• Papamousse@beehaw.org
    link
    fedilink
    arrow-up
    54
    ·
    7 months ago

    uhoh, and wait for the time when the user will update his BIOS, that resets TPM2, and at reboot bitlocker asks for the 48 digits key to decrypt hard drive, that the user never saved…

      • Papamousse@beehaw.org
        link
        fedilink
        arrow-up
        14
        ·
        7 months ago

        it should be in your MS online account as someone wrote, but in case of, I always save it on a USB key, hidden somewhere. You can also print it, or take a picture of it with your phone. Because there is no way to get it back.

          • lud@lemm.ee
            link
            fedilink
            arrow-up
            4
            ·
            7 months ago

            Sure, but for most people encryption is mostly supposed to protect against the thief that took your laptop on the metro and not the NSA or whatever.

    • Moonrise2473@feddit.it
      link
      fedilink
      arrow-up
      5
      ·
      7 months ago

      Wait? My Lenovo laptop did exactly this. It first encrypted the SSD without telling me, then it updated the bios via windows update (or via Lenovo assistant, but still it was unattended)

      Luckily I was using a Microsoft account (usually I don’t because fuck that) so the keys were automatically backupped

      • Romkslrqusz@lemm.ee
        link
        fedilink
        arrow-up
        11
        ·
        7 months ago

        The automatic encryption and subsequent backup both took place because you were using a Microsoft Account

    • qwerty@discuss.tchncs.de
      link
      fedilink
      arrow-up
      3
      ·
      7 months ago

      I updated my BIOS few days ago and on reboot got a warning about bitlocker and resetting fTPM, but I’m on linux. I dumped luks headers, and master priv keys before resetting just in case but everything worked as usual. Do you know if I just got lucky or if luks dosn’t use TPM? Should I hold on to the luks headers and master priv key backup?