this post was submitted on 08 May 2024
133 points (96.5% liked)

Technology

37811 readers
19 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 6 years ago
MODERATORS
MinutePhrase@lemmy.ml
133
Windows 11 24H2 will enable BitLocker encryption for everyone — happens on both clean installs and reinstalls (www.tomshardware.com)
submitted 1 year ago by dvdnet62@feddit.nl to c/technology@lemmy.ml
73 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Frederic@beehaw.org 53 points 1 year ago (3 children)

uhoh, and wait for the time when the user will update his BIOS, that resets TPM2, and at reboot bitlocker asks for the 48 digits key to decrypt hard drive, that the user never saved...

[–] Blaiz0r@lemmy.ml 13 points 1 year ago (2 children)

What can you do when this happens... Asking for a friend...

[–] Frederic@beehaw.org 14 points 1 year ago (1 children)

it should be in your MS online account as someone wrote, but in case of, I always save it on a USB key, hidden somewhere. You can also print it, or take a picture of it with your phone. Because there is no way to get it back.

[–] umbrella@lemmy.ml 3 points 1 year ago (1 children)

uploading encryption keys makes encryption much less meaningful

[–] lud@lemm.ee 4 points 1 year ago (1 children)

Sure, but for most people encryption is mostly supposed to protect against the thief that took your laptop on the metro and not the NSA or whatever.

[–] umbrella@lemmy.ml 2 points 1 year ago (1 children)

personal data leaks frequently, that may include these

[–] lud@lemm.ee 1 points 1 year ago* (last edited 1 year ago) (1 children)

Yes that is possible, but should I repeat what I wrote earlier or can you just read it again?

[–] el_abuelo@lemmy.ml 1 points 1 year ago

I'd like you to repeat it please. But slower this time.

[–] notfromhere@lemmy.ml 11 points 1 year ago

Because they force you to use online accounts now, you can get it from the registered account via the Microsoft account page.

In your Microsoft account: Open a web browser on another device. Go to https://account.microsoft.com/devices/recoverykey to find your recovery key.

[–] Moonrise2473@feddit.it 5 points 1 year ago (1 children)

Wait? My Lenovo laptop did exactly this. It first encrypted the SSD without telling me, then it updated the bios via windows update (or via Lenovo assistant, but still it was unattended)

Luckily I was using a Microsoft account (usually I don't because fuck that) so the keys were automatically backupped

[–] Romkslrqusz@lemm.ee 11 points 1 year ago

The automatic encryption and subsequent backup both took place because you were using a Microsoft Account

[–] qwerty@discuss.tchncs.de 3 points 1 year ago (2 children)

I updated my BIOS few days ago and on reboot got a warning about bitlocker and resetting fTPM, but I'm on linux. I dumped luks headers, and master priv keys before resetting just in case but everything worked as usual. Do you know if I just got lucky or if luks dosn't use TPM? Should I hold on to the luks headers and master priv key backup?

[–] Frederic@beehaw.org 2 points 1 year ago

LUKS don't use TPM

[–] ReversalHatchery@beehaw.org 1 points 1 year ago

There's an extension that can unlock LUKS drives using the TPM, but by default it does not do that, and probably that extension isn't installed either