[p4rsec]

But that's not the point. The point is they have to break past your login screen, or, failing that, pull data from your storage while it's "offline" (i.e. not booted). If it's encrypted, they can't pull data off your drive externally, and as long as they can't login you're fine. Plus all the data is stored still encrypted. It's not like it decrypts the drive when you boot, it just enables an decryption algorithm that decrypts data on the fly (AFAIK).

[Xylakant]

The data is encrypted, but as long as the encryption keys are in memory, they could be retrieved via either an attack against peripheral ports that can read memory (thunderbolt has proven vulnerable and USB too, iirc) or via a cold boot attack, possibly using freeze sprays. Such attacks against FDE have been demonstrated. A good password manager purges the keys after a bit or on lock. pass ties into the gpg ecosystem and thus allows having the keys on a smartcard, a capability I’d like to see in other PW-managers.

MacOS has the option to purge decryption keys from memory on lock, but that effectively puts the computer to sleep on lock. It’s more secure, but annoying as hell since all network connections die (VPN, ssh, ...)

[p4rsec]

True, there were a couple teams recently with proof of concept for a cold boot attack on BitLocker, so I guess it's still not so secure. But unless you've got some crazy blackhat or a three letter agency after you, I'd argue you're probably not at risk ;)

[temac]

If you have a fancy "USB" port which allows connexion of graphics cards (so basically a PCIe port, although it also accepts USB), chances are that you can do whatever you want with unrestricted DMA through this port. It seems that letting Windows use the IOMMU is only allowed on the Enterprise edition, which is basically unavailable for the general public. So facing determined and/or well financed actors, it is as if the Windows login do not exist anymore for tons of Windows users.