this post was submitted on 11 Sep 2023
1 points (100.0% liked)

AssholeDesign

7558 readers
1 users here now

This is a community for designs specifically crafted to make the experience worse for the user. This can be due to greed, apathy, laziness or just downright scumbaggery.

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 1 year ago (2 children)

Huh. I do not have a bitlocker account.

Also, the whole point of the TPM (when I looked it up) was to not tell anyone, including Microsoft your decryption key. It's so the user has ten chances to enter a short PIN or password and then it unlocks the device. That way not even Microsoft or the police can unlock the device without a tunnelling electron microscope with which to crack the TPM.

That way, you see, getting into a device is expensive and something law enforcement would not be tempted to do without an ironclad warrant and maybe a national security reason.

That Microsoft can ask TPMs to break their T makes them not T-worthy enough to be called a TPM. More like a Microsoft Obedience Chip.

[–] [email protected] 0 points 1 year ago

You don't have to give Microsoft the key (unless you want the "backup" option) but the OS has to have the key locally while it's running in order to be able to read the data on the drive (and also write new data).
In typical usage The TPM holds the key, but it's the OS that generated the key and encrypted the drive in the first place. I don't know the technical details but the TPM recognises the OS install that programmed it and will only automatically unlock and provide the key for that. If you change it by swapping the drive or booting to a different device it remains locked and any alternative OS requires the key to be entered manually.

[–] [email protected] 0 points 1 year ago

TPM is meant to enforce DRM, not protect your data. They advertise it as a feature to protect users because it wouldn't be very popular if they outright said that the whole point was so that your computer could process data without giving you access to it.

And now Google wants to use it to remove user control of browsers because users like to block ads.