this post was submitted on 08 May 2024
135 points (96.6% liked)

Technology

34449 readers
289 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
MinutePhrase@lemmy.ml
135
Windows 11 24H2 will enable BitLocker encryption for everyone — happens on both clean installs and reinstalls (www.tomshardware.com)
submitted 4 months ago by dvdnet62@feddit.nl to c/technology@lemmy.ml
73 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Frederic@beehaw.org 53 points 4 months ago (3 children)

uhoh, and wait for the time when the user will update his BIOS, that resets TPM2, and at reboot bitlocker asks for the 48 digits key to decrypt hard drive, that the user never saved...

[–] Blaiz0r@lemmy.ml 13 points 4 months ago (2 children)

What can you do when this happens... Asking for a friend...

[–] Frederic@beehaw.org 14 points 4 months ago (1 children)

it should be in your MS online account as someone wrote, but in case of, I always save it on a USB key, hidden somewhere. You can also print it, or take a picture of it with your phone. Because there is no way to get it back.

[–] umbrella@lemmy.ml 3 points 4 months ago (1 children)

uploading encryption keys makes encryption much less meaningful

[–] lud@lemm.ee 4 points 4 months ago (1 children)

Sure, but for most people encryption is mostly supposed to protect against the thief that took your laptop on the metro and not the NSA or whatever.

[–] umbrella@lemmy.ml 2 points 4 months ago (1 children)

personal data leaks frequently, that may include these

[–] lud@lemm.ee 1 points 4 months ago* (last edited 4 months ago) (1 children)

Yes that is possible, but should I repeat what I wrote earlier or can you just read it again?

[–] el_abuelo@lemmy.ml 1 points 4 months ago

I'd like you to repeat it please. But slower this time.

[–] notfromhere@lemmy.ml 11 points 4 months ago

Because they force you to use online accounts now, you can get it from the registered account via the Microsoft account page.

In your Microsoft account: Open a web browser on another device. Go to https://account.microsoft.com/devices/recoverykey to find your recovery key.

[–] Moonrise2473@feddit.it 5 points 4 months ago (1 children)

Wait? My Lenovo laptop did exactly this. It first encrypted the SSD without telling me, then it updated the bios via windows update (or via Lenovo assistant, but still it was unattended)

Luckily I was using a Microsoft account (usually I don't because fuck that) so the keys were automatically backupped

[–] Romkslrqusz@lemm.ee 11 points 4 months ago

The automatic encryption and subsequent backup both took place because you were using a Microsoft Account

[–] qwerty@discuss.tchncs.de 3 points 4 months ago (2 children)

I updated my BIOS few days ago and on reboot got a warning about bitlocker and resetting fTPM, but I'm on linux. I dumped luks headers, and master priv keys before resetting just in case but everything worked as usual. Do you know if I just got lucky or if luks dosn't use TPM? Should I hold on to the luks headers and master priv key backup?

[–] Frederic@beehaw.org 2 points 4 months ago

LUKS don't use TPM

[–] ReversalHatchery@beehaw.org 1 points 4 months ago

There's an extension that can unlock LUKS drives using the TPM, but by default it does not do that, and probably that extension isn't installed either