• Uriel238 [all pronouns]@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    Huh. I do not have a bitlocker account.

    Also, the whole point of the TPM (when I looked it up) was to not tell anyone, including Microsoft your decryption key. It’s so the user has ten chances to enter a short PIN or password and then it unlocks the device. That way not even Microsoft or the police can unlock the device without a tunnelling electron microscope with which to crack the TPM.

    That way, you see, getting into a device is expensive and something law enforcement would not be tempted to do without an ironclad warrant and maybe a national security reason.

    That Microsoft can ask TPMs to break their T makes them not T-worthy enough to be called a TPM. More like a Microsoft Obedience Chip.

    • Buddahriffic@lemmy.worldM
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      TPM is meant to enforce DRM, not protect your data. They advertise it as a feature to protect users because it wouldn’t be very popular if they outright said that the whole point was so that your computer could process data without giving you access to it.

      And now Google wants to use it to remove user control of browsers because users like to block ads.

    • Raxiel@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      You don’t have to give Microsoft the key (unless you want the “backup” option) but the OS has to have the key locally while it’s running in order to be able to read the data on the drive (and also write new data).
      In typical usage The TPM holds the key, but it’s the OS that generated the key and encrypted the drive in the first place. I don’t know the technical details but the TPM recognises the OS install that programmed it and will only automatically unlock and provide the key for that. If you change it by swapping the drive or booting to a different device it remains locked and any alternative OS requires the key to be entered manually.