|
|
|
|
|
|
by whyoh
865 days ago
|
|
|
To decrypt a drive with a TPM-only key you just need to turn on the PC. So what's the big deal here? It's disappointing that TPM-only is the default for Bitlocker, but you can just use something else (pin/password, key file, ...). |
|
|
Plus, in a business where laptops may get reused, it could be a method to make an old Windows install inaccessible by wiping the backup key from the cloud and clearing the TPM on the device without any formatting. You may want to do a quick format to be sure (you never know if someone kept their private files in the EFI partition) but it'll protect you against data recovery risks from reassigned sectors without having to force everyone to enter a password twice every time they boot their laptop.