• Papamousse@beehaw.org
    link
    fedilink
    arrow-up
    54
    arrow-down
    1
    ·
    6 months ago

    uhoh, and wait for the time when the user will update his BIOS, that resets TPM2, and at reboot bitlocker asks for the 48 digits key to decrypt hard drive, that the user never saved…

      • Papamousse@beehaw.org
        link
        fedilink
        arrow-up
        14
        ·
        6 months ago

        it should be in your MS online account as someone wrote, but in case of, I always save it on a USB key, hidden somewhere. You can also print it, or take a picture of it with your phone. Because there is no way to get it back.

          • lud@lemm.ee
            link
            fedilink
            arrow-up
            4
            ·
            6 months ago

            Sure, but for most people encryption is mostly supposed to protect against the thief that took your laptop on the metro and not the NSA or whatever.

              • lud@lemm.ee
                link
                fedilink
                arrow-up
                2
                arrow-down
                1
                ·
                edit-2
                6 months ago

                Yes that is possible, but should I repeat what I wrote earlier or can you just read it again?

    • Moonrise2473
      link
      fedilink
      arrow-up
      5
      ·
      6 months ago

      Wait? My Lenovo laptop did exactly this. It first encrypted the SSD without telling me, then it updated the bios via windows update (or via Lenovo assistant, but still it was unattended)

      Luckily I was using a Microsoft account (usually I don’t because fuck that) so the keys were automatically backupped

      • Romkslrqusz@lemm.ee
        link
        fedilink
        arrow-up
        11
        ·
        6 months ago

        The automatic encryption and subsequent backup both took place because you were using a Microsoft Account

      • skuzz@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        The downside to that, is it means Microsoft is storing access to your hard drive encryption in their cloud.

        • Moonrise2473
          link
          fedilink
          arrow-up
          1
          ·
          6 months ago

          Which makes encryption pointless as it means it’s not encrypted for the government

    • qwerty@discuss.tchncs.de
      link
      fedilink
      arrow-up
      3
      ·
      6 months ago

      I updated my BIOS few days ago and on reboot got a warning about bitlocker and resetting fTPM, but I’m on linux. I dumped luks headers, and master priv keys before resetting just in case but everything worked as usual. Do you know if I just got lucky or if luks dosn’t use TPM? Should I hold on to the luks headers and master priv key backup?