the old cheesegrater Mac I use as a gaming rig doesn't have a hardware TPM chip.

[1] https://pulsesecurity.co.nz/articles/TPM-sniffing

TPMs embedded in the processor (fTPM) are pretty popular and it's a lot harder to sniff communications that stay inside the cpu.

yea I don't need an attack on a weak system, I mean the authorized legal normal way of unlocking BL from Windows when you have the right credentials. Windows might not be able to unlock BitLocker with just your password.

I don't know how common it is to disable TPM-stored keys in companies, but on personal licenses, you need group policy to even allow that.

Although this is moot if Windows recovery mode is accepted as the right system by the TPM. But aren't permissions/privileges a bit neutered in that mode?