|
|
|
|
|
|
by lxgr
1021 days ago
|
|
|
You can store the full disk encryption key in the TPM and rate-limit PIN attempts using its secure non-volatile storage, as far as I know. That's very useful in case of loss/theft, given that users don't like typing long passwords or PINs for every login. I'm not sure if this is what Windows actually does, though, or if the TPM just hands over the disk encryption key after Windows passes system attestation and then verifies the screen unlock PIN/password in software – that would be significantly less secure. |
|
|