[d-gearloose]

That's kind of the thing with Microsoft's bitlocker as well. It automatically decrypts the hard drive on boot, so the only thing it could protect you from is someone removing the hard drive and mounting it somewhere else. But if they have physical access to the device, why would they do that?

[vladvasiliu]

I think the idea is that Windows' security, once booted, is enough to protect your data. It's the same situation if, for example, your laptop gets stolen while in sleep / on the lock screen.

In theory, you shouldn't be able to get the key while booting on some other media (say, your own Windows USB drive).

> Ensuring the integrity of early boot components and boot configuration data. On devices that have a TPM version 1.2 or higher, BitLocker uses the enhanced security capabilities of the TPM to make data accessible only if the computer’s BIOS firmware code and configuration, original boot sequence, boot components, and BCD configuration all appear unaltered and the encrypted disk is located in the original computer. On systems that leverage TPM PCR[7], BCD setting changes deemed safe are permitted to improve usability.

https://docs.microsoft.com/en-us/windows/security/informatio...

[dwattttt]

That's the default configuration for bitlocker, but there are others, including requiring a password or key provided by USB on startup

[sissjdb]

Physical access does not imply easy arbitrary code execution.

Consoles are largely protected by the same technology, how often do you see people achieving code execution on them by tampering with the hardware?

[roblabla]

All the time? Hardmods have been a thing since the first consoles, all the way down to the latest Nintendo Switch.

Also, consoles are "protecting" not the user, but the manufacturer - which is exactly the point people are trying to make.

[sissjdb]

Haha. You’re bringing up tech from 20 years ago when we’re discussing modern security measures, aren’t you very clever.

What hardmods do you know of for current gen consoles? Even the previous generation mostly fixed all public hardware based attacks.

This is standardized hardware that would be a relatively soft target to build tooling against, yet modchips are essentially dead because the attacks are just far too difficult.

[llbbdd]

This is pretty confusing, hardmods are definitely a thing for the current gen Switch - AFAIK it's the only way to jailbreak ones that were manufactured after some date and don't allow soft mods.

[sissjdb]

Nintendo famously has the worst security of all the console manufacturers.

That there are still no good attacks for the xbox one speaks volumes.