Long time ago TrueCrypt suddenly and abruptly shut down with a vague goodbye message saying "everyone please move on and use bitlocker instead"
Prevailing theory is they were pressured to put in a backdoor and couldn't disclose it, so they had to make a seemingly ridiculous statement (because who in their right mind would trust bitlocker) to call attention that "something is very wrong"
>so they had to make a seemingly ridiculous statement (because who in their right mind would trust bitlocker) to call attention that "something is very wrong"
Alternately, they don't want people to rely on abandonware for security.
Also, despite the conspiracy theories of backdoors I'm not aware of any bitlocker exploits that work on TPM + pin, which is the intended "secure" configuration[1]. All exploits rely on TPM-only (ie. ez-mode), which is basically the security equivalent of running https/ssh without certificates and blindly accepting whatever keys shows up.
Why do you need a separate PIN anyway? Shouldn't your Windows password be enough? Having to enter two different codes makes it unlikely a majority would use the system. I would be surprised if iOS or Android required a separate PIN for encryption.
macOS solved this (and a lot of other problems) by putting the OS on a separate read-only partition - technically an APFS volume - that doesn’t get encrypted. Microsoft’s backwards-compatibility obsession might not let them make that the default, but they could at least make it an option.
Not encrypting the OS means it's no longer considered FDE in my opinion.
But Windows doesn't need the OS to decrypt a BitLocker volume anyway because the bootloader can do it... otherwise how could a FDE disk ever boot in the first place?
Prevailing theory is they were pressured to put in a backdoor and couldn't disclose it, so they had to make a seemingly ridiculous statement (because who in their right mind would trust bitlocker) to call attention that "something is very wrong"