The protection of FDE is the carrot they give to get you to enable TPM 2.0. The stick is the remote attestation which can be used for nefarious purposes like DRM and other types of denial/system lockdown at Microsoft’s discretion.
It’s true it’s hard to motivate people into taking a better security posture for themselves but forcing them like this doesn’t come from a good and sincere place.
“Protection” that require you to create an account and have the key auto-uploaded to their servers before the encryption is active. Not even a secret, they literall tell you they will upload your key. Lol
This 49 minute video ends with the presenter saying that fixes for what they demonstrated were shipped in July’s patch Tuesday
The recommended mitigation is the use of TPM and a PIN, which is going to apply to any machine where the user went “with the flow” during Windows 11’s OOBE
Thanks for this, I accidentally locked my wife’s tablet when I was testing if Linux would run on it from USB drive. Came back to win 11 and it was bitlocked, with no codes in her Microsoft account and no idea where else to find them. Hopefully I can study this and figure out a way to bypass it
The protection of FDE is the carrot they give to get you to enable TPM 2.0. The stick is the remote attestation which can be used for nefarious purposes like DRM and other types of denial/system lockdown at Microsoft’s discretion.
It’s true it’s hard to motivate people into taking a better security posture for themselves but forcing them like this doesn’t come from a good and sincere place.
“Protection” that require you to create an account and have the key auto-uploaded to their servers before the encryption is active. Not even a secret, they literall tell you they will upload your key. Lol
Especially given how easy it is to bypass Bitlocker anyway: https://youtu.be/Cc6vrQSVMII
This 49 minute video ends with the presenter saying that fixes for what they demonstrated were shipped in July’s patch Tuesday
The recommended mitigation is the use of TPM and a PIN, which is going to apply to any machine where the user went “with the flow” during Windows 11’s OOBE
Thanks for this, I accidentally locked my wife’s tablet when I was testing if Linux would run on it from USB drive. Came back to win 11 and it was bitlocked, with no codes in her Microsoft account and no idea where else to find them. Hopefully I can study this and figure out a way to bypass it
Awww, Windows. You can mitigate that by using a PIN on bitlocker drive. Possibly.
Edit: also more secure with security keys: https://www.yubico.com/works-with-yubikey/catalog/secure-disk-for-bitlocker/