[pacaro]

FWIW in the earlier days of BitLocker (when it was called cornerstone) a preboot PIN was considered then default secure setting.

Working in the 16-bit boot loader places some serious restrictions on numeric text entry. If you have to consider the 100 or so keyboard layouts that windows supported at that time, so the pin was required to be entered using function keys F1 F2 etc. because they’re on all keyboard layouts

Source: I was on the Palladium/NGSCB/BitLocker team from 2002-5

[londons_explore]

Perhaps it's time to move towards the Android/iOS model of having the OS unencrypted (since that isn't a secret anyway), and only do encryption of all the user data and apps.

That way, the OS can get to the login prompt entirely without secret data.

Obviously that's a big architecture change...

[yjftsjthsd-h]

At a bare minimum you still need to sign the OS in order to prevent tampering.

[sekh60]

How would one guarantee the integrity of the OS?

[als0]

Secure boot.