Hacker News new | ask | show | jobs
by elehack 3127 days ago
If the machine (1) has soldered-on RAM (preventing cold boot attacks) and (2) the portions of the OS that run prior to user authentication are sufficiently secure, then it really doesn't seem to be a problem.

Last I knew, Windows does not like to let you enable this mode in a machine with removable RAM that don't have compensating security features.
2 comments
cryptonector 3127 days ago
And also no Thunderbolt/Firewire, and/or has an IOMMU and the OS uses it.
link
rootsudo 3127 days ago
I'm sorry, what?

Windows 100% allows you to use TPM + bitlocker and secure the keys on AD on any sort of computer, regardless of removable ram or not.

link