[e12e]

Now that you mention it, I was actually aware of this possibility. But it feels a little counter-intuitive to disable security hw in order to get secure encryption.

I consider it a pretty awful state, when what you probably want: no way to decrypt drive contents based only on what you get when you steal a laptop - the user has to go through extra work.

I suppose I can understand the preference for a "secure" key storage protected by a pin - over a complex pass-phrase. But I don't understand why it's easy (or even possible) to activate bitlocker with a largely unprotected key in "safe" storage.